Deleting current code

53 files changed, 0 insertions, 13174 deletions

diff --git a/third_party/googleapis/google/cloud/osconfig/BUILD.bazel b/third_party/googleapis/google/cloud/osconfig/BUILD.bazel
deleted file mode 100644
index 26f2206..0000000
--- a/third_party/googleapis/google/cloud/osconfig/BUILD.bazel
+++ /dev/null
@@ -1,40 +0,0 @@
-# This build file includes a target for the Ruby wrapper library for
-# google-cloud-os_config.
-
-# This is an API workspace, having public visibility by default makes perfect sense.
-package(default_visibility = ["//visibility:public"])
-
-# Export yaml configs.
-exports_files(glob(["*.yaml"]))
-
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "ruby_cloud_gapic_library",
-    "ruby_gapic_assembly_pkg",
-)
-
-# Generates a Ruby wrapper client for osconfig.
-# Ruby wrapper clients are versionless, but are generated from source protos
-# for a particular service version, v1 in this case.
-ruby_cloud_gapic_library(
-    name = "osconfig_ruby_wrapper",
-    srcs = ["//google/cloud/osconfig/v1:osconfig_proto_with_info"],
-    extra_protoc_parameters = [
-        "ruby-cloud-gem-name=google-cloud-os_config",
-        "ruby-cloud-env-prefix=OS_CONFIG",
-        "ruby-cloud-wrapper-of=v1:0.6",
-        "ruby-cloud-product-url=https://cloud.google.com/compute/docs/manage-os",
-        "ruby-cloud-api-id=osconfig.googleapis.com",
-        "ruby-cloud-api-shortname=osconfig",
-    ],
-    ruby_cloud_description = "Cloud OS Config provides OS management tools that can be used for patch management, patch compliance, and configuration management on VM instances.",
-    ruby_cloud_title = "Cloud OS Config",
-)
-
-# Open Source package.
-ruby_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-ruby",
-    deps = [
-        ":osconfig_ruby_wrapper",
-    ],
-)
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/BUILD.bazel b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/BUILD.bazel
deleted file mode 100644
index 787f368..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/BUILD.bazel
+++ /dev/null
@@ -1,375 +0,0 @@
-# This file was automatically generated by BuildFileGenerator
-# https://github.com/googleapis/rules_gapic/tree/master/bazel
-
-# Most of the manual changes to this file will be overwritten.
-# It's **only** allowed to change the following rule attribute values:
-# - names of *_gapic_assembly_* rules
-# - certain parameters of *_gapic_library rules, including but not limited to:
-#    * extra_protoc_parameters
-#    * extra_protoc_file_parameters
-# The complete list of preserved parameters can be found in the source code.
-
-# This is an API workspace, having public visibility by default makes perfect sense.
-package(default_visibility = ["//visibility:public"])
-
-##############################################################################
-# Common
-##############################################################################
-load("@rules_proto//proto:defs.bzl", "proto_library")
-load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info")
-
-proto_library(
-    name = "agentendpoint_proto",
-    srcs = [
-        "agentendpoint.proto",
-        "config_common.proto",
-        "inventory.proto",
-        "os_policy.proto",
-        "patch_jobs.proto",
-        "tasks.proto",
-    ],
-    deps = [
-        "//google/api:annotations_proto",
-        "//google/api:client_proto",
-        "//google/api:field_behavior_proto",
-        "//google/api:resource_proto",
-        "//google/type:date_proto",
-        "@com_google_protobuf//:timestamp_proto",
-    ],
-)
-
-proto_library_with_info(
-    name = "agentendpoint_proto_with_info",
-    deps = [
-        ":agentendpoint_proto",
-        "//google/cloud:common_resources_proto",
-    ],
-)
-
-##############################################################################
-# Java
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "java_gapic_assembly_gradle_pkg",
-    "java_gapic_library",
-    "java_gapic_test",
-    "java_grpc_library",
-    "java_proto_library",
-)
-
-java_proto_library(
-    name = "agentendpoint_java_proto",
-    deps = [":agentendpoint_proto"],
-)
-
-java_grpc_library(
-    name = "agentendpoint_java_grpc",
-    srcs = [":agentendpoint_proto"],
-    deps = [":agentendpoint_java_proto"],
-)
-
-java_gapic_library(
-    name = "agentendpoint_java_gapic",
-    srcs = [":agentendpoint_proto_with_info"],
-    gapic_yaml = "osconfig_gapic.yaml",
-    grpc_service_config = "agentendpoint_grpc_service_config.json",
-    service_yaml = "osconfig_v1.yaml",
-    test_deps = [
-        ":agentendpoint_java_grpc",
-    ],
-    transport = "grpc+rest",
-    deps = [
-        ":agentendpoint_java_proto",
-        "//google/api:api_java_proto",
-    ],
-)
-
-java_gapic_test(
-    name = "agentendpoint_java_gapic_test_suite",
-    test_classes = [
-        "com.google.cloud.osconfig.agentendpoint.v1.AgentEndpointServiceClientHttpJsonTest",
-        "com.google.cloud.osconfig.agentendpoint.v1.AgentEndpointServiceClientTest",
-    ],
-    runtime_deps = [":agentendpoint_java_gapic_test"],
-)
-
-# Open Source Packages
-java_gapic_assembly_gradle_pkg(
-    name = "google-cloud-osconfig-agentendpoint-v1-java",
-    include_samples = True,
-    transport = "grpc+rest",
-    deps = [
-        ":agentendpoint_java_gapic",
-        ":agentendpoint_java_grpc",
-        ":agentendpoint_java_proto",
-        ":agentendpoint_proto",
-    ],
-)
-
-##############################################################################
-# Go
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "go_gapic_assembly_pkg",
-    "go_gapic_library",
-    "go_proto_library",
-    "go_test",
-)
-
-go_proto_library(
-    name = "agentendpoint_go_proto",
-    compilers = ["@io_bazel_rules_go//proto:go_grpc"],
-    importpath = "google.golang.org/genproto/googleapis/cloud/osconfig/agentendpoint/v1",
-    protos = [":agentendpoint_proto"],
-    deps = [
-        "//google/api:annotations_go_proto",
-        "//google/type:date_go_proto",
-    ],
-)
-
-go_gapic_library(
-    name = "agentendpoint_go_gapic",
-    srcs = [":agentendpoint_proto_with_info"],
-    grpc_service_config = "agentendpoint_grpc_service_config.json",
-    importpath = "cloud.google.com/go/osconfig/agentendpoint/apiv1;agentendpoint",
-    metadata = True,
-    service_yaml = "osconfig_v1.yaml",
-    transport = "grpc+rest",
-    deps = [
-        ":agentendpoint_go_proto",
-    ],
-)
-
-go_test(
-    name = "agentendpoint_go_gapic_test",
-    srcs = [":agentendpoint_go_gapic_srcjar_test"],
-    embed = [":agentendpoint_go_gapic"],
-    importpath = "cloud.google.com/go/osconfig/agentendpoint/apiv1",
-)
-
-# Open Source Packages
-go_gapic_assembly_pkg(
-    name = "gapi-cloud-osconfig-agentendpoint-v1-go",
-    deps = [
-        ":agentendpoint_go_gapic",
-        ":agentendpoint_go_gapic_srcjar-metadata.srcjar",
-        ":agentendpoint_go_gapic_srcjar-test.srcjar",
-        ":agentendpoint_go_proto",
-    ],
-)
-
-##############################################################################
-# Python
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "py_gapic_assembly_pkg",
-    "py_gapic_library",
-    "py_test",
-)
-
-py_gapic_library(
-    name = "agentendpoint_py_gapic",
-    srcs = [":agentendpoint_proto"],
-    grpc_service_config = "agentendpoint_grpc_service_config.json",
-    transport = "grpc",
-)
-
-py_test(
-    name = "agentendpoint_py_gapic_test",
-    srcs = [
-        "agentendpoint_py_gapic_pytest.py",
-        "agentendpoint_py_gapic_test.py",
-    ],
-    legacy_create_init = False,
-    deps = [":agentendpoint_py_gapic"],
-)
-
-# Open Source Packages
-py_gapic_assembly_pkg(
-    name = "osconfig-agentendpoint-v1-py",
-    deps = [
-        ":agentendpoint_py_gapic",
-    ],
-)
-
-##############################################################################
-# PHP
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "php_gapic_assembly_pkg",
-    "php_gapic_library",
-    "php_grpc_library",
-    "php_proto_library",
-)
-
-php_proto_library(
-    name = "agentendpoint_php_proto",
-    deps = [":agentendpoint_proto"],
-)
-
-php_grpc_library(
-    name = "agentendpoint_php_grpc",
-    srcs = [":agentendpoint_proto"],
-    deps = [":agentendpoint_php_proto"],
-)
-
-php_gapic_library(
-    name = "agentendpoint_php_gapic",
-    srcs = [":agentendpoint_proto_with_info"],
-    grpc_service_config = "agentendpoint_grpc_service_config.json",
-    service_yaml = "osconfig_v1.yaml",
-    deps = [
-        ":agentendpoint_php_grpc",
-        ":agentendpoint_php_proto",
-    ],
-)
-
-# Open Source Packages
-php_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-agentendpoint-v1-php",
-    deps = [
-        ":agentendpoint_php_gapic",
-        ":agentendpoint_php_grpc",
-        ":agentendpoint_php_proto",
-    ],
-)
-
-##############################################################################
-# Node.js
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "nodejs_gapic_assembly_pkg",
-    "nodejs_gapic_library",
-)
-
-nodejs_gapic_library(
-    name = "agentendpoint_nodejs_gapic",
-    package_name = "@google-cloud/agentendpoint",
-    src = ":agentendpoint_proto_with_info",
-    extra_protoc_parameters = ["metadata"],
-    grpc_service_config = "agentendpoint_grpc_service_config.json",
-    package = "google.cloud.osconfig.agentendpoint.v1",
-    service_yaml = "osconfig_v1.yaml",
-    deps = [],
-)
-
-nodejs_gapic_assembly_pkg(
-    name = "osconfig-agentendpoint-v1-nodejs",
-    deps = [
-        ":agentendpoint_nodejs_gapic",
-        ":agentendpoint_proto",
-    ],
-)
-
-##############################################################################
-# Ruby
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "ruby_cloud_gapic_library",
-    "ruby_gapic_assembly_pkg",
-    "ruby_grpc_library",
-    "ruby_proto_library",
-)
-
-ruby_proto_library(
-    name = "agentendpoint_ruby_proto",
-    deps = [":agentendpoint_proto"],
-)
-
-ruby_grpc_library(
-    name = "agentendpoint_ruby_grpc",
-    srcs = [":agentendpoint_proto"],
-    deps = [":agentendpoint_ruby_proto"],
-)
-
-ruby_cloud_gapic_library(
-    name = "agentendpoint_ruby_gapic",
-    srcs = [":agentendpoint_proto_with_info"],
-    extra_protoc_parameters = ["ruby-cloud-gem-name=google-cloud-agentendpoint-v1"],
-    grpc_service_config = "agentendpoint_grpc_service_config.json",
-    deps = [
-        ":agentendpoint_ruby_grpc",
-        ":agentendpoint_ruby_proto",
-    ],
-)
-
-# Open Source Packages
-ruby_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-agentendpoint-v1-ruby",
-    deps = [
-        ":agentendpoint_ruby_gapic",
-        ":agentendpoint_ruby_grpc",
-        ":agentendpoint_ruby_proto",
-    ],
-)
-
-##############################################################################
-# C#
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "csharp_gapic_assembly_pkg",
-    "csharp_gapic_library",
-    "csharp_grpc_library",
-    "csharp_proto_library",
-)
-
-csharp_proto_library(
-    name = "agentendpoint_csharp_proto",
-    deps = [":agentendpoint_proto"],
-)
-
-csharp_grpc_library(
-    name = "agentendpoint_csharp_grpc",
-    srcs = [":agentendpoint_proto"],
-    deps = [":agentendpoint_csharp_proto"],
-)
-
-csharp_gapic_library(
-    name = "agentendpoint_csharp_gapic",
-    srcs = [":agentendpoint_proto_with_info"],
-    common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json",
-    grpc_service_config = "agentendpoint_grpc_service_config.json",
-    service_yaml = "osconfig_v1.yaml",
-    deps = [
-        ":agentendpoint_csharp_grpc",
-        ":agentendpoint_csharp_proto",
-    ],
-)
-
-# Open Source Packages
-csharp_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-agentendpoint-v1-csharp",
-    deps = [
-        ":agentendpoint_csharp_gapic",
-        ":agentendpoint_csharp_grpc",
-        ":agentendpoint_csharp_proto",
-    ],
-)
-
-##############################################################################
-# C++
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "cc_grpc_library",
-    "cc_proto_library",
-)
-
-cc_proto_library(
-    name = "agentendpoint_cc_proto",
-    deps = [":agentendpoint_proto"],
-)
-
-cc_grpc_library(
-    name = "agentendpoint_cc_grpc",
-    srcs = [":agentendpoint_proto"],
-    grpc_only = True,
-    deps = [":agentendpoint_cc_proto"],
-)
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/agentendpoint.proto b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/agentendpoint.proto
deleted file mode 100644
index 38a04a0..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/agentendpoint.proto
+++ /dev/null
@@ -1,234 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.agentendpoint.v1;
-
-import "google/api/client.proto";
-import "google/api/field_behavior.proto";
-import "google/cloud/osconfig/agentendpoint/v1/inventory.proto";
-import "google/cloud/osconfig/agentendpoint/v1/tasks.proto";
-
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/agentendpoint/v1;agentendpoint";
-option java_multiple_files = true;
-option java_outer_classname = "AgentEndpointProto";
-option java_package = "com.google.cloud.osconfig.agentendpoint.v1";
-
-// OS Config agent endpoint API.
-service AgentEndpointService {
-  option (google.api.default_host) = "osconfig.googleapis.com";
-
-  // Stream established by client to receive Task notifications.
-  rpc ReceiveTaskNotification(ReceiveTaskNotificationRequest) returns (stream ReceiveTaskNotificationResponse) {
-    option (google.api.method_signature) = "instance_id_token,agent_version";
-  }
-
-  // Signals the start of a task execution and returns the task info.
-  rpc StartNextTask(StartNextTaskRequest) returns (StartNextTaskResponse) {
-    option (google.api.method_signature) = "instance_id_token";
-  }
-
-  // Signals an intermediary progress checkpoint in task execution.
-  rpc ReportTaskProgress(ReportTaskProgressRequest) returns (ReportTaskProgressResponse) {
-    option (google.api.method_signature) = "instance_id_token,task_id,task_type";
-  }
-
-  // Signals that the task execution is complete and optionally returns the next
-  // task.
-  rpc ReportTaskComplete(ReportTaskCompleteRequest) returns (ReportTaskCompleteResponse) {
-    option (google.api.method_signature) = "instance_id_token,task_id,task_type,error_message";
-  }
-
-  // Registers the agent running on the VM.
-  rpc RegisterAgent(RegisterAgentRequest) returns (RegisterAgentResponse) {
-    option (google.api.method_signature) = "instance_id_token,agent_version,supported_capabilities";
-  }
-
-  // Reports the VMs current inventory.
-  rpc ReportInventory(ReportInventoryRequest) returns (ReportInventoryResponse) {
-    option (google.api.method_signature) = "instance_id_token,inventory_checksum,inventory";
-  }
-}
-
-// A request message to receive task notifications.
-message ReceiveTaskNotificationRequest {
-  // Required. This is the Compute Engine instance identity token described in
-  // https://cloud.google.com/compute/docs/instances/verifying-instance-identity
-  // where the audience is 'osconfig.googleapis.com' and the format is 'full'.
-  string instance_id_token = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The version of the agent making the request.
-  string agent_version = 2 [(google.api.field_behavior) = REQUIRED];
-}
-
-// The streaming rpc message that will notify the agent when it has a task
-// it needs to perform on the instance.
-message ReceiveTaskNotificationResponse {
-
-}
-
-// A request message for signaling the start of a task execution.
-message StartNextTaskRequest {
-  // Required. This is the Compute Engine instance identity token described in
-  // https://cloud.google.com/compute/docs/instances/verifying-instance-identity
-  // where the audience is 'osconfig.googleapis.com' and the format is 'full'.
-  string instance_id_token = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// A response message that contains the details of the task to work on.
-message StartNextTaskResponse {
-  // The details of the task that should be worked on.  Can be empty if there
-  // is no new task to work on.
-  Task task = 1;
-}
-
-// A request message for reporting the progress of current task.
-message ReportTaskProgressRequest {
-  // Required. This is the Compute Engine instance identity token described in
-  // https://cloud.google.com/compute/docs/instances/verifying-instance-identity
-  // where the audience is 'osconfig.googleapis.com' and the format is 'full'.
-  string instance_id_token = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. Unique identifier of the task this applies to.
-  string task_id = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The type of task to report progress on.
-  //
-  // Progress must include the appropriate message based on this enum as
-  // specified below:
-  // APPLY_PATCHES = ApplyPatchesTaskProgress
-  // EXEC_STEP = Progress not supported for this type.
-  // APPLY_CONFIG_TASK = ApplyConfigTaskProgress
-  TaskType task_type = 3 [(google.api.field_behavior) = REQUIRED];
-
-  // Intermediate progress of the current task.
-  oneof progress {
-    // Details about the progress of the apply patches task.
-    ApplyPatchesTaskProgress apply_patches_task_progress = 4;
-
-    // Details about the progress of the exec step task.
-    ExecStepTaskProgress exec_step_task_progress = 5;
-
-    // Details about the progress of the apply config task.
-    ApplyConfigTaskProgress apply_config_task_progress = 6;
-  }
-}
-
-// The response message after the agent reported the current task progress.
-message ReportTaskProgressResponse {
-  // Instructs agent to continue or not.
-  TaskDirective task_directive = 1;
-}
-
-// A request message for signaling the completion of a task execution.
-message ReportTaskCompleteRequest {
-  // Required. This is the Compute Engine instance identity token described in
-  // https://cloud.google.com/compute/docs/instances/verifying-instance-identity
-  // where the audience is 'osconfig.googleapis.com' and the format is 'full'.
-  string instance_id_token = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. Unique identifier of the task this applies to.
-  string task_id = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The type of task to report completed.
-  //
-  // Output must include the appropriate message based on this enum as
-  // specified below:
-  // APPLY_PATCHES = ApplyPatchesTaskOutput
-  // EXEC_STEP = ExecStepTaskOutput
-  // APPLY_CONFIG_TASK = ApplyConfigTaskOutput
-  TaskType task_type = 3 [(google.api.field_behavior) = REQUIRED];
-
-  // Descriptive error message if the task execution ended in error.
-  string error_message = 4;
-
-  // Final output details of the current task.
-  oneof output {
-    // Final output details of the apply patches task;
-    ApplyPatchesTaskOutput apply_patches_task_output = 5;
-
-    // Final output details of the exec step task;
-    ExecStepTaskOutput exec_step_task_output = 6;
-
-    // Final output details of the apply config task;
-    ApplyConfigTaskOutput apply_config_task_output = 7;
-  }
-}
-
-// The response message after the agent signaled the current task complete.
-message ReportTaskCompleteResponse {
-
-}
-
-// The request message for registering the agent.
-message RegisterAgentRequest {
-  // Required. This is the Compute Engine instance identity token described in
-  // https://cloud.google.com/compute/docs/instances/verifying-instance-identity
-  // where the audience is 'osconfig.googleapis.com' and the format is 'full'.
-  string instance_id_token = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The version of the agent.
-  string agent_version = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The capabilities supported by the agent. Supported values are:
-  // PATCH_GA
-  // GUEST_POLICY_BETA
-  // CONFIG_V1
-  repeated string supported_capabilities = 3 [(google.api.field_behavior) = REQUIRED];
-
-  // The operating system long name.
-  // For example 'Debian GNU/Linux 9' or 'Microsoft Window Server 2019
-  // Datacenter'.
-  string os_long_name = 4;
-
-  // The operating system short name.
-  // For example, 'windows' or 'debian'.
-  string os_short_name = 5;
-
-  // The version of the operating system.
-  string os_version = 6;
-
-  // The system architecture of the operating system.
-  string os_architecture = 7;
-}
-
-// The response message after the agent registered.
-message RegisterAgentResponse {
-
-}
-
-// The request message for having the agent report inventory.
-message ReportInventoryRequest {
-  // Required. This is the Compute Engine instance identity token described in
-  // https://cloud.google.com/compute/docs/instances/verifying-instance-identity
-  // where the audience is 'osconfig.googleapis.com' and the format is 'full'.
-  string instance_id_token = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. This is a client created checksum that should be generated based on the
-  // contents of the reported inventory.  This will be used by the service to
-  // determine if it has the latest version of inventory.
-  string inventory_checksum = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // Optional. This is the details of the inventory.  Should only be provided if the
-  // inventory has changed since the last report, or if instructed by the
-  // service to provide full inventory.
-  Inventory inventory = 3 [(google.api.field_behavior) = OPTIONAL];
-}
-
-// The response message after the agent has reported inventory.
-message ReportInventoryResponse {
-  // If true, the full inventory should be reported back to the server.
-  bool report_full_inventory = 1;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/agentendpoint_grpc_service_config.json b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/agentendpoint_grpc_service_config.json
deleted file mode 100644
index 38756d4..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/agentendpoint_grpc_service_config.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-  "methodConfig": [{
-    "name": [{ "service": "google.cloud.osconfig.agentendpoint.v1.AgentEndpointService" }],
-    "timeout": "60s",
-    "retryPolicy": {
-      "maxAttempts": 5,
-      "initialBackoff": "1s",
-      "maxBackoff": "60s",
-      "backoffMultiplier": 1.3,
-      "retryableStatusCodes": ["UNAVAILABLE"]
-    }
-  },{
-      "name": [
-        {
-          "service": "google.cloud.osconfig.agentendpoint.v1.AgentEndpointService",
-          "method": "ReceiveTaskNotification"
-        }
-      ],
-      "timeout": "3600s",
-      "retryPolicy": {
-        "maxAttempts": 5,
-        "initialBackoff": "1s",
-        "maxBackoff": "60s",
-        "backoffMultiplier": 1.3,
-        "retryableStatusCodes": [
-          "DEADLINE_EXCEEDED",
-          "CANCELLED",
-          "ABORTED",
-          "INTERNAL",
-          "UNAVAILABLE"
-        ]
-      }
-    }]
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/config_common.proto b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/config_common.proto
deleted file mode 100644
index 576292f..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/config_common.proto
+++ /dev/null
@@ -1,117 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.agentendpoint.v1;
-
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/agentendpoint/v1;agentendpoint";
-option java_multiple_files = true;
-option java_outer_classname = "ConfigCommonProto";
-option java_package = "com.google.cloud.osconfig.agentendpoint.v1";
-
-// Step performed by the OS Config agent for configuring an `OSPolicyResource`
-// to its desired state.
-message OSPolicyResourceConfigStep {
-  // Supported configuration step types
-  enum Type {
-    // Default value. This value is unused.
-    TYPE_UNSPECIFIED = 0;
-
-    // Validation to detect resource conflicts, schema errors, etc.
-    VALIDATION = 1;
-
-    // Check the current desired state status of the resource.
-    DESIRED_STATE_CHECK = 2;
-
-    // Enforce the desired state for a resource that is not in desired state.
-    DESIRED_STATE_ENFORCEMENT = 3;
-
-    // Re-check desired state status for a resource after enforcement of all
-    // resources in the current configuration run.
-    //
-    // This step is used to determine the final desired state status for the
-    // resource. It accounts for any resources that might have drifted from
-    // their desired state due to side effects from configuring other resources
-    // during the current configuration run.
-    DESIRED_STATE_CHECK_POST_ENFORCEMENT = 4;
-  }
-
-  // Supported outcomes for a configuration step.
-  enum Outcome {
-    // Default value. This value is unused.
-    OUTCOME_UNSPECIFIED = 0;
-
-    // The step succeeded.
-    SUCCEEDED = 1;
-
-    // The step failed.
-    FAILED = 2;
-  }
-
-  // Configuration step type.
-  Type type = 1;
-
-  // Outcome of the configuration step.
-  Outcome outcome = 2;
-
-  // An error message recorded during the execution of this step.
-  // Only populated when outcome is FAILED.
-  string error_message = 3;
-}
-
-// Compliance data for an OS policy resource.
-message OSPolicyResourceCompliance {
-  // ExecResource specific output.
-  message ExecResourceOutput {
-    // Output from Enforcement phase output file (if run).
-    // Output size is limited to 100K bytes.
-    bytes enforcement_output = 2;
-  }
-
-  // The id of the OS policy resource.
-  string os_policy_resource_id = 1;
-
-  // Ordered list of configuration steps taken by the agent for the OS policy
-  // resource.
-  repeated OSPolicyResourceConfigStep config_steps = 2;
-
-  // Compliance state of the OS policy resource.
-  OSPolicyComplianceState state = 3;
-
-  // Resource specific output.
-  oneof output {
-    // ExecResource specific output.
-    ExecResourceOutput exec_resource_output = 4;
-  }
-}
-
-// Supported OSPolicy compliance states.
-enum OSPolicyComplianceState {
-  // Default value. This value is unused.
-  OS_POLICY_COMPLIANCE_STATE_UNSPECIFIED = 0;
-
-  // Compliant state.
-  COMPLIANT = 1;
-
-  // Non-compliant state
-  NON_COMPLIANT = 2;
-
-  // Unknown compliance state.
-  UNKNOWN = 3;
-
-  // No applicable OS policies were found for the instance.
-  // This state is only applicable to the instance.
-  NO_OS_POLICIES_APPLICABLE = 4;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/inventory.proto b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/inventory.proto
deleted file mode 100644
index 4cb92fb..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/inventory.proto
+++ /dev/null
@@ -1,231 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.agentendpoint.v1;
-
-import "google/protobuf/timestamp.proto";
-import "google/type/date.proto";
-
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/agentendpoint/v1;agentendpoint";
-option java_multiple_files = true;
-option java_outer_classname = "InventoryProto";
-option java_package = "com.google.cloud.osconfig.agentendpoint.v1";
-
-// OS Config Inventory is a service for collecting and reporting operating
-// system and package information on VM instances.
-
-// The inventory details of a VM.
-message Inventory {
-  // Operating system information for the VM.
-  message OsInfo {
-    // The VM hostname.
-    string hostname = 1;
-
-    // The operating system long name.
-    // For example 'Debian GNU/Linux 9' or 'Microsoft Window Server 2019
-    // Datacenter'.
-    string long_name = 2;
-
-    // The operating system short name.
-    // For example, 'windows' or 'debian'.
-    string short_name = 3;
-
-    // The version of the operating system.
-    string version = 4;
-
-    // The system architecture of the operating system.
-    string architecture = 5;
-
-    // The kernel version of the operating system.
-    string kernel_version = 6;
-
-    // The kernel release of the operating system.
-    string kernel_release = 7;
-
-    // The current version of the OS Config agent running on the VM.
-    string osconfig_agent_version = 8;
-  }
-
-  // Software package information of the operating system.
-  message SoftwarePackage {
-    // Information about the different types of software packages.
-    oneof details {
-      // Yum package info.
-      // For details about the yum package manager, see
-      // https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-yum.
-      VersionedPackage yum_package = 1;
-
-      // Details of an APT package.
-      // For details about the apt package manager, see
-      // https://wiki.debian.org/Apt.
-      VersionedPackage apt_package = 2;
-
-      // Details of a Zypper package.
-      // For details about the Zypper package manager, see
-      // https://en.opensuse.org/SDB:Zypper_manual.
-      VersionedPackage zypper_package = 3;
-
-      // Details of a Googet package.
-      //  For details about the googet package manager, see
-      //  https://github.com/google/googet.
-      VersionedPackage googet_package = 4;
-
-      // Details of a Zypper patch.
-      // For details about the Zypper package manager, see
-      // https://en.opensuse.org/SDB:Zypper_manual.
-      ZypperPatch zypper_patch = 5;
-
-      // Details of a Windows Update package.
-      // See https://docs.microsoft.com/en-us/windows/win32/api/_wua/ for
-      // information about Windows Update.
-      WindowsUpdatePackage wua_package = 6;
-
-      // Details of a Windows Quick Fix engineering package.
-      // See
-      // https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering
-      // for info in Windows Quick Fix Engineering.
-      WindowsQuickFixEngineeringPackage qfe_package = 7;
-
-      // Details of a COS package.
-      VersionedPackage cos_package = 8;
-
-      // Details of Windows Application.
-      WindowsApplication windows_application = 9;
-    }
-  }
-
-  // Information related to the a standard versioned package.  This includes
-  // package info for APT, Yum, Zypper, and Googet package managers.
-  message VersionedPackage {
-    // The name of the package.
-    string package_name = 1;
-
-    // The system architecture this package is intended for.
-    string architecture = 2;
-
-    // The version of the package.
-    string version = 3;
-  }
-
-  // Details related to a Zypper Patch.
-  message ZypperPatch {
-    // The name of the patch.
-    string patch_name = 1;
-
-    // The category of the patch.
-    string category = 2;
-
-    // The severity specified for this patch
-    string severity = 3;
-
-    // Any summary information provided about this patch.
-    string summary = 4;
-  }
-
-  // Details related to a Windows Update package.
-  // Field data and names are taken from Windows Update API IUpdate Interface:
-  // https://docs.microsoft.com/en-us/windows/win32/api/_wua/
-  // Descriptive fields like title, and description are localized based on
-  // the locale of the VM being updated.
-  message WindowsUpdatePackage {
-    // Categories specified by the Windows Update.
-    message WindowsUpdateCategory {
-      // The identifier of the windows update category.
-      string id = 1;
-
-      // The name of the windows update category.
-      string name = 2;
-    }
-
-    // The localized title of the update package.
-    string title = 1;
-
-    // The localized description of the update package.
-    string description = 2;
-
-    // The categories that are associated with this update package.
-    repeated WindowsUpdateCategory categories = 3;
-
-    // A collection of Microsoft Knowledge Base article IDs that are associated
-    // with the update package.
-    repeated string kb_article_ids = 4;
-
-    // A hyperlink to the language-specific support information for the update.
-    string support_url = 5;
-
-    // A collection of URLs that provide more information about the update
-    // package.
-    repeated string more_info_urls = 6;
-
-    // Gets the identifier of an update package.  Stays the same across
-    // revisions.
-    string update_id = 7;
-
-    // The revision number of this update package.
-    int32 revision_number = 8;
-
-    // The last published date of the update, in (UTC) date and time.
-    google.protobuf.Timestamp last_deployment_change_time = 9;
-  }
-
-  // Information related to a Quick Fix Engineering package.
-  // Fields are taken from Windows QuickFixEngineering Interface and match
-  // the source names:
-  // https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering
-  message WindowsQuickFixEngineeringPackage {
-    // A short textual description of the QFE update.
-    string caption = 1;
-
-    // A textual description of the QFE update.
-    string description = 2;
-
-    // Unique identifier associated with a particular QFE update.
-    string hot_fix_id = 3;
-
-    // Date that the QFE update was installed.  Mapped from installed_on field.
-    google.protobuf.Timestamp install_time = 4;
-  }
-
-  // Details about Windows Application - based on Windows Registry.
-  // All fields in this message are taken from:
-  // https://docs.microsoft.com/en-us/windows/win32/msi/uninstall-registry-key
-  message WindowsApplication {
-    // DisplayName field from Windows Registry.
-    string display_name = 1;
-
-    // DisplayVersion field from Windows Registry.
-    string display_version = 2;
-
-    // Publisher field from Windows Registry.
-    string publisher = 3;
-
-    // Installation date field from Windows Registry.
-    google.type.Date install_date = 4;
-
-    // HelpLink field from Windows Registry.
-    string help_link = 5;
-  }
-
-  // Base level operating system information for the VM.
-  OsInfo os_info = 1;
-
-  // A list of installed packages currently on the VM.
-  repeated SoftwarePackage installed_packages = 2;
-
-  // A list of software updates available for the VM as reported by the update
-  // managers.
-  repeated SoftwarePackage available_packages = 3;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/os_policy.proto b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/os_policy.proto
deleted file mode 100644
index c4b0c15..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/os_policy.proto
+++ /dev/null
@@ -1,445 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.agentendpoint.v1;
-
-import "google/api/field_behavior.proto";
-
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/agentendpoint/v1;agentendpoint";
-option java_multiple_files = true;
-option java_outer_classname = "OSPolicyProto";
-option java_package = "com.google.cloud.osconfig.agentendpoint.v1";
-
-// An OS policy defines the desired state configuration for an instance.
-message OSPolicy {
-  // Policy mode
-  enum Mode {
-    // Invalid mode
-    MODE_UNSPECIFIED = 0;
-
-    // This mode checks if the configuration resources in the policy are in
-    // their desired state. No actions are performed if they are not in the
-    // desired state. This mode is used for reporting purposes.
-    VALIDATION = 1;
-
-    // This mode checks if the configuration resources in the policy are in
-    // their desired state, and if not, enforces the desired state.
-    ENFORCEMENT = 2;
-  }
-
-  // An OS policy resource is used to define the desired state configuration
-  // and provides a specific functionality like installing/removing packages,
-  // executing a script etc.
-  //
-  // The system ensures that resources are always in their desired state by
-  // taking necessary actions if they have drifted from their desired state.
-  message Resource {
-    // A remote or local file.
-    message File {
-      // Specifies a file available via some URI.
-      message Remote {
-        // Required. URI from which to fetch the object. It should contain both the
-        // protocol and path following the format `{protocol}://{location}`.
-        string uri = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // SHA256 checksum of the remote file.
-        string sha256_checksum = 2;
-      }
-
-      // Specifies a file available as a Cloud Storage Object.
-      message Gcs {
-        // Required. Bucket of the Cloud Storage object.
-        string bucket = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Required. Name of the Cloud Storage object.
-        string object = 2 [(google.api.field_behavior) = REQUIRED];
-
-        // Generation number of the Cloud Storage object.
-        int64 generation = 3;
-      }
-
-      // A specific type of file.
-      oneof type {
-        // A generic remote file.
-        Remote remote = 1;
-
-        // A Cloud Storage object.
-        Gcs gcs = 2;
-
-        // A local path to use.
-        string local_path = 3;
-      }
-
-      // Defaults to false. When false, files are subject to validations
-      // based on the file type:
-      //
-      // Remote: A checksum must be specified.
-      // Cloud Storage: An object generation number must be specified.
-      bool allow_insecure = 4;
-    }
-
-    // A resource that manages a system package.
-    message PackageResource {
-      // The desired state that the OS Config agent maintains on the VM.
-      enum DesiredState {
-        // Unspecified is invalid.
-        DESIRED_STATE_UNSPECIFIED = 0;
-
-        // Ensure that the package is installed.
-        INSTALLED = 1;
-
-        // The agent ensures that the package is not installed and
-        // uninstalls it if detected.
-        REMOVED = 2;
-      }
-
-      // A deb package file. dpkg packages only support INSTALLED state.
-      message Deb {
-        // Required. A deb package.
-        File source = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Whether dependencies should also be installed.
-        // install when false: `dpkg -i package`
-        // install when true: `apt-get update && apt-get -y install
-        // package.deb`
-        bool pull_deps = 2;
-      }
-
-      // A package managed by APT.
-      // install: `apt-get update && apt-get -y install [name]`
-      // remove: `apt-get -y remove [name]`
-      message APT {
-        // Required. Package name.
-        string name = 1 [(google.api.field_behavior) = REQUIRED];
-      }
-
-      // An RPM package file. RPM packages only support INSTALLED state.
-      message RPM {
-        // Required. An rpm package.
-        File source = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Whether dependencies should also be installed.
-        // install when false: `rpm --upgrade --replacepkgs package.rpm`
-        // install when true: `yum -y install package.rpm` or
-        // `zypper -y install package.rpm`
-        bool pull_deps = 2;
-      }
-
-      // A package managed by YUM.
-      // install: `yum -y install package`
-      // remove: `yum -y remove package`
-      message YUM {
-        // Required. Package name.
-        string name = 1 [(google.api.field_behavior) = REQUIRED];
-      }
-
-      // A package managed by Zypper.
-      // install: `zypper -y install package`
-      // remove: `zypper -y rm package`
-      message Zypper {
-        // Required. Package name.
-        string name = 1 [(google.api.field_behavior) = REQUIRED];
-      }
-
-      // A package managed by GooGet.
-      // install: `googet -noconfirm install package`
-      // remove: `googet -noconfirm remove package`
-      message GooGet {
-        // Required. Package name.
-        string name = 1 [(google.api.field_behavior) = REQUIRED];
-      }
-
-      // An MSI package. MSI packages only support INSTALLED state.
-      message MSI {
-        // Required. The MSI package.
-        File source = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Additional properties to use during installation.
-        // This should be in the format of Property=Setting.
-        // Appended to the defaults of "ACTION=INSTALL
-        // REBOOT=ReallySuppress".
-        repeated string properties = 2;
-      }
-
-      // Required. The desired state the agent should maintain for this package. The
-      // default is to ensure the package is installed.
-      DesiredState desired_state = 1 [(google.api.field_behavior) = REQUIRED];
-
-      // A system package.
-      oneof system_package {
-        // A package managed by Apt.
-        APT apt = 2;
-
-        // A deb package file.
-        Deb deb = 3;
-
-        // A package managed by YUM.
-        YUM yum = 4;
-
-        // A package managed by Zypper.
-        Zypper zypper = 5;
-
-        // An rpm package file.
-        RPM rpm = 6;
-
-        // A package managed by GooGet.
-        GooGet googet = 7;
-
-        // An MSI package.
-        MSI msi = 8;
-      }
-    }
-
-    // A resource that manages a package repository.
-    message RepositoryResource {
-      // Represents a single apt package repository. These will be added to
-      // a repo file that will be managed at
-      // /etc/apt/sources.list.d/google_osconfig.list.
-      message AptRepository {
-        // Type of archive.
-        enum ArchiveType {
-          // Unspecified is invalid.
-          ARCHIVE_TYPE_UNSPECIFIED = 0;
-
-          // Deb indicates that the archive contains binary files.
-          DEB = 1;
-
-          // Deb-src indicates that the archive contains source files.
-          DEB_SRC = 2;
-        }
-
-        // Required. Type of archive files in this repository. The default behavior is
-        // DEB.
-        ArchiveType archive_type = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Required. URI for this repository.
-        string uri = 2 [(google.api.field_behavior) = REQUIRED];
-
-        // Required. Distribution of this repository.
-        string distribution = 3 [(google.api.field_behavior) = REQUIRED];
-
-        // Required. List of components for this repository. Must contain at least one
-        // item.
-        repeated string components = 4 [(google.api.field_behavior) = REQUIRED];
-
-        // URI of the key file for this repository. The agent maintains a
-        // keyring at /etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg.
-        string gpg_key = 5;
-      }
-
-      // Represents a single yum package repository. These are added to a
-      // repo file that is managed at
-      // `/etc/yum.repos.d/google_osconfig.repo`.
-      message YumRepository {
-        // Required. A one word, unique name for this repository. This is  the `repo
-        // id` in the yum config file and also the `display_name` if
-        // `display_name` is omitted. This id is also used as the unique
-        // identifier when checking for resource conflicts.
-        string id = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // The display name of the repository.
-        string display_name = 2;
-
-        // Required. The location of the repository directory.
-        string base_url = 3 [(google.api.field_behavior) = REQUIRED];
-
-        // URIs of GPG keys.
-        repeated string gpg_keys = 4;
-      }
-
-      // Represents a single zypper package repository. These are added to a
-      // repo file that is managed at
-      // `/etc/zypp/repos.d/google_osconfig.repo`.
-      message ZypperRepository {
-        // Required. A one word, unique name for this repository. This is the `repo
-        // id` in the zypper config file and also the `display_name` if
-        // `display_name` is omitted. This id is also used as the unique
-        // identifier when checking for GuestPolicy conflicts.
-        string id = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // The display name of the repository.
-        string display_name = 2;
-
-        // Required. The location of the repository directory.
-        string base_url = 3 [(google.api.field_behavior) = REQUIRED];
-
-        // URIs of GPG keys.
-        repeated string gpg_keys = 4;
-      }
-
-      // Represents a Goo package repository. These are added to a repo file
-      // that is managed at
-      // `C:/ProgramData/GooGet/repos/google_osconfig.repo`.
-      message GooRepository {
-        // Required. The name of the repository.
-        string name = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Required. The url of the repository.
-        string url = 2 [(google.api.field_behavior) = REQUIRED];
-      }
-
-      // A specific type of repository.
-      oneof repository {
-        // An Apt Repository.
-        AptRepository apt = 1;
-
-        // A Yum Repository.
-        YumRepository yum = 2;
-
-        // A Zypper Repository.
-        ZypperRepository zypper = 3;
-
-        // A Goo Repository.
-        GooRepository goo = 4;
-      }
-    }
-
-    // A resource that contains custom validation and enforcement steps.
-    message ExecResource {
-      // A file or script to execute.
-      message Exec {
-        // The interpreter to use.
-        enum Interpreter {
-          // Invalid value, the request will return validation error.
-          INTERPRETER_UNSPECIFIED = 0;
-
-          // If no interpreter is specified the
-          // source will be executed directly, which will likely only
-          // succeed for executables and scripts with shebang lines.
-          // [Wikipedia
-          // shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)).
-          NONE = 1;
-
-          // Indicates that the script will be run with /bin/sh on Linux and
-          // cmd.exe on windows.
-          SHELL = 2;
-
-          // Indicates that the script will be run with powershell.
-          POWERSHELL = 3;
-        }
-
-        // What to execute.
-        oneof source {
-          // A remote or local file.
-          File file = 1;
-
-          // An inline script.
-          string script = 2;
-        }
-
-        // Optional arguments to pass to the source during execution.
-        repeated string args = 3;
-
-        // Required. The script interpreter to use.
-        Interpreter interpreter = 4 [(google.api.field_behavior) = REQUIRED];
-
-        // Only recorded for enforce Exec.
-        // Path to an output file (that is created by this Exec) whose
-        // content will be recorded in OSPolicyResourceCompliance after a
-        // successful run. Absence or failure to read this file will result in
-        // this ExecResource being non-compliant. Output file size is limited to
-        // 100K bytes.
-        string output_file_path = 5;
-      }
-
-      // Required. What to run to validate this resource is in the desired state.
-      // An exit code of 100 indicates "in desired state", and exit code of 101
-      // indicates "not in desired state". Any other exit code indicates a
-      // failure running validate.
-      Exec validate = 1 [(google.api.field_behavior) = REQUIRED];
-
-      // What to run to bring this resource into the desired state.
-      // A exit code of 100 indicates "success", any other exit code idicates a
-      // failure running enforce.
-      Exec enforce = 2;
-    }
-
-    // A resource that manages the state of a file.
-    message FileResource {
-      // Desired state of the file.
-      enum DesiredState {
-        // Unspecified is invalid.
-        DESIRED_STATE_UNSPECIFIED = 0;
-
-        // Ensure file at path is present.
-        PRESENT = 1;
-
-        // Ensure file at path is absent.
-        ABSENT = 2;
-
-        // Ensure the contents of the file at path matches. If the file does
-        // not exist it will be created.
-        CONTENTS_MATCH = 3;
-      }
-
-      // The source for the contents of the file.
-      oneof source {
-        // A remote or local source.
-        File file = 1;
-
-        // A a file with this content.
-        string content = 2;
-      }
-
-      // Required. The absolute path of the file.
-      string path = 3 [(google.api.field_behavior) = REQUIRED];
-
-      // Required. Desired state of the file.
-      DesiredState state = 4 [(google.api.field_behavior) = REQUIRED];
-
-      // Consists of three octal digits which represent, in
-      // order, the permissions of the owner, group, and other users for the
-      // file (similarly to the numeric mode used in the linux chmod
-      // utility). Each digit represents a three bit number with the 4 bit
-      // corresponding to the read permissions, the 2 bit corresponds to the
-      // write bit, and the one bit corresponds to the execute permission.
-      // Default behavior is 755.
-      //
-      // Below are some examples of permissions and their associated values:
-      // read, write, and execute: 7
-      // read and execute: 5
-      // read and write: 6
-      // read only: 4
-      string permissions = 5;
-    }
-
-    // Required. The id of the resource with the following restrictions:
-    //
-    // * Must contain only lowercase letters, numbers, and hyphens.
-    // * Must start with a letter.
-    // * Must be between 1-63 characters.
-    // * Must end with a number or a letter.
-    // * Must be unique within the OS policy.
-    string id = 1 [(google.api.field_behavior) = REQUIRED];
-
-    // Resource type.
-    oneof resource_type {
-      // Package resource
-      PackageResource pkg = 2;
-
-      // Package repository resource
-      RepositoryResource repository = 3;
-
-      // Exec resource
-      ExecResource exec = 4;
-
-      // File resource
-      FileResource file = 5;
-    }
-  }
-
-
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/osconfig_gapic.yaml b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/osconfig_gapic.yaml
deleted file mode 100644
index 0bcb880..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/osconfig_gapic.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-type: com.google.api.codegen.ConfigProto
-config_schema_version: 2.0.0
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/osconfig_v1.yaml b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/osconfig_v1.yaml
deleted file mode 100644
index 6c856d2..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/osconfig_v1.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-type: google.api.Service
-config_version: 3
-name: osconfig.googleapis.com
-title: OS Config API
-
-apis:
-- name: google.cloud.osconfig.agentendpoint.v1.AgentEndpointService
-
-documentation:
-  summary: |-
-    OS management tools that can be used for patch management, patch
-    compliance, and configuration management on VM instances.
-
-backend:
-  rules:
-  - selector: 'google.cloud.osconfig.agentendpoint.v1.AgentEndpointService.*'
-    deadline: 30.0
-  - selector: google.cloud.osconfig.agentendpoint.v1.AgentEndpointService.ReceiveTaskNotification
-    deadline: 3600.0
-
-http:
-  rules:
-  - selector: google.longrunning.Operations.CancelOperation
-    post: '/v1/{name=projects/*/locations/*/osPolicyAssignments/*/operations/*}:cancel'
-    body: '*'
-  - selector: google.longrunning.Operations.GetOperation
-    get: '/v1/{name=projects/*/locations/*/osPolicyAssignments/*/operations/*}'
-
-authentication:
-  rules:
-  - selector: google.longrunning.Operations.CancelOperation
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
-  - selector: google.longrunning.Operations.GetOperation
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/patch_jobs.proto b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/patch_jobs.proto
deleted file mode 100644
index acacc94..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/patch_jobs.proto
+++ /dev/null
@@ -1,294 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.agentendpoint.v1;
-
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/agentendpoint/v1;agentendpoint";
-option java_outer_classname = "PatchJobs";
-option java_package = "com.google.cloud.osconfig.agentendpoint.v1";
-
-// Patch configuration specifications. Contains details on how to
-// apply patches to a VM instance.
-message PatchConfig {
-  // Post-patch reboot settings.
-  enum RebootConfig {
-    // The default behavior is DEFAULT.
-    REBOOT_CONFIG_UNSPECIFIED = 0;
-
-    // The agent decides if a reboot is necessary by checking
-    // signals such as registry keys on Windows or `/var/run/reboot-required` on
-    // APT based systems. On RPM based systems, a set of core system package
-    // install times are compared with system boot time.
-    DEFAULT = 1;
-
-    // Always reboot the machine after the update completes.
-    ALWAYS = 2;
-
-    // Never reboot the machine after the update completes.
-    NEVER = 3;
-  }
-
-  // Post-patch reboot settings.
-  RebootConfig reboot_config = 1;
-
-  // Retry strategy can be defined to have the agent retry patching
-  // during the window if patching fails. If omitted, the agent will use its
-  // default retry strategy.
-  RetryStrategy retry_strategy = 2;
-
-  // Apt update settings. Use this override the default apt patch rules.
-  AptSettings apt = 3;
-
-  // Yum update settings. Use this override the default yum patch rules.
-  YumSettings yum = 4;
-
-  // Goo update settings. Use this override the default goo patch rules.
-  GooSettings goo = 5;
-
-  // Zypper update settings. Use this override the default zypper patch rules.
-  ZypperSettings zypper = 6;
-
-  // Windows update settings. Use this override the default windows patch rules.
-  WindowsUpdateSettings windows_update = 7;
-
-  // The ExecStep to run before the patch update.
-  ExecStep pre_step = 8;
-
-  // The ExecStep to run after the patch update.
-  ExecStep post_step = 9;
-
-  // Allows the patch job to run on Managed instance groups (MIGs).
-  bool mig_instances_allowed = 10;
-}
-
-// Apt patching will be performed by executing `apt-get update && apt-get
-// upgrade`. Additional options can be set to control how this is executed.
-message AptSettings {
-  // Apt patch type.
-  enum Type {
-    // By default, upgrade will be performed.
-    TYPE_UNSPECIFIED = 0;
-
-    // Runs `apt-get dist-upgrade`.
-    DIST = 1;
-
-    // Runs `apt-get upgrade`.
-    UPGRADE = 2;
-  }
-
-  // By changing the type to DIST, the patching will be performed
-  // using `apt-get dist-upgrade` instead.
-  Type type = 1;
-
-  // List of packages to exclude from update.
-  repeated string excludes = 2;
-
-  // An exclusive list of packages to be updated. These are the only packages
-  // that will be updated. If these packages are not installed, they will be
-  // ignored. This field cannot be specified with any other patch configuration
-  // fields.
-  repeated string exclusive_packages = 3;
-}
-
-// Yum patching will be performed by executing `yum update`. Additional options
-// can be set to control how this is executed.
-//
-// Note that not all settings are supported on all platforms.
-message YumSettings {
-  // Adds the `--security` flag to `yum update`. Not supported on
-  // all platforms.
-  bool security = 1;
-
-  // Will cause patch to run `yum update-minimal` instead.
-  bool minimal = 2;
-
-  // List of packages to exclude from update. These packages will be excluded by
-  // using the yum `--exclude` flag.
-  repeated string excludes = 3;
-
-  // An exclusive list of packages to be updated. These are the only packages
-  // that will be updated. If these packages are not installed, they will be
-  // ignored. This field must not be specified with any other patch
-  // configuration fields.
-  repeated string exclusive_packages = 4;
-}
-
-// Googet patching is performed by running `googet update`.
-message GooSettings {
-
-}
-
-// Zypper patching is performed by running `zypper patch`.
-// See also https://en.opensuse.org/SDB:Zypper_manual.
-message ZypperSettings {
-  // Adds the `--with-optional` flag to `zypper patch`.
-  bool with_optional = 1;
-
-  // Adds the `--with-update` flag, to `zypper patch`.
-  bool with_update = 2;
-
-  // Install only patches with these categories.
-  // Common categories include security, recommended, and feature.
-  repeated string categories = 3;
-
-  // Install only patches with these severities.
-  // Common severities include critical, important, moderate, and low.
-  repeated string severities = 4;
-
-  // List of patches to exclude from update.
-  repeated string excludes = 5;
-
-  // An exclusive list of patches to be updated. These are the only patches
-  // that will be installed using 'zypper patch patch:<patch_name>' command.
-  // This field must not be used with any other patch configuration fields.
-  repeated string exclusive_patches = 6;
-}
-
-// Windows patching is performed using the Windows Update Agent.
-message WindowsUpdateSettings {
-  // Microsoft Windows update classifications as defined in
-  // [1]
-  // https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro
-  enum Classification {
-    // Invalid. If classifications are included, they must be specified.
-    CLASSIFICATION_UNSPECIFIED = 0;
-
-    // "A widely released fix for a specific problem that addresses a critical,
-    // non-security-related bug." [1]
-    CRITICAL = 1;
-
-    // "A widely released fix for a product-specific, security-related
-    // vulnerability. Security vulnerabilities are rated by their severity. The
-    // severity rating is indicated in the Microsoft security bulletin as
-    // critical, important, moderate, or low." [1]
-    SECURITY = 2;
-
-    // "A widely released and frequent software update that contains additions
-    // to a product’s definition database. Definition databases are often used
-    // to detect objects that have specific attributes, such as malicious code,
-    // phishing websites, or junk mail." [1]
-    DEFINITION = 3;
-
-    // "Software that controls the input and output of a device." [1]
-    DRIVER = 4;
-
-    // "New product functionality that is first distributed outside the context
-    // of a product release and that is typically included in the next full
-    // product release." [1]
-    FEATURE_PACK = 5;
-
-    // "A tested, cumulative set of all hotfixes, security updates, critical
-    // updates, and updates. Additionally, service packs may contain additional
-    // fixes for problems that are found internally since the release of the
-    // product. Service packs my also contain a limited number of
-    // customer-requested design changes or features." [1]
-    SERVICE_PACK = 6;
-
-    // "A utility or feature that helps complete a task or set of tasks." [1]
-    TOOL = 7;
-
-    // "A tested, cumulative set of hotfixes, security updates, critical
-    // updates, and updates that are packaged together for easy deployment. A
-    // rollup generally targets a specific area, such as security, or a
-    // component of a product, such as Internet Information Services (IIS)." [1]
-    UPDATE_ROLLUP = 8;
-
-    // "A widely released fix for a specific problem. An update addresses a
-    // noncritical, non-security-related bug." [1]
-    UPDATE = 9;
-  }
-
-  // Only apply updates of these windows update classifications. If empty, all
-  // updates will be applied.
-  repeated Classification classifications = 1;
-
-  // List of KBs to exclude from update.
-  repeated string excludes = 2;
-
-  // An exclusive list of kbs to be updated. These are the only patches
-  // that will be updated. This field must not be used with other
-  // patch configurations.
-  repeated string exclusive_patches = 3;
-}
-
-// The strategy for retrying failed patches during the patch window.
-message RetryStrategy {
-  // If true, the agent will continue to try and patch until the window has
-  // ended.
-  bool enabled = 1;
-}
-
-// A step that runs an executable for a PatchJob.
-message ExecStep {
-  // The ExecStepConfig for all Linux VMs targeted by the PatchJob.
-  ExecStepConfig linux_exec_step_config = 1;
-
-  // The ExecStepConfig for all Windows VMs targeted by the PatchJob.
-  ExecStepConfig windows_exec_step_config = 2;
-}
-
-// Common configurations for an ExecStep.
-message ExecStepConfig {
-  // The interpreter used to execute the a file.
-  enum Interpreter {
-    // Deprecated, defaults to NONE for compatibility reasons.
-    INTERPRETER_UNSPECIFIED = 0;
-
-    // Invalid for a Windows ExecStepConfig. For a Linux ExecStepConfig, the
-    // interpreter will be parsed from the shebang line of the script if
-    // unspecified.
-    NONE = 3;
-
-    // Indicates that the script will be run with /bin/sh on Linux and cmd
-    // on windows.
-    SHELL = 1;
-
-    // Indicates that the file will be run with PowerShell.
-    POWERSHELL = 2;
-  }
-
-  // Location of the executable.
-  oneof executable {
-    // An absolute path to the executable on the VM.
-    string local_path = 1;
-
-    // A GCS object containing the executable.
-    GcsObject gcs_object = 2;
-  }
-
-  // Defaults to [0]. A list of possible return values that the
-  // execution can return to indicate a success.
-  repeated int32 allowed_success_codes = 3;
-
-  // The script interpreter to use to run the script. If no interpreter is
-  // specified the script will be executed directly, which will likely
-  // only succeed for scripts with shebang lines.
-  // [Wikipedia shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)).
-  Interpreter interpreter = 4;
-}
-
-// GCS object representation.
-message GcsObject {
-  // Bucket of the GCS object.
-  string bucket = 1;
-
-  // Name of the GCS object.
-  string object = 2;
-
-  // Generation number of the GCS object. This is used to ensure that the
-  // ExecStep specified by this PatchJob does not change.
-  int64 generation_number = 3;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/tasks.proto b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/tasks.proto
deleted file mode 100644
index 6ef7fc9..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1/tasks.proto
+++ /dev/null
@@ -1,286 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.agentendpoint.v1;
-
-import "google/api/field_behavior.proto";
-import "google/api/resource.proto";
-import "google/cloud/osconfig/agentendpoint/v1/config_common.proto";
-import "google/cloud/osconfig/agentendpoint/v1/os_policy.proto";
-import "google/cloud/osconfig/agentendpoint/v1/patch_jobs.proto";
-
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/agentendpoint/v1;agentendpoint";
-option java_multiple_files = true;
-option java_outer_classname = "Tasks";
-option java_package = "com.google.cloud.osconfig.agentendpoint.v1";
-option (google.api.resource_definition) = {
-  type: "osconfig.googleapis.com/OSPolicyAssignment"
-  pattern: "projects/{project}/locations/{location}/osPolicyAssignments/{os_policy_assignment}"
-};
-
-// Specifies the current agent behavior.
-enum TaskDirective {
-  // Unspecified is invalid.
-  TASK_DIRECTIVE_UNSPECIFIED = 0;
-
-  // The task should continue to progress.
-  CONTINUE = 1;
-
-  // Task should not be started, or if already in progress, should stop
-  // at first safe stopping point.  Task should be considered done and will
-  // never repeat.
-  STOP = 2;
-}
-
-// Specifies the type of task to perform.
-enum TaskType {
-  // Unspecified is invalid.
-  TASK_TYPE_UNSPECIFIED = 0;
-
-  // The apply patches task.
-  APPLY_PATCHES = 1;
-
-  // The exec step task.
-  EXEC_STEP_TASK = 2;
-
-  // The apply config task
-  APPLY_CONFIG_TASK = 3;
-}
-
-// A unit of work to be performed by the agent.
-message Task {
-  // Unique task id.
-  string task_id = 1;
-
-  // The type of task to perform.
-  //
-  // Task details must include the appropriate message based on this enum as
-  // specified below:
-  // APPLY_PATCHES = ApplyPatchesTask
-  // EXEC_STEP = ExecStepTask
-  // APPLY_CONFIG_TASK = ApplyConfigTask
-  TaskType task_type = 2;
-
-  // Current directive to the agent.
-  TaskDirective task_directive = 3;
-
-  // Specific details about the current task to perform.
-  oneof task_details {
-    // Details about the apply patches task to perform.
-    ApplyPatchesTask apply_patches_task = 4;
-
-    // Details about the exec step task to perform.
-    ExecStepTask exec_step_task = 5;
-
-    // Details about the apply config step task to perform.
-    ApplyConfigTask apply_config_task = 7;
-  }
-
-  // Labels describing the task.  Used for logging by the agent.
-  map<string, string> service_labels = 6;
-}
-
-// Message which instructs agent to apply patches.
-message ApplyPatchesTask {
-  // Specific information about how patches should be applied.
-  PatchConfig patch_config = 1;
-
-  // If true, the agent will report its status as it goes through the motions
-  // but won't actually run any updates or perform any reboots.
-  bool dry_run = 3;
-}
-
-// Information reported from the agent about applying patches execution.
-message ApplyPatchesTaskProgress {
-  // The intermediate states of applying patches.
-  enum State {
-    // Unspecified is invalid.
-    STATE_UNSPECIFIED = 0;
-
-    // The agent has started the patch task.
-    STARTED = 4;
-
-    // The agent is currently downloading patches.
-    DOWNLOADING_PATCHES = 1;
-
-    // The agent is currently applying patches.
-    APPLYING_PATCHES = 2;
-
-    // The agent is currently rebooting the instance.
-    REBOOTING = 3;
-  }
-
-  // Required. The current state of this patch execution.
-  State state = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// Information reported from the agent about applying patches execution.
-message ApplyPatchesTaskOutput {
-  // The final states of applying patches.
-  enum State {
-    // Unspecified is invalid.
-    STATE_UNSPECIFIED = 0;
-
-    // Applying patches completed successfully.
-    SUCCEEDED = 1;
-
-    // Applying patches completed successfully, but a reboot is required.
-    SUCCEEDED_REBOOT_REQUIRED = 2;
-
-    // Applying patches failed.
-    FAILED = 3;
-  }
-
-  // Required. The final state of this task.
-  State state = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// Message which instructs agent to execute the following command.
-message ExecStepTask {
-  // Details of the exec step to run.
-  ExecStep exec_step = 1;
-}
-
-// Information reported from the agent about the exec step execution.
-message ExecStepTaskProgress {
-  // The intermediate states of exec steps.
-  enum State {
-    // Unspecified is invalid.
-    STATE_UNSPECIFIED = 0;
-
-    // The agent has started the exec step task.
-    STARTED = 1;
-  }
-
-  // Required. The current state of this exec step.
-  State state = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// Information reported from the agent about the exec step execution.
-message ExecStepTaskOutput {
-  // The final states of exec steps.
-  enum State {
-    // Unspecified is invalid.
-    STATE_UNSPECIFIED = 0;
-
-    // The exec step completed normally.
-    COMPLETED = 1;
-
-    // The exec step was terminated because it took too long.
-    TIMED_OUT = 2;
-
-    // The exec step task was cancelled before it started.
-    CANCELLED = 3;
-  }
-
-  // Required. The final state of the exec step.
-  State state = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The exit code received from the script which ran as part of the exec step.
-  int32 exit_code = 2 [(google.api.field_behavior) = REQUIRED];
-}
-
-// Message which instructs OS Config agent to apply the desired state
-// configuration.
-message ApplyConfigTask {
-  // Message representing an OS policy.
-  message OSPolicy {
-    // User provided policy id.
-    // Used for reporting and logging by the agent.
-    string id = 1;
-
-    // The policy mode
-    .google.cloud.osconfig.agentendpoint.v1.OSPolicy.Mode mode = 2;
-
-    // Reference to the `OSPolicyAssignment` API resource that this `OSPolicy`
-    // belongs to.
-    // Format:
-    // projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}
-    // Used for reporting and logging by the agent.
-    string os_policy_assignment = 3 [(google.api.resource_reference) = {
-                                       type: "osconfig.googleapis.com/OSPolicyAssignment"
-                                     }];
-
-    // List of resources associated with the policy to be set to their
-    // desired state.
-    repeated .google.cloud.osconfig.agentendpoint.v1.OSPolicy.Resource resources = 4;
-  }
-
-  // List of os policies to be applied for the instance.
-  repeated OSPolicy os_policies = 1;
-}
-
-// Information reported from the agent regarding the progress of the task of
-// applying desired state configuration.
-message ApplyConfigTaskProgress {
-  // The intermediate states of apply config task.
-  enum State {
-    // Invalid state
-    STATE_UNSPECIFIED = 0;
-
-    // The agent has started the task.
-    STARTED = 1;
-
-    // The agent is in the process of applying the configuration.
-    APPLYING_CONFIG = 2;
-  }
-
-  // The current state of this task.
-  State state = 1;
-}
-
-// Information reported from the agent regarding the output of the task of
-// applying desired state configuration.
-message ApplyConfigTaskOutput {
-  // Result of applying desired state config for an OS policy.
-  message OSPolicyResult {
-    // The OS policy id
-    string os_policy_id = 1;
-
-    // Reference to the `OSPolicyAssignment` API resource that this `OSPolicy`
-    // belongs to.
-    // Format:
-    // projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}
-    // Used for reporting and logging by the agent.
-    string os_policy_assignment = 2 [(google.api.resource_reference) = {
-                                       type: "osconfig.googleapis.com/OSPolicyAssignment"
-                                     }];
-
-    // Results of applying desired state config for the OS policy resources.
-    repeated OSPolicyResourceCompliance os_policy_resource_compliances = 3;
-  }
-
-  // The final state of this task.
-  enum State {
-    // Unspecified is invalid.
-    STATE_UNSPECIFIED = 0;
-
-    // The apply config task completed successfully.
-    SUCCEEDED = 1;
-
-    // The apply config task failed.
-    FAILED = 2;
-
-    // The apply config task was cancelled.
-    CANCELLED = 3;
-  }
-
-  // Required. The final state of this task.
-  State state = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Results of applying desired state config for the OS policies.
-  repeated OSPolicyResult os_policy_results = 2;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/BUILD.bazel b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/BUILD.bazel
deleted file mode 100644
index 1952950..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/BUILD.bazel
+++ /dev/null
@@ -1,369 +0,0 @@
-# This file was automatically generated by BuildFileGenerator
-# https://github.com/googleapis/rules_gapic/tree/master/bazel
-
-# Most of the manual changes to this file will be overwritten.
-# It's **only** allowed to change the following rule attribute values:
-# - names of *_gapic_assembly_* rules
-# - certain parameters of *_gapic_library rules, including but not limited to:
-#    * extra_protoc_parameters
-#    * extra_protoc_file_parameters
-# The complete list of preserved parameters can be found in the source code.
-
-# This is an API workspace, having public visibility by default makes perfect sense.
-package(default_visibility = ["//visibility:public"])
-
-##############################################################################
-# Common
-##############################################################################
-load("@rules_proto//proto:defs.bzl", "proto_library")
-load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info")
-
-proto_library(
-    name = "agentendpoint_proto",
-    srcs = [
-        "agentendpoint.proto",
-        "guest_policies.proto",
-        "patch_jobs.proto",
-        "tasks.proto",
-    ],
-    deps = [
-        "//google/api:annotations_proto",
-        "//google/api:client_proto",
-        "//google/api:field_behavior_proto",
-    ],
-)
-
-proto_library_with_info(
-    name = "agentendpoint_proto_with_info",
-    deps = [
-        ":agentendpoint_proto",
-        "//google/cloud:common_resources_proto",
-    ],
-)
-
-##############################################################################
-# Java
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "java_gapic_assembly_gradle_pkg",
-    "java_gapic_library",
-    "java_gapic_test",
-    "java_grpc_library",
-    "java_proto_library",
-)
-
-java_proto_library(
-    name = "agentendpoint_java_proto",
-    deps = [":agentendpoint_proto"],
-)
-
-java_grpc_library(
-    name = "agentendpoint_java_grpc",
-    srcs = [":agentendpoint_proto"],
-    deps = [":agentendpoint_java_proto"],
-)
-
-java_gapic_library(
-    name = "agentendpoint_java_gapic",
-    srcs = [":agentendpoint_proto_with_info"],
-    gapic_yaml = "osconfig_gapic.yaml",
-    grpc_service_config = "agentendpoint_grpc_service_config.json",
-    service_yaml = "osconfig_v1beta.yaml",
-    test_deps = [
-        ":agentendpoint_java_grpc",
-    ],
-    transport = "grpc+rest",
-    deps = [
-        ":agentendpoint_java_proto",
-        "//google/api:api_java_proto",
-    ],
-)
-
-java_gapic_test(
-    name = "agentendpoint_java_gapic_test_suite",
-    test_classes = [
-        "com.google.cloud.osconfig.agentendpoint.v1beta.AgentEndpointServiceClientHttpJsonTest",
-        "com.google.cloud.osconfig.agentendpoint.v1beta.AgentEndpointServiceClientTest",
-    ],
-    runtime_deps = [":agentendpoint_java_gapic_test"],
-)
-
-# Open Source Packages
-java_gapic_assembly_gradle_pkg(
-    name = "google-cloud-osconfig-agentendpoint-v1beta-java",
-    include_samples = True,
-    transport = "grpc+rest",
-    deps = [
-        ":agentendpoint_java_gapic",
-        ":agentendpoint_java_grpc",
-        ":agentendpoint_java_proto",
-        ":agentendpoint_proto",
-    ],
-)
-
-##############################################################################
-# Go
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "go_gapic_assembly_pkg",
-    "go_gapic_library",
-    "go_proto_library",
-    "go_test",
-)
-
-go_proto_library(
-    name = "agentendpoint_go_proto",
-    compilers = ["@io_bazel_rules_go//proto:go_grpc"],
-    importpath = "google.golang.org/genproto/googleapis/cloud/osconfig/agentendpoint/v1beta",
-    protos = [":agentendpoint_proto"],
-    deps = [
-        "//google/api:annotations_go_proto",
-    ],
-)
-
-go_gapic_library(
-    name = "agentendpoint_go_gapic",
-    srcs = [":agentendpoint_proto_with_info"],
-    grpc_service_config = "agentendpoint_grpc_service_config.json",
-    importpath = "cloud.google.com/go/osconfig/agentendpoint/apiv1beta;agentendpoint",
-    metadata = True,
-    service_yaml = "osconfig_v1beta.yaml",
-    transport = "grpc+rest",
-    deps = [
-        ":agentendpoint_go_proto",
-    ],
-)
-
-go_test(
-    name = "agentendpoint_go_gapic_test",
-    srcs = [":agentendpoint_go_gapic_srcjar_test"],
-    embed = [":agentendpoint_go_gapic"],
-    importpath = "cloud.google.com/go/osconfig/agentendpoint/apiv1beta",
-)
-
-# Open Source Packages
-go_gapic_assembly_pkg(
-    name = "gapi-cloud-osconfig-agentendpoint-v1beta-go",
-    deps = [
-        ":agentendpoint_go_gapic",
-        ":agentendpoint_go_gapic_srcjar-metadata.srcjar",
-        ":agentendpoint_go_gapic_srcjar-test.srcjar",
-        ":agentendpoint_go_proto",
-    ],
-)
-
-##############################################################################
-# Python
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "py_gapic_assembly_pkg",
-    "py_gapic_library",
-    "py_test",
-)
-
-py_gapic_library(
-    name = "agentendpoint_py_gapic",
-    srcs = [":agentendpoint_proto"],
-    grpc_service_config = "agentendpoint_grpc_service_config.json",
-    transport = "grpc",
-)
-
-py_test(
-    name = "agentendpoint_py_gapic_test",
-    srcs = [
-        "agentendpoint_py_gapic_pytest.py",
-        "agentendpoint_py_gapic_test.py",
-    ],
-    legacy_create_init = False,
-    deps = [":agentendpoint_py_gapic"],
-)
-
-# Open Source Packages
-py_gapic_assembly_pkg(
-    name = "osconfig-agentendpoint-v1beta-py",
-    deps = [
-        ":agentendpoint_py_gapic",
-    ],
-)
-
-##############################################################################
-# PHP
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "php_gapic_assembly_pkg",
-    "php_gapic_library",
-    "php_grpc_library",
-    "php_proto_library",
-)
-
-php_proto_library(
-    name = "agentendpoint_php_proto",
-    deps = [":agentendpoint_proto"],
-)
-
-php_grpc_library(
-    name = "agentendpoint_php_grpc",
-    srcs = [":agentendpoint_proto"],
-    deps = [":agentendpoint_php_proto"],
-)
-
-php_gapic_library(
-    name = "agentendpoint_php_gapic",
-    srcs = [":agentendpoint_proto_with_info"],
-    grpc_service_config = "agentendpoint_grpc_service_config.json",
-    service_yaml = "osconfig_v1beta.yaml",
-    deps = [
-        ":agentendpoint_php_grpc",
-        ":agentendpoint_php_proto",
-    ],
-)
-
-# Open Source Packages
-php_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-agentendpoint-v1beta-php",
-    deps = [
-        ":agentendpoint_php_gapic",
-        ":agentendpoint_php_grpc",
-        ":agentendpoint_php_proto",
-    ],
-)
-
-##############################################################################
-# Node.js
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "nodejs_gapic_assembly_pkg",
-    "nodejs_gapic_library",
-)
-
-nodejs_gapic_library(
-    name = "agentendpoint_nodejs_gapic",
-    package_name = "@google-cloud/agentendpoint",
-    src = ":agentendpoint_proto_with_info",
-    extra_protoc_parameters = ["metadata"],
-    grpc_service_config = "agentendpoint_grpc_service_config.json",
-    package = "google.cloud.osconfig.agentendpoint.v1beta",
-    service_yaml = "osconfig_v1beta.yaml",
-    deps = [],
-)
-
-nodejs_gapic_assembly_pkg(
-    name = "osconfig-agentendpoint-v1beta-nodejs",
-    deps = [
-        ":agentendpoint_nodejs_gapic",
-        ":agentendpoint_proto",
-    ],
-)
-
-##############################################################################
-# Ruby
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "ruby_cloud_gapic_library",
-    "ruby_gapic_assembly_pkg",
-    "ruby_grpc_library",
-    "ruby_proto_library",
-)
-
-ruby_proto_library(
-    name = "agentendpoint_ruby_proto",
-    deps = [":agentendpoint_proto"],
-)
-
-ruby_grpc_library(
-    name = "agentendpoint_ruby_grpc",
-    srcs = [":agentendpoint_proto"],
-    deps = [":agentendpoint_ruby_proto"],
-)
-
-ruby_cloud_gapic_library(
-    name = "agentendpoint_ruby_gapic",
-    srcs = [":agentendpoint_proto_with_info"],
-    extra_protoc_parameters = ["ruby-cloud-gem-name=google-cloud-agentendpoint-v1beta"],
-    grpc_service_config = "agentendpoint_grpc_service_config.json",
-    deps = [
-        ":agentendpoint_ruby_grpc",
-        ":agentendpoint_ruby_proto",
-    ],
-)
-
-# Open Source Packages
-ruby_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-agentendpoint-v1beta-ruby",
-    deps = [
-        ":agentendpoint_ruby_gapic",
-        ":agentendpoint_ruby_grpc",
-        ":agentendpoint_ruby_proto",
-    ],
-)
-
-##############################################################################
-# C#
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "csharp_gapic_assembly_pkg",
-    "csharp_gapic_library",
-    "csharp_grpc_library",
-    "csharp_proto_library",
-)
-
-csharp_proto_library(
-    name = "agentendpoint_csharp_proto",
-    deps = [":agentendpoint_proto"],
-)
-
-csharp_grpc_library(
-    name = "agentendpoint_csharp_grpc",
-    srcs = [":agentendpoint_proto"],
-    deps = [":agentendpoint_csharp_proto"],
-)
-
-csharp_gapic_library(
-    name = "agentendpoint_csharp_gapic",
-    srcs = [":agentendpoint_proto_with_info"],
-    common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json",
-    grpc_service_config = "agentendpoint_grpc_service_config.json",
-    service_yaml = "osconfig_v1beta.yaml",
-    deps = [
-        ":agentendpoint_csharp_grpc",
-        ":agentendpoint_csharp_proto",
-    ],
-)
-
-# Open Source Packages
-csharp_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-agentendpoint-v1beta-csharp",
-    deps = [
-        ":agentendpoint_csharp_gapic",
-        ":agentendpoint_csharp_grpc",
-        ":agentendpoint_csharp_proto",
-    ],
-)
-
-##############################################################################
-# C++
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "cc_grpc_library",
-    "cc_proto_library",
-)
-
-cc_proto_library(
-    name = "agentendpoint_cc_proto",
-    deps = [":agentendpoint_proto"],
-)
-
-cc_grpc_library(
-    name = "agentendpoint_cc_grpc",
-    srcs = [":agentendpoint_proto"],
-    grpc_only = True,
-    deps = [":agentendpoint_cc_proto"],
-)
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/agentendpoint.proto b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/agentendpoint.proto
deleted file mode 100644
index db8330f..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/agentendpoint.proto
+++ /dev/null
@@ -1,206 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.agentendpoint.v1beta;
-
-import "google/api/client.proto";
-import "google/api/field_behavior.proto";
-import "google/cloud/osconfig/agentendpoint/v1beta/guest_policies.proto";
-import "google/cloud/osconfig/agentendpoint/v1beta/tasks.proto";
-
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/agentendpoint/v1beta;agentendpoint";
-option java_multiple_files = true;
-option java_outer_classname = "AgentEndpointProto";
-option java_package = "com.google.cloud.osconfig.agentendpoint.v1beta";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1beta";
-
-// OS Config agent endpoint API.
-service AgentEndpointService {
-  option (google.api.default_host) = "osconfig.googleapis.com";
-
-  // Stream established by client to receive Task notifications.
-  rpc ReceiveTaskNotification(ReceiveTaskNotificationRequest) returns (stream ReceiveTaskNotificationResponse) {
-    option (google.api.method_signature) = "instance_id_token,agent_version";
-  }
-
-  // Signals the start of a task execution and returns the task info.
-  rpc StartNextTask(StartNextTaskRequest) returns (StartNextTaskResponse) {
-    option (google.api.method_signature) = "instance_id_token";
-  }
-
-  // Signals an intermediary progress checkpoint in task execution.
-  rpc ReportTaskProgress(ReportTaskProgressRequest) returns (ReportTaskProgressResponse) {
-    option (google.api.method_signature) = "instance_id_token,task_id,task_type";
-  }
-
-  // Signals that the task execution is complete and optionally returns the next
-  // task.
-  rpc ReportTaskComplete(ReportTaskCompleteRequest) returns (ReportTaskCompleteResponse) {
-    option (google.api.method_signature) = "instance_id_token,task_id,task_type,error_message";
-  }
-
-  // Lookup the effective guest policy that applies to a VM instance. This
-  // lookup merges all policies that are assigned to the instance ancestry.
-  rpc LookupEffectiveGuestPolicy(LookupEffectiveGuestPolicyRequest) returns (EffectiveGuestPolicy) {
-    option (google.api.method_signature) = "instance_id_token,os_short_name,os_version,os_architecture";
-  }
-
-  // Registers the agent running on the VM.
-  rpc RegisterAgent(RegisterAgentRequest) returns (RegisterAgentResponse) {
-    option (google.api.method_signature) = "instance_id_token,agent_version,supported_capabilities";
-  }
-}
-
-// A request message to receive task notifications.
-message ReceiveTaskNotificationRequest {
-  // Required. This is the Compute Engine instance identity token described in
-  // https://cloud.google.com/compute/docs/instances/verifying-instance-identity
-  // where the audience is 'osconfig.googleapis.com' and the format is 'full'.
-  string instance_id_token = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The version of the agent making the request.
-  string agent_version = 2 [(google.api.field_behavior) = REQUIRED];
-}
-
-// The streaming rpc message that notifies the agent when it has a task
-// that it needs to perform on the VM instance.
-message ReceiveTaskNotificationResponse {
-
-}
-
-// A request message for signaling the start of a task execution.
-message StartNextTaskRequest {
-  // Required. This is the Compute Engine instance identity token described in
-  // https://cloud.google.com/compute/docs/instances/verifying-instance-identity
-  // where the audience is 'osconfig.googleapis.com' and the format is 'full'.
-  string instance_id_token = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// A response message that contains the details of the task to work on.
-message StartNextTaskResponse {
-  // The details of the task that should be worked on.  Can be empty if there
-  // is no new task to work on.
-  Task task = 1;
-}
-
-// A request message for reporting the progress of current task.
-message ReportTaskProgressRequest {
-  // Required. This is the Compute Engine instance identity token described in
-  // https://cloud.google.com/compute/docs/instances/verifying-instance-identity
-  // where the audience is 'osconfig.googleapis.com' and the format is 'full'.
-  string instance_id_token = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. Unique identifier of the task this applies to.
-  string task_id = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The type of task to report progress on.
-  //
-  // Progress must include the appropriate message based on this enum as
-  // specified below:
-  // APPLY_PATCHES = ApplyPatchesTaskProgress
-  // EXEC_STEP = Progress not supported for this type.
-  // APPLY_CONFIG_TASK = ApplyConfigTaskProgress
-  TaskType task_type = 3 [(google.api.field_behavior) = REQUIRED];
-
-  // Intermediate progress of the current task.
-  oneof progress {
-    // Details about the progress of the apply patches task.
-    ApplyPatchesTaskProgress apply_patches_task_progress = 4;
-
-    // Details about the progress of the exec step task.
-    ExecStepTaskProgress exec_step_task_progress = 5;
-  }
-}
-
-// The response message after the agent reported the current task progress.
-message ReportTaskProgressResponse {
-  // Instructs agent to continue or not.
-  TaskDirective task_directive = 1;
-}
-
-// A request message for signaling the completion of a task execution.
-message ReportTaskCompleteRequest {
-  // Required. This is the Compute Engine instance identity token described in
-  // https://cloud.google.com/compute/docs/instances/verifying-instance-identity
-  // where the audience is 'osconfig.googleapis.com' and the format is 'full'.
-  string instance_id_token = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. Unique identifier of the task this applies to.
-  string task_id = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The type of task to report completed.
-  //
-  // The output must include the appropriate message based on the following
-  // enum values:
-  // APPLY_PATCHES = ApplyPatchesTaskOutput
-  // EXEC_STEP = ExecStepTaskOutput
-  // APPLY_CONFIG_TASK = ApplyConfigTaskOutput
-  TaskType task_type = 3 [(google.api.field_behavior) = REQUIRED];
-
-  // Descriptive error message if the task execution ended in error.
-  string error_message = 4;
-
-  // Final output details of the current task.
-  oneof output {
-    // Final output details of the apply patches task;
-    ApplyPatchesTaskOutput apply_patches_task_output = 5;
-
-    // Final output details of the exec step task;
-    ExecStepTaskOutput exec_step_task_output = 6;
-  }
-}
-
-// The response message after the agent signaled the current task complete.
-message ReportTaskCompleteResponse {
-
-}
-
-// The request message for registering the agent.
-message RegisterAgentRequest {
-  // Required. This is the Compute Engine instance identity token described in
-  // https://cloud.google.com/compute/docs/instances/verifying-instance-identity
-  // where the audience is 'osconfig.googleapis.com' and the format is 'full'.
-  string instance_id_token = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The version of the agent.
-  string agent_version = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The capabilities supported by the agent. Supported values are:
-  // PATCH_GA
-  // GUEST_POLICY_BETA
-  // CONFIG_V1
-  repeated string supported_capabilities = 3 [(google.api.field_behavior) = REQUIRED];
-
-  // The operating system long name.
-  // For example 'Debian GNU/Linux 9' or 'Microsoft Window Server 2019
-  // Datacenter'.
-  string os_long_name = 4;
-
-  // The operating system short name.
-  // For example, 'windows' or 'debian'.
-  string os_short_name = 5;
-
-  // The version of the operating system.
-  string os_version = 6;
-
-  // The system architecture of the operating system.
-  string os_architecture = 7;
-}
-
-// The response message after the agent registered.
-message RegisterAgentResponse {
-
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/agentendpoint_grpc_service_config.json b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/agentendpoint_grpc_service_config.json
deleted file mode 100644
index 0831402..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/agentendpoint_grpc_service_config.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-  "methodConfig": [{
-    "name": [{ "service": "google.cloud.osconfig.agentendpoint.v1beta.AgentEndpointService" }],
-    "timeout": "60s",
-    "retryPolicy": {
-      "maxAttempts": 5,
-      "initialBackoff": "1s",
-      "maxBackoff": "60s",
-      "backoffMultiplier": 1.3,
-      "retryableStatusCodes": ["UNAVAILABLE"]
-    }
-  },{
-      "name": [
-        {
-          "service": "google.cloud.osconfig.agentendpoint.v1beta.AgentEndpointService",
-          "method": "ReceiveTaskNotification"
-        }
-      ],
-      "timeout": "3600s",
-      "retryPolicy": {
-        "maxAttempts": 5,
-        "initialBackoff": "1s",
-        "maxBackoff": "60s",
-        "backoffMultiplier": 1.3,
-        "retryableStatusCodes": [
-          "DEADLINE_EXCEEDED",
-          "CANCELLED",
-          "ABORTED",
-          "INTERNAL",
-          "UNAVAILABLE"
-        ]
-      }
-    }]
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/guest_policies.proto b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/guest_policies.proto
deleted file mode 100644
index c8d9dd6..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/guest_policies.proto
+++ /dev/null
@@ -1,562 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.agentendpoint.v1beta;
-
-import "google/api/field_behavior.proto";
-
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/agentendpoint/v1beta;agentendpoint";
-option java_outer_classname = "GuestPolicies";
-option java_package = "com.google.cloud.osconfig.agentendpoint.v1beta";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1beta";
-
-// The desired state that the OS Config agent will maintain on the VM.
-enum DesiredState {
-  // The default is to ensure the package is installed.
-  DESIRED_STATE_UNSPECIFIED = 0;
-
-  // The agent ensures that the package is installed.
-  INSTALLED = 1;
-
-  // The agent ensures that the package is installed and
-  // periodically checks for and install any updates.
-  UPDATED = 2;
-
-  // The agent ensures that the package is not installed and uninstall it
-  // if detected.
-  REMOVED = 3;
-}
-
-// Package is a reference to the software package to be installed or removed.
-// The agent on the VM instance uses the system package manager to apply the
-// config.
-//
-//
-// These are the commands that the agent uses to install or remove
-// packages.
-//
-// Apt
-// install: `apt-get update && apt-get -y install package1 package2 package3`
-// remove: `apt-get -y remove package1 package2 package3`
-//
-// Yum
-// install: `yum -y install package1 package2 package3`
-// remove: `yum -y remove package1 package2 package3`
-//
-// Zypper
-// install: `zypper install package1 package2 package3`
-// remove: `zypper rm package1 package2`
-//
-// Googet
-// install: `googet -noconfirm install package1 package2 package3`
-// remove: `googet -noconfirm remove package1 package2 package3`
-message Package {
-  // Types of package managers that may be used to manage this package.
-  enum Manager {
-    // The default behavior is ANY.
-    MANAGER_UNSPECIFIED = 0;
-
-    // Apply this package config using the default system package manager.
-    ANY = 1;
-
-    // Apply this package config only if Apt is available on the system.
-    APT = 2;
-
-    // Apply this package config only if Yum is available on the system.
-    YUM = 3;
-
-    // Apply this package config only if Zypper is available on the system.
-    ZYPPER = 4;
-
-    // Apply this package config only if GooGet is available on the system.
-    GOO = 5;
-  }
-
-  // The name of the package. A package is uniquely identified for conflict
-  // validation by checking the package name and the manager(s) that the
-  // package targets.
-  string name = 1;
-
-  // The desired_state the agent should maintain for this package. The
-  // default is to ensure the package is installed.
-  DesiredState desired_state = 2;
-
-  // Type of package manager that can be used to install this package.
-  // If a system does not have the package manager, the package is not
-  // installed or removed no error message is returned. By default,
-  // or if you specify `ANY`,
-  // the agent attempts to install and remove this package using the default
-  // package manager. This is useful when creating a policy that applies to
-  // different types of systems.
-  //
-  // The default behavior is ANY.
-  Manager manager = 3;
-}
-
-// Represents a single Apt package repository. This repository is added to
-// a repo file that is stored at
-// `/etc/apt/sources.list.d/google_osconfig.list`.
-message AptRepository {
-  // Type of archive.
-  enum ArchiveType {
-    // Unspecified.
-    ARCHIVE_TYPE_UNSPECIFIED = 0;
-
-    // DEB indicates that the archive contains binary files.
-    DEB = 1;
-
-    // DEB_SRC indicates that the archive contains source files.
-    DEB_SRC = 2;
-  }
-
-  // Type of archive files in this repository. The default behavior is DEB.
-  ArchiveType archive_type = 1;
-
-  // URI for this repository.
-  string uri = 2;
-
-  // Distribution of this repository.
-  string distribution = 3;
-
-  // List of components for this repository. Must contain at least one item.
-  repeated string components = 4;
-
-  // URI of the key file for this repository. The agent maintains
-  // a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
-  // all the keys in any applied guest policy.
-  string gpg_key = 5;
-}
-
-// Represents a single Yum package repository. This repository is added to a
-// repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
-message YumRepository {
-  // A one word, unique name for this repository. This is
-  // the `repo id` in the Yum config file and also the `display_name` if
-  // `display_name` is omitted. This id is also used as the unique identifier
-  // when checking for guest policy conflicts.
-  string id = 1;
-
-  // The display name of the repository.
-  string display_name = 2;
-
-  // The location of the repository directory.
-  string base_url = 3;
-
-  // URIs of GPG keys.
-  repeated string gpg_keys = 4;
-}
-
-// Represents a single Zypper package repository. This repository is added to a
-// repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
-message ZypperRepository {
-  // A one word, unique name for this repository. This is
-  // the `repo id` in the zypper config file and also the `display_name` if
-  // `display_name` is omitted. This id is also used as the unique identifier
-  // when checking for guest policy conflicts.
-  string id = 1;
-
-  // The display name of the repository.
-  string display_name = 2;
-
-  // The location of the repository directory.
-  string base_url = 3;
-
-  // URIs of GPG keys.
-  repeated string gpg_keys = 4;
-}
-
-// Represents a Goo package repository. These is added to a repo file
-// that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
-message GooRepository {
-  // The name of the repository.
-  string name = 1;
-
-  // The url of the repository.
-  string url = 2;
-}
-
-// A package repository.
-message PackageRepository {
-  // A specific type of repository.
-  oneof repository {
-    // An Apt Repository.
-    AptRepository apt = 1;
-
-    // A Yum Repository.
-    YumRepository yum = 2;
-
-    // A Zypper Repository.
-    ZypperRepository zypper = 3;
-
-    // A Goo Repository.
-    GooRepository goo = 4;
-  }
-}
-
-// A software recipe is a set of instructions for installing and configuring a
-// piece of software. It consists of a set of artifacts that are
-// downloaded, and a set of steps that install, configure, and/or update the
-// software.
-//
-// Recipes support installing and updating software from artifacts in the
-// following formats:
-// Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
-//
-// Additionally, recipes support executing a script (either defined in a file or
-// directly in this api) in bash, sh, cmd, and powershell.
-//
-// Updating a software recipe
-//
-// If a recipe is assigned to an instance and there is a recipe with the same
-// name but a lower version already installed and the assigned state
-// of the recipe is `INSTALLED_KEEP_UPDATED`, then the recipe is updated to
-// the new version.
-//
-// Script Working Directories
-//
-// Each script or execution step is run in its own temporary directory which
-// is deleted after completing the step.
-message SoftwareRecipe {
-  // Specifies a resource to be used in the recipe.
-  message Artifact {
-    // Specifies an artifact available via some URI.
-    message Remote {
-      // URI from which to fetch the object. It should contain both the protocol
-      // and path following the format {protocol}://{location}.
-      string uri = 1;
-
-      // Must be provided if `allow_insecure` is `false`.
-      // SHA256 checksum in hex format, to compare to the checksum of the
-      // artifact. If the checksum is not empty and it doesn't match the
-      // artifact then the recipe installation fails before running any of the
-      // steps.
-      string checksum = 2;
-    }
-
-    // Specifies an artifact available as a Cloud Storage object.
-    message Gcs {
-      // Bucket of the Cloud Storage object.
-      // Given an example URL:
-      // `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
-      // this value would be `my-bucket`.
-      string bucket = 1;
-
-      // Name of the Cloud Storage object.
-      // As specified [here]
-      // (https://cloud.google.com/storage/docs/naming#objectnames)
-      // Given an example URL:
-      // `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
-      // this value would be `foo/bar`.
-      string object = 2;
-
-      // Must be provided if allow_insecure is false.
-      // Generation number of the Cloud Storage object.
-      // `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
-      // this value would be `1234567`.
-      int64 generation = 3;
-    }
-
-    // Id of the artifact, which the installation and update steps of this
-    // recipe can reference. Artifacts in a recipe cannot have the same id.
-    string id = 1;
-
-    // A specific type of artifact.
-    oneof artifact {
-      // A generic remote artifact.
-      Remote remote = 2;
-
-      // A Cloud Storage artifact.
-      Gcs gcs = 3;
-    }
-
-    // Defaults to false. When false, recipes are subject to validations
-    // based on the artifact type:
-    //
-    // Remote: A checksum must be specified, and only protocols with
-    //         transport-layer security are permitted.
-    // GCS:    An object generation number must be specified.
-    bool allow_insecure = 4;
-  }
-
-  // An action that can be taken as part of installing or updating a recipe.
-  message Step {
-    // Copies the artifact to the specified path on the instance.
-    message CopyFile {
-      // The id of the relevant artifact in the recipe.
-      string artifact_id = 1;
-
-      // The absolute path on the instance to put the file.
-      string destination = 2;
-
-      // Whether to allow this step to overwrite existing files. If this is
-      // false and the file already exists the file is not overwritten
-      // and the step is considered a success. Defaults to false.
-      bool overwrite = 3;
-
-      // Consists of three octal digits which represent, in
-      // order, the permissions of the owner, group, and other users for the
-      // file (similarly to the numeric mode used in the linux chmod utility).
-      // Each digit represents a three bit number with the 4 bit
-      // corresponding to the read permissions, the 2 bit corresponds to the
-      // write bit, and the one bit corresponds to the execute permission.
-      // Default behavior is 755.
-      //
-      // Below are some examples of permissions and their associated values:
-      // read, write, and execute: 7
-      // read and execute: 5
-      // read and write: 6
-      // read only: 4
-      string permissions = 4;
-    }
-
-    // Extracts an archive of the type specified in the specified directory.
-    message ExtractArchive {
-      // Specifying the type of archive.
-      enum ArchiveType {
-        // Indicates that the archive type isn't specified.
-        ARCHIVE_TYPE_UNSPECIFIED = 0;
-
-        // Indicates that the archive is a tar archive with no encryption.
-        TAR = 1;
-
-        // Indicates that the archive is a tar archive with gzip encryption.
-        TAR_GZIP = 2;
-
-        // Indicates that the archive is a tar archive with bzip encryption.
-        TAR_BZIP = 3;
-
-        // Indicates that the archive is a tar archive with lzma encryption.
-        TAR_LZMA = 4;
-
-        // Indicates that the archive is a tar archive with xz encryption.
-        TAR_XZ = 5;
-
-        // Indicates that the archive is a zip archive.
-        ZIP = 11;
-      }
-
-      // The id of the relevant artifact in the recipe.
-      string artifact_id = 1;
-
-      // Directory to extract archive to.
-      // Defaults to `/` on Linux or `C:\` on Windows.
-      string destination = 2;
-
-      // The type of the archive to extract.
-      ArchiveType type = 3;
-    }
-
-    // Installs an MSI file.
-    message InstallMsi {
-      // The id of the relevant artifact in the recipe.
-      string artifact_id = 1;
-
-      // The flags to use when installing the MSI
-      // defaults to ["/i"] (i.e. the install flag).
-      repeated string flags = 2;
-
-      // Return codes that indicate that the software installed or updated
-      // successfully. Behaviour defaults to [0]
-      repeated int32 allowed_exit_codes = 3;
-    }
-
-    // Installs a deb via dpkg.
-    message InstallDpkg {
-      // The id of the relevant artifact in the recipe.
-      string artifact_id = 1;
-    }
-
-    // Installs an rpm file via the rpm utility.
-    message InstallRpm {
-      // The id of the relevant artifact in the recipe.
-      string artifact_id = 1;
-    }
-
-    // Executes an artifact or local file.
-    message ExecFile {
-      // Location of the file to execute.
-      oneof location_type {
-        // The id of the relevant artifact in the recipe.
-        string artifact_id = 1;
-
-        // The absolute path of the file on the local filesystem.
-        string local_path = 2;
-      }
-
-      // Arguments to be passed to the provided executable.
-      repeated string args = 3;
-
-      // Defaults to [0]. A list of possible return values that the program
-      // can return to indicate a success.
-      repeated int32 allowed_exit_codes = 4;
-    }
-
-    // Runs a script through an interpreter.
-    message RunScript {
-      // The interpreter used to execute a script.
-      enum Interpreter {
-        // Default value for ScriptType.
-        INTERPRETER_UNSPECIFIED = 0;
-
-        // Indicates that the script is run with `/bin/sh` on Linux and `cmd`
-        // on windows.
-        SHELL = 1;
-
-        // Indicates that the script is run with powershell.
-        POWERSHELL = 3;
-      }
-
-      // The shell script to be executed.
-      string script = 1;
-
-      // Return codes that indicate that the software installed or updated
-      // successfully. Behaviour defaults to [0]
-      repeated int32 allowed_exit_codes = 2;
-
-      // The script interpreter to use to run the script. If no interpreter is
-      // specified the script is executed directly, which likely
-      // only succeed for scripts with
-      // [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)).
-      Interpreter interpreter = 3;
-    }
-
-    // A specific type of step.
-    oneof step {
-      // Copies a file onto the instance.
-      CopyFile file_copy = 1;
-
-      // Extracts an archive into the specified directory.
-      ExtractArchive archive_extraction = 2;
-
-      // Installs an MSI file.
-      InstallMsi msi_installation = 3;
-
-      // Installs a deb file via dpkg.
-      InstallDpkg dpkg_installation = 4;
-
-      // Installs an rpm file via the rpm utility.
-      InstallRpm rpm_installation = 5;
-
-      // Executes an artifact or local file.
-      ExecFile file_exec = 6;
-
-      // Runs commands in a shell.
-      RunScript script_run = 7;
-    }
-  }
-
-  // Unique identifier for the recipe. Only one recipe with a given name is
-  // installed on an instance.
-  //
-  // Names are also used to identify resources which helps to determine whether
-  // guest policies have conflicts. This means that requests to create multiple
-  // recipes with the same name and version are rejected since they
-  // could potentially have conflicting assignments.
-  string name = 1;
-
-  // The version of this software recipe. Version can be up to 4 period
-  // separated numbers (e.g. 12.34.56.78).
-  string version = 2;
-
-  // Resources available to be used in the steps in the recipe.
-  repeated Artifact artifacts = 3;
-
-  // Actions to be taken for installing this recipe. On failure it stops
-  // executing steps and does not attempt another installation. Any steps taken
-  // (including partially completed steps) are not rolled back.  Install steps
-  // must be specified and are used on first installation.
-  repeated Step install_steps = 4;
-
-  // Actions to be taken for updating this recipe. On failure it stops
-  // executing steps and  does not attempt another update for this recipe. Any
-  // steps taken (including partially completed steps) are not rolled back.
-  // Upgrade steps are not mandatory and are only used when upgrading.
-  repeated Step update_steps = 5;
-
-  // Default is INSTALLED. The desired state the agent should maintain for this
-  // recipe.
-  //
-  // INSTALLED: The software recipe is installed on the instance but won't be
-  //                         updated to new versions.
-  // UPDATED: The software recipe is installed on the instance. The recipe is
-  //                         updated to a higher version, if a higher version of
-  //                         the recipe is assigned to this instance.
-  // REMOVE: Remove is unsupported for software recipes and attempts to
-  //         create or update a recipe to the REMOVE state is rejected.
-  DesiredState desired_state = 6;
-}
-
-// A request message for getting effective policy assigned to the instance.
-message LookupEffectiveGuestPolicyRequest {
-  // Required. This is the GCE instance identity token described in
-  // https://cloud.google.com/compute/docs/instances/verifying-instance-identity
-  // where the audience is 'osconfig.googleapis.com' and the format is 'full'.
-  string instance_id_token = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Short name of the OS running on the instance. The OS Config agent only
-  // provideS this field for targeting if OS Inventory is enabled for that
-  // instance.
-  string os_short_name = 2;
-
-  // Version of the OS running on the instance. The OS Config agent only
-  // provide this field for targeting if OS Inventory is enabled for that
-  // VM instance.
-  string os_version = 3;
-
-  // Architecture of OS running on the instance. The OS Config agent only
-  // provide this field for targeting if OS Inventory is enabled for that
-  // instance.
-  string os_architecture = 4;
-}
-
-// The effective guest policy assigned to the instance.
-message EffectiveGuestPolicy {
-  // A guest policy package including its source.
-  message SourcedPackage {
-    // Name of the guest policy providing this config.
-    string source = 1;
-
-    // A software package to configure on the VM instance.
-    Package package = 2;
-  }
-
-  // A guest policy package repository including its source.
-  message SourcedPackageRepository {
-    // Name of the guest policy providing this config.
-    string source = 1;
-
-    // A software package repository to configure on the VM instance.
-    PackageRepository package_repository = 2;
-  }
-
-  // A guest policy recipe including its source.
-  message SourcedSoftwareRecipe {
-    // Name of the guest policy providing this config.
-    string source = 1;
-
-    // A software recipe to configure on the VM instance.
-    SoftwareRecipe software_recipe = 2;
-  }
-
-  // List of package configurations assigned to the VM instance.
-  repeated SourcedPackage packages = 1;
-
-  // List of package repository configurations assigned to the VM instance.
-  repeated SourcedPackageRepository package_repositories = 2;
-
-  // List of recipes assigned to the VM instance.
-  repeated SourcedSoftwareRecipe software_recipes = 3;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/osconfig_gapic.yaml b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/osconfig_gapic.yaml
deleted file mode 100644
index 0bcb880..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/osconfig_gapic.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-type: com.google.api.codegen.ConfigProto
-config_schema_version: 2.0.0
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/osconfig_v1beta.yaml b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/osconfig_v1beta.yaml
deleted file mode 100644
index 4755c63..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/osconfig_v1beta.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-type: google.api.Service
-config_version: 3
-name: osconfig.googleapis.com
-title: OS Config API
-
-apis:
-- name: google.cloud.osconfig.agentendpoint.v1beta.AgentEndpointService
-
-documentation:
-  summary: |-
-    OS management tools that can be used for patch management, patch
-    compliance, and configuration management on VM instances.
-
-backend:
-  rules:
-  - selector: 'google.cloud.osconfig.agentendpoint.v1beta.AgentEndpointService.*'
-    deadline: 30.0
-  - selector: google.cloud.osconfig.agentendpoint.v1beta.AgentEndpointService.ReceiveTaskNotification
-    deadline: 3600.0
-
-authentication:
-  rules:
-  - selector: google.longrunning.Operations.CancelOperation
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
-  - selector: google.longrunning.Operations.GetOperation
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/patch_jobs.proto b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/patch_jobs.proto
deleted file mode 100644
index 8a827b8..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/patch_jobs.proto
+++ /dev/null
@@ -1,296 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.agentendpoint.v1beta;
-
-
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/agentendpoint/v1beta;agentendpoint";
-option java_outer_classname = "PatchJobs";
-option java_package = "com.google.cloud.osconfig.agentendpoint.v1beta";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1beta";
-
-// Patch configuration specifications. Contains details on how to
-// apply patches to a VM instance.
-message PatchConfig {
-  // Post-patch reboot settings.
-  enum RebootConfig {
-    // The default behavior is DEFAULT.
-    REBOOT_CONFIG_UNSPECIFIED = 0;
-
-    // The agent decides if a reboot is necessary by checking
-    // signals such as registry keys on Windows or `/var/run/reboot-required` on
-    // APT based systems. On RPM based systems, a set of core system package
-    // install times are compared with system boot time.
-    DEFAULT = 1;
-
-    // Always reboot the machine after the update completes.
-    ALWAYS = 2;
-
-    // Never reboot the machine after the update completes.
-    NEVER = 3;
-  }
-
-  // Post-patch reboot settings.
-  RebootConfig reboot_config = 1;
-
-  // Retry strategy can be defined to have the agent retry patching
-  // during the window if patching fails. If omitted, the agent will use its
-  // default retry strategy.
-  RetryStrategy retry_strategy = 2;
-
-  // Apt update settings. Use this override the default apt patch rules.
-  AptSettings apt = 3;
-
-  // Yum update settings. Use this override the default yum patch rules.
-  YumSettings yum = 4;
-
-  // Goo update settings. Use this override the default goo patch rules.
-  GooSettings goo = 5;
-
-  // Zypper update settings. Use this override the default zypper patch rules.
-  ZypperSettings zypper = 6;
-
-  // Windows update settings. Use this override the default windows patch rules.
-  WindowsUpdateSettings windows_update = 7;
-
-  // The ExecStep to run before the patch update.
-  ExecStep pre_step = 8;
-
-  // The ExecStep to run after the patch update.
-  ExecStep post_step = 9;
-
-  // Allows the patch job to run on Managed instance groups (MIGs).
-  bool mig_instances_allowed = 10;
-}
-
-// Apt patching will be performed by executing `apt-get update && apt-get
-// upgrade`. Additional options can be set to control how this is executed.
-message AptSettings {
-  // Apt patch type.
-  enum Type {
-    // By default, upgrade will be performed.
-    TYPE_UNSPECIFIED = 0;
-
-    // Runs `apt-get dist-upgrade`.
-    DIST = 1;
-
-    // Runs `apt-get upgrade`.
-    UPGRADE = 2;
-  }
-
-  // By changing the type to DIST, the patching will be performed
-  // using `apt-get dist-upgrade` instead.
-  Type type = 1;
-
-  // List of packages to exclude from update.
-  repeated string excludes = 2;
-
-  // An exclusive list of packages to be updated. These are the only packages
-  // that will be updated. If these packages are not installed, they will be
-  // ignored. This field cannot be specified with any other patch configuration
-  // fields.
-  repeated string exclusive_packages = 3;
-}
-
-// Yum patching will be performed by executing `yum update`. Additional options
-// can be set to control how this is executed.
-//
-// Note that not all settings are supported on all platforms.
-message YumSettings {
-  // Adds the `--security` flag to `yum update`. Not supported on
-  // all platforms.
-  bool security = 1;
-
-  // Will cause patch to run `yum update-minimal` instead.
-  bool minimal = 2;
-
-  // List of packages to exclude from update. These packages will be excluded by
-  // using the yum `--exclude` flag.
-  repeated string excludes = 3;
-
-  // An exclusive list of packages to be updated. These are the only packages
-  // that will be updated. If these packages are not installed, they will be
-  // ignored. This field must not be specified with any other patch
-  // configuration fields.
-  repeated string exclusive_packages = 4;
-}
-
-// Googet patching is performed by running `googet update`.
-message GooSettings {
-
-}
-
-// Zypper patching is performed by running `zypper patch`.
-// See also https://en.opensuse.org/SDB:Zypper_manual.
-message ZypperSettings {
-  // Adds the `--with-optional` flag to `zypper patch`.
-  bool with_optional = 1;
-
-  // Adds the `--with-update` flag, to `zypper patch`.
-  bool with_update = 2;
-
-  // Install only patches with these categories.
-  // Common categories include security, recommended, and feature.
-  repeated string categories = 3;
-
-  // Install only patches with these severities.
-  // Common severities include critical, important, moderate, and low.
-  repeated string severities = 4;
-
-  // List of patches to exclude from update.
-  repeated string excludes = 5;
-
-  // An exclusive list of patches to be updated. These are the only patches
-  // that will be installed using 'zypper patch patch:<patch_name>' command.
-  // This field must not be used with any other patch configuration fields.
-  repeated string exclusive_patches = 6;
-}
-
-// Windows patching is performed using the Windows Update Agent.
-message WindowsUpdateSettings {
-  // Microsoft Windows update classifications as defined in
-  // [1]
-  // https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro
-  enum Classification {
-    // Invalid. If classifications are included, they must be specified.
-    CLASSIFICATION_UNSPECIFIED = 0;
-
-    // "A widely released fix for a specific problem that addresses a critical,
-    // non-security-related bug." [1]
-    CRITICAL = 1;
-
-    // "A widely released fix for a product-specific, security-related
-    // vulnerability. Security vulnerabilities are rated by their severity. The
-    // severity rating is indicated in the Microsoft security bulletin as
-    // critical, important, moderate, or low." [1]
-    SECURITY = 2;
-
-    // "A widely released and frequent software update that contains additions
-    // to a product’s definition database. Definition databases are often used
-    // to detect objects that have specific attributes, such as malicious code,
-    // phishing websites, or junk mail." [1]
-    DEFINITION = 3;
-
-    // "Software that controls the input and output of a device." [1]
-    DRIVER = 4;
-
-    // "New product functionality that is first distributed outside the context
-    // of a product release and that is typically included in the next full
-    // product release." [1]
-    FEATURE_PACK = 5;
-
-    // "A tested, cumulative set of all hotfixes, security updates, critical
-    // updates, and updates. Additionally, service packs may contain additional
-    // fixes for problems that are found internally since the release of the
-    // product. Service packs my also contain a limited number of
-    // customer-requested design changes or features." [1]
-    SERVICE_PACK = 6;
-
-    // "A utility or feature that helps complete a task or set of tasks." [1]
-    TOOL = 7;
-
-    // "A tested, cumulative set of hotfixes, security updates, critical
-    // updates, and updates that are packaged together for easy deployment. A
-    // rollup generally targets a specific area, such as security, or a
-    // component of a product, such as Internet Information Services (IIS)." [1]
-    UPDATE_ROLLUP = 8;
-
-    // "A widely released fix for a specific problem. An update addresses a
-    // noncritical, non-security-related bug." [1]
-    UPDATE = 9;
-  }
-
-  // Only apply updates of these windows update classifications. If empty, all
-  // updates will be applied.
-  repeated Classification classifications = 1;
-
-  // List of KBs to exclude from update.
-  repeated string excludes = 2;
-
-  // An exclusive list of kbs to be updated. These are the only patches
-  // that will be updated. This field must not be used with other
-  // patch configurations.
-  repeated string exclusive_patches = 3;
-}
-
-// The strategy for retrying failed patches during the patch window.
-message RetryStrategy {
-  // If true, the agent will continue to try and patch until the window has
-  // ended.
-  bool enabled = 1;
-}
-
-// A step that runs an executable for a PatchJob.
-message ExecStep {
-  // The ExecStepConfig for all Linux VMs targeted by the PatchJob.
-  ExecStepConfig linux_exec_step_config = 1;
-
-  // The ExecStepConfig for all Windows VMs targeted by the PatchJob.
-  ExecStepConfig windows_exec_step_config = 2;
-}
-
-// Common configurations for an ExecStep.
-message ExecStepConfig {
-  // The interpreter used to execute the a file.
-  enum Interpreter {
-    // Deprecated, defaults to NONE for compatibility reasons.
-    INTERPRETER_UNSPECIFIED = 0;
-
-    // Invalid for a Windows ExecStepConfig. For a Linux ExecStepConfig, the
-    // interpreter will be parsed from the shebang line of the script if
-    // unspecified.
-    NONE = 3;
-
-    // Indicates that the script will be run with /bin/sh on Linux and cmd
-    // on windows.
-    SHELL = 1;
-
-    // Indicates that the file will be run with PowerShell.
-    POWERSHELL = 2;
-  }
-
-  // Location of the executable.
-  oneof executable {
-    // An absolute path to the executable on the VM.
-    string local_path = 1;
-
-    // A GCS object containing the executable.
-    GcsObject gcs_object = 2;
-  }
-
-  // Defaults to [0]. A list of possible return values that the
-  // execution can return to indicate a success.
-  repeated int32 allowed_success_codes = 3;
-
-  // The script interpreter to use to run the script. If no interpreter is
-  // specified the script will be executed directly, which will likely
-  // only succeed for scripts with shebang lines.
-  // [Wikipedia shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)).
-  Interpreter interpreter = 4;
-}
-
-// GCS object representation.
-message GcsObject {
-  // Bucket of the GCS object.
-  string bucket = 1;
-
-  // Name of the GCS object.
-  string object = 2;
-
-  // Generation number of the GCS object. This is used to ensure that the
-  // ExecStep specified by this PatchJob does not change.
-  int64 generation_number = 3;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/tasks.proto b/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/tasks.proto
deleted file mode 100644
index 3d522b0..0000000
--- a/third_party/googleapis/google/cloud/osconfig/agentendpoint/v1beta/tasks.proto
+++ /dev/null
@@ -1,180 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.agentendpoint.v1beta;
-
-import "google/api/field_behavior.proto";
-import "google/cloud/osconfig/agentendpoint/v1beta/patch_jobs.proto";
-
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/agentendpoint/v1beta;agentendpoint";
-option java_outer_classname = "Tasks";
-option java_package = "com.google.cloud.osconfig.agentendpoint.v1beta";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1beta";
-
-// Specifies the current agent behavior.
-enum TaskDirective {
-  // Unspecified is invalid.
-  TASK_DIRECTIVE_UNSPECIFIED = 0;
-
-  // The task should continue to progress.
-  CONTINUE = 1;
-
-  // Task should not be started, or if already in progress, should stop
-  // at first safe stopping point.  Task should be considered done and will
-  // never repeat.
-  STOP = 2;
-}
-
-// Specifies the type of task to perform.
-enum TaskType {
-  // Unspecified is invalid.
-  TASK_TYPE_UNSPECIFIED = 0;
-
-  // The apply patches task.
-  APPLY_PATCHES = 1;
-
-  // The exec step task.
-  EXEC_STEP_TASK = 2;
-}
-
-// A unit of work to be performed by the agent.
-message Task {
-  // Unique task id.
-  string task_id = 1;
-
-  // The type of task to perform.
-  //
-  // Task details must include the appropriate message based on this enum as
-  // specified below:
-  // APPLY_PATCHES = ApplyPatchesTask
-  // EXEC_STEP = ExecStepTask;
-  TaskType task_type = 2;
-
-  // Current directive to the agent.
-  TaskDirective task_directive = 3;
-
-  // Specific details about the current task to perform.
-  oneof task_details {
-    // Details about the apply patches task to perform.
-    ApplyPatchesTask apply_patches_task = 4;
-
-    // Details about the exec step task to perform.
-    ExecStepTask exec_step_task = 5;
-  }
-
-  // Labels describing the task.  Used for logging by the agent.
-  map<string, string> service_labels = 6;
-}
-
-// Message which instructs agent to apply patches.
-message ApplyPatchesTask {
-  // Specific information about how patches should be applied.
-  PatchConfig patch_config = 1;
-
-  // If true, the agent will report its status as it goes through the motions
-  // but won't actually run any updates or perform any reboots.
-  bool dry_run = 3;
-}
-
-// Information reported from the agent about applying patches execution.
-message ApplyPatchesTaskProgress {
-  // The intermediate states of applying patches.
-  enum State {
-    // Unspecified is invalid.
-    STATE_UNSPECIFIED = 0;
-
-    // The agent has started the patch task.
-    STARTED = 4;
-
-    // The agent is currently downloading patches.
-    DOWNLOADING_PATCHES = 1;
-
-    // The agent is currently applying patches.
-    APPLYING_PATCHES = 2;
-
-    // The agent is currently rebooting the VM instance.
-    REBOOTING = 3;
-  }
-
-  // Required. The current state of this patch execution.
-  State state = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// Information reported from the agent about applying patches execution.
-message ApplyPatchesTaskOutput {
-  // The final states of applying patches.
-  enum State {
-    // Unspecified is invalid.
-    STATE_UNSPECIFIED = 0;
-
-    // Applying patches completed successfully.
-    SUCCEEDED = 1;
-
-    // Applying patches completed successfully, but a reboot is required.
-    SUCCEEDED_REBOOT_REQUIRED = 2;
-
-    // Applying patches failed.
-    FAILED = 3;
-  }
-
-  // Required. The final state of this task.
-  State state = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// Message which instructs agent to execute the following command.
-message ExecStepTask {
-  // Details of the exec step to run.
-  ExecStep exec_step = 1;
-}
-
-// Information reported from the agent about the exec step execution.
-message ExecStepTaskProgress {
-  // The intermediate states of exec steps.
-  enum State {
-    // Unspecified is invalid.
-    STATE_UNSPECIFIED = 0;
-
-    // The agent has started the exec step task.
-    STARTED = 1;
-  }
-
-  // Required. The current state of this exec step.
-  State state = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// Information reported from the agent about the exec step execution.
-message ExecStepTaskOutput {
-  // The final states of exec steps.
-  enum State {
-    // Unspecified is invalid.
-    STATE_UNSPECIFIED = 0;
-
-    // The exec step completed normally.
-    COMPLETED = 1;
-
-    // The exec step was terminated because it took too long.
-    TIMED_OUT = 2;
-
-    // The exec step task was cancelled before it started.
-    CANCELLED = 3;
-  }
-
-  // Required. The final state of the exec step.
-  State state = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The exit code received from the script which ran as part of the exec step.
-  int32 exit_code = 2 [(google.api.field_behavior) = REQUIRED];
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1/BUILD.bazel b/third_party/googleapis/google/cloud/osconfig/v1/BUILD.bazel
deleted file mode 100644
index 0db3925..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1/BUILD.bazel
+++ /dev/null
@@ -1,412 +0,0 @@
-# This file was automatically generated by BuildFileGenerator
-# https://github.com/googleapis/rules_gapic/tree/master/bazel
-
-# Most of the manual changes to this file will be overwritten.
-# It's **only** allowed to change the following rule attribute values:
-# - names of *_gapic_assembly_* rules
-# - certain parameters of *_gapic_library rules, including but not limited to:
-#    * extra_protoc_parameters
-#    * extra_protoc_file_parameters
-# The complete list of preserved parameters can be found in the source code.
-
-# This is an API workspace, having public visibility by default makes perfect sense.
-package(default_visibility = ["//visibility:public"])
-
-##############################################################################
-# Common
-##############################################################################
-load("@rules_proto//proto:defs.bzl", "proto_library")
-load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info")
-
-proto_library(
-    name = "osconfig_proto",
-    srcs = [
-        "inventory.proto",
-        "os_policy.proto",
-        "os_policy_assignment_reports.proto",
-        "os_policy_assignments.proto",
-        "osconfig_common.proto",
-        "osconfig_service.proto",
-        "osconfig_zonal_service.proto",
-        "patch_deployments.proto",
-        "patch_jobs.proto",
-        "vulnerability.proto",
-    ],
-    deps = [
-        "//google/api:annotations_proto",
-        "//google/api:client_proto",
-        "//google/api:field_behavior_proto",
-        "//google/api:resource_proto",
-        "//google/longrunning:operations_proto",
-        "//google/type:date_proto",
-        "//google/type:datetime_proto",
-        "//google/type:dayofweek_proto",
-        "//google/type:timeofday_proto",
-        "@com_google_protobuf//:duration_proto",
-        "@com_google_protobuf//:empty_proto",
-        "@com_google_protobuf//:field_mask_proto",
-        "@com_google_protobuf//:timestamp_proto",
-    ],
-)
-
-proto_library_with_info(
-    name = "osconfig_proto_with_info",
-    deps = [
-        ":osconfig_proto",
-        "//google/cloud:common_resources_proto",
-    ],
-)
-
-##############################################################################
-# Java
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "java_gapic_assembly_gradle_pkg",
-    "java_gapic_library",
-    "java_gapic_test",
-    "java_grpc_library",
-    "java_proto_library",
-)
-
-java_proto_library(
-    name = "osconfig_java_proto",
-    deps = [":osconfig_proto"],
-)
-
-java_grpc_library(
-    name = "osconfig_java_grpc",
-    srcs = [":osconfig_proto"],
-    deps = [":osconfig_java_proto"],
-)
-
-java_gapic_library(
-    name = "osconfig_java_gapic",
-    srcs = [":osconfig_proto_with_info"],
-    gapic_yaml = None,
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    service_yaml = "osconfig_v1.yaml",
-    test_deps = [
-        ":osconfig_java_grpc",
-    ],
-    transport = "grpc+rest",
-    deps = [
-        ":osconfig_java_proto",
-        "//google/api:api_java_proto",
-    ],
-)
-
-java_gapic_test(
-    name = "osconfig_java_gapic_test_suite",
-    test_classes = [
-        "com.google.cloud.osconfig.v1.OsConfigServiceClientHttpJsonTest",
-        "com.google.cloud.osconfig.v1.OsConfigServiceClientTest",
-        "com.google.cloud.osconfig.v1.OsConfigZonalServiceClientHttpJsonTest",
-        "com.google.cloud.osconfig.v1.OsConfigZonalServiceClientTest",
-    ],
-    runtime_deps = [":osconfig_java_gapic_test"],
-)
-
-# Open Source Packages
-java_gapic_assembly_gradle_pkg(
-    name = "google-cloud-osconfig-v1-java",
-    include_samples = True,
-    transport = "grpc+rest",
-    deps = [
-        ":osconfig_java_gapic",
-        ":osconfig_java_grpc",
-        ":osconfig_java_proto",
-        ":osconfig_proto",
-    ],
-)
-
-##############################################################################
-# Go
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "go_gapic_assembly_pkg",
-    "go_gapic_library",
-    "go_proto_library",
-    "go_test",
-)
-
-go_proto_library(
-    name = "osconfig_go_proto",
-    compilers = ["@io_bazel_rules_go//proto:go_grpc"],
-    importpath = "google.golang.org/genproto/googleapis/cloud/osconfig/v1",
-    protos = [":osconfig_proto"],
-    deps = [
-        "//google/api:annotations_go_proto",
-        "//google/longrunning:longrunning_go_proto",
-        "//google/type:date_go_proto",
-        "//google/type:datetime_go_proto",
-        "//google/type:dayofweek_go_proto",
-        "//google/type:timeofday_go_proto",
-    ],
-)
-
-go_gapic_library(
-    name = "osconfig_go_gapic",
-    srcs = [":osconfig_proto_with_info"],
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    importpath = "cloud.google.com/go/osconfig/apiv1;osconfig",
-    metadata = True,
-    service_yaml = "osconfig_v1.yaml",
-    transport = "grpc+rest",
-    deps = [
-        ":osconfig_go_proto",
-        "//google/longrunning:longrunning_go_proto",
-        "@com_google_cloud_go//longrunning:go_default_library",
-        "@com_google_cloud_go//longrunning/autogen:go_default_library",
-        "@io_bazel_rules_go//proto/wkt:duration_go_proto",
-    ],
-)
-
-go_test(
-    name = "osconfig_go_gapic_test",
-    srcs = [":osconfig_go_gapic_srcjar_test"],
-    embed = [":osconfig_go_gapic"],
-    importpath = "cloud.google.com/go/osconfig/apiv1",
-)
-
-# Open Source Packages
-go_gapic_assembly_pkg(
-    name = "gapi-cloud-osconfig-v1-go",
-    deps = [
-        ":osconfig_go_gapic",
-        ":osconfig_go_gapic_srcjar-metadata.srcjar",
-        ":osconfig_go_gapic_srcjar-test.srcjar",
-        ":osconfig_go_proto",
-    ],
-)
-
-##############################################################################
-# Python
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "py_gapic_assembly_pkg",
-    "py_gapic_library",
-    "py_proto_library",
-    "py_test",
-)
-
-py_gapic_library(
-    name = "osconfig_py_gapic",
-    srcs = [":osconfig_proto"],
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    opt_args = ["warehouse-package-name=google-cloud-os-config"],
-    transport = "grpc",
-)
-
-py_test(
-    name = "osconfig_py_gapic_test",
-    srcs = [
-        "osconfig_py_gapic_pytest.py",
-        "osconfig_py_gapic_test.py",
-    ],
-    legacy_create_init = False,
-    deps = [":osconfig_py_gapic"],
-)
-
-# Open Source Packages
-py_gapic_assembly_pkg(
-    name = "osconfig-v1-py",
-    deps = [
-        ":osconfig_py_gapic",
-    ],
-)
-
-py_proto_library(
-    name = "osconfig_py_proto",
-    deps = [":osconfig_proto"],
-)
-
-##############################################################################
-# PHP
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "php_gapic_assembly_pkg",
-    "php_gapic_library",
-    "php_grpc_library",
-    "php_proto_library",
-)
-
-php_proto_library(
-    name = "osconfig_php_proto",
-    deps = [":osconfig_proto"],
-)
-
-php_grpc_library(
-    name = "osconfig_php_grpc",
-    srcs = [":osconfig_proto"],
-    deps = [":osconfig_php_proto"],
-)
-
-php_gapic_library(
-    name = "osconfig_php_gapic",
-    srcs = [":osconfig_proto_with_info"],
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    service_yaml = "osconfig_v1.yaml",
-    deps = [
-        ":osconfig_php_grpc",
-        ":osconfig_php_proto",
-    ],
-)
-
-# Open Source Packages
-php_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-v1-php",
-    deps = [
-        ":osconfig_php_gapic",
-        ":osconfig_php_grpc",
-        ":osconfig_php_proto",
-    ],
-)
-
-##############################################################################
-# Node.js
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "nodejs_gapic_assembly_pkg",
-    "nodejs_gapic_library",
-)
-
-nodejs_gapic_library(
-    name = "osconfig_nodejs_gapic",
-    package_name = "@google-cloud/os-config",
-    src = ":osconfig_proto_with_info",
-    extra_protoc_parameters = ["metadata"],
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    main_service = "OsConfigServiceClient",
-    package = "google.cloud.osconfig.v1",
-    service_yaml = "osconfig_v1.yaml",
-    deps = [],
-)
-
-nodejs_gapic_assembly_pkg(
-    name = "osconfig-v1-nodejs",
-    deps = [
-        ":osconfig_nodejs_gapic",
-        ":osconfig_proto",
-    ],
-)
-
-##############################################################################
-# Ruby
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "ruby_cloud_gapic_library",
-    "ruby_gapic_assembly_pkg",
-    "ruby_grpc_library",
-    "ruby_proto_library",
-)
-
-ruby_proto_library(
-    name = "osconfig_ruby_proto",
-    deps = [":osconfig_proto"],
-)
-
-ruby_grpc_library(
-    name = "osconfig_ruby_grpc",
-    srcs = [":osconfig_proto"],
-    deps = [":osconfig_ruby_proto"],
-)
-
-ruby_cloud_gapic_library(
-    name = "osconfig_ruby_gapic",
-    srcs = [":osconfig_proto_with_info"],
-    extra_protoc_parameters = [
-        "ruby-cloud-api-id=osconfig.googleapis.com",
-        "ruby-cloud-api-shortname=osconfig",
-        "ruby-cloud-env-prefix=OS_CONFIG",
-        "ruby-cloud-gem-name=google-cloud-os_config-v1",
-        "ruby-cloud-product-url=https://cloud.google.com/compute/docs/manage-os",
-    ],
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    ruby_cloud_description = "Cloud OS Config provides OS management tools that can be used for patch management, patch compliance, and configuration management on VM instances.",
-    ruby_cloud_title = "Cloud OS Config V1",
-    deps = [
-        ":osconfig_ruby_grpc",
-        ":osconfig_ruby_proto",
-    ],
-)
-
-# Open Source Packages
-ruby_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-v1-ruby",
-    deps = [
-        ":osconfig_ruby_gapic",
-        ":osconfig_ruby_grpc",
-        ":osconfig_ruby_proto",
-    ],
-)
-
-##############################################################################
-# C#
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "csharp_gapic_assembly_pkg",
-    "csharp_gapic_library",
-    "csharp_grpc_library",
-    "csharp_proto_library",
-)
-
-csharp_proto_library(
-    name = "osconfig_csharp_proto",
-    deps = [":osconfig_proto"],
-)
-
-csharp_grpc_library(
-    name = "osconfig_csharp_grpc",
-    srcs = [":osconfig_proto"],
-    deps = [":osconfig_csharp_proto"],
-)
-
-csharp_gapic_library(
-    name = "osconfig_csharp_gapic",
-    srcs = [":osconfig_proto_with_info"],
-    common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json",
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    service_yaml = "osconfig_v1.yaml",
-    deps = [
-        ":osconfig_csharp_grpc",
-        ":osconfig_csharp_proto",
-    ],
-)
-
-# Open Source Packages
-csharp_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-v1-csharp",
-    deps = [
-        ":osconfig_csharp_gapic",
-        ":osconfig_csharp_grpc",
-        ":osconfig_csharp_proto",
-    ],
-)
-
-##############################################################################
-# C++
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "cc_grpc_library",
-    "cc_proto_library",
-)
-
-cc_proto_library(
-    name = "osconfig_cc_proto",
-    deps = [":osconfig_proto"],
-)
-
-cc_grpc_library(
-    name = "osconfig_cc_grpc",
-    srcs = [":osconfig_proto"],
-    grpc_only = True,
-    deps = [":osconfig_cc_proto"],
-)
diff --git a/third_party/googleapis/google/cloud/osconfig/v1/inventory.proto b/third_party/googleapis/google/cloud/osconfig/v1/inventory.proto
deleted file mode 100644
index 92c2b81..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1/inventory.proto
+++ /dev/null
@@ -1,384 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1;
-
-import "google/api/field_behavior.proto";
-import "google/api/resource.proto";
-import "google/protobuf/timestamp.proto";
-import "google/type/date.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1;osconfig";
-option java_multiple_files = true;
-option java_outer_classname = "Inventories";
-option java_package = "com.google.cloud.osconfig.v1";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1";
-option ruby_package = "Google::Cloud::OsConfig::V1";
-
-// OS Config Inventory is a service for collecting and reporting operating
-// system and package information on VM instances.
-
-// This API resource represents the available inventory data for a
-// Compute Engine virtual machine (VM) instance at a given point in time.
-//
-// You can use this API resource to determine the inventory data of your VM.
-//
-// For more information, see [Information provided by OS inventory
-// management](https://cloud.google.com/compute/docs/instances/os-inventory-management#data-collected).
-message Inventory {
-  option (google.api.resource) = {
-    type: "osconfig.googleapis.com/Inventory"
-    pattern: "projects/{project}/locations/{location}/instances/{instance}/inventory"
-  };
-
-  // Operating system information for the VM.
-  message OsInfo {
-    // The VM hostname.
-    string hostname = 9;
-
-    // The operating system long name.
-    // For example 'Debian GNU/Linux 9' or 'Microsoft Window Server 2019
-    // Datacenter'.
-    string long_name = 2;
-
-    // The operating system short name.
-    // For example, 'windows' or 'debian'.
-    string short_name = 3;
-
-    // The version of the operating system.
-    string version = 4;
-
-    // The system architecture of the operating system.
-    string architecture = 5;
-
-    // The kernel version of the operating system.
-    string kernel_version = 6;
-
-    // The kernel release of the operating system.
-    string kernel_release = 7;
-
-    // The current version of the OS Config agent running on the VM.
-    string osconfig_agent_version = 8;
-  }
-
-  // A single piece of inventory on a VM.
-  message Item {
-    // The origin of a specific inventory item.
-    enum OriginType {
-      // Invalid. An origin type must be specified.
-      ORIGIN_TYPE_UNSPECIFIED = 0;
-
-      // This inventory item was discovered as the result of the agent
-      // reporting inventory via the reporting API.
-      INVENTORY_REPORT = 1;
-    }
-
-    // The different types of inventory that are tracked on a VM.
-    enum Type {
-      // Invalid. An type must be specified.
-      TYPE_UNSPECIFIED = 0;
-
-      // This represents a package that is installed on the VM.
-      INSTALLED_PACKAGE = 1;
-
-      // This represents an update that is available for a package.
-      AVAILABLE_PACKAGE = 2;
-    }
-
-    // Identifier for this item, unique across items for this VM.
-    string id = 1;
-
-    // The origin of this inventory item.
-    OriginType origin_type = 2;
-
-    // When this inventory item was first detected.
-    google.protobuf.Timestamp create_time = 8;
-
-    // When this inventory item was last modified.
-    google.protobuf.Timestamp update_time = 9;
-
-    // The specific type of inventory, correlating to its specific details.
-    Type type = 5;
-
-    // Specific details of this inventory item based on its type.
-    oneof details {
-      // Software package present on the VM instance.
-      SoftwarePackage installed_package = 6;
-
-      // Software package available to be installed on the VM instance.
-      SoftwarePackage available_package = 7;
-    }
-  }
-
-  // Software package information of the operating system.
-  message SoftwarePackage {
-    // Information about the different types of software packages.
-    oneof details {
-      // Yum package info.
-      // For details about the yum package manager, see
-      // https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-yum.
-      VersionedPackage yum_package = 1;
-
-      // Details of an APT package.
-      // For details about the apt package manager, see
-      // https://wiki.debian.org/Apt.
-      VersionedPackage apt_package = 2;
-
-      // Details of a Zypper package.
-      // For details about the Zypper package manager, see
-      // https://en.opensuse.org/SDB:Zypper_manual.
-      VersionedPackage zypper_package = 3;
-
-      // Details of a Googet package.
-      //  For details about the googet package manager, see
-      //  https://github.com/google/googet.
-      VersionedPackage googet_package = 4;
-
-      // Details of a Zypper patch.
-      // For details about the Zypper package manager, see
-      // https://en.opensuse.org/SDB:Zypper_manual.
-      ZypperPatch zypper_patch = 5;
-
-      // Details of a Windows Update package.
-      // See https://docs.microsoft.com/en-us/windows/win32/api/_wua/ for
-      // information about Windows Update.
-      WindowsUpdatePackage wua_package = 6;
-
-      // Details of a Windows Quick Fix engineering package.
-      // See
-      // https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering
-      // for info in Windows Quick Fix Engineering.
-      WindowsQuickFixEngineeringPackage qfe_package = 7;
-
-      // Details of a COS package.
-      VersionedPackage cos_package = 8;
-
-      // Details of Windows Application.
-      WindowsApplication windows_application = 9;
-    }
-  }
-
-  // Information related to the a standard versioned package.  This includes
-  // package info for APT, Yum, Zypper, and Googet package managers.
-  message VersionedPackage {
-    // The name of the package.
-    string package_name = 4;
-
-    // The system architecture this package is intended for.
-    string architecture = 2;
-
-    // The version of the package.
-    string version = 3;
-  }
-
-  // Details related to a Zypper Patch.
-  message ZypperPatch {
-    // The name of the patch.
-    string patch_name = 5;
-
-    // The category of the patch.
-    string category = 2;
-
-    // The severity specified for this patch
-    string severity = 3;
-
-    // Any summary information provided about this patch.
-    string summary = 4;
-  }
-
-  // Details related to a Windows Update package.
-  // Field data and names are taken from Windows Update API IUpdate Interface:
-  // https://docs.microsoft.com/en-us/windows/win32/api/_wua/
-  // Descriptive fields like title, and description are localized based on
-  // the locale of the VM being updated.
-  message WindowsUpdatePackage {
-    // Categories specified by the Windows Update.
-    message WindowsUpdateCategory {
-      // The identifier of the windows update category.
-      string id = 1;
-
-      // The name of the windows update category.
-      string name = 2;
-    }
-
-    // The localized title of the update package.
-    string title = 1;
-
-    // The localized description of the update package.
-    string description = 2;
-
-    // The categories that are associated with this update package.
-    repeated WindowsUpdateCategory categories = 3;
-
-    // A collection of Microsoft Knowledge Base article IDs that are associated
-    // with the update package.
-    repeated string kb_article_ids = 4;
-
-    // A hyperlink to the language-specific support information for the update.
-    string support_url = 11;
-
-    // A collection of URLs that provide more information about the update
-    // package.
-    repeated string more_info_urls = 5;
-
-    // Gets the identifier of an update package.  Stays the same across
-    // revisions.
-    string update_id = 6;
-
-    // The revision number of this update package.
-    int32 revision_number = 7;
-
-    // The last published date of the update, in (UTC) date and time.
-    google.protobuf.Timestamp last_deployment_change_time = 10;
-  }
-
-  // Information related to a Quick Fix Engineering package.
-  // Fields are taken from Windows QuickFixEngineering Interface and match
-  // the source names:
-  // https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering
-  message WindowsQuickFixEngineeringPackage {
-    // A short textual description of the QFE update.
-    string caption = 1;
-
-    // A textual description of the QFE update.
-    string description = 2;
-
-    // Unique identifier associated with a particular QFE update.
-    string hot_fix_id = 3;
-
-    // Date that the QFE update was installed.  Mapped from installed_on field.
-    google.protobuf.Timestamp install_time = 5;
-  }
-
-  // Contains information about a Windows application that is retrieved from the
-  // Windows Registry. For more information about these fields, see:
-  // https://docs.microsoft.com/en-us/windows/win32/msi/uninstall-registry-key
-  message WindowsApplication {
-    // The name of the application or product.
-    string display_name = 1;
-
-    // The version of the product or application in string format.
-    string display_version = 2;
-
-    // The name of the manufacturer for the product or application.
-    string publisher = 3;
-
-    // The last time this product received service. The value of this property
-    // is replaced each time a patch is applied or removed from the product or
-    // the command-line option is used to repair the product.
-    google.type.Date install_date = 4;
-
-    // The internet address for technical support.
-    string help_link = 5;
-  }
-
-  // Output only. The `Inventory` API resource name.
-  //
-  // Format:
-  // `projects/{project_number}/locations/{location}/instances/{instance_id}/inventory`
-  string name = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Base level operating system information for the VM.
-  OsInfo os_info = 1;
-
-  // Inventory items related to the VM keyed by an opaque unique identifier for
-  // each inventory item.  The identifier is unique to each distinct and
-  // addressable inventory item and will change, when there is a new package
-  // version.
-  map<string, Item> items = 2;
-
-  // Output only. Timestamp of the last reported inventory for the VM.
-  google.protobuf.Timestamp update_time = 4
-      [(google.api.field_behavior) = OUTPUT_ONLY];
-}
-
-// A request message for getting inventory data for the specified VM.
-message GetInventoryRequest {
-  // Required. API resource name for inventory resource.
-  //
-  // Format:
-  // `projects/{project}/locations/{location}/instances/{instance}/inventory`
-  //
-  // For `{project}`, either `project-number` or `project-id` can be provided.
-  // For `{instance}`, either Compute Engine  `instance-id` or `instance-name`
-  // can be provided.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/Inventory"
-    }
-  ];
-
-  // Inventory view indicating what information should be included in the
-  // inventory resource. If unspecified, the default view is BASIC.
-  InventoryView view = 2;
-}
-
-// A request message for listing inventory data for all VMs in the specified
-// location.
-message ListInventoriesRequest {
-  // Required. The parent resource name.
-  //
-  // Format: `projects/{project}/locations/{location}/instances/-`
-  //
-  // For `{project}`, either `project-number` or `project-id` can be provided.
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "compute.googleapis.com/Instance"
-    }
-  ];
-
-  // Inventory view indicating what information should be included in the
-  // inventory resource. If unspecified, the default view is BASIC.
-  InventoryView view = 2;
-
-  // The maximum number of results to return.
-  int32 page_size = 3;
-
-  // A pagination token returned from a previous call to
-  // `ListInventories` that indicates where this listing
-  // should continue from.
-  string page_token = 4;
-
-  // If provided, this field specifies the criteria that must be met by a
-  // `Inventory` API resource to be included in the response.
-  string filter = 5;
-}
-
-// A response message for listing inventory data for all VMs in a specified
-// location.
-message ListInventoriesResponse {
-  // List of inventory objects.
-  repeated Inventory inventories = 1;
-
-  // The pagination token to retrieve the next page of inventory objects.
-  string next_page_token = 2;
-}
-
-// The view for inventory objects.
-enum InventoryView {
-  // The default value.
-  // The API defaults to the BASIC view.
-  INVENTORY_VIEW_UNSPECIFIED = 0;
-
-  // Returns the basic inventory information that includes `os_info`.
-  BASIC = 1;
-
-  // Returns all fields.
-  FULL = 2;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1/os_policy.proto b/third_party/googleapis/google/cloud/osconfig/v1/os_policy.proto
deleted file mode 100644
index de0db19..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1/os_policy.proto
+++ /dev/null
@@ -1,548 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1;
-
-import "google/api/field_behavior.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1;osconfig";
-option java_multiple_files = true;
-option java_outer_classname = "OsPolicyProto";
-option java_package = "com.google.cloud.osconfig.v1";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1";
-option ruby_package = "Google::Cloud::OsConfig::V1";
-
-// An OS policy defines the desired state configuration for a VM.
-message OSPolicy {
-  // Policy mode
-  enum Mode {
-    // Invalid mode
-    MODE_UNSPECIFIED = 0;
-
-    // This mode checks if the configuration resources in the policy are in
-    // their desired state. No actions are performed if they are not in the
-    // desired state. This mode is used for reporting purposes.
-    VALIDATION = 1;
-
-    // This mode checks if the configuration resources in the policy are in
-    // their desired state, and if not, enforces the desired state.
-    ENFORCEMENT = 2;
-  }
-
-  // Filtering criteria to select VMs based on inventory details.
-  message InventoryFilter {
-    // Required. The OS short name
-    string os_short_name = 1 [(google.api.field_behavior) = REQUIRED];
-
-    // The OS version
-    //
-    // Prefix matches are supported if asterisk(*) is provided as the
-    // last character. For example, to match all versions with a major
-    // version of `7`, specify the following value for this field `7.*`
-    //
-    // An empty string matches all OS versions.
-    string os_version = 2;
-  }
-
-  // An OS policy resource is used to define the desired state configuration
-  // and provides a specific functionality like installing/removing packages,
-  // executing a script etc.
-  //
-  // The system ensures that resources are always in their desired state by
-  // taking necessary actions if they have drifted from their desired state.
-  message Resource {
-    // A remote or local file.
-    message File {
-      // Specifies a file available via some URI.
-      message Remote {
-        // Required. URI from which to fetch the object. It should contain both
-        // the protocol and path following the format `{protocol}://{location}`.
-        string uri = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // SHA256 checksum of the remote file.
-        string sha256_checksum = 2;
-      }
-
-      // Specifies a file available as a Cloud Storage Object.
-      message Gcs {
-        // Required. Bucket of the Cloud Storage object.
-        string bucket = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Required. Name of the Cloud Storage object.
-        string object = 2 [(google.api.field_behavior) = REQUIRED];
-
-        // Generation number of the Cloud Storage object.
-        int64 generation = 3;
-      }
-
-      // A specific type of file.
-      oneof type {
-        // A generic remote file.
-        Remote remote = 1;
-
-        // A Cloud Storage object.
-        Gcs gcs = 2;
-
-        // A local path within the VM to use.
-        string local_path = 3;
-      }
-
-      // Defaults to false. When false, files are subject to validations
-      // based on the file type:
-      //
-      // Remote: A checksum must be specified.
-      // Cloud Storage: An object generation number must be specified.
-      bool allow_insecure = 4;
-    }
-
-    // A resource that manages a system package.
-    message PackageResource {
-      // The desired state that the OS Config agent maintains on the VM.
-      enum DesiredState {
-        // Unspecified is invalid.
-        DESIRED_STATE_UNSPECIFIED = 0;
-
-        // Ensure that the package is installed.
-        INSTALLED = 1;
-
-        // The agent ensures that the package is not installed and
-        // uninstalls it if detected.
-        REMOVED = 2;
-      }
-
-      // A deb package file. dpkg packages only support INSTALLED state.
-      message Deb {
-        // Required. A deb package.
-        File source = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Whether dependencies should also be installed.
-        // - install when false: `dpkg -i package`
-        // - install when true: `apt-get update && apt-get -y install
-        // package.deb`
-        bool pull_deps = 2;
-      }
-
-      // A package managed by APT.
-      // - install: `apt-get update && apt-get -y install [name]`
-      // - remove: `apt-get -y remove [name]`
-      message APT {
-        // Required. Package name.
-        string name = 1 [(google.api.field_behavior) = REQUIRED];
-      }
-
-      // An RPM package file. RPM packages only support INSTALLED state.
-      message RPM {
-        // Required. An rpm package.
-        File source = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Whether dependencies should also be installed.
-        // - install when false: `rpm --upgrade --replacepkgs package.rpm`
-        // - install when true: `yum -y install package.rpm` or
-        // `zypper -y install package.rpm`
-        bool pull_deps = 2;
-      }
-
-      // A package managed by YUM.
-      // - install: `yum -y install package`
-      // - remove: `yum -y remove package`
-      message YUM {
-        // Required. Package name.
-        string name = 1 [(google.api.field_behavior) = REQUIRED];
-      }
-
-      // A package managed by Zypper.
-      // - install: `zypper -y install package`
-      // - remove: `zypper -y rm package`
-      message Zypper {
-        // Required. Package name.
-        string name = 1 [(google.api.field_behavior) = REQUIRED];
-      }
-
-      // A package managed by GooGet.
-      // - install: `googet -noconfirm install package`
-      // - remove: `googet -noconfirm remove package`
-      message GooGet {
-        // Required. Package name.
-        string name = 1 [(google.api.field_behavior) = REQUIRED];
-      }
-
-      // An MSI package. MSI packages only support INSTALLED state.
-      message MSI {
-        // Required. The MSI package.
-        File source = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Additional properties to use during installation.
-        // This should be in the format of Property=Setting.
-        // Appended to the defaults of `ACTION=INSTALL
-        // REBOOT=ReallySuppress`.
-        repeated string properties = 2;
-      }
-
-      // Required. The desired state the agent should maintain for this package.
-      DesiredState desired_state = 1 [(google.api.field_behavior) = REQUIRED];
-
-      // A system package.
-      oneof system_package {
-        // A package managed by Apt.
-        APT apt = 2;
-
-        // A deb package file.
-        Deb deb = 3;
-
-        // A package managed by YUM.
-        YUM yum = 4;
-
-        // A package managed by Zypper.
-        Zypper zypper = 5;
-
-        // An rpm package file.
-        RPM rpm = 6;
-
-        // A package managed by GooGet.
-        GooGet googet = 7;
-
-        // An MSI package.
-        MSI msi = 8;
-      }
-    }
-
-    // A resource that manages a package repository.
-    message RepositoryResource {
-      // Represents a single apt package repository. These will be added to
-      // a repo file that will be managed at
-      // `/etc/apt/sources.list.d/google_osconfig.list`.
-      message AptRepository {
-        // Type of archive.
-        enum ArchiveType {
-          // Unspecified is invalid.
-          ARCHIVE_TYPE_UNSPECIFIED = 0;
-
-          // Deb indicates that the archive contains binary files.
-          DEB = 1;
-
-          // Deb-src indicates that the archive contains source files.
-          DEB_SRC = 2;
-        }
-
-        // Required. Type of archive files in this repository.
-        ArchiveType archive_type = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Required. URI for this repository.
-        string uri = 2 [(google.api.field_behavior) = REQUIRED];
-
-        // Required. Distribution of this repository.
-        string distribution = 3 [(google.api.field_behavior) = REQUIRED];
-
-        // Required. List of components for this repository. Must contain at
-        // least one item.
-        repeated string components = 4 [(google.api.field_behavior) = REQUIRED];
-
-        // URI of the key file for this repository. The agent maintains a
-        // keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg`.
-        string gpg_key = 5;
-      }
-
-      // Represents a single yum package repository. These are added to a
-      // repo file that is managed at
-      // `/etc/yum.repos.d/google_osconfig.repo`.
-      message YumRepository {
-        // Required. A one word, unique name for this repository. This is  the
-        // `repo id` in the yum config file and also the `display_name` if
-        // `display_name` is omitted. This id is also used as the unique
-        // identifier when checking for resource conflicts.
-        string id = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // The display name of the repository.
-        string display_name = 2;
-
-        // Required. The location of the repository directory.
-        string base_url = 3 [(google.api.field_behavior) = REQUIRED];
-
-        // URIs of GPG keys.
-        repeated string gpg_keys = 4;
-      }
-
-      // Represents a single zypper package repository. These are added to a
-      // repo file that is managed at
-      // `/etc/zypp/repos.d/google_osconfig.repo`.
-      message ZypperRepository {
-        // Required. A one word, unique name for this repository. This is the
-        // `repo id` in the zypper config file and also the `display_name` if
-        // `display_name` is omitted. This id is also used as the unique
-        // identifier when checking for GuestPolicy conflicts.
-        string id = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // The display name of the repository.
-        string display_name = 2;
-
-        // Required. The location of the repository directory.
-        string base_url = 3 [(google.api.field_behavior) = REQUIRED];
-
-        // URIs of GPG keys.
-        repeated string gpg_keys = 4;
-      }
-
-      // Represents a Goo package repository. These are added to a repo file
-      // that is managed at
-      // `C:/ProgramData/GooGet/repos/google_osconfig.repo`.
-      message GooRepository {
-        // Required. The name of the repository.
-        string name = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Required. The url of the repository.
-        string url = 2 [(google.api.field_behavior) = REQUIRED];
-      }
-
-      // A specific type of repository.
-      oneof repository {
-        // An Apt Repository.
-        AptRepository apt = 1;
-
-        // A Yum Repository.
-        YumRepository yum = 2;
-
-        // A Zypper Repository.
-        ZypperRepository zypper = 3;
-
-        // A Goo Repository.
-        GooRepository goo = 4;
-      }
-    }
-
-    // A resource that allows executing scripts on the VM.
-    //
-    // The `ExecResource` has 2 stages: `validate` and `enforce` and both stages
-    // accept a script as an argument to execute.
-    //
-    // When the `ExecResource` is applied by the agent, it first executes the
-    // script in the `validate` stage. The `validate` stage can signal that the
-    // `ExecResource` is already in the desired state by returning an exit code
-    // of `100`. If the `ExecResource` is not in the desired state, it should
-    // return an exit code of `101`. Any other exit code returned by this stage
-    // is considered an error.
-    //
-    // If the `ExecResource` is not in the desired state based on the exit code
-    // from the `validate` stage, the agent proceeds to execute the script from
-    // the `enforce` stage. If the `ExecResource` is already in the desired
-    // state, the `enforce` stage will not be run.
-    // Similar to `validate` stage, the `enforce` stage should return an exit
-    // code of `100` to indicate that the resource in now in its desired state.
-    // Any other exit code is considered an error.
-    //
-    // NOTE: An exit code of `100` was chosen over `0` (and `101` vs `1`) to
-    // have an explicit indicator of `in desired state`, `not in desired state`
-    // and errors. Because, for example, Powershell will always return an exit
-    // code of `0` unless an `exit` statement is provided in the script. So, for
-    // reasons of consistency and being explicit, exit codes `100` and `101`
-    // were chosen.
-    message ExecResource {
-      // A file or script to execute.
-      message Exec {
-        // The interpreter to use.
-        enum Interpreter {
-          // Invalid value, the request will return validation error.
-          INTERPRETER_UNSPECIFIED = 0;
-
-          // If an interpreter is not specified, the
-          // source is executed directly. This execution, without an
-          // interpreter, only succeeds for executables and scripts that have <a
-          // href="https://en.wikipedia.org/wiki/Shebang_(Unix)"
-          // class="external">shebang lines</a>.
-          NONE = 1;
-
-          // Indicates that the script runs with `/bin/sh` on Linux and
-          // `cmd.exe` on Windows.
-          SHELL = 2;
-
-          // Indicates that the script runs with PowerShell.
-          POWERSHELL = 3;
-        }
-
-        // What to execute.
-        oneof source {
-          // A remote or local file.
-          File file = 1;
-
-          // An inline script.
-          // The size of the script is limited to 1024 characters.
-          string script = 2;
-        }
-
-        // Optional arguments to pass to the source during execution.
-        repeated string args = 3;
-
-        // Required. The script interpreter to use.
-        Interpreter interpreter = 4 [(google.api.field_behavior) = REQUIRED];
-
-        // Only recorded for enforce Exec.
-        // Path to an output file (that is created by this Exec) whose
-        // content will be recorded in OSPolicyResourceCompliance after a
-        // successful run. Absence or failure to read this file will result in
-        // this ExecResource being non-compliant. Output file size is limited to
-        // 100K bytes.
-        string output_file_path = 5;
-      }
-
-      // Required. What to run to validate this resource is in the desired
-      // state. An exit code of 100 indicates "in desired state", and exit code
-      // of 101 indicates "not in desired state". Any other exit code indicates
-      // a failure running validate.
-      Exec validate = 1 [(google.api.field_behavior) = REQUIRED];
-
-      // What to run to bring this resource into the desired state.
-      // An exit code of 100 indicates "success", any other exit code indicates
-      // a failure running enforce.
-      Exec enforce = 2;
-    }
-
-    // A resource that manages the state of a file.
-    message FileResource {
-      // Desired state of the file.
-      enum DesiredState {
-        // Unspecified is invalid.
-        DESIRED_STATE_UNSPECIFIED = 0;
-
-        // Ensure file at path is present.
-        PRESENT = 1;
-
-        // Ensure file at path is absent.
-        ABSENT = 2;
-
-        // Ensure the contents of the file at path matches. If the file does
-        // not exist it will be created.
-        CONTENTS_MATCH = 3;
-      }
-
-      // The source for the contents of the file.
-      oneof source {
-        // A remote or local source.
-        File file = 1;
-
-        // A a file with this content.
-        // The size of the content is limited to 1024 characters.
-        string content = 2;
-      }
-
-      // Required. The absolute path of the file within the VM.
-      string path = 3 [(google.api.field_behavior) = REQUIRED];
-
-      // Required. Desired state of the file.
-      DesiredState state = 4 [(google.api.field_behavior) = REQUIRED];
-
-      // Consists of three octal digits which represent, in
-      // order, the permissions of the owner, group, and other users for the
-      // file (similarly to the numeric mode used in the linux chmod
-      // utility). Each digit represents a three bit number with the 4 bit
-      // corresponding to the read permissions, the 2 bit corresponds to the
-      // write bit, and the one bit corresponds to the execute permission.
-      // Default behavior is 755.
-      //
-      // Below are some examples of permissions and their associated values:
-      // read, write, and execute: 7
-      // read and execute: 5
-      // read and write: 6
-      // read only: 4
-      string permissions = 5;
-    }
-
-    // Required. The id of the resource with the following restrictions:
-    //
-    // * Must contain only lowercase letters, numbers, and hyphens.
-    // * Must start with a letter.
-    // * Must be between 1-63 characters.
-    // * Must end with a number or a letter.
-    // * Must be unique within the OS policy.
-    string id = 1 [(google.api.field_behavior) = REQUIRED];
-
-    // Resource type.
-    oneof resource_type {
-      // Package resource
-      PackageResource pkg = 2;
-
-      // Package repository resource
-      RepositoryResource repository = 3;
-
-      // Exec resource
-      ExecResource exec = 4;
-
-      // File resource
-      FileResource file = 5;
-    }
-  }
-
-  // Resource groups provide a mechanism to group OS policy resources.
-  //
-  // Resource groups enable OS policy authors to create a single OS policy
-  // to be applied to VMs running different operating Systems.
-  //
-  // When the OS policy is applied to a target VM, the appropriate resource
-  // group within the OS policy is selected based on the `OSFilter` specified
-  // within the resource group.
-  message ResourceGroup {
-    // List of inventory filters for the resource group.
-    //
-    // The resources in this resource group are applied to the target VM if it
-    // satisfies at least one of the following inventory filters.
-    //
-    // For example, to apply this resource group to VMs running either `RHEL` or
-    // `CentOS` operating systems, specify 2 items for the list with following
-    // values:
-    // inventory_filters[0].os_short_name='rhel' and
-    // inventory_filters[1].os_short_name='centos'
-    //
-    // If the list is empty, this resource group will be applied to the target
-    // VM unconditionally.
-    repeated InventoryFilter inventory_filters = 1;
-
-    // Required. List of resources configured for this resource group.
-    // The resources are executed in the exact order specified here.
-    repeated Resource resources = 2 [(google.api.field_behavior) = REQUIRED];
-  }
-
-  // Required. The id of the OS policy with the following restrictions:
-  //
-  // * Must contain only lowercase letters, numbers, and hyphens.
-  // * Must start with a letter.
-  // * Must be between 1-63 characters.
-  // * Must end with a number or a letter.
-  // * Must be unique within the assignment.
-  string id = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Policy description.
-  // Length of the description is limited to 1024 characters.
-  string description = 2;
-
-  // Required. Policy mode
-  Mode mode = 3 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. List of resource groups for the policy.
-  // For a particular VM, resource groups are evaluated in the order specified
-  // and the first resource group that is applicable is selected and the rest
-  // are ignored.
-  //
-  // If none of the resource groups are applicable for a VM, the VM is
-  // considered to be non-compliant w.r.t this policy. This behavior can be
-  // toggled by the flag `allow_no_resource_group_match`
-  repeated ResourceGroup resource_groups = 4
-      [(google.api.field_behavior) = REQUIRED];
-
-  // This flag determines the OS policy compliance status when none of the
-  // resource groups within the policy are applicable for a VM. Set this value
-  // to `true` if the policy needs to be reported as compliant even if the
-  // policy has nothing to validate or enforce.
-  bool allow_no_resource_group_match = 5;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1/os_policy_assignment_reports.proto b/third_party/googleapis/google/cloud/osconfig/v1/os_policy_assignment_reports.proto
deleted file mode 100644
index aa4b2b1..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1/os_policy_assignment_reports.proto
+++ /dev/null
@@ -1,296 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1;
-
-import "google/api/field_behavior.proto";
-import "google/api/resource.proto";
-import "google/protobuf/timestamp.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1;osconfig";
-option java_multiple_files = true;
-option java_outer_classname = "OSPolicyAssignmentReportsProto";
-option java_package = "com.google.cloud.osconfig.v1";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1";
-option ruby_package = "Google::Cloud::OsConfig::V1";
-option (google.api.resource_definition) = {
-  type: "osconfig.googleapis.com/InstanceOSPolicyAssignment"
-  pattern: "projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}"
-};
-
-// Get a report of the OS policy assignment for a VM instance.
-message GetOSPolicyAssignmentReportRequest {
-  // Required. API resource name for OS policy assignment report.
-  //
-  // Format:
-  // `/projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/report`
-  //
-  // For `{project}`, either `project-number` or `project-id` can be provided.
-  // For `{instance_id}`, either Compute Engine `instance-id` or `instance-name`
-  // can be provided.
-  // For `{assignment_id}`, the OSPolicyAssignment id must be provided.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/OSPolicyAssignmentReport"
-    }
-  ];
-}
-
-// List the OS policy assignment reports for VM instances.
-message ListOSPolicyAssignmentReportsRequest {
-  // Required. The parent resource name.
-  //
-  // Format:
-  // `projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/reports`
-  //
-  // For `{project}`, either `project-number` or `project-id` can be provided.
-  // For `{instance}`, either `instance-name`, `instance-id`, or `-` can be
-  // provided. If '-' is provided, the response will include
-  // OSPolicyAssignmentReports for all instances in the project/location.
-  // For `{assignment}`, either `assignment-id` or `-` can be provided. If '-'
-  // is provided, the response will include OSPolicyAssignmentReports for all
-  // OSPolicyAssignments in the project/location.
-  // Either {instance} or {assignment} must be `-`.
-  //
-  // For example:
-  // `projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/-/reports`
-  //  returns all reports for the instance
-  // `projects/{project}/locations/{location}/instances/-/osPolicyAssignments/{assignment-id}/reports`
-  //  returns all the reports for the given assignment across all instances.
-  // `projects/{project}/locations/{location}/instances/-/osPolicyAssignments/-/reports`
-  //  returns all the reports for all assignments across all instances.
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/InstanceOSPolicyAssignment"
-    }
-  ];
-
-  // The maximum number of results to return.
-  int32 page_size = 2;
-
-  // If provided, this field specifies the criteria that must be met by the
-  // `OSPolicyAssignmentReport` API resource that is included in the response.
-  string filter = 3;
-
-  // A pagination token returned from a previous call to the
-  // `ListOSPolicyAssignmentReports` method that indicates where this listing
-  // should continue from.
-  string page_token = 4;
-}
-
-// A response message for listing OS Policy assignment reports including the
-// page of results and page token.
-message ListOSPolicyAssignmentReportsResponse {
-  // List of OS policy assignment reports.
-  repeated OSPolicyAssignmentReport os_policy_assignment_reports = 1;
-
-  // The pagination token to retrieve the next page of OS policy assignment
-  // report objects.
-  string next_page_token = 2;
-}
-
-// A report of the OS policy assignment status for a given instance.
-message OSPolicyAssignmentReport {
-  option (google.api.resource) = {
-    type: "osconfig.googleapis.com/OSPolicyAssignmentReport"
-    pattern: "projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/report"
-  };
-
-  // Compliance data for an OS policy
-  message OSPolicyCompliance {
-    // Possible compliance states for an os policy.
-    enum ComplianceState {
-      // The policy is in an unknown compliance state.
-      //
-      // Refer to the field `compliance_state_reason` to learn the exact reason
-      // for the policy to be in this compliance state.
-      UNKNOWN = 0;
-
-      // Policy is compliant.
-      //
-      // The policy is compliant if all the underlying resources are also
-      // compliant.
-      COMPLIANT = 1;
-
-      // Policy is non-compliant.
-      //
-      // The policy is non-compliant if one or more underlying resources are
-      // non-compliant.
-      NON_COMPLIANT = 2;
-    }
-
-    // Compliance data for an OS policy resource.
-    message OSPolicyResourceCompliance {
-      // Step performed by the OS Config agent for configuring an
-      // `OSPolicy` resource to its desired state.
-      message OSPolicyResourceConfigStep {
-        // Supported configuration step types
-        enum Type {
-          // Default value. This value is unused.
-          TYPE_UNSPECIFIED = 0;
-
-          // Checks for resource conflicts such as schema errors.
-          VALIDATION = 1;
-
-          // Checks the current status of the desired state for a resource.
-          DESIRED_STATE_CHECK = 2;
-
-          // Enforces the desired state for a resource that is not in desired
-          // state.
-          DESIRED_STATE_ENFORCEMENT = 3;
-
-          // Re-checks the status of the desired state. This check is done
-          // for a resource after the enforcement of all OS policies.
-          //
-          // This step is used to determine the final desired state status for
-          // the resource. It accounts for any resources that might have drifted
-          // from their desired state due to side effects from executing other
-          // resources.
-          DESIRED_STATE_CHECK_POST_ENFORCEMENT = 4;
-        }
-
-        // Configuration step type.
-        Type type = 1;
-
-        // An error message recorded during the execution of this step.
-        // Only populated if errors were encountered during this step execution.
-        string error_message = 2;
-      }
-
-      // Possible compliance states for a resource.
-      enum ComplianceState {
-        // The resource is in an unknown compliance state.
-        //
-        // To get more details about why the policy is in this state, review
-        // the output of the `compliance_state_reason` field.
-        UNKNOWN = 0;
-
-        // Resource is compliant.
-        COMPLIANT = 1;
-
-        // Resource is non-compliant.
-        NON_COMPLIANT = 2;
-      }
-
-      // ExecResource specific output.
-      message ExecResourceOutput {
-        // Output from enforcement phase output file (if run).
-        // Output size is limited to 100K bytes.
-        bytes enforcement_output = 2;
-      }
-
-      // The ID of the OS policy resource.
-      string os_policy_resource_id = 1;
-
-      // Ordered list of configuration completed by the agent for the OS policy
-      // resource.
-      repeated OSPolicyResourceConfigStep config_steps = 2;
-
-      // The compliance state of the resource.
-      ComplianceState compliance_state = 3;
-
-      // A reason for the resource to be in the given compliance state.
-      // This field is always populated when `compliance_state` is `UNKNOWN`.
-      //
-      // The following values are supported when `compliance_state == UNKNOWN`
-      //
-      // * `execution-errors`: Errors were encountered by the agent while
-      // executing the resource and the compliance state couldn't be
-      // determined.
-      // * `execution-skipped-by-agent`: Resource execution was skipped by the
-      // agent because errors were encountered while executing prior resources
-      // in the OS policy.
-      // * `os-policy-execution-attempt-failed`: The execution of the OS policy
-      // containing this resource failed and the compliance state couldn't be
-      // determined.
-      string compliance_state_reason = 4;
-
-      // Resource specific output.
-      oneof output {
-        // ExecResource specific output.
-        ExecResourceOutput exec_resource_output = 5;
-      }
-    }
-
-    // The OS policy id
-    string os_policy_id = 1;
-
-    // The compliance state of the OS policy.
-    ComplianceState compliance_state = 2;
-
-    // The reason for the OS policy to be in an unknown compliance state.
-    // This field is always populated when `compliance_state` is `UNKNOWN`.
-    //
-    // If populated, the field can contain one of the following values:
-    //
-    // * `vm-not-running`: The VM was not running.
-    // * `os-policies-not-supported-by-agent`: The version of the OS Config
-    // agent running on the VM does not support running OS policies.
-    // * `no-agent-detected`: The OS Config agent is not detected for the VM.
-    // * `resource-execution-errors`: The OS Config agent encountered errors
-    // while executing one or more resources in the policy. See
-    // `os_policy_resource_compliances` for details.
-    // * `task-timeout`: The task sent to the agent to apply the policy timed
-    // out.
-    // * `unexpected-agent-state`: The OS Config agent did not report the final
-    // status of the task that attempted to apply the policy. Instead, the agent
-    // unexpectedly started working on a different task. This mostly happens
-    // when the agent or VM unexpectedly restarts while applying OS policies.
-    // * `internal-service-errors`: Internal service errors were encountered
-    // while attempting to apply the policy.
-    string compliance_state_reason = 3;
-
-    // Compliance data for each resource within the policy that is applied to
-    // the VM.
-    repeated OSPolicyResourceCompliance os_policy_resource_compliances = 4;
-  }
-
-  // The `OSPolicyAssignmentReport` API resource name.
-  //
-  // Format:
-  // `projects/{project_number}/locations/{location}/instances/{instance_id}/osPolicyAssignments/{os_policy_assignment_id}/report`
-  string name = 1;
-
-  // The Compute Engine VM instance name.
-  string instance = 2;
-
-  // Reference to the `OSPolicyAssignment` API resource that the `OSPolicy`
-  // belongs to.
-  //
-  // Format:
-  // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}`
-  string os_policy_assignment = 3 [(google.api.resource_reference) = {
-    type: "osconfig.googleapis.com/OSPolicyAssignment"
-  }];
-
-  // Compliance data for each `OSPolicy` that is applied to the VM.
-  repeated OSPolicyCompliance os_policy_compliances = 4;
-
-  // Timestamp for when the report was last generated.
-  google.protobuf.Timestamp update_time = 5;
-
-  // Unique identifier of the last attempted run to apply the OS policies
-  // associated with this assignment on the VM.
-  //
-  // This ID is logged by the OS Config agent while applying the OS
-  // policies associated with this assignment on the VM.
-  // NOTE: If the service is unable to successfully connect to the agent for
-  // this run, then this id will not be available in the agent logs.
-  string last_run_id = 6;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1/os_policy_assignments.proto b/third_party/googleapis/google/cloud/osconfig/v1/os_policy_assignments.proto
deleted file mode 100644
index 157b8fd..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1/os_policy_assignments.proto
+++ /dev/null
@@ -1,386 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1;
-
-import "google/api/field_behavior.proto";
-import "google/api/resource.proto";
-import "google/cloud/osconfig/v1/os_policy.proto";
-import "google/cloud/osconfig/v1/osconfig_common.proto";
-import "google/protobuf/duration.proto";
-import "google/protobuf/field_mask.proto";
-import "google/protobuf/timestamp.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1;osconfig";
-option java_multiple_files = true;
-option java_outer_classname = "OsPolicyAssignmentsProto";
-option java_package = "com.google.cloud.osconfig.v1";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1";
-option ruby_package = "Google::Cloud::OsConfig::V1";
-
-// OS policy assignment is an API resource that is used to
-// apply a set of OS policies to a dynamically targeted group of Compute Engine
-// VM instances.
-//
-// An OS policy is used to define the desired state configuration for a
-// Compute Engine VM instance through a set of configuration resources that
-// provide capabilities such as installing or removing software packages, or
-// executing a script.
-//
-// For more information, see [OS policy and OS policy
-// assignment](https://cloud.google.com/compute/docs/os-configuration-management/working-with-os-policies).
-message OSPolicyAssignment {
-  option (google.api.resource) = {
-    type: "osconfig.googleapis.com/OSPolicyAssignment"
-    pattern: "projects/{project}/locations/{location}/osPolicyAssignments/{os_policy_assignment}"
-  };
-
-  // Message representing label set.
-  // * A label is a key value pair set for a VM.
-  // * A LabelSet is a set of labels.
-  // * Labels within a LabelSet are ANDed. In other words, a LabelSet is
-  //   applicable for a VM only if it matches all the labels in the
-  //   LabelSet.
-  // * Example: A LabelSet with 2 labels: `env=prod` and `type=webserver` will
-  //            only be applicable for those VMs with both labels
-  //            present.
-  message LabelSet {
-    // Labels are identified by key/value pairs in this map.
-    // A VM should contain all the key/value pairs specified in this
-    // map to be selected.
-    map<string, string> labels = 1;
-  }
-
-  // Filters to select target VMs for an assignment.
-  //
-  // If more than one filter criteria is specified below, a VM will be selected
-  // if and only if it satisfies all of them.
-  message InstanceFilter {
-    // VM inventory details.
-    message Inventory {
-      // Required. The OS short name
-      string os_short_name = 1 [(google.api.field_behavior) = REQUIRED];
-
-      // The OS version
-      //
-      // Prefix matches are supported if asterisk(*) is provided as the
-      // last character. For example, to match all versions with a major
-      // version of `7`, specify the following value for this field `7.*`
-      //
-      // An empty string matches all OS versions.
-      string os_version = 2;
-    }
-
-    // Target all VMs in the project. If true, no other criteria is
-    // permitted.
-    bool all = 1;
-
-    // List of label sets used for VM inclusion.
-    //
-    // If the list has more than one `LabelSet`, the VM is included if any
-    // of the label sets are applicable for the VM.
-    repeated LabelSet inclusion_labels = 2;
-
-    // List of label sets used for VM exclusion.
-    //
-    // If the list has more than one label set, the VM is excluded if any
-    // of the label sets are applicable for the VM.
-    repeated LabelSet exclusion_labels = 3;
-
-    // List of inventories to select VMs.
-    //
-    // A VM is selected if its inventory data matches at least one of the
-    // following inventories.
-    repeated Inventory inventories = 4;
-  }
-
-  // Message to configure the rollout at the zonal level for the OS policy
-  // assignment.
-  message Rollout {
-    // Required. The maximum number (or percentage) of VMs per zone to disrupt
-    // at any given moment.
-    FixedOrPercent disruption_budget = 1
-        [(google.api.field_behavior) = REQUIRED];
-
-    // Required. This determines the minimum duration of time to wait after the
-    // configuration changes are applied through the current rollout. A
-    // VM continues to count towards the `disruption_budget` at least
-    // until this duration of time has passed after configuration changes are
-    // applied.
-    google.protobuf.Duration min_wait_duration = 2
-        [(google.api.field_behavior) = REQUIRED];
-  }
-
-  // OS policy assignment rollout state
-  enum RolloutState {
-    // Invalid value
-    ROLLOUT_STATE_UNSPECIFIED = 0;
-
-    // The rollout is in progress.
-    IN_PROGRESS = 1;
-
-    // The rollout is being cancelled.
-    CANCELLING = 2;
-
-    // The rollout is cancelled.
-    CANCELLED = 3;
-
-    // The rollout has completed successfully.
-    SUCCEEDED = 4;
-  }
-
-  // Resource name.
-  //
-  // Format:
-  // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id}`
-  //
-  // This field is ignored when you create an OS policy assignment.
-  string name = 1;
-
-  // OS policy assignment description.
-  // Length of the description is limited to 1024 characters.
-  string description = 2;
-
-  // Required. List of OS policies to be applied to the VMs.
-  repeated OSPolicy os_policies = 3 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. Filter to select VMs.
-  InstanceFilter instance_filter = 4 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. Rollout to deploy the OS policy assignment.
-  // A rollout is triggered in the following situations:
-  // 1) OSPolicyAssignment is created.
-  // 2) OSPolicyAssignment is updated and the update contains changes to one of
-  // the following fields:
-  //    - instance_filter
-  //    - os_policies
-  // 3) OSPolicyAssignment is deleted.
-  Rollout rollout = 5 [(google.api.field_behavior) = REQUIRED];
-
-  // Output only. The assignment revision ID
-  // A new revision is committed whenever a rollout is triggered for a OS policy
-  // assignment
-  string revision_id = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. The timestamp that the revision was created.
-  google.protobuf.Timestamp revision_create_time = 7
-      [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // The etag for this OS policy assignment.
-  // If this is provided on update, it must match the server's etag.
-  string etag = 8;
-
-  // Output only. OS policy assignment rollout state
-  RolloutState rollout_state = 9 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Indicates that this revision has been successfully rolled out
-  // in this zone and new VMs will be assigned OS policies from this revision.
-  //
-  // For a given OS policy assignment, there is only one revision with a value
-  // of `true` for this field.
-  bool baseline = 10 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Indicates that this revision deletes the OS policy assignment.
-  bool deleted = 11 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Indicates that reconciliation is in progress for the revision.
-  // This value is `true` when the `rollout_state` is one of:
-  // * IN_PROGRESS
-  // * CANCELLING
-  bool reconciling = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Server generated unique id for the OS policy assignment
-  // resource.
-  string uid = 13 [(google.api.field_behavior) = OUTPUT_ONLY];
-}
-
-// OS policy assignment operation metadata provided by OS policy assignment API
-// methods that return long running operations.
-message OSPolicyAssignmentOperationMetadata {
-  // The OS policy assignment API method.
-  enum APIMethod {
-    // Invalid value
-    API_METHOD_UNSPECIFIED = 0;
-
-    // Create OS policy assignment API method
-    CREATE = 1;
-
-    // Update OS policy assignment API method
-    UPDATE = 2;
-
-    // Delete OS policy assignment API method
-    DELETE = 3;
-  }
-
-  // State of the rollout
-  enum RolloutState {
-    // Invalid value
-    ROLLOUT_STATE_UNSPECIFIED = 0;
-
-    // The rollout is in progress.
-    IN_PROGRESS = 1;
-
-    // The rollout is being cancelled.
-    CANCELLING = 2;
-
-    // The rollout is cancelled.
-    CANCELLED = 3;
-
-    // The rollout has completed successfully.
-    SUCCEEDED = 4;
-  }
-
-  // Reference to the `OSPolicyAssignment` API resource.
-  //
-  // Format:
-  // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}`
-  string os_policy_assignment = 1 [(google.api.resource_reference) = {
-    type: "osconfig.googleapis.com/OSPolicyAssignment"
-  }];
-
-  // The OS policy assignment API method.
-  APIMethod api_method = 2;
-
-  // State of the rollout
-  RolloutState rollout_state = 3;
-
-  // Rollout start time
-  google.protobuf.Timestamp rollout_start_time = 4;
-
-  // Rollout update time
-  google.protobuf.Timestamp rollout_update_time = 5;
-}
-
-// A request message to create an OS policy assignment
-message CreateOSPolicyAssignmentRequest {
-  // Required. The parent resource name in the form:
-  // projects/{project}/locations/{location}
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "locations.googleapis.com/Location"
-    }
-  ];
-
-  // Required. The OS policy assignment to be created.
-  OSPolicyAssignment os_policy_assignment = 2
-      [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The logical name of the OS policy assignment in the project
-  // with the following restrictions:
-  //
-  // * Must contain only lowercase letters, numbers, and hyphens.
-  // * Must start with a letter.
-  // * Must be between 1-63 characters.
-  // * Must end with a number or a letter.
-  // * Must be unique within the project.
-  string os_policy_assignment_id = 3 [(google.api.field_behavior) = REQUIRED];
-}
-
-// A request message to update an OS policy assignment
-message UpdateOSPolicyAssignmentRequest {
-  // Required. The updated OS policy assignment.
-  OSPolicyAssignment os_policy_assignment = 1
-      [(google.api.field_behavior) = REQUIRED];
-
-  // Optional. Field mask that controls which fields of the assignment should be
-  // updated.
-  google.protobuf.FieldMask update_mask = 2
-      [(google.api.field_behavior) = OPTIONAL];
-}
-
-// A request message to get an OS policy assignment
-message GetOSPolicyAssignmentRequest {
-  // Required. The resource name of OS policy assignment.
-  //
-  // Format:
-  // `projects/{project}/locations/{location}/osPolicyAssignments/{os_policy_assignment}@{revisionId}`
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/OSPolicyAssignment"
-    }
-  ];
-}
-
-// A request message to list OS policy assignments for a parent resource
-message ListOSPolicyAssignmentsRequest {
-  // Required. The parent resource name.
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "locations.googleapis.com/Location"
-    }
-  ];
-
-  // The maximum number of assignments to return.
-  int32 page_size = 2;
-
-  // A pagination token returned from a previous call to
-  // `ListOSPolicyAssignments` that indicates where this listing should continue
-  // from.
-  string page_token = 3;
-}
-
-// A response message for listing all assignments under given parent.
-message ListOSPolicyAssignmentsResponse {
-  // The list of assignments
-  repeated OSPolicyAssignment os_policy_assignments = 1;
-
-  // The pagination token to retrieve the next page of OS policy assignments.
-  string next_page_token = 2;
-}
-
-// A request message to list revisions for a OS policy assignment
-message ListOSPolicyAssignmentRevisionsRequest {
-  // Required. The name of the OS policy assignment to list revisions for.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/OSPolicyAssignment"
-    }
-  ];
-
-  // The maximum number of revisions to return.
-  int32 page_size = 2;
-
-  // A pagination token returned from a previous call to
-  // `ListOSPolicyAssignmentRevisions` that indicates where this listing should
-  // continue from.
-  string page_token = 3;
-}
-
-// A response message for listing all revisions for a OS policy assignment.
-message ListOSPolicyAssignmentRevisionsResponse {
-  // The OS policy assignment revisions
-  repeated OSPolicyAssignment os_policy_assignments = 1;
-
-  // The pagination token to retrieve the next page of OS policy assignment
-  // revisions.
-  string next_page_token = 2;
-}
-
-// A request message for deleting a OS policy assignment.
-message DeleteOSPolicyAssignmentRequest {
-  // Required. The name of the OS policy assignment to be deleted
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/OSPolicyAssignment"
-    }
-  ];
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1/osconfig_common.proto b/third_party/googleapis/google/cloud/osconfig/v1/osconfig_common.proto
deleted file mode 100644
index 2b72d6a..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1/osconfig_common.proto
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1;
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1;osconfig";
-option java_outer_classname = "Common";
-option java_package = "com.google.cloud.osconfig.v1";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1";
-option ruby_package = "Google::Cloud::OsConfig::V1";
-
-// Message encapsulating a value that can be either absolute ("fixed") or
-// relative ("percent") to a value.
-message FixedOrPercent {
-  // Type of the value.
-  oneof mode {
-    // Specifies a fixed value.
-    int32 fixed = 1;
-
-    // Specifies the relative value defined as a percentage, which will be
-    // multiplied by a reference value.
-    int32 percent = 2;
-  }
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1/osconfig_grpc_service_config.json b/third_party/googleapis/google/cloud/osconfig/v1/osconfig_grpc_service_config.json
deleted file mode 100644
index d455664..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1/osconfig_grpc_service_config.json
+++ /dev/null
@@ -1,16 +0,0 @@
-{
-  "methodConfig": [{
-    "name": [
-      { "service": "google.cloud.osconfig.v1.OsConfigService" },
-      { "service": "google.cloud.osconfig.v1.OsConfigZonalService" }
-    ],
-    "timeout": "60s",
-    "retryPolicy": {
-      "maxAttempts": 5,
-      "initialBackoff": "1s",
-      "maxBackoff": "60s",
-      "backoffMultiplier": 1.3,
-      "retryableStatusCodes": ["UNAVAILABLE"]
-    }
-  }]
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1/osconfig_service.proto b/third_party/googleapis/google/cloud/osconfig/v1/osconfig_service.proto
deleted file mode 100644
index 515905c..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1/osconfig_service.proto
+++ /dev/null
@@ -1,158 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1;
-
-import "google/api/client.proto";
-import "google/api/resource.proto";
-import "google/cloud/osconfig/v1/patch_deployments.proto";
-import "google/cloud/osconfig/v1/patch_jobs.proto";
-import "google/protobuf/empty.proto";
-import "google/api/annotations.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1;osconfig";
-option java_outer_classname = "OsConfigProto";
-option java_package = "com.google.cloud.osconfig.v1";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1";
-option ruby_package = "Google::Cloud::OsConfig::V1";
-option (google.api.resource_definition) = {
-  type: "compute.googleapis.com/Instance"
-  pattern: "projects/{project}/zones/{zone}/instances/{instance}"
-  pattern: "projects/{project}/locations/{location}/instances/{instance}"
-};
-
-// OS Config API
-//
-// The OS Config service is a server-side component that you can use to
-// manage package installations and patch jobs for virtual machine instances.
-service OsConfigService {
-  option (google.api.default_host) = "osconfig.googleapis.com";
-  option (google.api.oauth_scopes) =
-      "https://www.googleapis.com/auth/cloud-platform";
-
-  // Patch VM instances by creating and running a patch job.
-  rpc ExecutePatchJob(ExecutePatchJobRequest) returns (PatchJob) {
-    option (google.api.http) = {
-      post: "/v1/{parent=projects/*}/patchJobs:execute"
-      body: "*"
-    };
-  }
-
-  // Get the patch job. This can be used to track the progress of an
-  // ongoing patch job or review the details of completed jobs.
-  rpc GetPatchJob(GetPatchJobRequest) returns (PatchJob) {
-    option (google.api.http) = {
-      get: "/v1/{name=projects/*/patchJobs/*}"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // Cancel a patch job. The patch job must be active. Canceled patch jobs
-  // cannot be restarted.
-  rpc CancelPatchJob(CancelPatchJobRequest) returns (PatchJob) {
-    option (google.api.http) = {
-      post: "/v1/{name=projects/*/patchJobs/*}:cancel"
-      body: "*"
-    };
-  }
-
-  // Get a list of patch jobs.
-  rpc ListPatchJobs(ListPatchJobsRequest) returns (ListPatchJobsResponse) {
-    option (google.api.http) = {
-      get: "/v1/{parent=projects/*}/patchJobs"
-    };
-    option (google.api.method_signature) = "parent";
-  }
-
-  // Get a list of instance details for a given patch job.
-  rpc ListPatchJobInstanceDetails(ListPatchJobInstanceDetailsRequest)
-      returns (ListPatchJobInstanceDetailsResponse) {
-    option (google.api.http) = {
-      get: "/v1/{parent=projects/*/patchJobs/*}/instanceDetails"
-    };
-    option (google.api.method_signature) = "parent";
-  }
-
-  // Create an OS Config patch deployment.
-  rpc CreatePatchDeployment(CreatePatchDeploymentRequest)
-      returns (PatchDeployment) {
-    option (google.api.http) = {
-      post: "/v1/{parent=projects/*}/patchDeployments"
-      body: "patch_deployment"
-    };
-    option (google.api.method_signature) =
-        "parent,patch_deployment,patch_deployment_id";
-  }
-
-  // Get an OS Config patch deployment.
-  rpc GetPatchDeployment(GetPatchDeploymentRequest) returns (PatchDeployment) {
-    option (google.api.http) = {
-      get: "/v1/{name=projects/*/patchDeployments/*}"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // Get a page of OS Config patch deployments.
-  rpc ListPatchDeployments(ListPatchDeploymentsRequest)
-      returns (ListPatchDeploymentsResponse) {
-    option (google.api.http) = {
-      get: "/v1/{parent=projects/*}/patchDeployments"
-    };
-    option (google.api.method_signature) = "parent";
-  }
-
-  // Delete an OS Config patch deployment.
-  rpc DeletePatchDeployment(DeletePatchDeploymentRequest)
-      returns (google.protobuf.Empty) {
-    option (google.api.http) = {
-      delete: "/v1/{name=projects/*/patchDeployments/*}"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // Update an OS Config patch deployment.
-  rpc UpdatePatchDeployment(UpdatePatchDeploymentRequest)
-      returns (PatchDeployment) {
-    option (google.api.http) = {
-      patch: "/v1/{patch_deployment.name=projects/*/patchDeployments/*}"
-      body: "patch_deployment"
-    };
-    option (google.api.method_signature) = "patch_deployment,update_mask";
-  }
-
-  // Change state of patch deployment to "PAUSED".
-  // Patch deployment in paused state doesn't generate patch jobs.
-  rpc PausePatchDeployment(PausePatchDeploymentRequest)
-      returns (PatchDeployment) {
-    option (google.api.http) = {
-      post: "/v1/{name=projects/*/patchDeployments/*}:pause"
-      body: "*"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // Change state of patch deployment back to "ACTIVE".
-  // Patch deployment in active state continues to generate patch jobs.
-  rpc ResumePatchDeployment(ResumePatchDeploymentRequest)
-      returns (PatchDeployment) {
-    option (google.api.http) = {
-      post: "/v1/{name=projects/*/patchDeployments/*}:resume"
-      body: "*"
-    };
-    option (google.api.method_signature) = "name";
-  }
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1/osconfig_v1.yaml b/third_party/googleapis/google/cloud/osconfig/v1/osconfig_v1.yaml
deleted file mode 100644
index 31b385f..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1/osconfig_v1.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-type: google.api.Service
-config_version: 3
-name: osconfig.googleapis.com
-title: OS Config API
-
-apis:
-- name: google.cloud.osconfig.v1.OsConfigService
-- name: google.cloud.osconfig.v1.OsConfigZonalService
-
-types:
-- name: google.cloud.osconfig.v1.OSPolicyAssignmentOperationMetadata
-
-documentation:
-  summary: |-
-    OS management tools that can be used for patch management, patch
-    compliance, and configuration management on VM instances.
-
-backend:
-  rules:
-  - selector: 'google.cloud.osconfig.v1.OsConfigService.*'
-    deadline: 30.0
-  - selector: 'google.cloud.osconfig.v1.OsConfigZonalService.*'
-    deadline: 30.0
-
-http:
-  rules:
-  - selector: google.longrunning.Operations.CancelOperation
-    post: '/v1/{name=projects/*/locations/*/osPolicyAssignments/*/operations/*}:cancel'
-    body: '*'
-  - selector: google.longrunning.Operations.GetOperation
-    get: '/v1/{name=projects/*/locations/*/osPolicyAssignments/*/operations/*}'
-
-authentication:
-  rules:
-  - selector: 'google.cloud.osconfig.v1.OsConfigService.*'
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
-  - selector: 'google.cloud.osconfig.v1.OsConfigZonalService.*'
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
-  - selector: google.longrunning.Operations.CancelOperation
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
-  - selector: google.longrunning.Operations.GetOperation
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
diff --git a/third_party/googleapis/google/cloud/osconfig/v1/osconfig_zonal_service.proto b/third_party/googleapis/google/cloud/osconfig/v1/osconfig_zonal_service.proto
deleted file mode 100644
index 196737c..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1/osconfig_zonal_service.proto
+++ /dev/null
@@ -1,202 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1;
-
-import "google/api/annotations.proto";
-import "google/api/client.proto";
-import "google/cloud/osconfig/v1/inventory.proto";
-import "google/cloud/osconfig/v1/os_policy_assignment_reports.proto";
-import "google/cloud/osconfig/v1/os_policy_assignments.proto";
-import "google/cloud/osconfig/v1/vulnerability.proto";
-import "google/longrunning/operations.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1;osconfig";
-option java_multiple_files = true;
-option java_outer_classname = "OsConfigZonalServiceProto";
-option java_package = "com.google.cloud.osconfig.v1";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1";
-option ruby_package = "Google::Cloud::OsConfig::V1";
-
-// Zonal OS Config API
-//
-// The OS Config service is the server-side component that allows users to
-// manage package installations and patch jobs for Compute Engine VM instances.
-service OsConfigZonalService {
-  option (google.api.default_host) = "osconfig.googleapis.com";
-  option (google.api.oauth_scopes) =
-      "https://www.googleapis.com/auth/cloud-platform";
-
-  // Create an OS policy assignment.
-  //
-  // This method also creates the first revision of the OS policy assignment.
-  //
-  // This method returns a long running operation (LRO) that contains the
-  // rollout details. The rollout can be cancelled by cancelling the LRO.
-  //
-  // For more information, see [Method:
-  // projects.locations.osPolicyAssignments.operations.cancel](https://cloud.google.com/compute/docs/osconfig/rest/v1/projects.locations.osPolicyAssignments.operations/cancel).
-  rpc CreateOSPolicyAssignment(CreateOSPolicyAssignmentRequest)
-      returns (google.longrunning.Operation) {
-    option (google.api.http) = {
-      post: "/v1/{parent=projects/*/locations/*}/osPolicyAssignments"
-      body: "os_policy_assignment"
-    };
-    option (google.api.method_signature) =
-        "parent,os_policy_assignment,os_policy_assignment_id";
-    option (google.longrunning.operation_info) = {
-      response_type: "OSPolicyAssignment"
-      metadata_type: "OSPolicyAssignmentOperationMetadata"
-    };
-  }
-
-  // Update an existing OS policy assignment.
-  //
-  // This method creates a new revision of the OS policy assignment.
-  //
-  // This method returns a long running operation (LRO) that contains the
-  // rollout details. The rollout can be cancelled by cancelling the LRO.
-  //
-  // For more information, see [Method:
-  // projects.locations.osPolicyAssignments.operations.cancel](https://cloud.google.com/compute/docs/osconfig/rest/v1/projects.locations.osPolicyAssignments.operations/cancel).
-  rpc UpdateOSPolicyAssignment(UpdateOSPolicyAssignmentRequest)
-      returns (google.longrunning.Operation) {
-    option (google.api.http) = {
-      patch: "/v1/{os_policy_assignment.name=projects/*/locations/*/osPolicyAssignments/*}"
-      body: "os_policy_assignment"
-    };
-    option (google.api.method_signature) = "os_policy_assignment,update_mask";
-    option (google.longrunning.operation_info) = {
-      response_type: "OSPolicyAssignment"
-      metadata_type: "OSPolicyAssignmentOperationMetadata"
-    };
-  }
-
-  // Retrieve an existing OS policy assignment.
-  //
-  // This method always returns the latest revision. In order to retrieve a
-  // previous revision of the assignment, also provide the revision ID in the
-  // `name` parameter.
-  rpc GetOSPolicyAssignment(GetOSPolicyAssignmentRequest)
-      returns (OSPolicyAssignment) {
-    option (google.api.http) = {
-      get: "/v1/{name=projects/*/locations/*/osPolicyAssignments/*}"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // List the OS policy assignments under the parent resource.
-  //
-  // For each OS policy assignment, the latest revision is returned.
-  rpc ListOSPolicyAssignments(ListOSPolicyAssignmentsRequest)
-      returns (ListOSPolicyAssignmentsResponse) {
-    option (google.api.http) = {
-      get: "/v1/{parent=projects/*/locations/*}/osPolicyAssignments"
-    };
-    option (google.api.method_signature) = "parent";
-  }
-
-  // List the OS policy assignment revisions for a given OS policy assignment.
-  rpc ListOSPolicyAssignmentRevisions(ListOSPolicyAssignmentRevisionsRequest)
-      returns (ListOSPolicyAssignmentRevisionsResponse) {
-    option (google.api.http) = {
-      get: "/v1/{name=projects/*/locations/*/osPolicyAssignments/*}:listRevisions"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // Delete the OS policy assignment.
-  //
-  // This method creates a new revision of the OS policy assignment.
-  //
-  // This method returns a long running operation (LRO) that contains the
-  // rollout details. The rollout can be cancelled by cancelling the LRO.
-  //
-  // If the LRO completes and is not cancelled, all revisions associated with
-  // the OS policy assignment are deleted.
-  //
-  // For more information, see [Method:
-  // projects.locations.osPolicyAssignments.operations.cancel](https://cloud.google.com/compute/docs/osconfig/rest/v1/projects.locations.osPolicyAssignments.operations/cancel).
-  rpc DeleteOSPolicyAssignment(DeleteOSPolicyAssignmentRequest)
-      returns (google.longrunning.Operation) {
-    option (google.api.http) = {
-      delete: "/v1/{name=projects/*/locations/*/osPolicyAssignments/*}"
-    };
-    option (google.api.method_signature) = "name";
-    option (google.longrunning.operation_info) = {
-      response_type: "google.protobuf.Empty"
-      metadata_type: "OSPolicyAssignmentOperationMetadata"
-    };
-  }
-
-  // Get the OS policy asssignment report for the specified Compute Engine VM
-  // instance.
-  rpc GetOSPolicyAssignmentReport(GetOSPolicyAssignmentReportRequest)
-      returns (OSPolicyAssignmentReport) {
-    option (google.api.http) = {
-      get: "/v1/{name=projects/*/locations/*/instances/*/osPolicyAssignments/*/report}"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // List OS policy asssignment reports for all Compute Engine VM instances in
-  // the specified zone.
-  rpc ListOSPolicyAssignmentReports(ListOSPolicyAssignmentReportsRequest)
-      returns (ListOSPolicyAssignmentReportsResponse) {
-    option (google.api.http) = {
-      get: "/v1/{parent=projects/*/locations/*/instances/*/osPolicyAssignments/*}/reports"
-    };
-    option (google.api.method_signature) = "parent";
-  }
-
-  // Get inventory data for the specified VM instance. If the VM has no
-  // associated inventory, the message `NOT_FOUND` is returned.
-  rpc GetInventory(GetInventoryRequest) returns (Inventory) {
-    option (google.api.http) = {
-      get: "/v1/{name=projects/*/locations/*/instances/*/inventory}"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // List inventory data for all VM instances in the specified zone.
-  rpc ListInventories(ListInventoriesRequest)
-      returns (ListInventoriesResponse) {
-    option (google.api.http) = {
-      get: "/v1/{parent=projects/*/locations/*/instances/*}/inventories"
-    };
-    option (google.api.method_signature) = "parent";
-  }
-
-  // Gets the vulnerability report for the specified VM instance. Only VMs with
-  // inventory data have vulnerability reports associated with them.
-  rpc GetVulnerabilityReport(GetVulnerabilityReportRequest)
-      returns (VulnerabilityReport) {
-    option (google.api.http) = {
-      get: "/v1/{name=projects/*/locations/*/instances/*/vulnerabilityReport}"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // List vulnerability reports for all VM instances in the specified zone.
-  rpc ListVulnerabilityReports(ListVulnerabilityReportsRequest)
-      returns (ListVulnerabilityReportsResponse) {
-    option (google.api.http) = {
-      get: "/v1/{parent=projects/*/locations/*/instances/*}/vulnerabilityReports"
-    };
-    option (google.api.method_signature) = "parent";
-  }
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1/patch_deployments.proto b/third_party/googleapis/google/cloud/osconfig/v1/patch_deployments.proto
deleted file mode 100644
index d570854..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1/patch_deployments.proto
+++ /dev/null
@@ -1,339 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1;
-
-import "google/api/field_behavior.proto";
-import "google/api/resource.proto";
-import "google/cloud/osconfig/v1/patch_jobs.proto";
-import "google/protobuf/duration.proto";
-import "google/protobuf/field_mask.proto";
-import "google/protobuf/timestamp.proto";
-import "google/type/datetime.proto";
-import "google/type/dayofweek.proto";
-import "google/type/timeofday.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1;osconfig";
-option java_outer_classname = "PatchDeployments";
-option java_package = "com.google.cloud.osconfig.v1";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1";
-option ruby_package = "Google::Cloud::OsConfig::V1";
-
-// Patch deployments are configurations that individual patch jobs use to
-// complete a patch. These configurations include instance filter, package
-// repository settings, and a schedule. For more information about creating and
-// managing patch deployments, see [Scheduling patch
-// jobs](https://cloud.google.com/compute/docs/os-patch-management/schedule-patch-jobs).
-message PatchDeployment {
-  option (google.api.resource) = {
-    type: "osconfig.googleapis.com/PatchDeployment"
-    pattern: "projects/{project}/patchDeployments/{patch_deployment}"
-  };
-
-  // Represents state of patch peployment.
-  enum State {
-    // The default value. This value is used if the state is omitted.
-    STATE_UNSPECIFIED = 0;
-
-    // Active value means that patch deployment generates Patch Jobs.
-    ACTIVE = 1;
-
-    // Paused value means that patch deployment does not generate
-    // Patch jobs. Requires user action to move in and out from this state.
-    PAUSED = 2;
-  }
-
-  // Unique name for the patch deployment resource in a project. The patch
-  // deployment name is in the form:
-  // `projects/{project_id}/patchDeployments/{patch_deployment_id}`.
-  // This field is ignored when you create a new patch deployment.
-  string name = 1;
-
-  // Optional. Description of the patch deployment. Length of the description is
-  // limited to 1024 characters.
-  string description = 2 [(google.api.field_behavior) = OPTIONAL];
-
-  // Required. VM instances to patch.
-  PatchInstanceFilter instance_filter = 3
-      [(google.api.field_behavior) = REQUIRED];
-
-  // Optional. Patch configuration that is applied.
-  PatchConfig patch_config = 4 [(google.api.field_behavior) = OPTIONAL];
-
-  // Optional. Duration of the patch. After the duration ends, the patch times
-  // out.
-  google.protobuf.Duration duration = 5
-      [(google.api.field_behavior) = OPTIONAL];
-
-  // Schedule for the patch.
-  oneof schedule {
-    // Required. Schedule a one-time execution.
-    OneTimeSchedule one_time_schedule = 6
-        [(google.api.field_behavior) = REQUIRED];
-
-    // Required. Schedule recurring executions.
-    RecurringSchedule recurring_schedule = 7
-        [(google.api.field_behavior) = REQUIRED];
-  }
-
-  // Output only. Time the patch deployment was created. Timestamp is in
-  // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
-  google.protobuf.Timestamp create_time = 8
-      [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Time the patch deployment was last updated. Timestamp is in
-  // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
-  google.protobuf.Timestamp update_time = 9
-      [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. The last time a patch job was started by this deployment.
-  // Timestamp is in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text
-  // format.
-  google.protobuf.Timestamp last_execute_time = 10
-      [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Optional. Rollout strategy of the patch job.
-  PatchRollout rollout = 11 [(google.api.field_behavior) = OPTIONAL];
-
-  // Output only. Current state of the patch deployment.
-  State state = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
-}
-
-// Sets the time for a one time patch deployment. Timestamp is in
-// [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
-message OneTimeSchedule {
-  // Required. The desired patch job execution time.
-  google.protobuf.Timestamp execute_time = 1
-      [(google.api.field_behavior) = REQUIRED];
-}
-
-// Sets the time for recurring patch deployments.
-message RecurringSchedule {
-  // Specifies the frequency of the recurring patch deployments.
-  enum Frequency {
-    // Invalid. A frequency must be specified.
-    FREQUENCY_UNSPECIFIED = 0;
-
-    // Indicates that the frequency of recurrence should be expressed in terms
-    // of weeks.
-    WEEKLY = 1;
-
-    // Indicates that the frequency of recurrence should be expressed in terms
-    // of months.
-    MONTHLY = 2;
-
-    // Indicates that the frequency of recurrence should be expressed in terms
-    // of days.
-    DAILY = 3;
-  }
-
-  // Required. Defines the time zone that `time_of_day` is relative to.
-  // The rules for daylight saving time are determined by the chosen time zone.
-  google.type.TimeZone time_zone = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Optional. The time that the recurring schedule becomes effective.
-  // Defaults to `create_time` of the patch deployment.
-  google.protobuf.Timestamp start_time = 2
-      [(google.api.field_behavior) = OPTIONAL];
-
-  // Optional. The end time at which a recurring patch deployment schedule is no
-  // longer active.
-  google.protobuf.Timestamp end_time = 3
-      [(google.api.field_behavior) = OPTIONAL];
-
-  // Required. Time of the day to run a recurring deployment.
-  google.type.TimeOfDay time_of_day = 4
-      [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The frequency unit of this recurring schedule.
-  Frequency frequency = 5 [(google.api.field_behavior) = REQUIRED];
-
-  // Configurations for this recurring schedule.
-  // Configurations must match frequency.
-  oneof schedule_config {
-    // Required. Schedule with weekly executions.
-    WeeklySchedule weekly = 6 [(google.api.field_behavior) = REQUIRED];
-
-    // Required. Schedule with monthly executions.
-    MonthlySchedule monthly = 7 [(google.api.field_behavior) = REQUIRED];
-  }
-
-  // Output only. The time the last patch job ran successfully.
-  google.protobuf.Timestamp last_execute_time = 9
-      [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. The time the next patch job is scheduled to run.
-  google.protobuf.Timestamp next_execute_time = 10
-      [(google.api.field_behavior) = OUTPUT_ONLY];
-}
-
-// Represents a weekly schedule.
-message WeeklySchedule {
-  // Required. Day of the week.
-  google.type.DayOfWeek day_of_week = 1
-      [(google.api.field_behavior) = REQUIRED];
-}
-
-// Represents a monthly schedule. An example of a valid monthly schedule is
-// "on the third Tuesday of the month" or "on the 15th of the month".
-message MonthlySchedule {
-  // One day in a month.
-  oneof day_of_month {
-    // Required. Week day in a month.
-    WeekDayOfMonth week_day_of_month = 1
-        [(google.api.field_behavior) = REQUIRED];
-
-    // Required. One day of the month. 1-31 indicates the 1st to the 31st day.
-    // -1 indicates the last day of the month. Months without the target day
-    // will be skipped. For example, a schedule to run "every month on the 31st"
-    // will not run in February, April, June, etc.
-    int32 month_day = 2 [(google.api.field_behavior) = REQUIRED];
-  }
-}
-
-// Represents one week day in a month. An example is "the 4th Sunday".
-message WeekDayOfMonth {
-  // Required. Week number in a month. 1-4 indicates the 1st to 4th week of the
-  // month. -1 indicates the last week of the month.
-  int32 week_ordinal = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. A day of the week.
-  google.type.DayOfWeek day_of_week = 2
-      [(google.api.field_behavior) = REQUIRED];
-
-  // Optional. Represents the number of days before or after the given week day
-  // of month that the patch deployment is scheduled for. For example if
-  // `week_ordinal` and `day_of_week` values point to the second day of the
-  // month and this `day_offset` value is set to `3`, the patch deployment takes
-  // place three days after the second Tuesday of the month. If this value is
-  // negative, for example -5, the patches are deployed five days before before
-  // the second Tuesday of the month. Allowed values are in range [-30, 30].
-  int32 day_offset = 3 [(google.api.field_behavior) = OPTIONAL];
-}
-
-// A request message for creating a patch deployment.
-message CreatePatchDeploymentRequest {
-  // Required. The project to apply this patch deployment to in the form
-  // `projects/*`.
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "cloudresourcemanager.googleapis.com/Project"
-    }
-  ];
-
-  // Required. A name for the patch deployment in the project. When creating a
-  // name the following rules apply:
-  // * Must contain only lowercase letters, numbers, and hyphens.
-  // * Must start with a letter.
-  // * Must be between 1-63 characters.
-  // * Must end with a number or a letter.
-  // * Must be unique within the project.
-  string patch_deployment_id = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The patch deployment to create.
-  PatchDeployment patch_deployment = 3 [(google.api.field_behavior) = REQUIRED];
-}
-
-// A request message for retrieving a patch deployment.
-message GetPatchDeploymentRequest {
-  // Required. The resource name of the patch deployment in the form
-  // `projects/*/patchDeployments/*`.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/PatchDeployment"
-    }
-  ];
-}
-
-// A request message for listing patch deployments.
-message ListPatchDeploymentsRequest {
-  // Required. The resource name of the parent in the form `projects/*`.
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "cloudresourcemanager.googleapis.com/Project"
-    }
-  ];
-
-  // Optional. The maximum number of patch deployments to return. Default is
-  // 100.
-  int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
-
-  // Optional. A pagination token returned from a previous call to
-  // ListPatchDeployments that indicates where this listing should continue
-  // from.
-  string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
-}
-
-// A response message for listing patch deployments.
-message ListPatchDeploymentsResponse {
-  // The list of patch deployments.
-  repeated PatchDeployment patch_deployments = 1;
-
-  // A pagination token that can be used to get the next page of patch
-  // deployments.
-  string next_page_token = 2;
-}
-
-// A request message for deleting a patch deployment.
-message DeletePatchDeploymentRequest {
-  // Required. The resource name of the patch deployment in the form
-  // `projects/*/patchDeployments/*`.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/PatchDeployment"
-    }
-  ];
-}
-
-// A request message for updating a patch deployment.
-message UpdatePatchDeploymentRequest {
-  // Required. The patch deployment to Update.
-  PatchDeployment patch_deployment = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Optional. Field mask that controls which fields of the patch deployment
-  // should be updated.
-  google.protobuf.FieldMask update_mask = 2
-      [(google.api.field_behavior) = OPTIONAL];
-}
-
-// A request message for pausing a patch deployment.
-message PausePatchDeploymentRequest {
-  // Required. The resource name of the patch deployment in the form
-  // `projects/*/patchDeployments/*`.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/PatchDeployment"
-    }
-  ];
-}
-
-// A request message for resuming a patch deployment.
-message ResumePatchDeploymentRequest {
-  // Required. The resource name of the patch deployment in the form
-  // `projects/*/patchDeployments/*`.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/PatchDeployment"
-    }
-  ];
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1/patch_jobs.proto b/third_party/googleapis/google/cloud/osconfig/v1/patch_jobs.proto
deleted file mode 100644
index 4edfc8d..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1/patch_jobs.proto
+++ /dev/null
@@ -1,742 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1;
-
-import "google/api/field_behavior.proto";
-import "google/api/resource.proto";
-import "google/cloud/osconfig/v1/osconfig_common.proto";
-import "google/protobuf/duration.proto";
-import "google/protobuf/timestamp.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1;osconfig";
-option java_outer_classname = "PatchJobs";
-option java_package = "com.google.cloud.osconfig.v1";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1";
-option ruby_package = "Google::Cloud::OsConfig::V1";
-
-// A request message to initiate patching across Compute Engine
-// instances.
-message ExecutePatchJobRequest {
-  // Required. The project in which to run this patch in the form `projects/*`
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "cloudresourcemanager.googleapis.com/Project"
-    }
-  ];
-
-  // Description of the patch job. Length of the description is limited
-  // to 1024 characters.
-  string description = 2;
-
-  // Required. Instances to patch, either explicitly or filtered by some
-  // criteria such as zone or labels.
-  PatchInstanceFilter instance_filter = 7
-      [(google.api.field_behavior) = REQUIRED];
-
-  // Patch configuration being applied. If omitted, instances are
-  // patched using the default configurations.
-  PatchConfig patch_config = 4;
-
-  // Duration of the patch job. After the duration ends, the patch job
-  // times out.
-  google.protobuf.Duration duration = 5;
-
-  // If this patch is a dry-run only, instances are contacted but
-  // will do nothing.
-  bool dry_run = 6;
-
-  // Display name for this patch job. This does not have to be unique.
-  string display_name = 8;
-
-  // Rollout strategy of the patch job.
-  PatchRollout rollout = 9;
-}
-
-// Request to get an active or completed patch job.
-message GetPatchJobRequest {
-  // Required. Name of the patch in the form `projects/*/patchJobs/*`
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/PatchJob"
-    }
-  ];
-}
-
-// Request to list details for all instances that are part of a patch job.
-message ListPatchJobInstanceDetailsRequest {
-  // Required. The parent for the instances are in the form of
-  // `projects/*/patchJobs/*`.
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/PatchJob"
-    }
-  ];
-
-  // The maximum number of instance details records to return.  Default is 100.
-  int32 page_size = 2;
-
-  // A pagination token returned from a previous call
-  // that indicates where this listing should continue from.
-  string page_token = 3;
-
-  // A filter expression that filters results listed in the response. This
-  // field supports filtering results by instance zone, name, state, or
-  // `failure_reason`.
-  string filter = 4;
-}
-
-// A response message for listing the instances details for a patch job.
-message ListPatchJobInstanceDetailsResponse {
-  // A list of instance status.
-  repeated PatchJobInstanceDetails patch_job_instance_details = 1;
-
-  // A pagination token that can be used to get the next page of results.
-  string next_page_token = 2;
-}
-
-// Patch details for a VM instance. For more information about reviewing VM
-// instance details, see
-// [Listing all VM instance details for a specific patch
-// job](https://cloud.google.com/compute/docs/os-patch-management/manage-patch-jobs#list-instance-details).
-message PatchJobInstanceDetails {
-  // The instance name in the form `projects/*/zones/*/instances/*`
-  string name = 1 [(google.api.resource_reference) = {
-    type: "compute.googleapis.com/Instance"
-  }];
-
-  // The unique identifier for the instance. This identifier is
-  // defined by the server.
-  string instance_system_id = 2;
-
-  // Current state of instance patch.
-  Instance.PatchState state = 3;
-
-  // If the patch fails, this field provides the reason.
-  string failure_reason = 4;
-
-  // The number of times the agent that the agent attempts to apply the patch.
-  int64 attempt_count = 5;
-}
-
-// A request message for listing patch jobs.
-message ListPatchJobsRequest {
-  // Required. In the form of `projects/*`
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "cloudresourcemanager.googleapis.com/Project"
-    }
-  ];
-
-  // The maximum number of instance status to return.
-  int32 page_size = 2;
-
-  // A pagination token returned from a previous call
-  // that indicates where this listing should continue from.
-  string page_token = 3;
-
-  // If provided, this field specifies the criteria that must be met by patch
-  // jobs to be included in the response.
-  // Currently, filtering is only available on the patch_deployment field.
-  string filter = 4;
-}
-
-// A response message for listing patch jobs.
-message ListPatchJobsResponse {
-  // The list of patch jobs.
-  repeated PatchJob patch_jobs = 1;
-
-  // A pagination token that can be used to get the next page of results.
-  string next_page_token = 2;
-}
-
-// A high level representation of a patch job that is either in progress
-// or has completed.
-//
-// Instance details are not included in the job. To paginate through instance
-// details, use ListPatchJobInstanceDetails.
-//
-// For more information about patch jobs, see
-// [Creating patch
-// jobs](https://cloud.google.com/compute/docs/os-patch-management/create-patch-job).
-message PatchJob {
-  option (google.api.resource) = {
-    type: "osconfig.googleapis.com/PatchJob"
-    pattern: "projects/{project}/patchJobs/{patch_job}"
-  };
-
-  // Enumeration of the various states a patch job passes through as it
-  // executes.
-  enum State {
-    // State must be specified.
-    STATE_UNSPECIFIED = 0;
-
-    // The patch job was successfully initiated.
-    STARTED = 1;
-
-    // The patch job is looking up instances to run the patch on.
-    INSTANCE_LOOKUP = 2;
-
-    // Instances are being patched.
-    PATCHING = 3;
-
-    // Patch job completed successfully.
-    SUCCEEDED = 4;
-
-    // Patch job completed but there were errors.
-    COMPLETED_WITH_ERRORS = 5;
-
-    // The patch job was canceled.
-    CANCELED = 6;
-
-    // The patch job timed out.
-    TIMED_OUT = 7;
-  }
-
-  // A summary of the current patch state across all instances that this patch
-  // job affects. Contains counts of instances in different states. These states
-  // map to `InstancePatchState`. List patch job instance details to see the
-  // specific states of each instance.
-  message InstanceDetailsSummary {
-    // Number of instances pending patch job.
-    int64 pending_instance_count = 1;
-
-    // Number of instances that are inactive.
-    int64 inactive_instance_count = 2;
-
-    // Number of instances notified about patch job.
-    int64 notified_instance_count = 3;
-
-    // Number of instances that have started.
-    int64 started_instance_count = 4;
-
-    // Number of instances that are downloading patches.
-    int64 downloading_patches_instance_count = 5;
-
-    // Number of instances that are applying patches.
-    int64 applying_patches_instance_count = 6;
-
-    // Number of instances rebooting.
-    int64 rebooting_instance_count = 7;
-
-    // Number of instances that have completed successfully.
-    int64 succeeded_instance_count = 8;
-
-    // Number of instances that require reboot.
-    int64 succeeded_reboot_required_instance_count = 9;
-
-    // Number of instances that failed.
-    int64 failed_instance_count = 10;
-
-    // Number of instances that have acked and will start shortly.
-    int64 acked_instance_count = 11;
-
-    // Number of instances that exceeded the time out while applying the patch.
-    int64 timed_out_instance_count = 12;
-
-    // Number of instances that are running the pre-patch step.
-    int64 pre_patch_step_instance_count = 13;
-
-    // Number of instances that are running the post-patch step.
-    int64 post_patch_step_instance_count = 14;
-
-    // Number of instances that do not appear to be running the agent. Check to
-    // ensure that the agent is installed, running, and able to communicate with
-    // the service.
-    int64 no_agent_detected_instance_count = 15;
-  }
-
-  // Unique identifier for this patch job in the form
-  // `projects/*/patchJobs/*`
-  string name = 1;
-
-  // Display name for this patch job. This is not a unique identifier.
-  string display_name = 14;
-
-  // Description of the patch job. Length of the description is limited
-  // to 1024 characters.
-  string description = 2;
-
-  // Time this patch job was created.
-  google.protobuf.Timestamp create_time = 3;
-
-  // Last time this patch job was updated.
-  google.protobuf.Timestamp update_time = 4;
-
-  // The current state of the PatchJob.
-  State state = 5;
-
-  // Instances to patch.
-  PatchInstanceFilter instance_filter = 13;
-
-  // Patch configuration being applied.
-  PatchConfig patch_config = 7;
-
-  // Duration of the patch job. After the duration ends, the
-  // patch job times out.
-  google.protobuf.Duration duration = 8;
-
-  // Summary of instance details.
-  InstanceDetailsSummary instance_details_summary = 9;
-
-  // If this patch job is a dry run, the agent reports that it has
-  // finished without running any updates on the VM instance.
-  bool dry_run = 10;
-
-  // If this patch job failed, this message provides information about the
-  // failure.
-  string error_message = 11;
-
-  // Reflects the overall progress of the patch job in the range of
-  // 0.0 being no progress to 100.0 being complete.
-  double percent_complete = 12;
-
-  // Output only. Name of the patch deployment that created this patch job.
-  string patch_deployment = 15 [
-    (google.api.field_behavior) = OUTPUT_ONLY,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/PatchDeployment"
-    }
-  ];
-
-  // Rollout strategy being applied.
-  PatchRollout rollout = 16;
-}
-
-// Patch configuration specifications. Contains details on how to apply the
-// patch(es) to a VM instance.
-message PatchConfig {
-  // Post-patch reboot settings.
-  enum RebootConfig {
-    // The default behavior is DEFAULT.
-    REBOOT_CONFIG_UNSPECIFIED = 0;
-
-    // The agent decides if a reboot is necessary by checking signals such as
-    // registry keys on Windows or `/var/run/reboot-required` on APT based
-    // systems. On RPM based systems, a set of core system package install times
-    // are compared with system boot time.
-    DEFAULT = 1;
-
-    // Always reboot the machine after the update completes.
-    ALWAYS = 2;
-
-    // Never reboot the machine after the update completes.
-    NEVER = 3;
-  }
-
-  // Post-patch reboot settings.
-  RebootConfig reboot_config = 1;
-
-  // Apt update settings. Use this setting to override the default `apt` patch
-  // rules.
-  AptSettings apt = 3;
-
-  // Yum update settings. Use this setting to override the default `yum` patch
-  // rules.
-  YumSettings yum = 4;
-
-  // Goo update settings. Use this setting to override the default `goo` patch
-  // rules.
-  GooSettings goo = 5;
-
-  // Zypper update settings. Use this setting to override the default `zypper`
-  // patch rules.
-  ZypperSettings zypper = 6;
-
-  // Windows update settings. Use this override the default windows patch rules.
-  WindowsUpdateSettings windows_update = 7;
-
-  // The `ExecStep` to run before the patch update.
-  ExecStep pre_step = 8;
-
-  // The `ExecStep` to run after the patch update.
-  ExecStep post_step = 9;
-
-  // Allows the patch job to run on Managed instance groups (MIGs).
-  bool mig_instances_allowed = 10;
-}
-
-// Namespace for instance state enums.
-message Instance {
-  // Patch state of an instance.
-  enum PatchState {
-    // Unspecified.
-    PATCH_STATE_UNSPECIFIED = 0;
-
-    // The instance is not yet notified.
-    PENDING = 1;
-
-    // Instance is inactive and cannot be patched.
-    INACTIVE = 2;
-
-    // The instance is notified that it should be patched.
-    NOTIFIED = 3;
-
-    // The instance has started the patching process.
-    STARTED = 4;
-
-    // The instance is downloading patches.
-    DOWNLOADING_PATCHES = 5;
-
-    // The instance is applying patches.
-    APPLYING_PATCHES = 6;
-
-    // The instance is rebooting.
-    REBOOTING = 7;
-
-    // The instance has completed applying patches.
-    SUCCEEDED = 8;
-
-    // The instance has completed applying patches but a reboot is required.
-    SUCCEEDED_REBOOT_REQUIRED = 9;
-
-    // The instance has failed to apply the patch.
-    FAILED = 10;
-
-    // The instance acked the notification and will start shortly.
-    ACKED = 11;
-
-    // The instance exceeded the time out while applying the patch.
-    TIMED_OUT = 12;
-
-    // The instance is running the pre-patch step.
-    RUNNING_PRE_PATCH_STEP = 13;
-
-    // The instance is running the post-patch step.
-    RUNNING_POST_PATCH_STEP = 14;
-
-    // The service could not detect the presence of the agent. Check to ensure
-    // that the agent is installed, running, and able to communicate with the
-    // service.
-    NO_AGENT_DETECTED = 15;
-  }
-}
-
-// Message for canceling a patch job.
-message CancelPatchJobRequest {
-  // Required. Name of the patch in the form `projects/*/patchJobs/*`
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/PatchJob"
-    }
-  ];
-}
-
-// Apt patching is completed by executing `apt-get update && apt-get
-// upgrade`. Additional options can be set to control how this is executed.
-message AptSettings {
-  // Apt patch type.
-  enum Type {
-    // By default, upgrade will be performed.
-    TYPE_UNSPECIFIED = 0;
-
-    // Runs `apt-get dist-upgrade`.
-    DIST = 1;
-
-    // Runs `apt-get upgrade`.
-    UPGRADE = 2;
-  }
-
-  // By changing the type to DIST, the patching is performed
-  // using `apt-get dist-upgrade` instead.
-  Type type = 1;
-
-  // List of packages to exclude from update. These packages will be excluded
-  repeated string excludes = 2;
-
-  // An exclusive list of packages to be updated. These are the only packages
-  // that will be updated. If these packages are not installed, they will be
-  // ignored. This field cannot be specified with any other patch configuration
-  // fields.
-  repeated string exclusive_packages = 3;
-}
-
-// Yum patching is performed by executing `yum update`. Additional options
-// can be set to control how this is executed.
-//
-// Note that not all settings are supported on all platforms.
-message YumSettings {
-  // Adds the `--security` flag to `yum update`. Not supported on
-  // all platforms.
-  bool security = 1;
-
-  // Will cause patch to run `yum update-minimal` instead.
-  bool minimal = 2;
-
-  // List of packages to exclude from update. These packages are excluded by
-  // using the yum `--exclude` flag.
-  repeated string excludes = 3;
-
-  // An exclusive list of packages to be updated. These are the only packages
-  // that will be updated. If these packages are not installed, they will be
-  // ignored. This field must not be specified with any other patch
-  // configuration fields.
-  repeated string exclusive_packages = 4;
-}
-
-// Googet patching is performed by running `googet update`.
-message GooSettings {}
-
-// Zypper patching is performed by running `zypper patch`.
-// See also https://en.opensuse.org/SDB:Zypper_manual.
-message ZypperSettings {
-  // Adds the `--with-optional` flag to `zypper patch`.
-  bool with_optional = 1;
-
-  // Adds the `--with-update` flag, to `zypper patch`.
-  bool with_update = 2;
-
-  // Install only patches with these categories.
-  // Common categories include security, recommended, and feature.
-  repeated string categories = 3;
-
-  // Install only patches with these severities.
-  // Common severities include critical, important, moderate, and low.
-  repeated string severities = 4;
-
-  // List of patches to exclude from update.
-  repeated string excludes = 5;
-
-  // An exclusive list of patches to be updated. These are the only patches
-  // that will be installed using 'zypper patch patch:<patch_name>' command.
-  // This field must not be used with any other patch configuration fields.
-  repeated string exclusive_patches = 6;
-}
-
-// Windows patching is performed using the Windows Update Agent.
-message WindowsUpdateSettings {
-  // Microsoft Windows update classifications as defined in
-  // [1]
-  // https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro
-  enum Classification {
-    // Invalid. If classifications are included, they must be specified.
-    CLASSIFICATION_UNSPECIFIED = 0;
-
-    // "A widely released fix for a specific problem that addresses a critical,
-    // non-security-related bug." [1]
-    CRITICAL = 1;
-
-    // "A widely released fix for a product-specific, security-related
-    // vulnerability. Security vulnerabilities are rated by their severity. The
-    // severity rating is indicated in the Microsoft security bulletin as
-    // critical, important, moderate, or low." [1]
-    SECURITY = 2;
-
-    // "A widely released and frequent software update that contains additions
-    // to a product's definition database. Definition databases are often used
-    // to detect objects that have specific attributes, such as malicious code,
-    // phishing websites, or junk mail." [1]
-    DEFINITION = 3;
-
-    // "Software that controls the input and output of a device." [1]
-    DRIVER = 4;
-
-    // "New product functionality that is first distributed outside the context
-    // of a product release and that is typically included in the next full
-    // product release." [1]
-    FEATURE_PACK = 5;
-
-    // "A tested, cumulative set of all hotfixes, security updates, critical
-    // updates, and updates. Additionally, service packs may contain additional
-    // fixes for problems that are found internally since the release of the
-    // product. Service packs my also contain a limited number of
-    // customer-requested design changes or features." [1]
-    SERVICE_PACK = 6;
-
-    // "A utility or feature that helps complete a task or set of tasks." [1]
-    TOOL = 7;
-
-    // "A tested, cumulative set of hotfixes, security updates, critical
-    // updates, and updates that are packaged together for easy deployment. A
-    // rollup generally targets a specific area, such as security, or a
-    // component of a product, such as Internet Information Services (IIS)." [1]
-    UPDATE_ROLLUP = 8;
-
-    // "A widely released fix for a specific problem. An update addresses a
-    // noncritical, non-security-related bug." [1]
-    UPDATE = 9;
-  }
-
-  // Only apply updates of these windows update classifications. If empty, all
-  // updates are applied.
-  repeated Classification classifications = 1;
-
-  // List of KBs to exclude from update.
-  repeated string excludes = 2;
-
-  // An exclusive list of kbs to be updated. These are the only patches
-  // that will be updated. This field must not be used with other
-  // patch configurations.
-  repeated string exclusive_patches = 3;
-}
-
-// A step that runs an executable for a PatchJob.
-message ExecStep {
-  // The ExecStepConfig for all Linux VMs targeted by the PatchJob.
-  ExecStepConfig linux_exec_step_config = 1;
-
-  // The ExecStepConfig for all Windows VMs targeted by the PatchJob.
-  ExecStepConfig windows_exec_step_config = 2;
-}
-
-// Common configurations for an ExecStep.
-message ExecStepConfig {
-  // The interpreter used to execute the a file.
-  enum Interpreter {
-    // Invalid for a Windows ExecStepConfig. For a Linux ExecStepConfig, the
-    // interpreter will be parsed from the shebang line of the script if
-    // unspecified.
-    INTERPRETER_UNSPECIFIED = 0;
-
-    // Indicates that the script is run with `/bin/sh` on Linux and `cmd`
-    // on Windows.
-    SHELL = 1;
-
-    // Indicates that the file is run with PowerShell flags
-    // `-NonInteractive`, `-NoProfile`, and `-ExecutionPolicy Bypass`.
-    POWERSHELL = 2;
-  }
-
-  // Location of the executable.
-  oneof executable {
-    // An absolute path to the executable on the VM.
-    string local_path = 1;
-
-    // A Cloud Storage object containing the executable.
-    GcsObject gcs_object = 2;
-  }
-
-  // Defaults to [0]. A list of possible return values that the
-  // execution can return to indicate a success.
-  repeated int32 allowed_success_codes = 3;
-
-  // The script interpreter to use to run the script. If no interpreter is
-  // specified the script will be executed directly, which will likely
-  // only succeed for scripts with [shebang lines]
-  // (https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
-  Interpreter interpreter = 4;
-}
-
-// Cloud Storage object representation.
-message GcsObject {
-  // Required. Bucket of the Cloud Storage object.
-  string bucket = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. Name of the Cloud Storage object.
-  string object = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. Generation number of the Cloud Storage object. This is used to
-  // ensure that the ExecStep specified by this PatchJob does not change.
-  int64 generation_number = 3 [(google.api.field_behavior) = REQUIRED];
-}
-
-// A filter to target VM instances for patching. The targeted
-// VMs must meet all criteria specified. So if both labels and zones are
-// specified, the patch job targets only VMs with those labels and in those
-// zones.
-message PatchInstanceFilter {
-  // Targets a group of VM instances by using their [assigned
-  // labels](https://cloud.google.com/compute/docs/labeling-resources). Labels
-  // are key-value pairs. A `GroupLabel` is a combination of labels
-  // that is used to target VMs for a patch job.
-  //
-  // For example, a patch job can target VMs that have the following
-  // `GroupLabel`: `{"env":"test", "app":"web"}`. This means that the patch job
-  // is applied to VMs that have both the labels `env=test` and `app=web`.
-  message GroupLabel {
-    // Compute Engine instance labels that must be present for a VM
-    // instance to be targeted by this filter.
-    map<string, string> labels = 1;
-  }
-
-  // Target all VM instances in the project. If true, no other criteria is
-  // permitted.
-  bool all = 1;
-
-  // Targets VM instances matching ANY of these GroupLabels. This allows
-  // targeting of disparate groups of VM instances.
-  repeated GroupLabel group_labels = 2;
-
-  // Targets VM instances in ANY of these zones. Leave empty to target VM
-  // instances in any zone.
-  repeated string zones = 3;
-
-  // Targets any of the VM instances specified. Instances are specified by their
-  // URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`,
-  // `projects/[PROJECT_ID]/zones/[ZONE]/instances/[INSTANCE_NAME]`, or
-  // `https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/[ZONE]/instances/[INSTANCE_NAME]`
-  repeated string instances = 4;
-
-  // Targets VMs whose name starts with one of these prefixes. Similar to
-  // labels, this is another way to group VMs when targeting configs, for
-  // example prefix="prod-".
-  repeated string instance_name_prefixes = 5;
-}
-
-// Patch rollout configuration specifications. Contains details on the
-// concurrency control when applying patch(es) to all targeted VMs.
-message PatchRollout {
-  // Type of the rollout.
-  enum Mode {
-    // Mode must be specified.
-    MODE_UNSPECIFIED = 0;
-
-    // Patches are applied one zone at a time. The patch job begins in the
-    // region with the lowest number of targeted VMs. Within the region,
-    // patching begins in the zone with the lowest number of targeted VMs. If
-    // multiple regions (or zones within a region) have the same number of
-    // targeted VMs, a tie-breaker is achieved by sorting the regions or zones
-    // in alphabetical order.
-    ZONE_BY_ZONE = 1;
-
-    // Patches are applied to VMs in all zones at the same time.
-    CONCURRENT_ZONES = 2;
-  }
-
-  // Mode of the patch rollout.
-  Mode mode = 1;
-
-  // The maximum number (or percentage) of VMs per zone to disrupt at any given
-  // moment. The number of VMs calculated from multiplying the percentage by the
-  // total number of VMs in a zone is rounded up.
-  //
-  // During patching, a VM is considered disrupted from the time the agent is
-  // notified to begin until patching has completed. This disruption time
-  // includes the time to complete reboot and any post-patch steps.
-  //
-  // A VM contributes to the disruption budget if its patching operation fails
-  // either when applying the patches, running pre or post patch steps, or if it
-  // fails to respond with a success notification before timing out. VMs that
-  // are not running or do not have an active agent do not count toward this
-  // disruption budget.
-  //
-  // For zone-by-zone rollouts, if the disruption budget in a zone is exceeded,
-  // the patch job stops, because continuing to the next zone requires
-  // completion of the patch process in the previous zone.
-  //
-  // For example, if the disruption budget has a fixed value of `10`, and 8 VMs
-  // fail to patch in the current zone, the patch job continues to patch 2 VMs
-  // at a time until the zone is completed. When that zone is completed
-  // successfully, patching begins with 10 VMs at a time in the next zone. If 10
-  // VMs in the next zone fail to patch, the patch job stops.
-  FixedOrPercent disruption_budget = 2;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1/vulnerability.proto b/third_party/googleapis/google/cloud/osconfig/v1/vulnerability.proto
deleted file mode 100644
index b8ca517..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1/vulnerability.proto
+++ /dev/null
@@ -1,365 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1;
-
-import "google/api/field_behavior.proto";
-import "google/api/resource.proto";
-import "google/protobuf/timestamp.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1;osconfig";
-option java_multiple_files = true;
-option java_outer_classname = "VulnerabilityProto";
-option java_package = "com.google.cloud.osconfig.v1";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1";
-option ruby_package = "Google::Cloud::OsConfig::V1";
-
-// This API resource represents the vulnerability report for a specified
-// Compute Engine virtual machine (VM) instance at a given point in time.
-//
-// For more information, see [Vulnerability
-// reports](https://cloud.google.com/compute/docs/instances/os-inventory-management#vulnerability-reports).
-message VulnerabilityReport {
-  option (google.api.resource) = {
-    type: "osconfig.googleapis.com/VulnerabilityReport"
-    pattern: "projects/{project}/locations/{location}/instances/{instance}/vulnerabilityReport"
-  };
-
-  // A vulnerability affecting the VM instance.
-  message Vulnerability {
-    // Contains metadata information for the vulnerability. This information is
-    // collected from the upstream feed of the operating system.
-    message Details {
-      // A reference for this vulnerability.
-      message Reference {
-        // The url of the reference.
-        string url = 1;
-
-        // The source of the reference e.g. NVD.
-        string source = 2;
-      }
-
-      // The CVE of the vulnerability. CVE cannot be
-      // empty and the combination of <cve, classification> should be unique
-      // across vulnerabilities for a VM.
-      string cve = 1;
-
-      // The CVSS V2 score of this vulnerability. CVSS V2 score is on a scale of
-      // 0 - 10 where 0 indicates low severity and 10 indicates high severity.
-      float cvss_v2_score = 2;
-
-      // The full description of the CVSSv3 for this vulnerability from NVD.
-      CVSSv3 cvss_v3 = 3;
-
-      // Assigned severity/impact ranking from the distro.
-      string severity = 4;
-
-      // The note or description describing the vulnerability from the distro.
-      string description = 5;
-
-      // Corresponds to the references attached to the `VulnerabilityDetails`.
-      repeated Reference references = 6;
-    }
-
-    // OS inventory item that is affected by a vulnerability or fixed as a
-    // result of a vulnerability.
-    message Item {
-      // Corresponds to the `INSTALLED_PACKAGE` inventory item on the VM.
-      // This field displays the inventory items affected by this vulnerability.
-      // If the vulnerability report was not updated after the VM inventory
-      // update, these values might not display in VM inventory. For some
-      // operating systems, this field might be empty.
-      string installed_inventory_item_id = 1;
-
-      // Corresponds to the `AVAILABLE_PACKAGE` inventory item on the VM.
-      // If the vulnerability report was not updated after the VM inventory
-      // update, these values might not display in VM inventory. If there is no
-      // available fix, the field is empty. The `inventory_item` value specifies
-      // the latest `SoftwarePackage` available to the VM that fixes the
-      // vulnerability.
-      string available_inventory_item_id = 2;
-
-      // The recommended [CPE URI](https://cpe.mitre.org/specification/) update
-      // that contains a fix for this vulnerability.
-      string fixed_cpe_uri = 3;
-
-      // The upstream OS patch, packages or KB that fixes the vulnerability.
-      string upstream_fix = 4;
-    }
-
-    // Contains metadata as per the upstream feed of the operating system and
-    // NVD.
-    Details details = 1;
-
-    // Corresponds to the `INSTALLED_PACKAGE` inventory item on the VM.
-    // This field displays the inventory items affected by this vulnerability.
-    // If the vulnerability report was not updated after the VM inventory
-    // update, these values might not display in VM inventory. For some distros,
-    // this field may be empty.
-    repeated string installed_inventory_item_ids = 2 [deprecated = true];
-
-    // Corresponds to the `AVAILABLE_PACKAGE` inventory item on the VM.
-    // If the vulnerability report was not updated after the VM inventory
-    // update, these values might not display in VM inventory. If there is no
-    // available fix, the field is empty. The `inventory_item` value specifies
-    // the latest `SoftwarePackage` available to the VM that fixes the
-    // vulnerability.
-    repeated string available_inventory_item_ids = 3 [deprecated = true];
-
-    // The timestamp for when the vulnerability was first detected.
-    google.protobuf.Timestamp create_time = 4;
-
-    // The timestamp for when the vulnerability was last modified.
-    google.protobuf.Timestamp update_time = 5;
-
-    // List of items affected by the vulnerability.
-    repeated Item items = 6;
-  }
-
-  // Output only. The `vulnerabilityReport` API resource name.
-  //
-  // Format:
-  // `projects/{project_number}/locations/{location}/instances/{instance_id}/vulnerabilityReport`
-  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. List of vulnerabilities affecting the VM.
-  repeated Vulnerability vulnerabilities = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. The timestamp for when the last vulnerability report was generated for the
-  // VM.
-  google.protobuf.Timestamp update_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
-}
-
-// A request message for getting the vulnerability report for the specified VM.
-message GetVulnerabilityReportRequest {
-  // Required. API resource name for vulnerability resource.
-  //
-  // Format:
-  // `projects/{project}/locations/{location}/instances/{instance}/vulnerabilityReport`
-  //
-  // For `{project}`, either `project-number` or `project-id` can be provided.
-  // For `{instance}`, either Compute Engine `instance-id` or `instance-name`
-  // can be provided.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/VulnerabilityReport"
-    }
-  ];
-}
-
-// A request message for listing vulnerability reports for all VM instances in
-// the specified location.
-message ListVulnerabilityReportsRequest {
-  // Required. The parent resource name.
-  //
-  // Format: `projects/{project}/locations/{location}/instances/-`
-  //
-  // For `{project}`, either `project-number` or `project-id` can be provided.
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "compute.googleapis.com/Instance"
-    }
-  ];
-
-  // The maximum number of results to return.
-  int32 page_size = 2;
-
-  // A pagination token returned from a previous call to
-  // `ListVulnerabilityReports` that indicates where this listing
-  // should continue from.
-  string page_token = 3;
-
-  // If provided, this field specifies the criteria that must be met by a
-  // `vulnerabilityReport` API resource to be included in the response.
-  string filter = 4;
-}
-
-// A response message for listing vulnerability reports for all VM instances in
-// the specified location.
-message ListVulnerabilityReportsResponse {
-  // List of vulnerabilityReport objects.
-  repeated VulnerabilityReport vulnerability_reports = 1;
-
-  // The pagination token to retrieve the next page of vulnerabilityReports
-  // object.
-  string next_page_token = 2;
-}
-
-// Common Vulnerability Scoring System version 3.
-// For details, see https://www.first.org/cvss/specification-document
-message CVSSv3 {
-  // This metric reflects the context by which vulnerability exploitation is
-  // possible.
-  enum AttackVector {
-    // Invalid value.
-    ATTACK_VECTOR_UNSPECIFIED = 0;
-
-    // The vulnerable component is bound to the network stack and the set of
-    // possible attackers extends beyond the other options listed below, up to
-    // and including the entire Internet.
-    ATTACK_VECTOR_NETWORK = 1;
-
-    // The vulnerable component is bound to the network stack, but the attack is
-    // limited at the protocol level to a logically adjacent topology.
-    ATTACK_VECTOR_ADJACENT = 2;
-
-    // The vulnerable component is not bound to the network stack and the
-    // attacker's path is via read/write/execute capabilities.
-    ATTACK_VECTOR_LOCAL = 3;
-
-    // The attack requires the attacker to physically touch or manipulate the
-    // vulnerable component.
-    ATTACK_VECTOR_PHYSICAL = 4;
-  }
-
-  // This metric describes the conditions beyond the attacker's control that
-  // must exist in order to exploit the vulnerability.
-  enum AttackComplexity {
-    // Invalid value.
-    ATTACK_COMPLEXITY_UNSPECIFIED = 0;
-
-    // Specialized access conditions or extenuating circumstances do not exist.
-    // An attacker can expect repeatable success when attacking the vulnerable
-    // component.
-    ATTACK_COMPLEXITY_LOW = 1;
-
-    // A successful attack depends on conditions beyond the attacker's control.
-    // That is, a successful attack cannot be accomplished at will, but requires
-    // the attacker to invest in some measurable amount of effort in preparation
-    // or execution against the vulnerable component before a successful attack
-    // can be expected.
-    ATTACK_COMPLEXITY_HIGH = 2;
-  }
-
-  // This metric describes the level of privileges an attacker must possess
-  // before successfully exploiting the vulnerability.
-  enum PrivilegesRequired {
-    // Invalid value.
-    PRIVILEGES_REQUIRED_UNSPECIFIED = 0;
-
-    // The attacker is unauthorized prior to attack, and therefore does not
-    // require any access to settings or files of the vulnerable system to
-    // carry out an attack.
-    PRIVILEGES_REQUIRED_NONE = 1;
-
-    // The attacker requires privileges that provide basic user capabilities
-    // that could normally affect only settings and files owned by a user.
-    // Alternatively, an attacker with Low privileges has the ability to access
-    // only non-sensitive resources.
-    PRIVILEGES_REQUIRED_LOW = 2;
-
-    // The attacker requires privileges that provide significant (e.g.,
-    // administrative) control over the vulnerable component allowing access to
-    // component-wide settings and files.
-    PRIVILEGES_REQUIRED_HIGH = 3;
-  }
-
-  // This metric captures the requirement for a human user, other than the
-  // attacker, to participate in the successful compromise of the vulnerable
-  // component.
-  enum UserInteraction {
-    // Invalid value.
-    USER_INTERACTION_UNSPECIFIED = 0;
-
-    // The vulnerable system can be exploited without interaction from any user.
-    USER_INTERACTION_NONE = 1;
-
-    // Successful exploitation of this vulnerability requires a user to take
-    // some action before the vulnerability can be exploited.
-    USER_INTERACTION_REQUIRED = 2;
-  }
-
-  // The Scope metric captures whether a vulnerability in one vulnerable
-  // component impacts resources in components beyond its security scope.
-  enum Scope {
-    // Invalid value.
-    SCOPE_UNSPECIFIED = 0;
-
-    // An exploited vulnerability can only affect resources managed by the same
-    // security authority.
-    SCOPE_UNCHANGED = 1;
-
-    // An exploited vulnerability can affect resources beyond the security scope
-    // managed by the security authority of the vulnerable component.
-    SCOPE_CHANGED = 2;
-  }
-
-  // The Impact metrics capture the effects of a successfully exploited
-  // vulnerability on the component that suffers the worst outcome that is most
-  // directly and predictably associated with the attack.
-  enum Impact {
-    // Invalid value.
-    IMPACT_UNSPECIFIED = 0;
-
-    // High impact.
-    IMPACT_HIGH = 1;
-
-    // Low impact.
-    IMPACT_LOW = 2;
-
-    // No impact.
-    IMPACT_NONE = 3;
-  }
-
-  // The base score is a function of the base metric scores.
-  // https://www.first.org/cvss/specification-document#Base-Metrics
-  float base_score = 1;
-
-  // The Exploitability sub-score equation is derived from the Base
-  // Exploitability metrics.
-  // https://www.first.org/cvss/specification-document#2-1-Exploitability-Metrics
-  float exploitability_score = 2;
-
-  // The Impact sub-score equation is derived from the Base Impact metrics.
-  float impact_score = 3;
-
-  // This metric reflects the context by which vulnerability exploitation is
-  // possible.
-  AttackVector attack_vector = 5;
-
-  // This metric describes the conditions beyond the attacker's control that
-  // must exist in order to exploit the vulnerability.
-  AttackComplexity attack_complexity = 6;
-
-  // This metric describes the level of privileges an attacker must possess
-  // before successfully exploiting the vulnerability.
-  PrivilegesRequired privileges_required = 7;
-
-  // This metric captures the requirement for a human user, other than the
-  // attacker, to participate in the successful compromise of the vulnerable
-  // component.
-  UserInteraction user_interaction = 8;
-
-  // The Scope metric captures whether a vulnerability in one vulnerable
-  // component impacts resources in components beyond its security scope.
-  Scope scope = 9;
-
-  // This metric measures the impact to the confidentiality of the information
-  // resources managed by a software component due to a successfully exploited
-  // vulnerability.
-  Impact confidentiality_impact = 10;
-
-  // This metric measures the impact to integrity of a successfully exploited
-  // vulnerability.
-  Impact integrity_impact = 11;
-
-  // This metric measures the impact to the availability of the impacted
-  // component resulting from a successfully exploited vulnerability.
-  Impact availability_impact = 12;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/BUILD.bazel b/third_party/googleapis/google/cloud/osconfig/v1alpha/BUILD.bazel
deleted file mode 100644
index 0a74ba0..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1alpha/BUILD.bazel
+++ /dev/null
@@ -1,395 +0,0 @@
-# This file was automatically generated by BuildFileGenerator
-# https://github.com/googleapis/rules_gapic/tree/master/bazel
-
-# Most of the manual changes to this file will be overwritten.
-# It's **only** allowed to change the following rule attribute values:
-# - names of *_gapic_assembly_* rules
-# - certain parameters of *_gapic_library rules, including but not limited to:
-#    * extra_protoc_parameters
-#    * extra_protoc_file_parameters
-# The complete list of preserved parameters can be found in the source code.
-
-# This is an API workspace, having public visibility by default makes perfect sense.
-package(default_visibility = ["//visibility:public"])
-
-##############################################################################
-# Common
-##############################################################################
-load("@rules_proto//proto:defs.bzl", "proto_library")
-load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info")
-
-proto_library(
-    name = "osconfig_proto",
-    srcs = [
-        "config_common.proto",
-        "instance_os_policies_compliance.proto",
-        "inventory.proto",
-        "os_policy.proto",
-        "os_policy_assignment_reports.proto",
-        "os_policy_assignments.proto",
-        "osconfig_common.proto",
-        "osconfig_zonal_service.proto",
-        "vulnerability.proto",
-    ],
-    deps = [
-        "//google/api:annotations_proto",
-        "//google/api:client_proto",
-        "//google/api:field_behavior_proto",
-        "//google/api:resource_proto",
-        "//google/longrunning:operations_proto",
-        "//google/type:date_proto",
-        "@com_google_protobuf//:duration_proto",
-        "@com_google_protobuf//:field_mask_proto",
-        "@com_google_protobuf//:timestamp_proto",
-    ],
-)
-
-proto_library_with_info(
-    name = "osconfig_proto_with_info",
-    deps = [
-        ":osconfig_proto",
-        "//google/cloud:common_resources_proto",
-    ],
-)
-
-##############################################################################
-# Java
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "java_gapic_assembly_gradle_pkg",
-    "java_gapic_library",
-    "java_gapic_test",
-    "java_grpc_library",
-    "java_proto_library",
-)
-
-java_proto_library(
-    name = "osconfig_java_proto",
-    deps = [":osconfig_proto"],
-)
-
-java_grpc_library(
-    name = "osconfig_java_grpc",
-    srcs = [":osconfig_proto"],
-    deps = [":osconfig_java_proto"],
-)
-
-java_gapic_library(
-    name = "osconfig_java_gapic",
-    srcs = [":osconfig_proto_with_info"],
-    gapic_yaml = None,
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    service_yaml = "osconfig_v1alpha.yaml",
-    test_deps = [
-        ":osconfig_java_grpc",
-    ],
-    transport = "grpc+rest",
-    deps = [
-        ":osconfig_java_proto",
-        "//google/api:api_java_proto",
-    ],
-)
-
-java_gapic_test(
-    name = "osconfig_java_gapic_test_suite",
-    test_classes = [
-        "com.google.cloud.osconfig.v1alpha.OsConfigZonalServiceClientHttpJsonTest",
-        "com.google.cloud.osconfig.v1alpha.OsConfigZonalServiceClientTest",
-    ],
-    runtime_deps = [":osconfig_java_gapic_test"],
-)
-
-# Open Source Packages
-java_gapic_assembly_gradle_pkg(
-    name = "google-cloud-osconfig-v1alpha-java",
-    include_samples = True,
-    transport = "grpc+rest",
-    deps = [
-        ":osconfig_java_gapic",
-        ":osconfig_java_grpc",
-        ":osconfig_java_proto",
-        ":osconfig_proto",
-    ],
-)
-
-##############################################################################
-# Go
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "go_gapic_assembly_pkg",
-    "go_gapic_library",
-    "go_proto_library",
-    "go_test",
-)
-
-go_proto_library(
-    name = "osconfig_go_proto",
-    compilers = ["@io_bazel_rules_go//proto:go_grpc"],
-    importpath = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha",
-    protos = [":osconfig_proto"],
-    deps = [
-        "//google/api:annotations_go_proto",
-        "//google/longrunning:longrunning_go_proto",
-        "//google/type:date_go_proto",
-    ],
-)
-
-go_gapic_library(
-    name = "osconfig_go_gapic",
-    srcs = [":osconfig_proto_with_info"],
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    importpath = "cloud.google.com/go/osconfig/apiv1alpha;osconfig",
-    metadata = True,
-    service_yaml = "osconfig_v1alpha.yaml",
-    transport = "grpc+rest",
-    deps = [
-        ":osconfig_go_proto",
-        "//google/longrunning:longrunning_go_proto",
-        "@com_google_cloud_go//longrunning:go_default_library",
-        "@com_google_cloud_go//longrunning/autogen:go_default_library",
-        "@io_bazel_rules_go//proto/wkt:duration_go_proto",
-    ],
-)
-
-go_test(
-    name = "osconfig_go_gapic_test",
-    srcs = [":osconfig_go_gapic_srcjar_test"],
-    embed = [":osconfig_go_gapic"],
-    importpath = "cloud.google.com/go/osconfig/apiv1alpha",
-)
-
-# Open Source Packages
-go_gapic_assembly_pkg(
-    name = "gapi-cloud-osconfig-v1alpha-go",
-    deps = [
-        ":osconfig_go_gapic",
-        ":osconfig_go_gapic_srcjar-metadata.srcjar",
-        ":osconfig_go_gapic_srcjar-test.srcjar",
-        ":osconfig_go_proto",
-    ],
-)
-
-##############################################################################
-# Python
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "py_gapic_assembly_pkg",
-    "py_gapic_library",
-    "py_test",
-)
-
-py_gapic_library(
-    name = "osconfig_py_gapic",
-    srcs = [":osconfig_proto"],
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    opt_args = ["warehouse-package-name=google-cloud-os-config"],
-    transport = "grpc",
-)
-
-py_test(
-    name = "osconfig_py_gapic_test",
-    srcs = [
-        "osconfig_py_gapic_pytest.py",
-        "osconfig_py_gapic_test.py",
-    ],
-    legacy_create_init = False,
-    deps = [":osconfig_py_gapic"],
-)
-
-# Open Source Packages
-py_gapic_assembly_pkg(
-    name = "osconfig-v1alpha-py",
-    deps = [
-        ":osconfig_py_gapic",
-    ],
-)
-
-##############################################################################
-# PHP
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "php_gapic_assembly_pkg",
-    "php_gapic_library",
-    "php_grpc_library",
-    "php_proto_library",
-)
-
-php_proto_library(
-    name = "osconfig_php_proto",
-    deps = [":osconfig_proto"],
-)
-
-php_grpc_library(
-    name = "osconfig_php_grpc",
-    srcs = [":osconfig_proto"],
-    deps = [":osconfig_php_proto"],
-)
-
-php_gapic_library(
-    name = "osconfig_php_gapic",
-    srcs = [":osconfig_proto_with_info"],
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    service_yaml = "osconfig_v1alpha.yaml",
-    deps = [
-        ":osconfig_php_grpc",
-        ":osconfig_php_proto",
-    ],
-)
-
-# Open Source Packages
-php_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-v1alpha-php",
-    deps = [
-        ":osconfig_php_gapic",
-        ":osconfig_php_grpc",
-        ":osconfig_php_proto",
-    ],
-)
-
-##############################################################################
-# Node.js
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "nodejs_gapic_assembly_pkg",
-    "nodejs_gapic_library",
-)
-
-nodejs_gapic_library(
-    name = "osconfig_nodejs_gapic",
-    package_name = "@google-cloud/os-config",
-    src = ":osconfig_proto_with_info",
-    extra_protoc_parameters = ["metadata"],
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    package = "google.cloud.osconfig.v1alpha",
-    service_yaml = "osconfig_v1alpha.yaml",
-    deps = [],
-)
-
-nodejs_gapic_assembly_pkg(
-    name = "osconfig-v1alpha-nodejs",
-    deps = [
-        ":osconfig_nodejs_gapic",
-        ":osconfig_proto",
-    ],
-)
-
-##############################################################################
-# Ruby
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "ruby_cloud_gapic_library",
-    "ruby_gapic_assembly_pkg",
-    "ruby_grpc_library",
-    "ruby_proto_library",
-)
-
-ruby_proto_library(
-    name = "osconfig_ruby_proto",
-    deps = [":osconfig_proto"],
-)
-
-ruby_grpc_library(
-    name = "osconfig_ruby_grpc",
-    srcs = [":osconfig_proto"],
-    deps = [":osconfig_ruby_proto"],
-)
-
-ruby_cloud_gapic_library(
-    name = "osconfig_ruby_gapic",
-    srcs = [":osconfig_proto_with_info"],
-    extra_protoc_parameters = [
-        "ruby-cloud-api-id=osconfig.googleapis.com",
-        "ruby-cloud-api-shortname=osconfig",
-        "ruby-cloud-env-prefix=OS_CONFIG",
-        "ruby-cloud-gem-name=google-cloud-os_config-v1alpha",
-        "ruby-cloud-product-url=https://cloud.google.com/compute/docs/manage-os",
-    ],
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    ruby_cloud_description = "Cloud OS Config provides OS management tools that can be used for patch management, patch compliance, and configuration management on VM instances.",
-    ruby_cloud_title = "Cloud OS Config V1alpha",
-    deps = [
-        ":osconfig_ruby_grpc",
-        ":osconfig_ruby_proto",
-    ],
-)
-
-# Open Source Packages
-ruby_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-v1alpha-ruby",
-    deps = [
-        ":osconfig_ruby_gapic",
-        ":osconfig_ruby_grpc",
-        ":osconfig_ruby_proto",
-    ],
-)
-
-##############################################################################
-# C#
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "csharp_gapic_assembly_pkg",
-    "csharp_gapic_library",
-    "csharp_grpc_library",
-    "csharp_proto_library",
-)
-
-csharp_proto_library(
-    name = "osconfig_csharp_proto",
-    deps = [":osconfig_proto"],
-)
-
-csharp_grpc_library(
-    name = "osconfig_csharp_grpc",
-    srcs = [":osconfig_proto"],
-    deps = [":osconfig_csharp_proto"],
-)
-
-csharp_gapic_library(
-    name = "osconfig_csharp_gapic",
-    srcs = [":osconfig_proto_with_info"],
-    common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json",
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    service_yaml = "osconfig_v1alpha.yaml",
-    deps = [
-        ":osconfig_csharp_grpc",
-        ":osconfig_csharp_proto",
-    ],
-)
-
-# Open Source Packages
-csharp_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-v1alpha-csharp",
-    deps = [
-        ":osconfig_csharp_gapic",
-        ":osconfig_csharp_grpc",
-        ":osconfig_csharp_proto",
-    ],
-)
-
-##############################################################################
-# C++
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "cc_grpc_library",
-    "cc_proto_library",
-)
-
-cc_proto_library(
-    name = "osconfig_cc_proto",
-    deps = [":osconfig_proto"],
-)
-
-cc_grpc_library(
-    name = "osconfig_cc_grpc",
-    srcs = [":osconfig_proto"],
-    grpc_only = True,
-    deps = [":osconfig_cc_proto"],
-)
diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/config_common.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/config_common.proto
deleted file mode 100644
index a7a50c7..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1alpha/config_common.proto
+++ /dev/null
@@ -1,133 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1alpha;
-
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig";
-option java_multiple_files = true;
-option java_outer_classname = "ConfigCommonProto";
-option java_package = "com.google.cloud.osconfig.v1alpha";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha";
-option ruby_package = "Google::Cloud::OsConfig::V1alpha";
-
-// Step performed by the OS Config agent for configuring an `OSPolicyResource`
-// to its desired state.
-message OSPolicyResourceConfigStep {
-  option deprecated = true;
-
-  // Supported configuration step types
-  enum Type {
-    option deprecated = true;
-
-    // Default value. This value is unused.
-    TYPE_UNSPECIFIED = 0;
-
-    // Validation to detect resource conflicts, schema errors, etc.
-    VALIDATION = 1;
-
-    // Check the current desired state status of the resource.
-    DESIRED_STATE_CHECK = 2;
-
-    // Enforce the desired state for a resource that is not in desired state.
-    DESIRED_STATE_ENFORCEMENT = 3;
-
-    // Re-check desired state status for a resource after enforcement of all
-    // resources in the current configuration run.
-    //
-    // This step is used to determine the final desired state status for the
-    // resource. It accounts for any resources that might have drifted from
-    // their desired state due to side effects from configuring other resources
-    // during the current configuration run.
-    DESIRED_STATE_CHECK_POST_ENFORCEMENT = 4;
-  }
-
-  // Supported outcomes for a configuration step.
-  enum Outcome {
-    option deprecated = true;
-
-    // Default value. This value is unused.
-    OUTCOME_UNSPECIFIED = 0;
-
-    // The step succeeded.
-    SUCCEEDED = 1;
-
-    // The step failed.
-    FAILED = 2;
-  }
-
-  // Configuration step type.
-  Type type = 1;
-
-  // Outcome of the configuration step.
-  Outcome outcome = 2;
-
-  // An error message recorded during the execution of this step.
-  // Only populated when outcome is FAILED.
-  string error_message = 3;
-}
-
-// Compliance data for an OS policy resource.
-message OSPolicyResourceCompliance {
-  option deprecated = true;
-
-  // ExecResource specific output.
-  message ExecResourceOutput {
-    option deprecated = true;
-
-    // Output from Enforcement phase output file (if run).
-    // Output size is limited to 100K bytes.
-    bytes enforcement_output = 2;
-  }
-
-  // The id of the OS policy resource.
-  string os_policy_resource_id = 1;
-
-  // Ordered list of configuration steps taken by the agent for the OS policy
-  // resource.
-  repeated OSPolicyResourceConfigStep config_steps = 2;
-
-  // Compliance state of the OS policy resource.
-  OSPolicyComplianceState state = 3;
-
-  // Resource specific output.
-  oneof output {
-    // ExecResource specific output.
-    ExecResourceOutput exec_resource_output = 4;
-  }
-}
-
-// Supported OSPolicy compliance states.
-enum OSPolicyComplianceState {
-  option deprecated = true;
-
-  // Default value. This value is unused.
-  OS_POLICY_COMPLIANCE_STATE_UNSPECIFIED = 0;
-
-  // Compliant state.
-  COMPLIANT = 1;
-
-  // Non-compliant state
-  NON_COMPLIANT = 2;
-
-  // Unknown compliance state.
-  UNKNOWN = 3;
-
-  // No applicable OS policies were found for the instance.
-  // This state is only applicable to the instance.
-  NO_OS_POLICIES_APPLICABLE = 4;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/instance_os_policies_compliance.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/instance_os_policies_compliance.proto
deleted file mode 100644
index 501ac3a..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1alpha/instance_os_policies_compliance.proto
+++ /dev/null
@@ -1,182 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1alpha;
-
-import "google/api/field_behavior.proto";
-import "google/api/resource.proto";
-import "google/cloud/osconfig/v1alpha/config_common.proto";
-import "google/protobuf/timestamp.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig";
-option java_multiple_files = true;
-option java_outer_classname = "InstanceOSPoliciesComplianceProto";
-option java_package = "com.google.cloud.osconfig.v1alpha";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha";
-option ruby_package = "Google::Cloud::OsConfig::V1alpha";
-
-// This API resource represents the OS policies compliance data for a Compute
-// Engine virtual machine (VM) instance at a given point in time.
-//
-// A Compute Engine VM can have multiple OS policy assignments, and each
-// assignment can have multiple OS policies. As a result, multiple OS policies
-// could be applied to a single VM.
-//
-// You can use this API resource to determine both the compliance state of your
-// VM as well as the compliance state of an individual OS policy.
-//
-// For more information, see [View
-// compliance](https://cloud.google.com/compute/docs/os-configuration-management/view-compliance).
-message InstanceOSPoliciesCompliance {
-  option deprecated = true;
-  option (google.api.resource) = {
-    type: "osconfig.googleapis.com/InstanceOSPoliciesCompliance"
-    pattern: "projects/{project}/locations/{location}/instanceOSPoliciesCompliances/{instance}"
-  };
-
-  // Compliance data for an OS policy
-  message OSPolicyCompliance {
-    option deprecated = true;
-
-    // The OS policy id
-    string os_policy_id = 1;
-
-    // Reference to the `OSPolicyAssignment` API resource that the `OSPolicy`
-    // belongs to.
-    //
-    // Format:
-    // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}`
-    string os_policy_assignment = 2 [(google.api.resource_reference) = {
-                                       type: "osconfig.googleapis.com/OSPolicyAssignment"
-                                     }];
-
-    // Compliance state of the OS policy.
-    OSPolicyComplianceState state = 4;
-
-    // Compliance data for each `OSPolicyResource` that is applied to the
-    // VM.
-    repeated OSPolicyResourceCompliance os_policy_resource_compliances = 5;
-  }
-
-  // Output only. The `InstanceOSPoliciesCompliance` API resource name.
-  //
-  // Format:
-  // `projects/{project_number}/locations/{location}/instanceOSPoliciesCompliances/{instance_id}`
-  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. The Compute Engine VM instance name.
-  string instance = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Compliance state of the VM.
-  OSPolicyComplianceState state = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Detailed compliance state of the VM.
-  // This field is populated only when compliance state is `UNKNOWN`.
-  //
-  // It may contain one of the following values:
-  //
-  // * `no-compliance-data`: Compliance data is not available for this VM.
-  // * `no-agent-detected`: OS Config agent is not detected for this VM.
-  // * `config-not-supported-by-agent`: The version of the OS Config agent
-  // running on this VM does not support configuration management.
-  // * `inactive`: VM is not running.
-  // * `internal-service-errors`: There were internal service errors encountered
-  // while enforcing compliance.
-  // * `agent-errors`: OS config agent encountered errors while enforcing
-  // compliance.
-  string detailed_state = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. The reason for the `detailed_state` of the VM (if any).
-  string detailed_state_reason = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Compliance data for each `OSPolicy` that is applied to the VM.
-  repeated OSPolicyCompliance os_policy_compliances = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Timestamp of the last compliance check for the VM.
-  google.protobuf.Timestamp last_compliance_check_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Unique identifier for the last compliance run.
-  // This id will be logged by the OS config agent during a compliance run and
-  // can be used for debugging and tracing purpose.
-  string last_compliance_run_id = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
-}
-
-// A request message for getting OS policies compliance data for the given
-// Compute Engine VM instance.
-message GetInstanceOSPoliciesComplianceRequest {
-  option deprecated = true;
-
-  // Required. API resource name for instance OS policies compliance resource.
-  //
-  // Format:
-  // `projects/{project}/locations/{location}/instanceOSPoliciesCompliances/{instance}`
-  //
-  // For `{project}`, either Compute Engine project-number or project-id can be
-  // provided.
-  // For `{instance}`, either Compute Engine VM instance-id or instance-name can
-  // be provided.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/InstanceOSPoliciesCompliance"
-    }
-  ];
-}
-
-// A request message for listing OS policies compliance data for all Compute
-// Engine VMs in the given location.
-message ListInstanceOSPoliciesCompliancesRequest {
-  option deprecated = true;
-
-  // Required. The parent resource name.
-  //
-  // Format: `projects/{project}/locations/{location}`
-  //
-  // For `{project}`, either Compute Engine project-number or project-id can be
-  // provided.
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "locations.googleapis.com/Location"
-    }
-  ];
-
-  // The maximum number of results to return.
-  int32 page_size = 2;
-
-  // A pagination token returned from a previous call to
-  // `ListInstanceOSPoliciesCompliances` that indicates where this listing
-  // should continue from.
-  string page_token = 3;
-
-  // If provided, this field specifies the criteria that must be met by a
-  // `InstanceOSPoliciesCompliance` API resource to be included in the response.
-  string filter = 4;
-}
-
-// A response message for listing OS policies compliance data for all Compute
-// Engine VMs in the given location.
-message ListInstanceOSPoliciesCompliancesResponse {
-  option deprecated = true;
-
-  // List of instance OS policies compliance objects.
-  repeated InstanceOSPoliciesCompliance instance_os_policies_compliances = 1;
-
-  // The pagination token to retrieve the next page of instance OS policies
-  // compliance objects.
-  string next_page_token = 2;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/inventory.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/inventory.proto
deleted file mode 100644
index c524ae1..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1alpha/inventory.proto
+++ /dev/null
@@ -1,383 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1alpha;
-
-import "google/api/field_behavior.proto";
-import "google/api/resource.proto";
-import "google/protobuf/timestamp.proto";
-import "google/type/date.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig";
-option java_multiple_files = true;
-option java_outer_classname = "Inventories";
-option java_package = "com.google.cloud.osconfig.v1alpha";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha";
-option ruby_package = "Google::Cloud::OsConfig::V1alpha";
-
-// OS Inventory is a service for collecting and reporting operating
-// system and package information on VM instances.
-
-// This API resource represents the available inventory data for a
-// Compute Engine virtual machine (VM) instance at a given point in time.
-//
-// You can use this API resource to determine the inventory data of your VM.
-//
-// For more information, see [Information provided by OS inventory
-// management](https://cloud.google.com/compute/docs/instances/os-inventory-management#data-collected).
-message Inventory {
-  option (google.api.resource) = {
-    type: "osconfig.googleapis.com/Inventory"
-    pattern: "projects/{project}/locations/{location}/instances/{instance}/inventory"
-  };
-
-  // Operating system information for the VM.
-  message OsInfo {
-    // The VM hostname.
-    string hostname = 9;
-
-    // The operating system long name.
-    // For example 'Debian GNU/Linux 9' or 'Microsoft Window Server 2019
-    // Datacenter'.
-    string long_name = 2;
-
-    // The operating system short name.
-    // For example, 'windows' or 'debian'.
-    string short_name = 3;
-
-    // The version of the operating system.
-    string version = 4;
-
-    // The system architecture of the operating system.
-    string architecture = 5;
-
-    // The kernel version of the operating system.
-    string kernel_version = 6;
-
-    // The kernel release of the operating system.
-    string kernel_release = 7;
-
-    // The current version of the OS Config agent running on the VM.
-    string osconfig_agent_version = 8;
-  }
-
-  // A single piece of inventory on a VM.
-  message Item {
-    // The origin of a specific inventory item.
-    enum OriginType {
-      // Invalid. An origin type must be specified.
-      ORIGIN_TYPE_UNSPECIFIED = 0;
-
-      // This inventory item was discovered as the result of the agent
-      // reporting inventory via the reporting API.
-      INVENTORY_REPORT = 1;
-    }
-
-    // The different types of inventory that are tracked on a VM.
-    enum Type {
-      // Invalid. An type must be specified.
-      TYPE_UNSPECIFIED = 0;
-
-      // This represents a package that is installed on the VM.
-      INSTALLED_PACKAGE = 1;
-
-      // This represents an update that is available for a package.
-      AVAILABLE_PACKAGE = 2;
-    }
-
-    // Identifier for this item, unique across items for this VM.
-    string id = 1;
-
-    // The origin of this inventory item.
-    OriginType origin_type = 2;
-
-    // When this inventory item was first detected.
-    google.protobuf.Timestamp create_time = 8;
-
-    // When this inventory item was last modified.
-    google.protobuf.Timestamp update_time = 9;
-
-    // The specific type of inventory, correlating to its specific details.
-    Type type = 5;
-
-    // Specific details of this inventory item based on its type.
-    oneof details {
-      // Software package present on the VM instance.
-      SoftwarePackage installed_package = 6;
-
-      // Software package available to be installed on the VM instance.
-      SoftwarePackage available_package = 7;
-    }
-  }
-
-  // Software package information of the operating system.
-  message SoftwarePackage {
-    // Information about the different types of software packages.
-    oneof details {
-      // Yum package info.
-      // For details about the yum package manager, see
-      // https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-yum.
-      VersionedPackage yum_package = 1;
-
-      // Details of an APT package.
-      // For details about the apt package manager, see
-      // https://wiki.debian.org/Apt.
-      VersionedPackage apt_package = 2;
-
-      // Details of a Zypper package.
-      // For details about the Zypper package manager, see
-      // https://en.opensuse.org/SDB:Zypper_manual.
-      VersionedPackage zypper_package = 3;
-
-      // Details of a Googet package.
-      //  For details about the googet package manager, see
-      //  https://github.com/google/googet.
-      VersionedPackage googet_package = 4;
-
-      // Details of a Zypper patch.
-      // For details about the Zypper package manager, see
-      // https://en.opensuse.org/SDB:Zypper_manual.
-      ZypperPatch zypper_patch = 5;
-
-      // Details of a Windows Update package.
-      // See https://docs.microsoft.com/en-us/windows/win32/api/_wua/ for
-      // information about Windows Update.
-      WindowsUpdatePackage wua_package = 6;
-
-      // Details of a Windows Quick Fix engineering package.
-      // See
-      // https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering
-      // for info in Windows Quick Fix Engineering.
-      WindowsQuickFixEngineeringPackage qfe_package = 7;
-
-      // Details of a COS package.
-      VersionedPackage cos_package = 8;
-
-      // Details of Windows Application.
-      WindowsApplication windows_application = 9;
-    }
-  }
-
-  // Information related to the a standard versioned package.  This includes
-  // package info for APT, Yum, Zypper, and Googet package managers.
-  message VersionedPackage {
-    // The name of the package.
-    string package_name = 4;
-
-    // The system architecture this package is intended for.
-    string architecture = 2;
-
-    // The version of the package.
-    string version = 3;
-  }
-
-  // Details related to a Zypper Patch.
-  message ZypperPatch {
-    // The name of the patch.
-    string patch_name = 5;
-
-    // The category of the patch.
-    string category = 2;
-
-    // The severity specified for this patch
-    string severity = 3;
-
-    // Any summary information provided about this patch.
-    string summary = 4;
-  }
-
-  // Details related to a Windows Update package.
-  // Field data and names are taken from Windows Update API IUpdate Interface:
-  // https://docs.microsoft.com/en-us/windows/win32/api/_wua/
-  // Descriptive fields like title, and description are localized based on
-  // the locale of the VM being updated.
-  message WindowsUpdatePackage {
-    // Categories specified by the Windows Update.
-    message WindowsUpdateCategory {
-      // The identifier of the windows update category.
-      string id = 1;
-
-      // The name of the windows update category.
-      string name = 2;
-    }
-
-    // The localized title of the update package.
-    string title = 1;
-
-    // The localized description of the update package.
-    string description = 2;
-
-    // The categories that are associated with this update package.
-    repeated WindowsUpdateCategory categories = 3;
-
-    // A collection of Microsoft Knowledge Base article IDs that are associated
-    // with the update package.
-    repeated string kb_article_ids = 4;
-
-    // A hyperlink to the language-specific support information for the update.
-    string support_url = 11;
-
-    // A collection of URLs that provide more information about the update
-    // package.
-    repeated string more_info_urls = 5;
-
-    // Gets the identifier of an update package.  Stays the same across
-    // revisions.
-    string update_id = 6;
-
-    // The revision number of this update package.
-    int32 revision_number = 7;
-
-    // The last published date of the update, in (UTC) date and time.
-    google.protobuf.Timestamp last_deployment_change_time = 10;
-  }
-
-  // Information related to a Quick Fix Engineering package.
-  // Fields are taken from Windows QuickFixEngineering Interface and match
-  // the source names:
-  // https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering
-  message WindowsQuickFixEngineeringPackage {
-    // A short textual description of the QFE update.
-    string caption = 1;
-
-    // A textual description of the QFE update.
-    string description = 2;
-
-    // Unique identifier associated with a particular QFE update.
-    string hot_fix_id = 3;
-
-    // Date that the QFE update was installed.  Mapped from installed_on field.
-    google.protobuf.Timestamp install_time = 5;
-  }
-
-  // Contains information about a Windows application that is retrieved from the
-  // Windows Registry. For more information about these fields, see:
-  // https://docs.microsoft.com/en-us/windows/win32/msi/uninstall-registry-key
-  message WindowsApplication {
-    // The name of the application or product.
-    string display_name = 1;
-
-    // The version of the product or application in string format.
-    string display_version = 2;
-
-    // The name of the manufacturer for the product or application.
-    string publisher = 3;
-
-    // The last time this product received service. The value of this property
-    // is replaced each time a patch is applied or removed from the product or
-    // the command-line option is used to repair the product.
-    google.type.Date install_date = 4;
-
-    // The internet address for technical support.
-    string help_link = 5;
-  }
-
-  // Output only. The `Inventory` API resource name.
-  //
-  // Format:
-  // `projects/{project_number}/locations/{location}/instances/{instance_id}/inventory`
-  string name = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Base level operating system information for the VM.
-  OsInfo os_info = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Inventory items related to the VM keyed by an opaque unique identifier for
-  // each inventory item. The identifier is unique to each distinct and
-  // addressable inventory item and will change, when there is a new package
-  // version.
-  map<string, Item> items = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Timestamp of the last reported inventory for the VM.
-  google.protobuf.Timestamp update_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
-}
-
-// A request message for getting inventory data for the specified VM.
-message GetInventoryRequest {
-  // Required. API resource name for inventory resource.
-  //
-  // Format:
-  // `projects/{project}/locations/{location}/instances/{instance}/inventory`
-  //
-  // For `{project}`, either `project-number` or `project-id` can be provided.
-  // For `{instance}`, either Compute Engine  `instance-id` or `instance-name`
-  // can be provided.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/Inventory"
-    }
-  ];
-
-  // Inventory view indicating what information should be included in the
-  // inventory resource. If unspecified, the default view is BASIC.
-  InventoryView view = 2;
-}
-
-// A request message for listing inventory data for all VMs in the specified
-// location.
-message ListInventoriesRequest {
-  // Required. The parent resource name.
-  //
-  // Format: `projects/{project}/locations/{location}/instances/-`
-  //
-  // For `{project}`, either `project-number` or `project-id` can be provided.
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "compute.googleapis.com/Instance"
-    }
-  ];
-
-  // Inventory view indicating what information should be included in the
-  // inventory resource. If unspecified, the default view is BASIC.
-  InventoryView view = 2;
-
-  // The maximum number of results to return.
-  int32 page_size = 3;
-
-  // A pagination token returned from a previous call to
-  // `ListInventories` that indicates where this listing
-  // should continue from.
-  string page_token = 4;
-
-  // If provided, this field specifies the criteria that must be met by a
-  // `Inventory` API resource to be included in the response.
-  string filter = 5;
-}
-
-// A response message for listing inventory data for all VMs in a specified
-// location.
-message ListInventoriesResponse {
-  // List of inventory objects.
-  repeated Inventory inventories = 1;
-
-  // The pagination token to retrieve the next page of inventory objects.
-  string next_page_token = 2;
-}
-
-// The view for inventory objects.
-enum InventoryView {
-  // The default value.
-  // The API defaults to the BASIC view.
-  INVENTORY_VIEW_UNSPECIFIED = 0;
-
-  // Returns the basic inventory information that includes `os_info`.
-  BASIC = 1;
-
-  // Returns all fields.
-  FULL = 2;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy.proto
deleted file mode 100644
index 578d82a..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy.proto
+++ /dev/null
@@ -1,565 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1alpha;
-
-import "google/api/field_behavior.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig";
-option java_multiple_files = true;
-option java_outer_classname = "OsPolicyProto";
-option java_package = "com.google.cloud.osconfig.v1alpha";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha";
-option ruby_package = "Google::Cloud::OsConfig::V1alpha";
-
-// An OS policy defines the desired state configuration for a VM.
-message OSPolicy {
-  // Policy mode
-  enum Mode {
-    // Invalid mode
-    MODE_UNSPECIFIED = 0;
-
-    // This mode checks if the configuration resources in the policy are in
-    // their desired state. No actions are performed if they are not in the
-    // desired state. This mode is used for reporting purposes.
-    VALIDATION = 1;
-
-    // This mode checks if the configuration resources in the policy are in
-    // their desired state, and if not, enforces the desired state.
-    ENFORCEMENT = 2;
-  }
-
-  // Filtering criteria to select VMs based on OS details.
-  message OSFilter {
-    // This should match OS short name emitted by the OS inventory agent.
-    // An empty value matches any OS.
-    string os_short_name = 1;
-
-    // This value should match the version emitted by the OS inventory
-    // agent.
-    // Prefix matches are supported if asterisk(*) is provided as the
-    // last character. For example, to match all versions with a major
-    // version of `7`, specify the following value for this field `7.*`
-    string os_version = 2;
-  }
-
-  // Filtering criteria to select VMs based on inventory details.
-  message InventoryFilter {
-    // Required. The OS short name
-    string os_short_name = 1 [(google.api.field_behavior) = REQUIRED];
-
-    // The OS version
-    //
-    // Prefix matches are supported if asterisk(*) is provided as the
-    // last character. For example, to match all versions with a major
-    // version of `7`, specify the following value for this field `7.*`
-    //
-    // An empty string matches all OS versions.
-    string os_version = 2;
-  }
-
-  // An OS policy resource is used to define the desired state configuration
-  // and provides a specific functionality like installing/removing packages,
-  // executing a script etc.
-  //
-  // The system ensures that resources are always in their desired state by
-  // taking necessary actions if they have drifted from their desired state.
-  message Resource {
-    // A remote or local file.
-    message File {
-      // Specifies a file available via some URI.
-      message Remote {
-        // Required. URI from which to fetch the object. It should contain both the
-        // protocol and path following the format `{protocol}://{location}`.
-        string uri = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // SHA256 checksum of the remote file.
-        string sha256_checksum = 2;
-      }
-
-      // Specifies a file available as a Cloud Storage Object.
-      message Gcs {
-        // Required. Bucket of the Cloud Storage object.
-        string bucket = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Required. Name of the Cloud Storage object.
-        string object = 2 [(google.api.field_behavior) = REQUIRED];
-
-        // Generation number of the Cloud Storage object.
-        int64 generation = 3;
-      }
-
-      // A specific type of file.
-      oneof type {
-        // A generic remote file.
-        Remote remote = 1;
-
-        // A Cloud Storage object.
-        Gcs gcs = 2;
-
-        // A local path within the VM to use.
-        string local_path = 3;
-      }
-
-      // Defaults to false. When false, files are subject to validations
-      // based on the file type:
-      //
-      // Remote: A checksum must be specified.
-      // Cloud Storage: An object generation number must be specified.
-      bool allow_insecure = 4;
-    }
-
-    // A resource that manages a system package.
-    message PackageResource {
-      // The desired state that the OS Config agent maintains on the VM.
-      enum DesiredState {
-        // Unspecified is invalid.
-        DESIRED_STATE_UNSPECIFIED = 0;
-
-        // Ensure that the package is installed.
-        INSTALLED = 1;
-
-        // The agent ensures that the package is not installed and
-        // uninstalls it if detected.
-        REMOVED = 2;
-      }
-
-      // A deb package file. dpkg packages only support INSTALLED state.
-      message Deb {
-        // Required. A deb package.
-        File source = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Whether dependencies should also be installed.
-        // - install when false: `dpkg -i package`
-        // - install when true: `apt-get update && apt-get -y install
-        // package.deb`
-        bool pull_deps = 2;
-      }
-
-      // A package managed by APT.
-      // - install: `apt-get update && apt-get -y install [name]`
-      // - remove: `apt-get -y remove [name]`
-      message APT {
-        // Required. Package name.
-        string name = 1 [(google.api.field_behavior) = REQUIRED];
-      }
-
-      // An RPM package file. RPM packages only support INSTALLED state.
-      message RPM {
-        // Required. An rpm package.
-        File source = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Whether dependencies should also be installed.
-        // - install when false: `rpm --upgrade --replacepkgs package.rpm`
-        // - install when true: `yum -y install package.rpm` or
-        // `zypper -y install package.rpm`
-        bool pull_deps = 2;
-      }
-
-      // A package managed by YUM.
-      // - install: `yum -y install package`
-      // - remove: `yum -y remove package`
-      message YUM {
-        // Required. Package name.
-        string name = 1 [(google.api.field_behavior) = REQUIRED];
-      }
-
-      // A package managed by Zypper.
-      // - install: `zypper -y install package`
-      // - remove: `zypper -y rm package`
-      message Zypper {
-        // Required. Package name.
-        string name = 1 [(google.api.field_behavior) = REQUIRED];
-      }
-
-      // A package managed by GooGet.
-      // - install: `googet -noconfirm install package`
-      // - remove: `googet -noconfirm remove package`
-      message GooGet {
-        // Required. Package name.
-        string name = 1 [(google.api.field_behavior) = REQUIRED];
-      }
-
-      // An MSI package. MSI packages only support INSTALLED state.
-      message MSI {
-        // Required. The MSI package.
-        File source = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Additional properties to use during installation.
-        // This should be in the format of Property=Setting.
-        // Appended to the defaults of `ACTION=INSTALL
-        // REBOOT=ReallySuppress`.
-        repeated string properties = 2;
-      }
-
-      // Required. The desired state the agent should maintain for this package.
-      DesiredState desired_state = 1 [(google.api.field_behavior) = REQUIRED];
-
-      // A system package.
-      oneof system_package {
-        // A package managed by Apt.
-        APT apt = 2;
-
-        // A deb package file.
-        Deb deb = 3;
-
-        // A package managed by YUM.
-        YUM yum = 4;
-
-        // A package managed by Zypper.
-        Zypper zypper = 5;
-
-        // An rpm package file.
-        RPM rpm = 6;
-
-        // A package managed by GooGet.
-        GooGet googet = 7;
-
-        // An MSI package.
-        MSI msi = 8;
-      }
-    }
-
-    // A resource that manages a package repository.
-    message RepositoryResource {
-      // Represents a single apt package repository. These will be added to
-      // a repo file that will be managed at
-      // `/etc/apt/sources.list.d/google_osconfig.list`.
-      message AptRepository {
-        // Type of archive.
-        enum ArchiveType {
-          // Unspecified is invalid.
-          ARCHIVE_TYPE_UNSPECIFIED = 0;
-
-          // Deb indicates that the archive contains binary files.
-          DEB = 1;
-
-          // Deb-src indicates that the archive contains source files.
-          DEB_SRC = 2;
-        }
-
-        // Required. Type of archive files in this repository.
-        ArchiveType archive_type = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Required. URI for this repository.
-        string uri = 2 [(google.api.field_behavior) = REQUIRED];
-
-        // Required. Distribution of this repository.
-        string distribution = 3 [(google.api.field_behavior) = REQUIRED];
-
-        // Required. List of components for this repository. Must contain at least one
-        // item.
-        repeated string components = 4 [(google.api.field_behavior) = REQUIRED];
-
-        // URI of the key file for this repository. The agent maintains a
-        // keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg`.
-        string gpg_key = 5;
-      }
-
-      // Represents a single yum package repository. These are added to a
-      // repo file that is managed at
-      // `/etc/yum.repos.d/google_osconfig.repo`.
-      message YumRepository {
-        // Required. A one word, unique name for this repository. This is  the `repo
-        // id` in the yum config file and also the `display_name` if
-        // `display_name` is omitted. This id is also used as the unique
-        // identifier when checking for resource conflicts.
-        string id = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // The display name of the repository.
-        string display_name = 2;
-
-        // Required. The location of the repository directory.
-        string base_url = 3 [(google.api.field_behavior) = REQUIRED];
-
-        // URIs of GPG keys.
-        repeated string gpg_keys = 4;
-      }
-
-      // Represents a single zypper package repository. These are added to a
-      // repo file that is managed at
-      // `/etc/zypp/repos.d/google_osconfig.repo`.
-      message ZypperRepository {
-        // Required. A one word, unique name for this repository. This is the `repo
-        // id` in the zypper config file and also the `display_name` if
-        // `display_name` is omitted. This id is also used as the unique
-        // identifier when checking for GuestPolicy conflicts.
-        string id = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // The display name of the repository.
-        string display_name = 2;
-
-        // Required. The location of the repository directory.
-        string base_url = 3 [(google.api.field_behavior) = REQUIRED];
-
-        // URIs of GPG keys.
-        repeated string gpg_keys = 4;
-      }
-
-      // Represents a Goo package repository. These are added to a repo file
-      // that is managed at
-      // `C:/ProgramData/GooGet/repos/google_osconfig.repo`.
-      message GooRepository {
-        // Required. The name of the repository.
-        string name = 1 [(google.api.field_behavior) = REQUIRED];
-
-        // Required. The url of the repository.
-        string url = 2 [(google.api.field_behavior) = REQUIRED];
-      }
-
-      // A specific type of repository.
-      oneof repository {
-        // An Apt Repository.
-        AptRepository apt = 1;
-
-        // A Yum Repository.
-        YumRepository yum = 2;
-
-        // A Zypper Repository.
-        ZypperRepository zypper = 3;
-
-        // A Goo Repository.
-        GooRepository goo = 4;
-      }
-    }
-
-    // A resource that allows executing scripts on the VM.
-    //
-    // The `ExecResource` has 2 stages: `validate` and `enforce` and both stages
-    // accept a script as an argument to execute.
-    //
-    // When the `ExecResource` is applied by the agent, it first executes the
-    // script in the `validate` stage. The `validate` stage can signal that the
-    // `ExecResource` is already in the desired state by returning an exit code
-    // of `100`. If the `ExecResource` is not in the desired state, it should
-    // return an exit code of `101`. Any other exit code returned by this stage
-    // is considered an error.
-    //
-    // If the `ExecResource` is not in the desired state based on the exit code
-    // from the `validate` stage, the agent proceeds to execute the script from
-    // the `enforce` stage. If the `ExecResource` is already in the desired
-    // state, the `enforce` stage will not be run.
-    // Similar to `validate` stage, the `enforce` stage should return an exit
-    // code of `100` to indicate that the resource in now in its desired state.
-    // Any other exit code is considered an error.
-    //
-    // NOTE: An exit code of `100` was chosen over `0` (and `101` vs `1`) to
-    // have an explicit indicator of `in desired state`, `not in desired state`
-    // and errors. Because, for example, Powershell will always return an exit
-    // code of `0` unless an `exit` statement is provided in the script. So, for
-    // reasons of consistency and being explicit, exit codes `100` and `101`
-    // were chosen.
-    message ExecResource {
-      // A file or script to execute.
-      message Exec {
-        // The interpreter to use.
-        enum Interpreter {
-          // Invalid value, the request will return validation error.
-          INTERPRETER_UNSPECIFIED = 0;
-
-          // If an interpreter is not specified, the
-          // source is executed directly. This execution, without an
-          // interpreter, only succeeds for executables and scripts that have <a
-          // href="https://en.wikipedia.org/wiki/Shebang_(Unix)"
-          // class="external">shebang lines</a>.
-          NONE = 1;
-
-          // Indicates that the script runs with `/bin/sh` on Linux and
-          // `cmd.exe` on Windows.
-          SHELL = 2;
-
-          // Indicates that the script runs with PowerShell.
-          POWERSHELL = 3;
-        }
-
-        // What to execute.
-        oneof source {
-          // A remote or local file.
-          File file = 1;
-
-          // An inline script.
-          // The size of the script is limited to 1024 characters.
-          string script = 2;
-        }
-
-        // Optional arguments to pass to the source during execution.
-        repeated string args = 3;
-
-        // Required. The script interpreter to use.
-        Interpreter interpreter = 4 [(google.api.field_behavior) = REQUIRED];
-
-        // Only recorded for enforce Exec.
-        // Path to an output file (that is created by this Exec) whose
-        // content will be recorded in OSPolicyResourceCompliance after a
-        // successful run. Absence or failure to read this file will result in
-        // this ExecResource being non-compliant. Output file size is limited to
-        // 100K bytes.
-        string output_file_path = 5;
-      }
-
-      // Required. What to run to validate this resource is in the desired state.
-      // An exit code of 100 indicates "in desired state", and exit code of 101
-      // indicates "not in desired state". Any other exit code indicates a
-      // failure running validate.
-      Exec validate = 1 [(google.api.field_behavior) = REQUIRED];
-
-      // What to run to bring this resource into the desired state.
-      // An exit code of 100 indicates "success", any other exit code indicates
-      // a failure running enforce.
-      Exec enforce = 2;
-    }
-
-    // A resource that manages the state of a file.
-    message FileResource {
-      // Desired state of the file.
-      enum DesiredState {
-        // Unspecified is invalid.
-        DESIRED_STATE_UNSPECIFIED = 0;
-
-        // Ensure file at path is present.
-        PRESENT = 1;
-
-        // Ensure file at path is absent.
-        ABSENT = 2;
-
-        // Ensure the contents of the file at path matches. If the file does
-        // not exist it will be created.
-        CONTENTS_MATCH = 3;
-      }
-
-      // The source for the contents of the file.
-      oneof source {
-        // A remote or local source.
-        File file = 1;
-
-        // A a file with this content.
-        // The size of the content is limited to 1024 characters.
-        string content = 2;
-      }
-
-      // Required. The absolute path of the file within the VM.
-      string path = 3 [(google.api.field_behavior) = REQUIRED];
-
-      // Required. Desired state of the file.
-      DesiredState state = 4 [(google.api.field_behavior) = REQUIRED];
-
-      // Consists of three octal digits which represent, in
-      // order, the permissions of the owner, group, and other users for the
-      // file (similarly to the numeric mode used in the linux chmod
-      // utility). Each digit represents a three bit number with the 4 bit
-      // corresponding to the read permissions, the 2 bit corresponds to the
-      // write bit, and the one bit corresponds to the execute permission.
-      // Default behavior is 755.
-      //
-      // Below are some examples of permissions and their associated values:
-      // read, write, and execute: 7
-      // read and execute: 5
-      // read and write: 6
-      // read only: 4
-      string permissions = 5;
-    }
-
-    // Required. The id of the resource with the following restrictions:
-    //
-    // * Must contain only lowercase letters, numbers, and hyphens.
-    // * Must start with a letter.
-    // * Must be between 1-63 characters.
-    // * Must end with a number or a letter.
-    // * Must be unique within the OS policy.
-    string id = 1 [(google.api.field_behavior) = REQUIRED];
-
-    // Resource type.
-    oneof resource_type {
-      // Package resource
-      PackageResource pkg = 2;
-
-      // Package repository resource
-      RepositoryResource repository = 3;
-
-      // Exec resource
-      ExecResource exec = 4;
-
-      // File resource
-      FileResource file = 5;
-    }
-  }
-
-  // Resource groups provide a mechanism to group OS policy resources.
-  //
-  // Resource groups enable OS policy authors to create a single OS policy
-  // to be applied to VMs running different operating Systems.
-  //
-  // When the OS policy is applied to a target VM, the appropriate resource
-  // group within the OS policy is selected based on the `OSFilter` specified
-  // within the resource group.
-  message ResourceGroup {
-    // Deprecated. Use the `inventory_filters` field instead.
-    // Used to specify the OS filter for a resource group
-    OSFilter os_filter = 1 [deprecated = true];
-
-    // List of inventory filters for the resource group.
-    //
-    // The resources in this resource group are applied to the target VM if it
-    // satisfies at least one of the following inventory filters.
-    //
-    // For example, to apply this resource group to VMs running either `RHEL` or
-    // `CentOS` operating systems, specify 2 items for the list with following
-    // values:
-    // inventory_filters[0].os_short_name='rhel' and
-    // inventory_filters[1].os_short_name='centos'
-    //
-    // If the list is empty, this resource group will be applied to the target
-    // VM unconditionally.
-    repeated InventoryFilter inventory_filters = 3;
-
-    // Required. List of resources configured for this resource group.
-    // The resources are executed in the exact order specified here.
-    repeated Resource resources = 2 [(google.api.field_behavior) = REQUIRED];
-  }
-
-  // Required. The id of the OS policy with the following restrictions:
-  //
-  // * Must contain only lowercase letters, numbers, and hyphens.
-  // * Must start with a letter.
-  // * Must be between 1-63 characters.
-  // * Must end with a number or a letter.
-  // * Must be unique within the assignment.
-  string id = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Policy description.
-  // Length of the description is limited to 1024 characters.
-  string description = 2;
-
-  // Required. Policy mode
-  Mode mode = 3 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. List of resource groups for the policy.
-  // For a particular VM, resource groups are evaluated in the order specified
-  // and the first resource group that is applicable is selected and the rest
-  // are ignored.
-  //
-  // If none of the resource groups are applicable for a VM, the VM is
-  // considered to be non-compliant w.r.t this policy. This behavior can be
-  // toggled by the flag `allow_no_resource_group_match`
-  repeated ResourceGroup resource_groups = 4 [(google.api.field_behavior) = REQUIRED];
-
-  // This flag determines the OS policy compliance status when none of the
-  // resource groups within the policy are applicable for a VM. Set this value
-  // to `true` if the policy needs to be reported as compliant even if the
-  // policy has nothing to validate or enforce.
-  bool allow_no_resource_group_match = 5;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy_assignment_reports.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy_assignment_reports.proto
deleted file mode 100644
index 87905bb..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy_assignment_reports.proto
+++ /dev/null
@@ -1,296 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1alpha;
-
-import "google/api/field_behavior.proto";
-import "google/api/resource.proto";
-import "google/protobuf/timestamp.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig";
-option java_multiple_files = true;
-option java_outer_classname = "OSPolicyAssignmentReportsProto";
-option java_package = "com.google.cloud.osconfig.v1alpha";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha";
-option ruby_package = "Google::Cloud::OsConfig::V1alpha";
-option (google.api.resource_definition) = {
-  type: "compute.googleapis.com/InstanceOSPolicyAssignment"
-  pattern: "projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}"
-};
-
-// Get a report of the OS policy assignment for a VM instance.
-message GetOSPolicyAssignmentReportRequest {
-  // Required. API resource name for OS policy assignment report.
-  //
-  // Format:
-  // `/projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/report`
-  //
-  // For `{project}`, either `project-number` or `project-id` can be provided.
-  // For `{instance_id}`, either Compute Engine `instance-id` or `instance-name`
-  // can be provided.
-  // For `{assignment_id}`, the OSPolicyAssignment id must be provided.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/OSPolicyAssignmentReport"
-    }
-  ];
-}
-
-// List the OS policy assignment reports for VM instances.
-message ListOSPolicyAssignmentReportsRequest {
-  // Required. The parent resource name.
-  //
-  // Format:
-  // `projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/reports`
-  //
-  // For `{project}`, either `project-number` or `project-id` can be provided.
-  // For `{instance}`, either `instance-name`, `instance-id`, or `-` can be
-  // provided. If '-' is provided, the response will include
-  // OSPolicyAssignmentReports for all instances in the project/location.
-  // For `{assignment}`, either `assignment-id` or `-` can be provided. If '-'
-  // is provided, the response will include OSPolicyAssignmentReports for all
-  // OSPolicyAssignments in the project/location.
-  // Either {instance} or {assignment} must be `-`.
-  //
-  // For example:
-  // `projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/-/reports`
-  //  returns all reports for the instance
-  // `projects/{project}/locations/{location}/instances/-/osPolicyAssignments/{assignment-id}/reports`
-  //  returns all the reports for the given assignment across all instances.
-  // `projects/{project}/locations/{location}/instances/-/osPolicyAssignments/-/reports`
-  //  returns all the reports for all assignments across all instances.
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "compute.googleapis.com/InstanceOSPolicyAssignment"
-    }
-  ];
-
-  // The maximum number of results to return.
-  int32 page_size = 2;
-
-  // If provided, this field specifies the criteria that must be met by the
-  // `OSPolicyAssignmentReport` API resource that is included in the response.
-  string filter = 3;
-
-  // A pagination token returned from a previous call to the
-  // `ListOSPolicyAssignmentReports` method that indicates where this listing
-  // should continue from.
-  string page_token = 4;
-}
-
-// A response message for listing OS Policy assignment reports including the
-// page of results and page token.
-message ListOSPolicyAssignmentReportsResponse {
-  // List of OS policy assignment reports.
-  repeated OSPolicyAssignmentReport os_policy_assignment_reports = 1;
-
-  // The pagination token to retrieve the next page of OS policy assignment
-  // report objects.
-  string next_page_token = 2;
-}
-
-// A report of the OS policy assignment status for a given instance.
-message OSPolicyAssignmentReport {
-  option (google.api.resource) = {
-    type: "osconfig.googleapis.com/OSPolicyAssignmentReport"
-    pattern: "projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/report"
-  };
-
-  // Compliance data for an OS policy
-  message OSPolicyCompliance {
-    // Possible compliance states for an os policy.
-    enum ComplianceState {
-      // The policy is in an unknown compliance state.
-      //
-      // Refer to the field `compliance_state_reason` to learn the exact reason
-      // for the policy to be in this compliance state.
-      UNKNOWN = 0;
-
-      // Policy is compliant.
-      //
-      // The policy is compliant if all the underlying resources are also
-      // compliant.
-      COMPLIANT = 1;
-
-      // Policy is non-compliant.
-      //
-      // The policy is non-compliant if one or more underlying resources are
-      // non-compliant.
-      NON_COMPLIANT = 2;
-    }
-
-    // Compliance data for an OS policy resource.
-    message OSPolicyResourceCompliance {
-      // Step performed by the OS Config agent for configuring an
-      // `OSPolicy` resource to its desired state.
-      message OSPolicyResourceConfigStep {
-        // Supported configuration step types
-        enum Type {
-          // Default value. This value is unused.
-          TYPE_UNSPECIFIED = 0;
-
-          // Checks for resource conflicts such as schema errors.
-          VALIDATION = 1;
-
-          // Checks the current status of the desired state for a resource.
-          DESIRED_STATE_CHECK = 2;
-
-          // Enforces the desired state for a resource that is not in desired
-          // state.
-          DESIRED_STATE_ENFORCEMENT = 3;
-
-          // Re-checks the status of the desired state. This check is done
-          // for a resource after the enforcement of all OS policies.
-          //
-          // This step is used to determine the final desired state status for
-          // the resource. It accounts for any resources that might have drifted
-          // from their desired state due to side effects from executing other
-          // resources.
-          DESIRED_STATE_CHECK_POST_ENFORCEMENT = 4;
-        }
-
-        // Configuration step type.
-        Type type = 1;
-
-        // An error message recorded during the execution of this step.
-        // Only populated if errors were encountered during this step execution.
-        string error_message = 2;
-      }
-
-      // Possible compliance states for a resource.
-      enum ComplianceState {
-        // The resource is in an unknown compliance state.
-        //
-        // To get more details about why the policy is in this state, review
-        // the output of the `compliance_state_reason` field.
-        UNKNOWN = 0;
-
-        // Resource is compliant.
-        COMPLIANT = 1;
-
-        // Resource is non-compliant.
-        NON_COMPLIANT = 2;
-      }
-
-      // ExecResource specific output.
-      message ExecResourceOutput {
-        // Output from enforcement phase output file (if run).
-        // Output size is limited to 100K bytes.
-        bytes enforcement_output = 2;
-      }
-
-      // The ID of the OS policy resource.
-      string os_policy_resource_id = 1;
-
-      // Ordered list of configuration completed by the agent for the OS policy
-      // resource.
-      repeated OSPolicyResourceConfigStep config_steps = 2;
-
-      // The compliance state of the resource.
-      ComplianceState compliance_state = 3;
-
-      // A reason for the resource to be in the given compliance state.
-      // This field is always populated when `compliance_state` is `UNKNOWN`.
-      //
-      // The following values are supported when `compliance_state == UNKNOWN`
-      //
-      // * `execution-errors`: Errors were encountered by the agent while
-      // executing the resource and the compliance state couldn't be
-      // determined.
-      // * `execution-skipped-by-agent`: Resource execution was skipped by the
-      // agent because errors were encountered while executing prior resources
-      // in the OS policy.
-      // * `os-policy-execution-attempt-failed`: The execution of the OS policy
-      // containing this resource failed and the compliance state couldn't be
-      // determined.
-      string compliance_state_reason = 4;
-
-      // Resource specific output.
-      oneof output {
-        // ExecResource specific output.
-        ExecResourceOutput exec_resource_output = 5;
-      }
-    }
-
-    // The OS policy id
-    string os_policy_id = 1;
-
-    // The compliance state of the OS policy.
-    ComplianceState compliance_state = 2;
-
-    // The reason for the OS policy to be in an unknown compliance state.
-    // This field is always populated when `compliance_state` is `UNKNOWN`.
-    //
-    // If populated, the field can contain one of the following values:
-    //
-    // * `vm-not-running`: The VM was not running.
-    // * `os-policies-not-supported-by-agent`: The version of the OS Config
-    // agent running on the VM does not support running OS policies.
-    // * `no-agent-detected`: The OS Config agent is not detected for the VM.
-    // * `resource-execution-errors`: The OS Config agent encountered errors
-    // while executing one or more resources in the policy. See
-    // `os_policy_resource_compliances` for details.
-    // * `task-timeout`: The task sent to the agent to apply the policy timed
-    // out.
-    // * `unexpected-agent-state`: The OS Config agent did not report the final
-    // status of the task that attempted to apply the policy. Instead, the agent
-    // unexpectedly started working on a different task. This mostly happens
-    // when the agent or VM unexpectedly restarts while applying OS policies.
-    // * `internal-service-errors`: Internal service errors were encountered
-    // while attempting to apply the policy.
-    string compliance_state_reason = 3;
-
-    // Compliance data for each resource within the policy that is applied to
-    // the VM.
-    repeated OSPolicyResourceCompliance os_policy_resource_compliances = 4;
-  }
-
-  // The `OSPolicyAssignmentReport` API resource name.
-  //
-  // Format:
-  // `projects/{project_number}/locations/{location}/instances/{instance_id}/osPolicyAssignments/{os_policy_assignment_id}/report`
-  string name = 1;
-
-  // The Compute Engine VM instance name.
-  string instance = 2;
-
-  // Reference to the `OSPolicyAssignment` API resource that the `OSPolicy`
-  // belongs to.
-  //
-  // Format:
-  // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}`
-  string os_policy_assignment = 3 [(google.api.resource_reference) = {
-                                     type: "osconfig.googleapis.com/OSPolicyAssignment"
-                                   }];
-
-  // Compliance data for each `OSPolicy` that is applied to the VM.
-  repeated OSPolicyCompliance os_policy_compliances = 4;
-
-  // Timestamp for when the report was last generated.
-  google.protobuf.Timestamp update_time = 5;
-
-  // Unique identifier of the last attempted run to apply the OS policies
-  // associated with this assignment on the VM.
-  //
-  // This ID is logged by the OS Config agent while applying the OS
-  // policies associated with this assignment on the VM.
-  // NOTE: If the service is unable to successfully connect to the agent for
-  // this run, then this id will not be available in the agent logs.
-  string last_run_id = 6;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy_assignments.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy_assignments.proto
deleted file mode 100644
index 3010656..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy_assignments.proto
+++ /dev/null
@@ -1,383 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1alpha;
-
-import "google/api/field_behavior.proto";
-import "google/api/resource.proto";
-import "google/cloud/osconfig/v1alpha/os_policy.proto";
-import "google/cloud/osconfig/v1alpha/osconfig_common.proto";
-import "google/protobuf/duration.proto";
-import "google/protobuf/field_mask.proto";
-import "google/protobuf/timestamp.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig";
-option java_multiple_files = true;
-option java_outer_classname = "OsPolicyAssignmentsProto";
-option java_package = "com.google.cloud.osconfig.v1alpha";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha";
-option ruby_package = "Google::Cloud::OsConfig::V1alpha";
-
-// OS policy assignment is an API resource that is used to
-// apply a set of OS policies to a dynamically targeted group of Compute Engine
-// VM instances.
-//
-// An OS policy is used to define the desired state configuration for a
-// Compute Engine VM instance through a set of configuration resources that
-// provide capabilities such as installing or removing software packages, or
-// executing a script.
-//
-// For more information, see [OS policy and OS policy
-// assignment](https://cloud.google.com/compute/docs/os-configuration-management/working-with-os-policies).
-message OSPolicyAssignment {
-  option (google.api.resource) = {
-    type: "osconfig.googleapis.com/OSPolicyAssignment"
-    pattern: "projects/{project}/locations/{location}/osPolicyAssignments/{os_policy_assignment}"
-  };
-
-  // Message representing label set.
-  // * A label is a key value pair set for a VM.
-  // * A LabelSet is a set of labels.
-  // * Labels within a LabelSet are ANDed. In other words, a LabelSet is
-  //   applicable for a VM only if it matches all the labels in the
-  //   LabelSet.
-  // * Example: A LabelSet with 2 labels: `env=prod` and `type=webserver` will
-  //            only be applicable for those VMs with both labels
-  //            present.
-  message LabelSet {
-    // Labels are identified by key/value pairs in this map.
-    // A VM should contain all the key/value pairs specified in this
-    // map to be selected.
-    map<string, string> labels = 1;
-  }
-
-  // Filters to select target VMs for an assignment.
-  //
-  // If more than one filter criteria is specified below, a VM will be selected
-  // if and only if it satisfies all of them.
-  message InstanceFilter {
-    // VM inventory details.
-    message Inventory {
-      // Required. The OS short name
-      string os_short_name = 1 [(google.api.field_behavior) = REQUIRED];
-
-      // The OS version
-      //
-      // Prefix matches are supported if asterisk(*) is provided as the
-      // last character. For example, to match all versions with a major
-      // version of `7`, specify the following value for this field `7.*`
-      //
-      // An empty string matches all OS versions.
-      string os_version = 2;
-    }
-
-    // Target all VMs in the project. If true, no other criteria is
-    // permitted.
-    bool all = 1;
-
-    // Deprecated. Use the `inventories` field instead.
-    // A VM is selected if it's OS short name matches with any of the
-    // values provided in this list.
-    repeated string os_short_names = 2 [deprecated = true];
-
-    // List of label sets used for VM inclusion.
-    //
-    // If the list has more than one `LabelSet`, the VM is included if any
-    // of the label sets are applicable for the VM.
-    repeated LabelSet inclusion_labels = 3;
-
-    // List of label sets used for VM exclusion.
-    //
-    // If the list has more than one label set, the VM is excluded if any
-    // of the label sets are applicable for the VM.
-    repeated LabelSet exclusion_labels = 4;
-
-    // List of inventories to select VMs.
-    //
-    // A VM is selected if its inventory data matches at least one of the
-    // following inventories.
-    repeated Inventory inventories = 5;
-  }
-
-  // Message to configure the rollout at the zonal level for the OS policy
-  // assignment.
-  message Rollout {
-    // Required. The maximum number (or percentage) of VMs per zone to disrupt at
-    // any given moment.
-    FixedOrPercent disruption_budget = 1 [(google.api.field_behavior) = REQUIRED];
-
-    // Required. This determines the minimum duration of time to wait after the
-    // configuration changes are applied through the current rollout. A
-    // VM continues to count towards the `disruption_budget` at least
-    // until this duration of time has passed after configuration changes are
-    // applied.
-    google.protobuf.Duration min_wait_duration = 2 [(google.api.field_behavior) = REQUIRED];
-  }
-
-  // OS policy assignment rollout state
-  enum RolloutState {
-    // Invalid value
-    ROLLOUT_STATE_UNSPECIFIED = 0;
-
-    // The rollout is in progress.
-    IN_PROGRESS = 1;
-
-    // The rollout is being cancelled.
-    CANCELLING = 2;
-
-    // The rollout is cancelled.
-    CANCELLED = 3;
-
-    // The rollout has completed successfully.
-    SUCCEEDED = 4;
-  }
-
-  // Resource name.
-  //
-  // Format:
-  // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id}`
-  //
-  // This field is ignored when you create an OS policy assignment.
-  string name = 1;
-
-  // OS policy assignment description.
-  // Length of the description is limited to 1024 characters.
-  string description = 2;
-
-  // Required. List of OS policies to be applied to the VMs.
-  repeated OSPolicy os_policies = 3 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. Filter to select VMs.
-  InstanceFilter instance_filter = 4 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. Rollout to deploy the OS policy assignment.
-  // A rollout is triggered in the following situations:
-  // 1) OSPolicyAssignment is created.
-  // 2) OSPolicyAssignment is updated and the update contains changes to one of
-  // the following fields:
-  //    - instance_filter
-  //    - os_policies
-  // 3) OSPolicyAssignment is deleted.
-  Rollout rollout = 5 [(google.api.field_behavior) = REQUIRED];
-
-  // Output only. The assignment revision ID
-  // A new revision is committed whenever a rollout is triggered for a OS policy
-  // assignment
-  string revision_id = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. The timestamp that the revision was created.
-  google.protobuf.Timestamp revision_create_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // The etag for this OS policy assignment.
-  // If this is provided on update, it must match the server's etag.
-  string etag = 8;
-
-  // Output only. OS policy assignment rollout state
-  RolloutState rollout_state = 9 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Indicates that this revision has been successfully rolled out in this zone
-  // and new VMs will be assigned OS policies from this revision.
-  //
-  // For a given OS policy assignment, there is only one revision with a value
-  // of `true` for this field.
-  bool baseline = 10 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Indicates that this revision deletes the OS policy assignment.
-  bool deleted = 11 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Indicates that reconciliation is in progress for the revision.
-  // This value is `true` when the `rollout_state` is one of:
-  // * IN_PROGRESS
-  // * CANCELLING
-  bool reconciling = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Server generated unique id for the OS policy assignment resource.
-  string uid = 13 [(google.api.field_behavior) = OUTPUT_ONLY];
-}
-
-// OS policy assignment operation metadata provided by OS policy assignment API
-// methods that return long running operations.
-message OSPolicyAssignmentOperationMetadata {
-  // The OS policy assignment API method.
-  enum APIMethod {
-    // Invalid value
-    API_METHOD_UNSPECIFIED = 0;
-
-    // Create OS policy assignment API method
-    CREATE = 1;
-
-    // Update OS policy assignment API method
-    UPDATE = 2;
-
-    // Delete OS policy assignment API method
-    DELETE = 3;
-  }
-
-  // State of the rollout
-  enum RolloutState {
-    // Invalid value
-    ROLLOUT_STATE_UNSPECIFIED = 0;
-
-    // The rollout is in progress.
-    IN_PROGRESS = 1;
-
-    // The rollout is being cancelled.
-    CANCELLING = 2;
-
-    // The rollout is cancelled.
-    CANCELLED = 3;
-
-    // The rollout has completed successfully.
-    SUCCEEDED = 4;
-  }
-
-  // Reference to the `OSPolicyAssignment` API resource.
-  //
-  // Format:
-  // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}`
-  string os_policy_assignment = 1 [(google.api.resource_reference) = {
-                                     type: "osconfig.googleapis.com/OSPolicyAssignment"
-                                   }];
-
-  // The OS policy assignment API method.
-  APIMethod api_method = 2;
-
-  // State of the rollout
-  RolloutState rollout_state = 3;
-
-  // Rollout start time
-  google.protobuf.Timestamp rollout_start_time = 4;
-
-  // Rollout update time
-  google.protobuf.Timestamp rollout_update_time = 5;
-}
-
-// A request message to create an OS policy assignment
-message CreateOSPolicyAssignmentRequest {
-  // Required. The parent resource name in the form:
-  // projects/{project}/locations/{location}
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "locations.googleapis.com/Location"
-    }
-  ];
-
-  // Required. The OS policy assignment to be created.
-  OSPolicyAssignment os_policy_assignment = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The logical name of the OS policy assignment in the project
-  // with the following restrictions:
-  //
-  // * Must contain only lowercase letters, numbers, and hyphens.
-  // * Must start with a letter.
-  // * Must be between 1-63 characters.
-  // * Must end with a number or a letter.
-  // * Must be unique within the project.
-  string os_policy_assignment_id = 3 [(google.api.field_behavior) = REQUIRED];
-}
-
-// A request message to update an OS policy assignment
-message UpdateOSPolicyAssignmentRequest {
-  // Required. The updated OS policy assignment.
-  OSPolicyAssignment os_policy_assignment = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Optional. Field mask that controls which fields of the assignment should be updated.
-  google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = OPTIONAL];
-}
-
-// A request message to get an OS policy assignment
-message GetOSPolicyAssignmentRequest {
-  // Required. The resource name of OS policy assignment.
-  //
-  // Format:
-  // `projects/{project}/locations/{location}/osPolicyAssignments/{os_policy_assignment}@{revisionId}`
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/OSPolicyAssignment"
-    }
-  ];
-}
-
-// A request message to list OS policy assignments for a parent resource
-message ListOSPolicyAssignmentsRequest {
-  // Required. The parent resource name.
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "locations.googleapis.com/Location"
-    }
-  ];
-
-  // The maximum number of assignments to return.
-  int32 page_size = 2;
-
-  // A pagination token returned from a previous call to
-  // `ListOSPolicyAssignments` that indicates where this listing should continue
-  // from.
-  string page_token = 3;
-}
-
-// A response message for listing all assignments under given parent.
-message ListOSPolicyAssignmentsResponse {
-  // The list of assignments
-  repeated OSPolicyAssignment os_policy_assignments = 1;
-
-  // The pagination token to retrieve the next page of OS policy assignments.
-  string next_page_token = 2;
-}
-
-// A request message to list revisions for a OS policy assignment
-message ListOSPolicyAssignmentRevisionsRequest {
-  // Required. The name of the OS policy assignment to list revisions for.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/OSPolicyAssignment"
-    }
-  ];
-
-  // The maximum number of revisions to return.
-  int32 page_size = 2;
-
-  // A pagination token returned from a previous call to
-  // `ListOSPolicyAssignmentRevisions` that indicates where this listing should
-  // continue from.
-  string page_token = 3;
-}
-
-// A response message for listing all revisions for a OS policy assignment.
-message ListOSPolicyAssignmentRevisionsResponse {
-  // The OS policy assignment revisions
-  repeated OSPolicyAssignment os_policy_assignments = 1;
-
-  // The pagination token to retrieve the next page of OS policy assignment
-  // revisions.
-  string next_page_token = 2;
-}
-
-// A request message for deleting a OS policy assignment.
-message DeleteOSPolicyAssignmentRequest {
-  // Required. The name of the OS policy assignment to be deleted
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/OSPolicyAssignment"
-    }
-  ];
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_common.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_common.proto
deleted file mode 100644
index 1d2b58a..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_common.proto
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1alpha;
-
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig";
-option java_multiple_files = true;
-option java_outer_classname = "Common";
-option java_package = "com.google.cloud.osconfig.v1alpha";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha";
-option ruby_package = "Google::Cloud::OsConfig::V1alpha";
-
-// Message encapsulating a value that can be either absolute ("fixed") or
-// relative ("percent") to a value.
-message FixedOrPercent {
-  // Type of the value.
-  oneof mode {
-    // Specifies a fixed value.
-    int32 fixed = 1;
-
-    // Specifies the relative value defined as a percentage, which will be
-    // multiplied by a reference value.
-    int32 percent = 2;
-  }
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_grpc_service_config.json b/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_grpc_service_config.json
deleted file mode 100644
index 69b69d8..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_grpc_service_config.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-  "methodConfig": [{
-    "name": [{ "service": "google.cloud.osconfig.v1alpha.OsConfigZonalService" }],
-    "timeout": "60s",
-    "retryPolicy": {
-      "maxAttempts": 5,
-      "initialBackoff": "1s",
-      "maxBackoff": "60s",
-      "backoffMultiplier": 1.3,
-      "retryableStatusCodes": ["UNAVAILABLE"]
-    }
-  }]
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_v1alpha.yaml b/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_v1alpha.yaml
deleted file mode 100644
index 0bc2f30..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_v1alpha.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-type: google.api.Service
-config_version: 3
-name: osconfig.googleapis.com
-title: OS Config API
-
-apis:
-- name: google.cloud.osconfig.v1alpha.OsConfigZonalService
-
-types:
-- name: google.cloud.osconfig.v1alpha.OSPolicyAssignmentOperationMetadata
-
-documentation:
-  summary: |-
-    OS management tools that can be used for patch management, patch
-    compliance, and configuration management on VM instances.
-
-backend:
-  rules:
-  - selector: 'google.cloud.osconfig.v1alpha.OsConfigZonalService.*'
-    deadline: 30.0
-
-http:
-  rules:
-  - selector: google.longrunning.Operations.CancelOperation
-    post: '/v1alpha/{name=projects/*/locations/*/osPolicyAssignments/*/operations/*}:cancel'
-    body: '*'
-  - selector: google.longrunning.Operations.GetOperation
-    get: '/v1alpha/{name=projects/*/locations/*/osPolicyAssignments/*/operations/*}'
-
-authentication:
-  rules:
-  - selector: 'google.cloud.osconfig.v1alpha.OsConfigZonalService.*'
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
-  - selector: google.longrunning.Operations.CancelOperation
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
-  - selector: google.longrunning.Operations.GetOperation
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_zonal_service.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_zonal_service.proto
deleted file mode 100644
index bb73fbd..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_zonal_service.proto
+++ /dev/null
@@ -1,215 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1alpha;
-
-import "google/api/annotations.proto";
-import "google/api/client.proto";
-import "google/api/resource.proto";
-import "google/cloud/osconfig/v1alpha/instance_os_policies_compliance.proto";
-import "google/cloud/osconfig/v1alpha/inventory.proto";
-import "google/cloud/osconfig/v1alpha/os_policy_assignment_reports.proto";
-import "google/cloud/osconfig/v1alpha/os_policy_assignments.proto";
-import "google/cloud/osconfig/v1alpha/vulnerability.proto";
-import "google/longrunning/operations.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig";
-option java_multiple_files = true;
-option java_outer_classname = "OsConfigZonalServiceProto";
-option java_package = "com.google.cloud.osconfig.v1alpha";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha";
-option ruby_package = "Google::Cloud::OsConfig::V1alpha";
-option (google.api.resource_definition) = {
-  type: "compute.googleapis.com/Instance"
-  pattern: "projects/{project}/locations/{location}/instances/{instance}"
-};
-
-// Zonal OS Config API
-//
-// The OS Config service is the server-side component that allows users to
-// manage package installations and patch jobs for Compute Engine VM instances.
-service OsConfigZonalService {
-  option (google.api.default_host) = "osconfig.googleapis.com";
-  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
-
-  // Create an OS policy assignment.
-  //
-  // This method also creates the first revision of the OS policy assignment.
-  //
-  // This method returns a long running operation (LRO) that contains the
-  // rollout details. The rollout can be cancelled by cancelling the LRO.
-  //
-  // For more information, see [Method:
-  // projects.locations.osPolicyAssignments.operations.cancel](https://cloud.google.com/compute/docs/osconfig/rest/v1alpha/projects.locations.osPolicyAssignments.operations/cancel).
-  rpc CreateOSPolicyAssignment(CreateOSPolicyAssignmentRequest) returns (google.longrunning.Operation) {
-    option (google.api.http) = {
-      post: "/v1alpha/{parent=projects/*/locations/*}/osPolicyAssignments"
-      body: "os_policy_assignment"
-    };
-    option (google.api.method_signature) = "parent,os_policy_assignment,os_policy_assignment_id";
-    option (google.longrunning.operation_info) = {
-      response_type: "OSPolicyAssignment"
-      metadata_type: "OSPolicyAssignmentOperationMetadata"
-    };
-  }
-
-  // Update an existing OS policy assignment.
-  //
-  // This method creates a new revision of the OS policy assignment.
-  //
-  // This method returns a long running operation (LRO) that contains the
-  // rollout details. The rollout can be cancelled by cancelling the LRO.
-  //
-  // For more information, see [Method:
-  // projects.locations.osPolicyAssignments.operations.cancel](https://cloud.google.com/compute/docs/osconfig/rest/v1alpha/projects.locations.osPolicyAssignments.operations/cancel).
-  rpc UpdateOSPolicyAssignment(UpdateOSPolicyAssignmentRequest) returns (google.longrunning.Operation) {
-    option (google.api.http) = {
-      patch: "/v1alpha/{os_policy_assignment.name=projects/*/locations/*/osPolicyAssignments/*}"
-      body: "os_policy_assignment"
-    };
-    option (google.api.method_signature) = "os_policy_assignment,update_mask";
-    option (google.longrunning.operation_info) = {
-      response_type: "OSPolicyAssignment"
-      metadata_type: "OSPolicyAssignmentOperationMetadata"
-    };
-  }
-
-  // Retrieve an existing OS policy assignment.
-  //
-  // This method always returns the latest revision. In order to retrieve a
-  // previous revision of the assignment, also provide the revision ID in the
-  // `name` parameter.
-  rpc GetOSPolicyAssignment(GetOSPolicyAssignmentRequest) returns (OSPolicyAssignment) {
-    option (google.api.http) = {
-      get: "/v1alpha/{name=projects/*/locations/*/osPolicyAssignments/*}"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // List the OS policy assignments under the parent resource.
-  //
-  // For each OS policy assignment, the latest revision is returned.
-  rpc ListOSPolicyAssignments(ListOSPolicyAssignmentsRequest) returns (ListOSPolicyAssignmentsResponse) {
-    option (google.api.http) = {
-      get: "/v1alpha/{parent=projects/*/locations/*}/osPolicyAssignments"
-    };
-    option (google.api.method_signature) = "parent";
-  }
-
-  // List the OS policy assignment revisions for a given OS policy assignment.
-  rpc ListOSPolicyAssignmentRevisions(ListOSPolicyAssignmentRevisionsRequest) returns (ListOSPolicyAssignmentRevisionsResponse) {
-    option (google.api.http) = {
-      get: "/v1alpha/{name=projects/*/locations/*/osPolicyAssignments/*}:listRevisions"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // Delete the OS policy assignment.
-  //
-  // This method creates a new revision of the OS policy assignment.
-  //
-  // This method returns a long running operation (LRO) that contains the
-  // rollout details. The rollout can be cancelled by cancelling the LRO.
-  //
-  // If the LRO completes and is not cancelled, all revisions associated with
-  // the OS policy assignment are deleted.
-  //
-  // For more information, see [Method:
-  // projects.locations.osPolicyAssignments.operations.cancel](https://cloud.google.com/compute/docs/osconfig/rest/v1alpha/projects.locations.osPolicyAssignments.operations/cancel).
-  rpc DeleteOSPolicyAssignment(DeleteOSPolicyAssignmentRequest) returns (google.longrunning.Operation) {
-    option (google.api.http) = {
-      delete: "/v1alpha/{name=projects/*/locations/*/osPolicyAssignments/*}"
-    };
-    option (google.api.method_signature) = "name";
-    option (google.longrunning.operation_info) = {
-      response_type: "google.protobuf.Empty"
-      metadata_type: "OSPolicyAssignmentOperationMetadata"
-    };
-  }
-
-  // Get OS policies compliance data for the specified Compute Engine VM
-  // instance.
-  rpc GetInstanceOSPoliciesCompliance(GetInstanceOSPoliciesComplianceRequest) returns (InstanceOSPoliciesCompliance) {
-    option deprecated = true;
-    option (google.api.http) = {
-      get: "/v1alpha/{name=projects/*/locations/*/instanceOSPoliciesCompliances/*}"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // List OS policies compliance data for all Compute Engine VM instances in the
-  // specified zone.
-  rpc ListInstanceOSPoliciesCompliances(ListInstanceOSPoliciesCompliancesRequest) returns (ListInstanceOSPoliciesCompliancesResponse) {
-    option deprecated = true;
-    option (google.api.http) = {
-      get: "/v1alpha/{parent=projects/*/locations/*}/instanceOSPoliciesCompliances"
-    };
-    option (google.api.method_signature) = "parent";
-  }
-
-  // Get the OS policy asssignment report for the specified Compute Engine VM
-  // instance.
-  rpc GetOSPolicyAssignmentReport(GetOSPolicyAssignmentReportRequest) returns (OSPolicyAssignmentReport) {
-    option (google.api.http) = {
-      get: "/v1alpha/{name=projects/*/locations/*/instances/*/osPolicyAssignments/*/report}"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // List OS policy asssignment reports for all Compute Engine VM instances in
-  // the specified zone.
-  rpc ListOSPolicyAssignmentReports(ListOSPolicyAssignmentReportsRequest) returns (ListOSPolicyAssignmentReportsResponse) {
-    option (google.api.http) = {
-      get: "/v1alpha/{parent=projects/*/locations/*/instances/*/osPolicyAssignments/*}/reports"
-    };
-    option (google.api.method_signature) = "parent";
-  }
-
-  // Get inventory data for the specified VM instance. If the VM has no
-  // associated inventory, the message `NOT_FOUND` is returned.
-  rpc GetInventory(GetInventoryRequest) returns (Inventory) {
-    option (google.api.http) = {
-      get: "/v1alpha/{name=projects/*/locations/*/instances/*/inventory}"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // List inventory data for all VM instances in the specified zone.
-  rpc ListInventories(ListInventoriesRequest) returns (ListInventoriesResponse) {
-    option (google.api.http) = {
-      get: "/v1alpha/{parent=projects/*/locations/*/instances/*}/inventories"
-    };
-    option (google.api.method_signature) = "parent";
-  }
-
-  // Gets the vulnerability report for the specified VM instance. Only VMs with
-  // inventory data have vulnerability reports associated with them.
-  rpc GetVulnerabilityReport(GetVulnerabilityReportRequest) returns (VulnerabilityReport) {
-    option (google.api.http) = {
-      get: "/v1alpha/{name=projects/*/locations/*/instances/*/vulnerabilityReport}"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // List vulnerability reports for all VM instances in the specified zone.
-  rpc ListVulnerabilityReports(ListVulnerabilityReportsRequest) returns (ListVulnerabilityReportsResponse) {
-    option (google.api.http) = {
-      get: "/v1alpha/{parent=projects/*/locations/*/instances/*}/vulnerabilityReports"
-    };
-    option (google.api.method_signature) = "parent";
-  }
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/vulnerability.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/vulnerability.proto
deleted file mode 100644
index 54080ba..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1alpha/vulnerability.proto
+++ /dev/null
@@ -1,365 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1alpha;
-
-import "google/api/field_behavior.proto";
-import "google/api/resource.proto";
-import "google/protobuf/timestamp.proto";
-
-option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha";
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig";
-option java_multiple_files = true;
-option java_outer_classname = "VulnerabilityProto";
-option java_package = "com.google.cloud.osconfig.v1alpha";
-option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha";
-option ruby_package = "Google::Cloud::OsConfig::V1alpha";
-
-// This API resource represents the vulnerability report for a specified
-// Compute Engine virtual machine (VM) instance at a given point in time.
-//
-// For more information, see [Vulnerability
-// reports](https://cloud.google.com/compute/docs/instances/os-inventory-management#vulnerability-reports).
-message VulnerabilityReport {
-  option (google.api.resource) = {
-    type: "osconfig.googleapis.com/VulnerabilityReport"
-    pattern: "projects/{project}/locations/{location}/instances/{instance}/vulnerabilityReport"
-  };
-
-  // A vulnerability affecting the VM instance.
-  message Vulnerability {
-    // Contains metadata information for the vulnerability. This information is
-    // collected from the upstream feed of the operating system.
-    message Details {
-      // A reference for this vulnerability.
-      message Reference {
-        // The url of the reference.
-        string url = 1;
-
-        // The source of the reference e.g. NVD.
-        string source = 2;
-      }
-
-      // The CVE of the vulnerability. CVE cannot be
-      // empty and the combination of <cve, classification> should be unique
-      // across vulnerabilities for a VM.
-      string cve = 1;
-
-      // The CVSS V2 score of this vulnerability. CVSS V2 score is on a scale of
-      // 0 - 10 where 0 indicates low severity and 10 indicates high severity.
-      float cvss_v2_score = 2;
-
-      // The full description of the CVSSv3 for this vulnerability from NVD.
-      CVSSv3 cvss_v3 = 3;
-
-      // Assigned severity/impact ranking from the distro.
-      string severity = 4;
-
-      // The note or description describing the vulnerability from the distro.
-      string description = 5;
-
-      // Corresponds to the references attached to the `VulnerabilityDetails`.
-      repeated Reference references = 6;
-    }
-
-    // OS inventory item that is affected by a vulnerability or fixed as a
-    // result of a vulnerability.
-    message Item {
-      // Corresponds to the `INSTALLED_PACKAGE` inventory item on the VM.
-      // This field displays the inventory items affected by this vulnerability.
-      // If the vulnerability report was not updated after the VM inventory
-      // update, these values might not display in VM inventory. For some
-      // operating systems, this field might be empty.
-      string installed_inventory_item_id = 1;
-
-      // Corresponds to the `AVAILABLE_PACKAGE` inventory item on the VM.
-      // If the vulnerability report was not updated after the VM inventory
-      // update, these values might not display in VM inventory. If there is no
-      // available fix, the field is empty. The `inventory_item` value specifies
-      // the latest `SoftwarePackage` available to the VM that fixes the
-      // vulnerability.
-      string available_inventory_item_id = 2;
-
-      // The recommended [CPE URI](https://cpe.mitre.org/specification/) update
-      // that contains a fix for this vulnerability.
-      string fixed_cpe_uri = 3;
-
-      // The upstream OS patch, packages or KB that fixes the vulnerability.
-      string upstream_fix = 4;
-    }
-
-    // Contains metadata as per the upstream feed of the operating system and
-    // NVD.
-    Details details = 1;
-
-    // Corresponds to the `INSTALLED_PACKAGE` inventory item on the VM.
-    // This field displays the inventory items affected by this vulnerability.
-    // If the vulnerability report was not updated after the VM inventory
-    // update, these values might not display in VM inventory. For some distros,
-    // this field may be empty.
-    repeated string installed_inventory_item_ids = 2 [deprecated = true];
-
-    // Corresponds to the `AVAILABLE_PACKAGE` inventory item on the VM.
-    // If the vulnerability report was not updated after the VM inventory
-    // update, these values might not display in VM inventory. If there is no
-    // available fix, the field is empty. The `inventory_item` value specifies
-    // the latest `SoftwarePackage` available to the VM that fixes the
-    // vulnerability.
-    repeated string available_inventory_item_ids = 3 [deprecated = true];
-
-    // The timestamp for when the vulnerability was first detected.
-    google.protobuf.Timestamp create_time = 4;
-
-    // The timestamp for when the vulnerability was last modified.
-    google.protobuf.Timestamp update_time = 5;
-
-    // List of items affected by the vulnerability.
-    repeated Item items = 6;
-  }
-
-  // Output only. The `vulnerabilityReport` API resource name.
-  //
-  // Format:
-  // `projects/{project_number}/locations/{location}/instances/{instance_id}/vulnerabilityReport`
-  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. List of vulnerabilities affecting the VM.
-  repeated Vulnerability vulnerabilities = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. The timestamp for when the last vulnerability report was generated for the
-  // VM.
-  google.protobuf.Timestamp update_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
-}
-
-// A request message for getting the vulnerability report for the specified VM.
-message GetVulnerabilityReportRequest {
-  // Required. API resource name for vulnerability resource.
-  //
-  // Format:
-  // `projects/{project}/locations/{location}/instances/{instance}/vulnerabilityReport`
-  //
-  // For `{project}`, either `project-number` or `project-id` can be provided.
-  // For `{instance}`, either Compute Engine `instance-id` or `instance-name`
-  // can be provided.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/VulnerabilityReport"
-    }
-  ];
-}
-
-// A request message for listing vulnerability reports for all VM instances in
-// the specified location.
-message ListVulnerabilityReportsRequest {
-  // Required. The parent resource name.
-  //
-  // Format: `projects/{project}/locations/{location}/instances/-`
-  //
-  // For `{project}`, either `project-number` or `project-id` can be provided.
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "compute.googleapis.com/Instance"
-    }
-  ];
-
-  // The maximum number of results to return.
-  int32 page_size = 2;
-
-  // A pagination token returned from a previous call to
-  // `ListVulnerabilityReports` that indicates where this listing
-  // should continue from.
-  string page_token = 3;
-
-  // If provided, this field specifies the criteria that must be met by a
-  // `vulnerabilityReport` API resource to be included in the response.
-  string filter = 4;
-}
-
-// A response message for listing vulnerability reports for all VM instances in
-// the specified location.
-message ListVulnerabilityReportsResponse {
-  // List of vulnerabilityReport objects.
-  repeated VulnerabilityReport vulnerability_reports = 1;
-
-  // The pagination token to retrieve the next page of vulnerabilityReports
-  // object.
-  string next_page_token = 2;
-}
-
-// Common Vulnerability Scoring System version 3.
-// For details, see https://www.first.org/cvss/specification-document
-message CVSSv3 {
-  // This metric reflects the context by which vulnerability exploitation is
-  // possible.
-  enum AttackVector {
-    // Invalid value.
-    ATTACK_VECTOR_UNSPECIFIED = 0;
-
-    // The vulnerable component is bound to the network stack and the set of
-    // possible attackers extends beyond the other options listed below, up to
-    // and including the entire Internet.
-    ATTACK_VECTOR_NETWORK = 1;
-
-    // The vulnerable component is bound to the network stack, but the attack is
-    // limited at the protocol level to a logically adjacent topology.
-    ATTACK_VECTOR_ADJACENT = 2;
-
-    // The vulnerable component is not bound to the network stack and the
-    // attacker's path is via read/write/execute capabilities.
-    ATTACK_VECTOR_LOCAL = 3;
-
-    // The attack requires the attacker to physically touch or manipulate the
-    // vulnerable component.
-    ATTACK_VECTOR_PHYSICAL = 4;
-  }
-
-  // This metric describes the conditions beyond the attacker's control that
-  // must exist in order to exploit the vulnerability.
-  enum AttackComplexity {
-    // Invalid value.
-    ATTACK_COMPLEXITY_UNSPECIFIED = 0;
-
-    // Specialized access conditions or extenuating circumstances do not exist.
-    // An attacker can expect repeatable success when attacking the vulnerable
-    // component.
-    ATTACK_COMPLEXITY_LOW = 1;
-
-    // A successful attack depends on conditions beyond the attacker's control.
-    // That is, a successful attack cannot be accomplished at will, but requires
-    // the attacker to invest in some measurable amount of effort in preparation
-    // or execution against the vulnerable component before a successful attack
-    // can be expected.
-    ATTACK_COMPLEXITY_HIGH = 2;
-  }
-
-  // This metric describes the level of privileges an attacker must possess
-  // before successfully exploiting the vulnerability.
-  enum PrivilegesRequired {
-    // Invalid value.
-    PRIVILEGES_REQUIRED_UNSPECIFIED = 0;
-
-    // The attacker is unauthorized prior to attack, and therefore does not
-    // require any access to settings or files of the vulnerable system to
-    // carry out an attack.
-    PRIVILEGES_REQUIRED_NONE = 1;
-
-    // The attacker requires privileges that provide basic user capabilities
-    // that could normally affect only settings and files owned by a user.
-    // Alternatively, an attacker with Low privileges has the ability to access
-    // only non-sensitive resources.
-    PRIVILEGES_REQUIRED_LOW = 2;
-
-    // The attacker requires privileges that provide significant (e.g.,
-    // administrative) control over the vulnerable component allowing access to
-    // component-wide settings and files.
-    PRIVILEGES_REQUIRED_HIGH = 3;
-  }
-
-  // This metric captures the requirement for a human user, other than the
-  // attacker, to participate in the successful compromise of the vulnerable
-  // component.
-  enum UserInteraction {
-    // Invalid value.
-    USER_INTERACTION_UNSPECIFIED = 0;
-
-    // The vulnerable system can be exploited without interaction from any user.
-    USER_INTERACTION_NONE = 1;
-
-    // Successful exploitation of this vulnerability requires a user to take
-    // some action before the vulnerability can be exploited.
-    USER_INTERACTION_REQUIRED = 2;
-  }
-
-  // The Scope metric captures whether a vulnerability in one vulnerable
-  // component impacts resources in components beyond its security scope.
-  enum Scope {
-    // Invalid value.
-    SCOPE_UNSPECIFIED = 0;
-
-    // An exploited vulnerability can only affect resources managed by the same
-    // security authority.
-    SCOPE_UNCHANGED = 1;
-
-    // An exploited vulnerability can affect resources beyond the security scope
-    // managed by the security authority of the vulnerable component.
-    SCOPE_CHANGED = 2;
-  }
-
-  // The Impact metrics capture the effects of a successfully exploited
-  // vulnerability on the component that suffers the worst outcome that is most
-  // directly and predictably associated with the attack.
-  enum Impact {
-    // Invalid value.
-    IMPACT_UNSPECIFIED = 0;
-
-    // High impact.
-    IMPACT_HIGH = 1;
-
-    // Low impact.
-    IMPACT_LOW = 2;
-
-    // No impact.
-    IMPACT_NONE = 3;
-  }
-
-  // The base score is a function of the base metric scores.
-  // https://www.first.org/cvss/specification-document#Base-Metrics
-  float base_score = 1;
-
-  // The Exploitability sub-score equation is derived from the Base
-  // Exploitability metrics.
-  // https://www.first.org/cvss/specification-document#2-1-Exploitability-Metrics
-  float exploitability_score = 2;
-
-  // The Impact sub-score equation is derived from the Base Impact metrics.
-  float impact_score = 3;
-
-  // This metric reflects the context by which vulnerability exploitation is
-  // possible.
-  AttackVector attack_vector = 5;
-
-  // This metric describes the conditions beyond the attacker's control that
-  // must exist in order to exploit the vulnerability.
-  AttackComplexity attack_complexity = 6;
-
-  // This metric describes the level of privileges an attacker must possess
-  // before successfully exploiting the vulnerability.
-  PrivilegesRequired privileges_required = 7;
-
-  // This metric captures the requirement for a human user, other than the
-  // attacker, to participate in the successful compromise of the vulnerable
-  // component.
-  UserInteraction user_interaction = 8;
-
-  // The Scope metric captures whether a vulnerability in one vulnerable
-  // component impacts resources in components beyond its security scope.
-  Scope scope = 9;
-
-  // This metric measures the impact to the confidentiality of the information
-  // resources managed by a software component due to a successfully exploited
-  // vulnerability.
-  Impact confidentiality_impact = 10;
-
-  // This metric measures the impact to integrity of a successfully exploited
-  // vulnerability.
-  Impact integrity_impact = 11;
-
-  // This metric measures the impact to the availability of the impacted
-  // component resulting from a successfully exploited vulnerability.
-  Impact availability_impact = 12;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1beta/BUILD.bazel b/third_party/googleapis/google/cloud/osconfig/v1beta/BUILD.bazel
deleted file mode 100644
index 50d254f..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1beta/BUILD.bazel
+++ /dev/null
@@ -1,383 +0,0 @@
-# This file was automatically generated by BuildFileGenerator
-# https://github.com/googleapis/rules_gapic/tree/master/bazel
-
-# Most of the manual changes to this file will be overwritten.
-# It's **only** allowed to change the following rule attribute values:
-# - names of *_gapic_assembly_* rules
-# - certain parameters of *_gapic_library rules, including but not limited to:
-#    * extra_protoc_parameters
-#    * extra_protoc_file_parameters
-# The complete list of preserved parameters can be found in the source code.
-
-# This is an API workspace, having public visibility by default makes perfect sense.
-package(default_visibility = ["//visibility:public"])
-
-##############################################################################
-# Common
-##############################################################################
-load("@rules_proto//proto:defs.bzl", "proto_library")
-load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info")
-
-proto_library(
-    name = "osconfig_proto",
-    srcs = [
-        "guest_policies.proto",
-        "osconfig_common.proto",
-        "osconfig_service.proto",
-        "patch_deployments.proto",
-        "patch_jobs.proto",
-    ],
-    deps = [
-        "//google/api:annotations_proto",
-        "//google/api:client_proto",
-        "//google/api:field_behavior_proto",
-        "//google/api:resource_proto",
-        "//google/type:datetime_proto",
-        "//google/type:dayofweek_proto",
-        "//google/type:timeofday_proto",
-        "@com_google_protobuf//:duration_proto",
-        "@com_google_protobuf//:empty_proto",
-        "@com_google_protobuf//:field_mask_proto",
-        "@com_google_protobuf//:timestamp_proto",
-    ],
-)
-
-proto_library_with_info(
-    name = "osconfig_proto_with_info",
-    deps = [
-        ":osconfig_proto",
-        "//google/cloud:common_resources_proto",
-    ],
-)
-
-##############################################################################
-# Java
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "java_gapic_assembly_gradle_pkg",
-    "java_gapic_library",
-    "java_gapic_test",
-    "java_grpc_library",
-    "java_proto_library",
-)
-
-java_proto_library(
-    name = "osconfig_java_proto",
-    deps = [":osconfig_proto"],
-)
-
-java_grpc_library(
-    name = "osconfig_java_grpc",
-    srcs = [":osconfig_proto"],
-    deps = [":osconfig_java_proto"],
-)
-
-java_gapic_library(
-    name = "osconfig_java_gapic",
-    srcs = [":osconfig_proto_with_info"],
-    gapic_yaml = "osconfig_gapic.yaml",
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    service_yaml = "osconfig_v1beta.yaml",
-    test_deps = [
-        ":osconfig_java_grpc",
-    ],
-    transport = "grpc+rest",
-    deps = [
-        ":osconfig_java_proto",
-        "//google/api:api_java_proto",
-    ],
-)
-
-java_gapic_test(
-    name = "osconfig_java_gapic_test_suite",
-    test_classes = [
-        "com.google.cloud.osconfig.v1beta.OsConfigServiceClientHttpJsonTest",
-        "com.google.cloud.osconfig.v1beta.OsConfigServiceClientTest",
-    ],
-    runtime_deps = [":osconfig_java_gapic_test"],
-)
-
-# Open Source Packages
-java_gapic_assembly_gradle_pkg(
-    name = "google-cloud-osconfig-v1beta-java",
-    include_samples = True,
-    transport = "grpc+rest",
-    deps = [
-        ":osconfig_java_gapic",
-        ":osconfig_java_grpc",
-        ":osconfig_java_proto",
-        ":osconfig_proto",
-    ],
-)
-
-##############################################################################
-# Go
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "go_gapic_assembly_pkg",
-    "go_gapic_library",
-    "go_proto_library",
-    "go_test",
-)
-
-go_proto_library(
-    name = "osconfig_go_proto",
-    compilers = ["@io_bazel_rules_go//proto:go_grpc"],
-    importpath = "google.golang.org/genproto/googleapis/cloud/osconfig/v1beta",
-    protos = [":osconfig_proto"],
-    deps = [
-        "//google/api:annotations_go_proto",
-        "//google/type:datetime_go_proto",
-        "//google/type:dayofweek_go_proto",
-        "//google/type:timeofday_go_proto",
-    ],
-)
-
-go_gapic_library(
-    name = "osconfig_go_gapic",
-    srcs = [":osconfig_proto_with_info"],
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    importpath = "cloud.google.com/go/osconfig/apiv1beta;osconfig",
-    metadata = True,
-    service_yaml = "osconfig_v1beta.yaml",
-    transport = "grpc+rest",
-    deps = [
-        ":osconfig_go_proto",
-        "@io_bazel_rules_go//proto/wkt:duration_go_proto",
-    ],
-)
-
-go_test(
-    name = "osconfig_go_gapic_test",
-    srcs = [":osconfig_go_gapic_srcjar_test"],
-    embed = [":osconfig_go_gapic"],
-    importpath = "cloud.google.com/go/osconfig/apiv1beta",
-)
-
-# Open Source Packages
-go_gapic_assembly_pkg(
-    name = "gapi-cloud-osconfig-v1beta-go",
-    deps = [
-        ":osconfig_go_gapic",
-        ":osconfig_go_gapic_srcjar-metadata.srcjar",
-        ":osconfig_go_gapic_srcjar-test.srcjar",
-        ":osconfig_go_proto",
-    ],
-)
-
-##############################################################################
-# Python
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "py_gapic_assembly_pkg",
-    "py_gapic_library",
-    "py_test",
-)
-
-py_gapic_library(
-    name = "osconfig_py_gapic",
-    srcs = [":osconfig_proto"],
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    opt_args = ["warehouse-package-name=google-cloud-os-config"],
-    transport = "grpc",
-)
-
-py_test(
-    name = "osconfig_py_gapic_test",
-    srcs = [
-        "osconfig_py_gapic_pytest.py",
-        "osconfig_py_gapic_test.py",
-    ],
-    legacy_create_init = False,
-    deps = [":osconfig_py_gapic"],
-)
-
-# Open Source Packages
-py_gapic_assembly_pkg(
-    name = "osconfig-v1beta-py",
-    deps = [
-        ":osconfig_py_gapic",
-    ],
-)
-
-##############################################################################
-# PHP
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "php_gapic_assembly_pkg",
-    "php_gapic_library",
-    "php_grpc_library",
-    "php_proto_library",
-)
-
-php_proto_library(
-    name = "osconfig_php_proto",
-    deps = [":osconfig_proto"],
-)
-
-php_grpc_library(
-    name = "osconfig_php_grpc",
-    srcs = [":osconfig_proto"],
-    deps = [":osconfig_php_proto"],
-)
-
-php_gapic_library(
-    name = "osconfig_php_gapic",
-    srcs = [":osconfig_proto_with_info"],
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    service_yaml = "osconfig_v1beta.yaml",
-    deps = [
-        ":osconfig_php_grpc",
-        ":osconfig_php_proto",
-    ],
-)
-
-# Open Source Packages
-php_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-v1beta-php",
-    deps = [
-        ":osconfig_php_gapic",
-        ":osconfig_php_grpc",
-        ":osconfig_php_proto",
-    ],
-)
-
-##############################################################################
-# Node.js
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "nodejs_gapic_assembly_pkg",
-    "nodejs_gapic_library",
-)
-
-nodejs_gapic_library(
-    name = "osconfig_nodejs_gapic",
-    package_name = "@google-cloud/osconfig",
-    src = ":osconfig_proto_with_info",
-    extra_protoc_parameters = ["metadata"],
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    package = "google.cloud.osconfig.v1beta",
-    service_yaml = "osconfig_v1beta.yaml",
-    deps = [],
-)
-
-nodejs_gapic_assembly_pkg(
-    name = "osconfig-v1beta-nodejs",
-    deps = [
-        ":osconfig_nodejs_gapic",
-        ":osconfig_proto",
-    ],
-)
-
-##############################################################################
-# Ruby
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "ruby_cloud_gapic_library",
-    "ruby_gapic_assembly_pkg",
-    "ruby_grpc_library",
-    "ruby_proto_library",
-)
-
-ruby_proto_library(
-    name = "osconfig_ruby_proto",
-    deps = [":osconfig_proto"],
-)
-
-ruby_grpc_library(
-    name = "osconfig_ruby_grpc",
-    srcs = [":osconfig_proto"],
-    deps = [":osconfig_ruby_proto"],
-)
-
-ruby_cloud_gapic_library(
-    name = "osconfig_ruby_gapic",
-    srcs = [":osconfig_proto_with_info"],
-    extra_protoc_parameters = ["ruby-cloud-gem-name=google-cloud-osconfig-v1beta"],
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    deps = [
-        ":osconfig_ruby_grpc",
-        ":osconfig_ruby_proto",
-    ],
-)
-
-# Open Source Packages
-ruby_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-v1beta-ruby",
-    deps = [
-        ":osconfig_ruby_gapic",
-        ":osconfig_ruby_grpc",
-        ":osconfig_ruby_proto",
-    ],
-)
-
-##############################################################################
-# C#
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "csharp_gapic_assembly_pkg",
-    "csharp_gapic_library",
-    "csharp_grpc_library",
-    "csharp_proto_library",
-)
-
-csharp_proto_library(
-    name = "osconfig_csharp_proto",
-    deps = [":osconfig_proto"],
-)
-
-csharp_grpc_library(
-    name = "osconfig_csharp_grpc",
-    srcs = [":osconfig_proto"],
-    deps = [":osconfig_csharp_proto"],
-)
-
-csharp_gapic_library(
-    name = "osconfig_csharp_gapic",
-    srcs = [":osconfig_proto_with_info"],
-    common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json",
-    grpc_service_config = "osconfig_grpc_service_config.json",
-    service_yaml = "osconfig_v1beta.yaml",
-    deps = [
-        ":osconfig_csharp_grpc",
-        ":osconfig_csharp_proto",
-    ],
-)
-
-# Open Source Packages
-csharp_gapic_assembly_pkg(
-    name = "google-cloud-osconfig-v1beta-csharp",
-    deps = [
-        ":osconfig_csharp_gapic",
-        ":osconfig_csharp_grpc",
-        ":osconfig_csharp_proto",
-    ],
-)
-
-##############################################################################
-# C++
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "cc_grpc_library",
-    "cc_proto_library",
-)
-
-cc_proto_library(
-    name = "osconfig_cc_proto",
-    deps = [":osconfig_proto"],
-)
-
-cc_grpc_library(
-    name = "osconfig_cc_grpc",
-    srcs = [":osconfig_proto"],
-    grpc_only = True,
-    deps = [":osconfig_cc_proto"],
-)
diff --git a/third_party/googleapis/google/cloud/osconfig/v1beta/guest_policies.proto b/third_party/googleapis/google/cloud/osconfig/v1beta/guest_policies.proto
deleted file mode 100644
index 9ff7bb0..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1beta/guest_policies.proto
+++ /dev/null
@@ -1,772 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1beta;
-
-import "google/api/field_behavior.proto";
-import "google/api/resource.proto";
-import "google/protobuf/field_mask.proto";
-import "google/protobuf/timestamp.proto";
-
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1beta;osconfig";
-option java_outer_classname = "GuestPolicies";
-option java_package = "com.google.cloud.osconfig.v1beta";
-
-// An OS Config resource representing a guest configuration policy. These
-// policies represent the desired state for VM instance guest environments
-// including packages to install or remove, package repository configurations,
-// and software to install.
-message GuestPolicy {
-  option (google.api.resource) = {
-    type: "osconfig.googleapis.com/GuestPolicy"
-    pattern: "projects/{project}/guestPolicies/{guest_policy}"
-  };
-
-  // Required. Unique name of the resource in this project using one of the following
-  // forms:
-  // `projects/{project_number}/guestPolicies/{guest_policy_id}`.
-  string name = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Description of the guest policy. Length of the description is limited
-  // to 1024 characters.
-  string description = 2;
-
-  // Output only. Time this guest policy was created.
-  google.protobuf.Timestamp create_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Last time this guest policy was updated.
-  google.protobuf.Timestamp update_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Required. Specifies the VM instances that are assigned to this policy. This allows
-  // you to target sets or groups of VM instances by different parameters such
-  // as labels, names, OS, or zones.
-  //
-  // If left empty, all VM instances underneath this policy are targeted.
-  //
-  // At the same level in the resource hierarchy (that is within a project), the
-  // service prevents the creation of multiple policies that conflict with
-  // each other. For more information, see how the service [handles assignment
-  // conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
-  Assignment assignment = 6 [(google.api.field_behavior) = REQUIRED];
-
-  // The software packages to be managed by this policy.
-  repeated Package packages = 7;
-
-  // A list of package repositories to configure on the VM instance. This is
-  // done before any other configs are applied so they can use these repos.
-  // Package repositories are only configured if the corresponding package
-  // manager(s) are available.
-  repeated PackageRepository package_repositories = 8;
-
-  // A list of Recipes to install on the VM instance.
-  repeated SoftwareRecipe recipes = 9;
-
-  // The etag for this guest policy.
-  // If this is provided on update, it must match the server's etag.
-  string etag = 10;
-}
-
-// An assignment represents the group or groups of VM instances that the policy
-// applies to.
-//
-// If an assignment is empty, it applies to all VM instances. Otherwise, the
-// targeted VM instances must meet all the criteria specified. So if both
-// labels and zones are specified, the policy applies to VM instances with those
-// labels and in those zones.
-message Assignment {
-  // Represents a group of VM intances that can be identified as having all
-  // these labels, for example "env=prod and app=web".
-  message GroupLabel {
-    // Google Compute Engine instance labels that must be present for an
-    // instance to be included in this assignment group.
-    map<string, string> labels = 1;
-  }
-
-  // Defines the criteria for selecting VM Instances by OS type.
-  message OsType {
-    // Targets VM instances with OS Inventory enabled and having the following
-    // OS short name, for example "debian" or "windows".
-    string os_short_name = 1;
-
-    // Targets VM instances with OS Inventory enabled and having the following
-    // following OS version.
-    string os_version = 2;
-
-    // Targets VM instances with OS Inventory enabled and having the following
-    // OS architecture.
-    string os_architecture = 3;
-  }
-
-  // Targets instances matching at least one of these label sets. This allows
-  // an assignment to target disparate groups, for example "env=prod or
-  // env=staging".
-  repeated GroupLabel group_labels = 1;
-
-  // Targets instances in any of these zones. Leave empty to target instances
-  // in any zone.
-  //
-  // Zonal targeting is uncommon and is supported to facilitate the management
-  // of changes by zone.
-  repeated string zones = 2;
-
-  // Targets any of the instances specified. Instances are specified by their
-  // URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
-  //
-  // Instance targeting is uncommon and is supported to facilitate the
-  // management of changes by the instance or to target specific VM instances
-  // for development and testing.
-  //
-  // Only supported for project-level policies and must reference instances
-  // within this project.
-  repeated string instances = 3;
-
-  // Targets VM instances whose name starts with one of these prefixes.
-  //
-  // Like labels, this is another way to group VM instances when targeting
-  // configs, for example prefix="prod-".
-  //
-  // Only supported for project-level policies.
-  repeated string instance_name_prefixes = 4;
-
-  // Targets VM instances matching at least one of the following OS types.
-  //
-  // VM instances must match all supplied criteria for a given OsType to be
-  // included.
-  repeated OsType os_types = 5;
-}
-
-// The desired state that the OS Config agent maintains on the VM instance.
-enum DesiredState {
-  // The default is to ensure the package is installed.
-  DESIRED_STATE_UNSPECIFIED = 0;
-
-  // The agent ensures that the package is installed.
-  INSTALLED = 1;
-
-  // The agent ensures that the package is installed and
-  // periodically checks for and install any updates.
-  UPDATED = 2;
-
-  // The agent ensures that the package is not installed and uninstall it
-  // if detected.
-  REMOVED = 3;
-}
-
-// Package is a reference to the software package to be installed or removed.
-// The agent on the VM instance uses the system package manager to apply the
-// config.
-//
-//
-// These are the commands that the agent uses to install or remove
-// packages.
-//
-// Apt
-// install: `apt-get update && apt-get -y install package1 package2 package3`
-// remove: `apt-get -y remove package1 package2 package3`
-//
-// Yum
-// install: `yum -y install package1 package2 package3`
-// remove: `yum -y remove package1 package2 package3`
-//
-// Zypper
-// install: `zypper install package1 package2 package3`
-// remove: `zypper rm package1 package2`
-//
-// Googet
-// install: `googet -noconfirm install package1 package2 package3`
-// remove: `googet -noconfirm remove package1 package2 package3`
-message Package {
-  // Types of package managers that may be used to manage this package.
-  enum Manager {
-    // The default behavior is ANY.
-    MANAGER_UNSPECIFIED = 0;
-
-    // Apply this package config using the default system package manager.
-    ANY = 1;
-
-    // Apply this package config only if Apt is available on the system.
-    APT = 2;
-
-    // Apply this package config only if Yum is available on the system.
-    YUM = 3;
-
-    // Apply this package config only if Zypper is available on the system.
-    ZYPPER = 4;
-
-    // Apply this package config only if GooGet is available on the system.
-    GOO = 5;
-  }
-
-  // Required. The name of the package. A package is uniquely identified for conflict
-  // validation by checking the package name and the manager(s) that the
-  // package targets.
-  string name = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // The desired_state the agent should maintain for this package. The
-  // default is to ensure the package is installed.
-  DesiredState desired_state = 2;
-
-  // Type of package manager that can be used to install this package.
-  // If a system does not have the package manager, the package is not
-  // installed or removed no error message is returned. By default,
-  // or if you specify `ANY`,
-  // the agent attempts to install and remove this package using the default
-  // package manager. This is useful when creating a policy that applies to
-  // different types of systems.
-  //
-  // The default behavior is ANY.
-  Manager manager = 3;
-}
-
-// Represents a single Apt package repository. This repository is added to
-// a repo file that is stored at
-// `/etc/apt/sources.list.d/google_osconfig.list`.
-message AptRepository {
-  // Type of archive.
-  enum ArchiveType {
-    // Unspecified.
-    ARCHIVE_TYPE_UNSPECIFIED = 0;
-
-    // DEB indicates that the archive contains binary files.
-    DEB = 1;
-
-    // DEB_SRC indicates that the archive contains source files.
-    DEB_SRC = 2;
-  }
-
-  // Type of archive files in this repository. The default behavior is DEB.
-  ArchiveType archive_type = 1;
-
-  // Required. URI for this repository.
-  string uri = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. Distribution of this repository.
-  string distribution = 3 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. List of components for this repository. Must contain at least one item.
-  repeated string components = 4 [(google.api.field_behavior) = REQUIRED];
-
-  // URI of the key file for this repository. The agent maintains
-  // a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
-  // all the keys in any applied guest policy.
-  string gpg_key = 5;
-}
-
-// Represents a single Yum package repository. This repository is added to a
-// repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
-message YumRepository {
-  // Required. A one word, unique name for this repository. This is
-  // the `repo id` in the Yum config file and also the `display_name` if
-  // `display_name` is omitted. This id is also used as the unique identifier
-  // when checking for guest policy conflicts.
-  string id = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // The display name of the repository.
-  string display_name = 2;
-
-  // Required. The location of the repository directory.
-  string base_url = 3 [(google.api.field_behavior) = REQUIRED];
-
-  // URIs of GPG keys.
-  repeated string gpg_keys = 4;
-}
-
-// Represents a single Zypper package repository. This repository is added to a
-// repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
-message ZypperRepository {
-  // Required. A one word, unique name for this repository. This is
-  // the `repo id` in the zypper config file and also the `display_name` if
-  // `display_name` is omitted. This id is also used as the unique identifier
-  // when checking for guest policy conflicts.
-  string id = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // The display name of the repository.
-  string display_name = 2;
-
-  // Required. The location of the repository directory.
-  string base_url = 3 [(google.api.field_behavior) = REQUIRED];
-
-  // URIs of GPG keys.
-  repeated string gpg_keys = 4;
-}
-
-// Represents a Goo package repository. These is added to a repo file
-// that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
-message GooRepository {
-  // Required. The name of the repository.
-  string name = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The url of the repository.
-  string url = 2 [(google.api.field_behavior) = REQUIRED];
-}
-
-// A package repository.
-message PackageRepository {
-  // A specific type of repository.
-  oneof repository {
-    // An Apt Repository.
-    AptRepository apt = 1;
-
-    // A Yum Repository.
-    YumRepository yum = 2;
-
-    // A Zypper Repository.
-    ZypperRepository zypper = 3;
-
-    // A Goo Repository.
-    GooRepository goo = 4;
-  }
-}
-
-// A software recipe is a set of instructions for installing and configuring a
-// piece of software. It consists of a set of artifacts that are
-// downloaded, and a set of steps that install, configure, and/or update the
-// software.
-//
-// Recipes support installing and updating software from artifacts in the
-// following formats:
-// Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
-//
-// Additionally, recipes support executing a script (either defined in a file or
-// directly in this api) in bash, sh, cmd, and powershell.
-//
-// Updating a software recipe
-//
-// If a recipe is assigned to an instance and there is a recipe with the same
-// name but a lower version already installed and the assigned state
-// of the recipe is `UPDATED`, then the recipe is updated to
-// the new version.
-//
-// Script Working Directories
-//
-// Each script or execution step is run in its own temporary directory which
-// is deleted after completing the step.
-message SoftwareRecipe {
-  // Specifies a resource to be used in the recipe.
-  message Artifact {
-    // Specifies an artifact available via some URI.
-    message Remote {
-      // URI from which to fetch the object. It should contain both the protocol
-      // and path following the format {protocol}://{location}.
-      string uri = 1;
-
-      // Must be provided if `allow_insecure` is `false`.
-      // SHA256 checksum in hex format, to compare to the checksum of the
-      // artifact. If the checksum is not empty and it doesn't match the
-      // artifact then the recipe installation fails before running any of the
-      // steps.
-      string checksum = 2;
-    }
-
-    // Specifies an artifact available as a Google Cloud Storage object.
-    message Gcs {
-      // Bucket of the Google Cloud Storage object.
-      // Given an example URL:
-      // `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
-      // this value would be `my-bucket`.
-      string bucket = 1;
-
-      // Name of the Google Cloud Storage object.
-      // As specified [here]
-      // (https://cloud.google.com/storage/docs/naming#objectnames)
-      // Given an example URL:
-      // `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
-      // this value would be `foo/bar`.
-      string object = 2;
-
-      // Must be provided if allow_insecure is false.
-      // Generation number of the Google Cloud Storage object.
-      // `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
-      // this value would be `1234567`.
-      int64 generation = 3;
-    }
-
-    // Required. Id of the artifact, which the installation and update steps of this
-    // recipe can reference. Artifacts in a recipe cannot have the same id.
-    string id = 1 [(google.api.field_behavior) = REQUIRED];
-
-    // A specific type of artifact.
-    oneof artifact {
-      // A generic remote artifact.
-      Remote remote = 2;
-
-      // A Google Cloud Storage artifact.
-      Gcs gcs = 3;
-    }
-
-    // Defaults to false. When false, recipes are subject to validations
-    // based on the artifact type:
-    //
-    // Remote: A checksum must be specified, and only protocols with
-    // transport-layer security are permitted.
-    // GCS:    An object generation number must be specified.
-    bool allow_insecure = 4;
-  }
-
-  // An action that can be taken as part of installing or updating a recipe.
-  message Step {
-    // Copies the artifact to the specified path on the instance.
-    message CopyFile {
-      // Required. The id of the relevant artifact in the recipe.
-      string artifact_id = 1 [(google.api.field_behavior) = REQUIRED];
-
-      // Required. The absolute path on the instance to put the file.
-      string destination = 2 [(google.api.field_behavior) = REQUIRED];
-
-      // Whether to allow this step to overwrite existing files. If this is
-      // false and the file already exists the file is not overwritten
-      // and the step is considered a success. Defaults to false.
-      bool overwrite = 3;
-
-      // Consists of three octal digits which represent, in
-      // order, the permissions of the owner, group, and other users for the
-      // file (similarly to the numeric mode used in the linux chmod utility).
-      // Each digit represents a three bit number with the 4 bit
-      // corresponding to the read permissions, the 2 bit corresponds to the
-      // write bit, and the one bit corresponds to the execute permission.
-      // Default behavior is 755.
-      //
-      // Below are some examples of permissions and their associated values:
-      // read, write, and execute: 7
-      // read and execute: 5
-      // read and write: 6
-      // read only: 4
-      string permissions = 4;
-    }
-
-    // Extracts an archive of the type specified in the specified directory.
-    message ExtractArchive {
-      // Specifying the type of archive.
-      enum ArchiveType {
-        // Indicates that the archive type isn't specified.
-        ARCHIVE_TYPE_UNSPECIFIED = 0;
-
-        // Indicates that the archive is a tar archive with no encryption.
-        TAR = 1;
-
-        // Indicates that the archive is a tar archive with gzip encryption.
-        TAR_GZIP = 2;
-
-        // Indicates that the archive is a tar archive with bzip encryption.
-        TAR_BZIP = 3;
-
-        // Indicates that the archive is a tar archive with lzma encryption.
-        TAR_LZMA = 4;
-
-        // Indicates that the archive is a tar archive with xz encryption.
-        TAR_XZ = 5;
-
-        // Indicates that the archive is a zip archive.
-        ZIP = 11;
-      }
-
-      // Required. The id of the relevant artifact in the recipe.
-      string artifact_id = 1 [(google.api.field_behavior) = REQUIRED];
-
-      // Directory to extract archive to.
-      // Defaults to `/` on Linux or `C:\` on Windows.
-      string destination = 2;
-
-      // Required. The type of the archive to extract.
-      ArchiveType type = 3 [(google.api.field_behavior) = REQUIRED];
-    }
-
-    // Installs an MSI file.
-    message InstallMsi {
-      // Required. The id of the relevant artifact in the recipe.
-      string artifact_id = 1 [(google.api.field_behavior) = REQUIRED];
-
-      // The flags to use when installing the MSI
-      // defaults to ["/i"] (i.e. the install flag).
-      repeated string flags = 2;
-
-      // Return codes that indicate that the software installed or updated
-      // successfully. Behaviour defaults to [0]
-      repeated int32 allowed_exit_codes = 3;
-    }
-
-    // Installs a deb via dpkg.
-    message InstallDpkg {
-      // Required. The id of the relevant artifact in the recipe.
-      string artifact_id = 1 [(google.api.field_behavior) = REQUIRED];
-    }
-
-    // Installs an rpm file via the rpm utility.
-    message InstallRpm {
-      // Required. The id of the relevant artifact in the recipe.
-      string artifact_id = 1 [(google.api.field_behavior) = REQUIRED];
-    }
-
-    // Executes an artifact or local file.
-    message ExecFile {
-      // Location of the file to execute.
-      oneof location_type {
-        // The id of the relevant artifact in the recipe.
-        string artifact_id = 1;
-
-        // The absolute path of the file on the local filesystem.
-        string local_path = 2;
-      }
-
-      // Arguments to be passed to the provided executable.
-      repeated string args = 3;
-
-      // Defaults to [0]. A list of possible return values that the program
-      // can return to indicate a success.
-      repeated int32 allowed_exit_codes = 4;
-    }
-
-    // Runs a script through an interpreter.
-    message RunScript {
-      // The interpreter used to execute a script.
-      enum Interpreter {
-        // Default value for ScriptType.
-        INTERPRETER_UNSPECIFIED = 0;
-
-        // Indicates that the script is run with `/bin/sh` on Linux and `cmd`
-        // on windows.
-        SHELL = 1;
-
-        // Indicates that the script is run with powershell.
-        POWERSHELL = 3;
-      }
-
-      // Required. The shell script to be executed.
-      string script = 1 [(google.api.field_behavior) = REQUIRED];
-
-      // Return codes that indicate that the software installed or updated
-      // successfully. Behaviour defaults to [0]
-      repeated int32 allowed_exit_codes = 2;
-
-      // The script interpreter to use to run the script. If no interpreter is
-      // specified the script is executed directly, which likely
-      // only succeed for scripts with
-      // [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
-      Interpreter interpreter = 3;
-    }
-
-    // A specific type of step.
-    oneof step {
-      // Copies a file onto the instance.
-      CopyFile file_copy = 1;
-
-      // Extracts an archive into the specified directory.
-      ExtractArchive archive_extraction = 2;
-
-      // Installs an MSI file.
-      InstallMsi msi_installation = 3;
-
-      // Installs a deb file via dpkg.
-      InstallDpkg dpkg_installation = 4;
-
-      // Installs an rpm file via the rpm utility.
-      InstallRpm rpm_installation = 5;
-
-      // Executes an artifact or local file.
-      ExecFile file_exec = 6;
-
-      // Runs commands in a shell.
-      RunScript script_run = 7;
-    }
-  }
-
-  // Required. Unique identifier for the recipe. Only one recipe with a given name is
-  // installed on an instance.
-  //
-  // Names are also used to identify resources which helps to determine whether
-  // guest policies have conflicts. This means that requests to create multiple
-  // recipes with the same name and version are rejected since they
-  // could potentially have conflicting assignments.
-  string name = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // The version of this software recipe. Version can be up to 4 period
-  // separated numbers (e.g. 12.34.56.78).
-  string version = 2;
-
-  // Resources available to be used in the steps in the recipe.
-  repeated Artifact artifacts = 3;
-
-  // Actions to be taken for installing this recipe. On failure it stops
-  // executing steps and does not attempt another installation. Any steps taken
-  // (including partially completed steps) are not rolled back.
-  repeated Step install_steps = 4;
-
-  // Actions to be taken for updating this recipe. On failure it stops
-  // executing steps and  does not attempt another update for this recipe. Any
-  // steps taken (including partially completed steps) are not rolled back.
-  repeated Step update_steps = 5;
-
-  // Default is INSTALLED. The desired state the agent should maintain for this
-  // recipe.
-  //
-  // INSTALLED: The software recipe is installed on the instance but
-  //            won't be updated to new versions.
-  // UPDATED: The software recipe is installed on the instance. The recipe is
-  //          updated to a higher version, if a higher version of the recipe is
-  //          assigned to this instance.
-  // REMOVE: Remove is unsupported for software recipes and attempts to
-  //         create or update a recipe to the REMOVE state is rejected.
-  DesiredState desired_state = 6;
-}
-
-// A request message for creating a guest policy.
-message CreateGuestPolicyRequest {
-  // Required. The resource name of the parent using one of the following forms:
-  // `projects/{project_number}`.
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      child_type: "osconfig.googleapis.com/GuestPolicy"
-    }
-  ];
-
-  // Required. The logical name of the guest policy in the project
-  // with the following restrictions:
-  //
-  // * Must contain only lowercase letters, numbers, and hyphens.
-  // * Must start with a letter.
-  // * Must be between 1-63 characters.
-  // * Must end with a number or a letter.
-  // * Must be unique within the project.
-  string guest_policy_id = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The GuestPolicy to create.
-  GuestPolicy guest_policy = 3 [(google.api.field_behavior) = REQUIRED];
-}
-
-// A request message for retrieving a guest policy.
-message GetGuestPolicyRequest {
-  // Required. The resource name of the guest policy using one of the following forms:
-  // `projects/{project_number}/guestPolicies/{guest_policy_id}`.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/GuestPolicy"
-    }
-  ];
-}
-
-// A request message for listing guest policies.
-message ListGuestPoliciesRequest {
-  // Required. The resource name of the parent using one of the following forms:
-  // `projects/{project_number}`.
-  string parent = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      child_type: "osconfig.googleapis.com/GuestPolicy"
-    }
-  ];
-
-  // The maximum number of guest policies to return.
-  int32 page_size = 2;
-
-  // A pagination token returned from a previous call to `ListGuestPolicies`
-  // that indicates where this listing should continue from.
-  string page_token = 3;
-}
-
-// A response message for listing guest policies.
-message ListGuestPoliciesResponse {
-  // The list of GuestPolicies.
-  repeated GuestPolicy guest_policies = 1;
-
-  // A pagination token that can be used to get the next page
-  // of guest policies.
-  string next_page_token = 2;
-}
-
-// A request message for updating a guest policy.
-message UpdateGuestPolicyRequest {
-  // Required. The updated GuestPolicy.
-  GuestPolicy guest_policy = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Field mask that controls which fields of the guest policy should be
-  // updated.
-  google.protobuf.FieldMask update_mask = 2;
-}
-
-// A request message for deleting a guest policy.
-message DeleteGuestPolicyRequest {
-  // Required. The resource name of the guest policy  using one of the following forms:
-  // `projects/{project_number}/guestPolicies/{guest_policy_id}`.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/GuestPolicy"
-    }
-  ];
-}
-
-// A request message for getting the effective guest policy assigned to the
-// instance.
-message LookupEffectiveGuestPolicyRequest {
-  // Required. The VM instance whose policies are being looked up.
-  string instance = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Short name of the OS running on the instance. The OS Config agent only
-  // provides this field for targeting if OS Inventory is enabled for that
-  // instance.
-  string os_short_name = 2;
-
-  // Version of the OS running on the instance. The OS Config agent only
-  // provides this field for targeting if OS Inventory is enabled for that
-  // VM instance.
-  string os_version = 3;
-
-  // Architecture of OS running on the instance. The OS Config agent only
-  // provides this field for targeting if OS Inventory is enabled for that
-  // instance.
-  string os_architecture = 4;
-}
-
-// The effective guest policy that applies to a VM instance.
-message EffectiveGuestPolicy {
-  // A guest policy package including its source.
-  message SourcedPackage {
-    // Name of the guest policy providing this config.
-    string source = 1;
-
-    // A software package to configure on the VM instance.
-    Package package = 2;
-  }
-
-  // A guest policy package repository including its source.
-  message SourcedPackageRepository {
-    // Name of the guest policy providing this config.
-    string source = 1;
-
-    // A software package repository to configure on the VM instance.
-    PackageRepository package_repository = 2;
-  }
-
-  // A guest policy recipe including its source.
-  message SourcedSoftwareRecipe {
-    // Name of the guest policy providing this config.
-    string source = 1;
-
-    // A software recipe to configure on the VM instance.
-    SoftwareRecipe software_recipe = 2;
-  }
-
-  // List of package configurations assigned to the VM instance.
-  repeated SourcedPackage packages = 1;
-
-  // List of package repository configurations assigned to the VM instance.
-  repeated SourcedPackageRepository package_repositories = 2;
-
-  // List of recipes assigned to the VM instance.
-  repeated SourcedSoftwareRecipe software_recipes = 3;
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1beta/osconfig_common.proto b/third_party/googleapis/google/cloud/osconfig/v1beta/osconfig_common.proto
deleted file mode 100644
index 8cee0d9..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1beta/osconfig_common.proto
+++ /dev/null
@@ -1,36 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1beta;
-
-
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1beta;osconfig";
-option java_outer_classname = "Common";
-option java_package = "com.google.cloud.osconfig.v1beta";
-
-// Message encapsulating a value that can be either absolute ("fixed") or
-// relative ("percent") to a value.
-message FixedOrPercent {
-  // Type of the value.
-  oneof mode {
-    // Specifies a fixed value.
-    int32 fixed = 1;
-
-    // Specifies the relative value defined as a percentage, which will be
-    // multiplied by a reference value.
-    int32 percent = 2;
-  }
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1beta/osconfig_gapic.yaml b/third_party/googleapis/google/cloud/osconfig/v1beta/osconfig_gapic.yaml
deleted file mode 100644
index dac5687..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1beta/osconfig_gapic.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-type: com.google.api.codegen.ConfigProto
-config_schema_version: 2.0.0
-# The settings of generated code in a specific language.
-language_settings:
-  python:
-    package_name: google.cloud.osconfig_v1beta.gapic
-  go:
-    package_name: cloud.google.com/go/osconfig/apiv1beta
-  csharp:
-    package_name: Google.Cloud.OsConfig.V1beta
-  ruby:
-    package_name: Google::Cloud::OsConfig::V1beta
-  php:
-    package_name: Google\Cloud\OsConfig\V1beta
-  nodejs:
-    package_name: osconfig.v1beta
-# A list of API interface configurations.
-interfaces:
-# The fully qualified name of the API interface.
-- name: google.cloud.osconfig.v1beta.OsConfigService
-  # A list of method configurations.
-  #   retry_codes_name - Specifies the configuration for retryable codes. The
-  #   name must be defined in interfaces.retry_codes_def.
-  #
-  #   retry_params_name - Specifies the configuration for retry/backoff
-  #   parameters. The name must be defined in interfaces.retry_params_def.
-  methods:
-  - name: DeletePatchDeployment
-    retry_codes_name: idempotent
-  - name: DeleteGuestPolicy
-    retry_codes_name: idempotent
diff --git a/third_party/googleapis/google/cloud/osconfig/v1beta/osconfig_grpc_service_config.json b/third_party/googleapis/google/cloud/osconfig/v1beta/osconfig_grpc_service_config.json
deleted file mode 100644
index 72072c4..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1beta/osconfig_grpc_service_config.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-  "methodConfig": [{
-    "name": [{ "service": "google.cloud.osconfig.v1beta.OsConfigService" }],
-    "timeout": "60s",
-    "retryPolicy": {
-      "maxAttempts": 5,
-      "initialBackoff": "1s",
-      "maxBackoff": "60s",
-      "backoffMultiplier": 1.3,
-      "retryableStatusCodes": ["UNAVAILABLE"]
-    }
-  }]
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1beta/osconfig_service.proto b/third_party/googleapis/google/cloud/osconfig/v1beta/osconfig_service.proto
deleted file mode 100644
index d69b7f7..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1beta/osconfig_service.proto
+++ /dev/null
@@ -1,186 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1beta;
-
-import "google/api/annotations.proto";
-import "google/api/client.proto";
-import "google/cloud/osconfig/v1beta/guest_policies.proto";
-import "google/cloud/osconfig/v1beta/patch_deployments.proto";
-import "google/cloud/osconfig/v1beta/patch_jobs.proto";
-import "google/protobuf/empty.proto";
-
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1beta;osconfig";
-option java_outer_classname = "OsConfigProto";
-option java_package = "com.google.cloud.osconfig.v1beta";
-
-// OS Config API
-//
-// The OS Config service is a server-side component that you can use to
-// manage package installations and patch jobs for virtual machine instances.
-service OsConfigService {
-  option (google.api.default_host) = "osconfig.googleapis.com";
-  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
-
-  // Patch VM instances by creating and running a patch job.
-  rpc ExecutePatchJob(ExecutePatchJobRequest) returns (PatchJob) {
-    option (google.api.http) = {
-      post: "/v1beta/{parent=projects/*}/patchJobs:execute"
-      body: "*"
-    };
-  }
-
-  // Get the patch job. This can be used to track the progress of an
-  // ongoing patch job or review the details of completed jobs.
-  rpc GetPatchJob(GetPatchJobRequest) returns (PatchJob) {
-    option (google.api.http) = {
-      get: "/v1beta/{name=projects/*/patchJobs/*}"
-    };
-  }
-
-  // Cancel a patch job. The patch job must be active. Canceled patch jobs
-  // cannot be restarted.
-  rpc CancelPatchJob(CancelPatchJobRequest) returns (PatchJob) {
-    option (google.api.http) = {
-      post: "/v1beta/{name=projects/*/patchJobs/*}:cancel"
-      body: "*"
-    };
-  }
-
-  // Get a list of patch jobs.
-  rpc ListPatchJobs(ListPatchJobsRequest) returns (ListPatchJobsResponse) {
-    option (google.api.http) = {
-      get: "/v1beta/{parent=projects/*}/patchJobs"
-    };
-  }
-
-  // Get a list of instance details for a given patch job.
-  rpc ListPatchJobInstanceDetails(ListPatchJobInstanceDetailsRequest) returns (ListPatchJobInstanceDetailsResponse) {
-    option (google.api.http) = {
-      get: "/v1beta/{parent=projects/*/patchJobs/*}/instanceDetails"
-    };
-    option (google.api.method_signature) = "parent";
-  }
-
-  // Create an OS Config patch deployment.
-  rpc CreatePatchDeployment(CreatePatchDeploymentRequest) returns (PatchDeployment) {
-    option (google.api.http) = {
-      post: "/v1beta/{parent=projects/*}/patchDeployments"
-      body: "patch_deployment"
-    };
-  }
-
-  // Get an OS Config patch deployment.
-  rpc GetPatchDeployment(GetPatchDeploymentRequest) returns (PatchDeployment) {
-    option (google.api.http) = {
-      get: "/v1beta/{name=projects/*/patchDeployments/*}"
-    };
-  }
-
-  // Get a page of OS Config patch deployments.
-  rpc ListPatchDeployments(ListPatchDeploymentsRequest) returns (ListPatchDeploymentsResponse) {
-    option (google.api.http) = {
-      get: "/v1beta/{parent=projects/*}/patchDeployments"
-    };
-  }
-
-  // Delete an OS Config patch deployment.
-  rpc DeletePatchDeployment(DeletePatchDeploymentRequest) returns (google.protobuf.Empty) {
-    option (google.api.http) = {
-      delete: "/v1beta/{name=projects/*/patchDeployments/*}"
-    };
-  }
-
-  // Update an OS Config patch deployment.
-  rpc UpdatePatchDeployment(UpdatePatchDeploymentRequest) returns (PatchDeployment) {
-    option (google.api.http) = {
-      patch: "/v1beta/{patch_deployment.name=projects/*/patchDeployments/*}"
-      body: "patch_deployment"
-    };
-    option (google.api.method_signature) = "patch_deployment,update_mask";
-  }
-
-  // Change state of patch deployment to "PAUSED".
-  // Patch deployment in paused state doesn't generate patch jobs.
-  rpc PausePatchDeployment(PausePatchDeploymentRequest) returns (PatchDeployment) {
-    option (google.api.http) = {
-      post: "/v1beta/{name=projects/*/patchDeployments/*}:pause"
-      body: "*"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // Change state of patch deployment back to "ACTIVE".
-  // Patch deployment in active state continues to generate patch jobs.
-  rpc ResumePatchDeployment(ResumePatchDeploymentRequest) returns (PatchDeployment) {
-    option (google.api.http) = {
-      post: "/v1beta/{name=projects/*/patchDeployments/*}:resume"
-      body: "*"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // Create an OS Config guest policy.
-  rpc CreateGuestPolicy(CreateGuestPolicyRequest) returns (GuestPolicy) {
-    option (google.api.http) = {
-      post: "/v1beta/{parent=projects/*}/guestPolicies"
-      body: "guest_policy"
-    };
-    option (google.api.method_signature) = "parent, guest_policy";
-  }
-
-  // Get an OS Config guest policy.
-  rpc GetGuestPolicy(GetGuestPolicyRequest) returns (GuestPolicy) {
-    option (google.api.http) = {
-      get: "/v1beta/{name=projects/*/guestPolicies/*}"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // Get a page of OS Config guest policies.
-  rpc ListGuestPolicies(ListGuestPoliciesRequest) returns (ListGuestPoliciesResponse) {
-    option (google.api.http) = {
-      get: "/v1beta/{parent=projects/*}/guestPolicies"
-    };
-    option (google.api.method_signature) = "parent";
-  }
-
-  // Update an OS Config guest policy.
-  rpc UpdateGuestPolicy(UpdateGuestPolicyRequest) returns (GuestPolicy) {
-    option (google.api.http) = {
-      patch: "/v1beta/{guest_policy.name=projects/*/guestPolicies/*}"
-      body: "guest_policy"
-    };
-    option (google.api.method_signature) = "guest_policy,update_mask";
-  }
-
-  // Delete an OS Config guest policy.
-  rpc DeleteGuestPolicy(DeleteGuestPolicyRequest) returns (google.protobuf.Empty) {
-    option (google.api.http) = {
-      delete: "/v1beta/{name=projects/*/guestPolicies/*}"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // Lookup the effective guest policy that applies to a VM instance. This
-  // lookup merges all policies that are assigned to the instance ancestry.
-  rpc LookupEffectiveGuestPolicy(LookupEffectiveGuestPolicyRequest) returns (EffectiveGuestPolicy) {
-    option (google.api.http) = {
-      post: "/v1beta/{instance=projects/*/zones/*/instances/*}:lookupEffectiveGuestPolicy"
-      body: "*"
-    };
-  }
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1beta/osconfig_v1beta.yaml b/third_party/googleapis/google/cloud/osconfig/v1beta/osconfig_v1beta.yaml
deleted file mode 100644
index a910c49..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1beta/osconfig_v1beta.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-type: google.api.Service
-config_version: 3
-name: osconfig.googleapis.com
-title: OS Config API
-
-apis:
-- name: google.cloud.osconfig.v1beta.OsConfigService
-
-documentation:
-  summary: |-
-    OS management tools that can be used for patch management, patch
-    compliance, and configuration management on VM instances.
-
-backend:
-  rules:
-  - selector: 'google.cloud.osconfig.v1beta.OsConfigService.*'
-    deadline: 30.0
-
-authentication:
-  rules:
-  - selector: 'google.cloud.osconfig.v1beta.OsConfigService.*'
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
-  - selector: google.longrunning.Operations.CancelOperation
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
-  - selector: google.longrunning.Operations.GetOperation
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
diff --git a/third_party/googleapis/google/cloud/osconfig/v1beta/patch_deployments.proto b/third_party/googleapis/google/cloud/osconfig/v1beta/patch_deployments.proto
deleted file mode 100644
index b37758f..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1beta/patch_deployments.proto
+++ /dev/null
@@ -1,295 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1beta;
-
-import "google/api/field_behavior.proto";
-import "google/api/resource.proto";
-import "google/cloud/osconfig/v1beta/patch_jobs.proto";
-import "google/protobuf/duration.proto";
-import "google/protobuf/field_mask.proto";
-import "google/protobuf/timestamp.proto";
-import "google/type/datetime.proto";
-import "google/type/dayofweek.proto";
-import "google/type/timeofday.proto";
-
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1beta;osconfig";
-option java_outer_classname = "PatchDeployments";
-option java_package = "com.google.cloud.osconfig.v1beta";
-
-// Patch deployments are configurations that individual patch jobs use to
-// complete a patch. These configurations include instance filter, package
-// repository settings, and a schedule. For more information about creating and
-// managing patch deployments, see [Scheduling patch
-// jobs](https://cloud.google.com/compute/docs/os-patch-management/schedule-patch-jobs).
-message PatchDeployment {
-  option (google.api.resource) = {
-    type: "osconfig.googleapis.com/PatchDeployment"
-    pattern: "projects/{project}/patchDeployments/{patch_deployment}"
-  };
-
-  // Represents state of patch peployment.
-  enum State {
-    // The default value. This value is used if the state is omitted.
-    STATE_UNSPECIFIED = 0;
-
-    // Active value means that patch deployment generates Patch Jobs.
-    ACTIVE = 1;
-
-    // Paused value means that patch deployment does not generate
-    // Patch jobs. Requires user action to move in and out from this state.
-    PAUSED = 2;
-  }
-
-  // Unique name for the patch deployment resource in a project. The patch
-  // deployment name is in the form:
-  // `projects/{project_id}/patchDeployments/{patch_deployment_id}`.
-  // This field is ignored when you create a new patch deployment.
-  string name = 1;
-
-  // Optional. Description of the patch deployment. Length of the description is limited
-  // to 1024 characters.
-  string description = 2 [(google.api.field_behavior) = OPTIONAL];
-
-  // Required. VM instances to patch.
-  PatchInstanceFilter instance_filter = 3 [(google.api.field_behavior) = REQUIRED];
-
-  // Optional. Patch configuration that is applied.
-  PatchConfig patch_config = 4 [(google.api.field_behavior) = OPTIONAL];
-
-  // Optional. Duration of the patch. After the duration ends, the patch times out.
-  google.protobuf.Duration duration = 5 [(google.api.field_behavior) = OPTIONAL];
-
-  // Schedule for the patch.
-  oneof schedule {
-    // Required. Schedule a one-time execution.
-    OneTimeSchedule one_time_schedule = 6 [(google.api.field_behavior) = REQUIRED];
-
-    // Required. Schedule recurring executions.
-    RecurringSchedule recurring_schedule = 7 [(google.api.field_behavior) = REQUIRED];
-  }
-
-  // Output only. Time the patch deployment was created. Timestamp is in
-  // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
-  google.protobuf.Timestamp create_time = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. Time the patch deployment was last updated. Timestamp is in
-  // [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
-  google.protobuf.Timestamp update_time = 9 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. The last time a patch job was started by this deployment.
-  // Timestamp is in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text
-  // format.
-  google.protobuf.Timestamp last_execute_time = 10 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Optional. Rollout strategy of the patch job.
-  PatchRollout rollout = 11 [(google.api.field_behavior) = OPTIONAL];
-
-  // Output only. Current state of the patch deployment.
-  State state = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
-}
-
-// Sets the time for a one time patch deployment. Timestamp is in
-// [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
-message OneTimeSchedule {
-  // Required. The desired patch job execution time.
-  google.protobuf.Timestamp execute_time = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// Sets the time for recurring patch deployments.
-message RecurringSchedule {
-  // Specifies the frequency of the recurring patch deployments.
-  enum Frequency {
-    // Invalid. A frequency must be specified.
-    FREQUENCY_UNSPECIFIED = 0;
-
-    // Indicates that the frequency of recurrence should be expressed in terms
-    // of weeks.
-    WEEKLY = 1;
-
-    // Indicates that the frequency of recurrence should be expressed in terms
-    // of months.
-    MONTHLY = 2;
-
-    // Indicates that the frequency of recurrence should be expressed in terms
-    // of days.
-    DAILY = 3;
-  }
-
-  // Required. Defines the time zone that `time_of_day` is relative to.
-  // The rules for daylight saving time are determined by the chosen time zone.
-  google.type.TimeZone time_zone = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Optional. The time that the recurring schedule becomes effective.
-  // Defaults to `create_time` of the patch deployment.
-  google.protobuf.Timestamp start_time = 2 [(google.api.field_behavior) = OPTIONAL];
-
-  // Optional. The end time at which a recurring patch deployment schedule is no longer
-  // active.
-  google.protobuf.Timestamp end_time = 3 [(google.api.field_behavior) = OPTIONAL];
-
-  // Required. Time of the day to run a recurring deployment.
-  google.type.TimeOfDay time_of_day = 4 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The frequency unit of this recurring schedule.
-  Frequency frequency = 5 [(google.api.field_behavior) = REQUIRED];
-
-  // Configurations for this recurring schedule.
-  // Configurations must match frequency.
-  oneof schedule_config {
-    // Required. Schedule with weekly executions.
-    WeeklySchedule weekly = 6 [(google.api.field_behavior) = REQUIRED];
-
-    // Required. Schedule with monthly executions.
-    MonthlySchedule monthly = 7 [(google.api.field_behavior) = REQUIRED];
-  }
-
-  // Output only. The time the last patch job ran successfully.
-  google.protobuf.Timestamp last_execute_time = 9 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. The time the next patch job is scheduled to run.
-  google.protobuf.Timestamp next_execute_time = 10 [(google.api.field_behavior) = OUTPUT_ONLY];
-}
-
-// Represents a weekly schedule.
-message WeeklySchedule {
-  // Required. Day of the week.
-  google.type.DayOfWeek day_of_week = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// Represents a monthly schedule. An example of a valid monthly schedule is
-// "on the third Tuesday of the month" or "on the 15th of the month".
-message MonthlySchedule {
-  // One day in a month.
-  oneof day_of_month {
-    // Required. Week day in a month.
-    WeekDayOfMonth week_day_of_month = 1 [(google.api.field_behavior) = REQUIRED];
-
-    // Required. One day of the month. 1-31 indicates the 1st to the 31st day. -1
-    // indicates the last day of the month.
-    // Months without the target day will be skipped. For example, a schedule to
-    // run "every month on the 31st" will not run in February, April, June, etc.
-    int32 month_day = 2 [(google.api.field_behavior) = REQUIRED];
-  }
-}
-
-// Represents one week day in a month. An example is "the 4th Sunday".
-message WeekDayOfMonth {
-  // Required. Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1
-  // indicates the last week of the month.
-  int32 week_ordinal = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. A day of the week.
-  google.type.DayOfWeek day_of_week = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // Optional. Represents the number of days before or after the given week day of month
-  // that the patch deployment is scheduled for. For example if `week_ordinal`
-  // and `day_of_week` values point to the second day of the month and this
-  // `day_offset` value is set to `3`, the patch deployment takes place three
-  // days after the second Tuesday of the month. If this value is negative, for
-  // example -5, the patches  are deployed five days before before the second
-  // Tuesday of the month. Allowed values are in range `[-30, 30]`.
-  int32 day_offset = 3 [(google.api.field_behavior) = OPTIONAL];
-}
-
-// A request message for creating a patch deployment.
-message CreatePatchDeploymentRequest {
-  // Required. The project to apply this patch deployment to in the form `projects/*`.
-  string parent = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. A name for the patch deployment in the project. When creating a name
-  // the following rules apply:
-  // * Must contain only lowercase letters, numbers, and hyphens.
-  // * Must start with a letter.
-  // * Must be between 1-63 characters.
-  // * Must end with a number or a letter.
-  // * Must be unique within the project.
-  string patch_deployment_id = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The patch deployment to create.
-  PatchDeployment patch_deployment = 3 [(google.api.field_behavior) = REQUIRED];
-}
-
-// A request message for retrieving a patch deployment.
-message GetPatchDeploymentRequest {
-  // Required. The resource name of the patch deployment in the form
-  // `projects/*/patchDeployments/*`.
-  string name = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// A request message for listing patch deployments.
-message ListPatchDeploymentsRequest {
-  // Required. The resource name of the parent in the form `projects/*`.
-  string parent = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Optional. The maximum number of patch deployments to return. Default is 100.
-  int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
-
-  // Optional. A pagination token returned from a previous call to ListPatchDeployments
-  // that indicates where this listing should continue from.
-  string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
-}
-
-// A response message for listing patch deployments.
-message ListPatchDeploymentsResponse {
-  // The list of patch deployments.
-  repeated PatchDeployment patch_deployments = 1;
-
-  // A pagination token that can be used to get the next page of patch
-  // deployments.
-  string next_page_token = 2;
-}
-
-// A request message for deleting a patch deployment.
-message DeletePatchDeploymentRequest {
-  // Required. The resource name of the patch deployment in the form
-  // `projects/*/patchDeployments/*`.
-  string name = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// A request message for updating a patch deployment.
-message UpdatePatchDeploymentRequest {
-  // Required. The patch deployment to Update.
-  PatchDeployment patch_deployment = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Optional. Field mask that controls which fields of the patch deployment should be
-  // updated.
-  google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = OPTIONAL];
-}
-
-// A request message for pausing a patch deployment.
-message PausePatchDeploymentRequest {
-  // Required. The resource name of the patch deployment in the form
-  // `projects/*/patchDeployments/*`.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/PatchDeployment"
-    }
-  ];
-}
-
-// A request message for resuming a patch deployment.
-message ResumePatchDeploymentRequest {
-  // Required. The resource name of the patch deployment in the form
-  // `projects/*/patchDeployments/*`.
-  string name = 1 [
-    (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "osconfig.googleapis.com/PatchDeployment"
-    }
-  ];
-}
diff --git a/third_party/googleapis/google/cloud/osconfig/v1beta/patch_jobs.proto b/third_party/googleapis/google/cloud/osconfig/v1beta/patch_jobs.proto
deleted file mode 100644
index 6ea1185..0000000
--- a/third_party/googleapis/google/cloud/osconfig/v1beta/patch_jobs.proto
+++ /dev/null
@@ -1,702 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.cloud.osconfig.v1beta;
-
-import "google/api/field_behavior.proto";
-import "google/api/resource.proto";
-import "google/cloud/osconfig/v1beta/osconfig_common.proto";
-import "google/protobuf/duration.proto";
-import "google/protobuf/timestamp.proto";
-
-option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1beta;osconfig";
-option java_outer_classname = "PatchJobs";
-option java_package = "com.google.cloud.osconfig.v1beta";
-
-// A request message to initiate patching across Compute Engine instances.
-message ExecutePatchJobRequest {
-  // Required. The project in which to run this patch in the form `projects/*`
-  string parent = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Description of the patch job. Length of the description is limited
-  // to 1024 characters.
-  string description = 2;
-
-  // Required. Instances to patch, either explicitly or filtered by some criteria such
-  // as zone or labels.
-  PatchInstanceFilter instance_filter = 7 [(google.api.field_behavior) = REQUIRED];
-
-  // Patch configuration being applied. If omitted, instances are
-  // patched using the default configurations.
-  PatchConfig patch_config = 4;
-
-  // Duration of the patch job. After the duration ends, the patch job
-  // times out.
-  google.protobuf.Duration duration = 5;
-
-  // If this patch is a dry-run only, instances are contacted but
-  // will do nothing.
-  bool dry_run = 6;
-
-  // Display name for this patch job. This does not have to be unique.
-  string display_name = 8;
-
-  // Rollout strategy of the patch job.
-  PatchRollout rollout = 9;
-}
-
-// Request to get an active or completed patch job.
-message GetPatchJobRequest {
-  // Required. Name of the patch in the form `projects/*/patchJobs/*`
-  string name = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// Request to list details for all instances that are part of a patch job.
-message ListPatchJobInstanceDetailsRequest {
-  // Required. The parent for the instances are in the form of `projects/*/patchJobs/*`.
-  string parent = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // The maximum number of instance details records to return.  Default is 100.
-  int32 page_size = 2;
-
-  // A pagination token returned from a previous call
-  // that indicates where this listing should continue from.
-  string page_token = 3;
-
-  // A filter expression that filters results listed in the response. This
-  // field supports filtering results by instance zone, name, state, or
-  // `failure_reason`.
-  string filter = 4;
-}
-
-// A response message for listing the instances details for a patch job.
-message ListPatchJobInstanceDetailsResponse {
-  // A list of instance status.
-  repeated PatchJobInstanceDetails patch_job_instance_details = 1;
-
-  // A pagination token that can be used to get the next page of results.
-  string next_page_token = 2;
-}
-
-// Patch details for a VM instance. For more information about reviewing VM
-// instance details, see
-// [Listing all VM instance details for a specific patch
-// job](https://cloud.google.com/compute/docs/os-patch-management/manage-patch-jobs#list-instance-details).
-message PatchJobInstanceDetails {
-  // The instance name in the form `projects/*/zones/*/instances/*`
-  string name = 1;
-
-  // The unique identifier for the instance. This identifier is
-  // defined by the server.
-  string instance_system_id = 2;
-
-  // Current state of instance patch.
-  Instance.PatchState state = 3;
-
-  // If the patch fails, this field provides the reason.
-  string failure_reason = 4;
-
-  // The number of times the agent that the agent attempts to apply the patch.
-  int64 attempt_count = 5;
-}
-
-// A request message for listing patch jobs.
-message ListPatchJobsRequest {
-  // Required. In the form of `projects/*`
-  string parent = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // The maximum number of instance status to return.
-  int32 page_size = 2;
-
-  // A pagination token returned from a previous call
-  // that indicates where this listing should continue from.
-  string page_token = 3;
-
-  // If provided, this field specifies the criteria that must be met by patch
-  // jobs to be included in the response.
-  // Currently, filtering is only available on the patch_deployment field.
-  string filter = 4;
-}
-
-// A response message for listing patch jobs.
-message ListPatchJobsResponse {
-  // The list of patch jobs.
-  repeated PatchJob patch_jobs = 1;
-
-  // A pagination token that can be used to get the next page of results.
-  string next_page_token = 2;
-}
-
-// A high level representation of a patch job that is either in progress
-// or has completed.
-//
-// Instance details are not included in the job. To paginate through instance
-// details, use `ListPatchJobInstanceDetails`.
-//
-// For more information about patch jobs, see
-// [Creating patch
-// jobs](https://cloud.google.com/compute/docs/os-patch-management/create-patch-job).
-message PatchJob {
-  option (google.api.resource) = {
-    type: "osconfig.googleapis.com/PatchJob"
-    pattern: "projects/{project}/patchJobs/{patch_job}"
-  };
-
-  // Enumeration of the various states a patch job passes through as it
-  // executes.
-  enum State {
-    // State must be specified.
-    STATE_UNSPECIFIED = 0;
-
-    // The patch job was successfully initiated.
-    STARTED = 1;
-
-    // The patch job is looking up instances to run the patch on.
-    INSTANCE_LOOKUP = 2;
-
-    // Instances are being patched.
-    PATCHING = 3;
-
-    // Patch job completed successfully.
-    SUCCEEDED = 4;
-
-    // Patch job completed but there were errors.
-    COMPLETED_WITH_ERRORS = 5;
-
-    // The patch job was canceled.
-    CANCELED = 6;
-
-    // The patch job timed out.
-    TIMED_OUT = 7;
-  }
-
-  // A summary of the current patch state across all instances that this patch
-  // job affects. Contains counts of instances in different states. These states
-  // map to `InstancePatchState`. List patch job instance details to see the
-  // specific states of each instance.
-  message InstanceDetailsSummary {
-    // Number of instances pending patch job.
-    int64 pending_instance_count = 1;
-
-    // Number of instances that are inactive.
-    int64 inactive_instance_count = 2;
-
-    // Number of instances notified about patch job.
-    int64 notified_instance_count = 3;
-
-    // Number of instances that have started.
-    int64 started_instance_count = 4;
-
-    // Number of instances that are downloading patches.
-    int64 downloading_patches_instance_count = 5;
-
-    // Number of instances that are applying patches.
-    int64 applying_patches_instance_count = 6;
-
-    // Number of instances rebooting.
-    int64 rebooting_instance_count = 7;
-
-    // Number of instances that have completed successfully.
-    int64 succeeded_instance_count = 8;
-
-    // Number of instances that require reboot.
-    int64 succeeded_reboot_required_instance_count = 9;
-
-    // Number of instances that failed.
-    int64 failed_instance_count = 10;
-
-    // Number of instances that have acked and will start shortly.
-    int64 acked_instance_count = 11;
-
-    // Number of instances that exceeded the time out while applying the patch.
-    int64 timed_out_instance_count = 12;
-
-    // Number of instances that are running the pre-patch step.
-    int64 pre_patch_step_instance_count = 13;
-
-    // Number of instances that are running the post-patch step.
-    int64 post_patch_step_instance_count = 14;
-
-    // Number of instances that do not appear to be running the agent. Check to
-    // ensure that the agent is installed, running, and able to communicate with
-    // the service.
-    int64 no_agent_detected_instance_count = 15;
-  }
-
-  // Unique identifier for this patch job in the form
-  // `projects/*/patchJobs/*`
-  string name = 1;
-
-  // Display name for this patch job. This is not a unique identifier.
-  string display_name = 14;
-
-  // Description of the patch job. Length of the description is limited
-  // to 1024 characters.
-  string description = 2;
-
-  // Time this patch job was created.
-  google.protobuf.Timestamp create_time = 3;
-
-  // Last time this patch job was updated.
-  google.protobuf.Timestamp update_time = 4;
-
-  // The current state of the PatchJob.
-  State state = 5;
-
-  // Instances to patch.
-  PatchInstanceFilter instance_filter = 13;
-
-  // Patch configuration being applied.
-  PatchConfig patch_config = 7;
-
-  // Duration of the patch job. After the duration ends, the
-  // patch job times out.
-  google.protobuf.Duration duration = 8;
-
-  // Summary of instance details.
-  InstanceDetailsSummary instance_details_summary = 9;
-
-  // If this patch job is a dry run, the agent reports that it has
-  // finished without running any updates on the VM instance.
-  bool dry_run = 10;
-
-  // If this patch job failed, this message provides information about the
-  // failure.
-  string error_message = 11;
-
-  // Reflects the overall progress of the patch job in the range of
-  // 0.0 being no progress to 100.0 being complete.
-  double percent_complete = 12;
-
-  // Output only. Name of the patch deployment that created this patch job.
-  string patch_deployment = 15 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Rollout strategy being applied.
-  PatchRollout rollout = 16;
-}
-
-// Patch configuration specifications. Contains details on how to apply the
-// patch(es) to a VM instance.
-message PatchConfig {
-  // Post-patch reboot settings.
-  enum RebootConfig {
-    // The default behavior is DEFAULT.
-    REBOOT_CONFIG_UNSPECIFIED = 0;
-
-    // The agent decides if a reboot is necessary by checking signals such as
-    // registry keys on Windows or `/var/run/reboot-required` on APT based
-    // systems. On RPM based systems, a set of core system package install times
-    // are compared with system boot time.
-    DEFAULT = 1;
-
-    // Always reboot the machine after the update completes.
-    ALWAYS = 2;
-
-    // Never reboot the machine after the update completes.
-    NEVER = 3;
-  }
-
-  // Post-patch reboot settings.
-  RebootConfig reboot_config = 1;
-
-  // Apt update settings. Use this setting to override the default `apt` patch
-  // rules.
-  AptSettings apt = 3;
-
-  // Yum update settings. Use this setting to override the default `yum` patch
-  // rules.
-  YumSettings yum = 4;
-
-  // Goo update settings. Use this setting to override the default `goo` patch
-  // rules.
-  GooSettings goo = 5;
-
-  // Zypper update settings. Use this setting to override the default `zypper`
-  // patch rules.
-  ZypperSettings zypper = 6;
-
-  // Windows update settings. Use this override the default windows patch rules.
-  WindowsUpdateSettings windows_update = 7;
-
-  // The `ExecStep` to run before the patch update.
-  ExecStep pre_step = 8;
-
-  // The `ExecStep` to run after the patch update.
-  ExecStep post_step = 9;
-
-  // Allows the patch job to run on Managed instance groups (MIGs).
-  bool mig_instances_allowed = 10;
-}
-
-// Namespace for instance state enums.
-message Instance {
-  // Patch state of an instance.
-  enum PatchState {
-    // Unspecified.
-    PATCH_STATE_UNSPECIFIED = 0;
-
-    // The instance is not yet notified.
-    PENDING = 1;
-
-    // Instance is inactive and cannot be patched.
-    INACTIVE = 2;
-
-    // The instance is notified that it should be patched.
-    NOTIFIED = 3;
-
-    // The instance has started the patching process.
-    STARTED = 4;
-
-    // The instance is downloading patches.
-    DOWNLOADING_PATCHES = 5;
-
-    // The instance is applying patches.
-    APPLYING_PATCHES = 6;
-
-    // The instance is rebooting.
-    REBOOTING = 7;
-
-    // The instance has completed applying patches.
-    SUCCEEDED = 8;
-
-    // The instance has completed applying patches but a reboot is required.
-    SUCCEEDED_REBOOT_REQUIRED = 9;
-
-    // The instance has failed to apply the patch.
-    FAILED = 10;
-
-    // The instance acked the notification and will start shortly.
-    ACKED = 11;
-
-    // The instance exceeded the time out while applying the patch.
-    TIMED_OUT = 12;
-
-    // The instance is running the pre-patch step.
-    RUNNING_PRE_PATCH_STEP = 13;
-
-    // The instance is running the post-patch step.
-    RUNNING_POST_PATCH_STEP = 14;
-
-    // The service could not detect the presence of the agent. Check to ensure
-    // that the agent is installed, running, and able to communicate with the
-    // service.
-    NO_AGENT_DETECTED = 15;
-  }
-
-
-}
-
-// Message for canceling a patch job.
-message CancelPatchJobRequest {
-  // Required. Name of the patch in the form `projects/*/patchJobs/*`
-  string name = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// Apt patching is completed by executing `apt-get update && apt-get
-// upgrade`. Additional options can be set to control how this is executed.
-message AptSettings {
-  // Apt patch type.
-  enum Type {
-    // By default, upgrade will be performed.
-    TYPE_UNSPECIFIED = 0;
-
-    // Runs `apt-get dist-upgrade`.
-    DIST = 1;
-
-    // Runs `apt-get upgrade`.
-    UPGRADE = 2;
-  }
-
-  // By changing the type to DIST, the patching is performed
-  // using `apt-get dist-upgrade` instead.
-  Type type = 1;
-
-  // List of packages to exclude from update. These packages will be excluded
-  repeated string excludes = 2;
-
-  // An exclusive list of packages to be updated. These are the only packages
-  // that will be updated. If these packages are not installed, they will be
-  // ignored. This field cannot be specified with any other patch configuration
-  // fields.
-  repeated string exclusive_packages = 3;
-}
-
-// Yum patching is performed by executing `yum update`. Additional options
-// can be set to control how this is executed.
-//
-// Note that not all settings are supported on all platforms.
-message YumSettings {
-  // Adds the `--security` flag to `yum update`. Not supported on
-  // all platforms.
-  bool security = 1;
-
-  // Will cause patch to run `yum update-minimal` instead.
-  bool minimal = 2;
-
-  // List of packages to exclude from update. These packages are excluded by
-  // using the yum `--exclude` flag.
-  repeated string excludes = 3;
-
-  // An exclusive list of packages to be updated. These are the only packages
-  // that will be updated. If these packages are not installed, they will be
-  // ignored. This field must not be specified with any other patch
-  // configuration fields.
-  repeated string exclusive_packages = 4;
-}
-
-// Googet patching is performed by running `googet update`.
-message GooSettings {
-
-}
-
-// Zypper patching is performed by running `zypper patch`.
-// See also https://en.opensuse.org/SDB:Zypper_manual.
-message ZypperSettings {
-  // Adds the `--with-optional` flag to `zypper patch`.
-  bool with_optional = 1;
-
-  // Adds the `--with-update` flag, to `zypper patch`.
-  bool with_update = 2;
-
-  // Install only patches with these categories.
-  // Common categories include security, recommended, and feature.
-  repeated string categories = 3;
-
-  // Install only patches with these severities.
-  // Common severities include critical, important, moderate, and low.
-  repeated string severities = 4;
-
-  // List of patches to exclude from update.
-  repeated string excludes = 5;
-
-  // An exclusive list of patches to be updated. These are the only patches
-  // that will be installed using 'zypper patch patch:<patch_name>' command.
-  // This field must not be used with any other patch configuration fields.
-  repeated string exclusive_patches = 6;
-}
-
-// Windows patching is performed using the Windows Update Agent.
-message WindowsUpdateSettings {
-  // Microsoft Windows update classifications as defined in
-  // [1]
-  // https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro
-  enum Classification {
-    // Invalid. If classifications are included, they must be specified.
-    CLASSIFICATION_UNSPECIFIED = 0;
-
-    // "A widely released fix for a specific problem that addresses a critical,
-    // non-security-related bug." [1]
-    CRITICAL = 1;
-
-    // "A widely released fix for a product-specific, security-related
-    // vulnerability. Security vulnerabilities are rated by their severity. The
-    // severity rating is indicated in the Microsoft security bulletin as
-    // critical, important, moderate, or low." [1]
-    SECURITY = 2;
-
-    // "A widely released and frequent software update that contains additions
-    // to a product's definition database. Definition databases are often used
-    // to detect objects that have specific attributes, such as malicious code,
-    // phishing websites, or junk mail." [1]
-    DEFINITION = 3;
-
-    // "Software that controls the input and output of a device." [1]
-    DRIVER = 4;
-
-    // "New product functionality that is first distributed outside the context
-    // of a product release and that is typically included in the next full
-    // product release." [1]
-    FEATURE_PACK = 5;
-
-    // "A tested, cumulative set of all hotfixes, security updates, critical
-    // updates, and updates. Additionally, service packs may contain additional
-    // fixes for problems that are found internally since the release of the
-    // product. Service packs my also contain a limited number of
-    // customer-requested design changes or features." [1]
-    SERVICE_PACK = 6;
-
-    // "A utility or feature that helps complete a task or set of tasks." [1]
-    TOOL = 7;
-
-    // "A tested, cumulative set of hotfixes, security updates, critical
-    // updates, and updates that are packaged together for easy deployment. A
-    // rollup generally targets a specific area, such as security, or a
-    // component of a product, such as Internet Information Services (IIS)." [1]
-    UPDATE_ROLLUP = 8;
-
-    // "A widely released fix for a specific problem. An update addresses a
-    // noncritical, non-security-related bug." [1]
-    UPDATE = 9;
-  }
-
-  // Only apply updates of these windows update classifications. If empty, all
-  // updates are applied.
-  repeated Classification classifications = 1;
-
-  // List of KBs to exclude from update.
-  repeated string excludes = 2;
-
-  // An exclusive list of kbs to be updated. These are the only patches
-  // that will be updated. This field must not be used with other
-  // patch configurations.
-  repeated string exclusive_patches = 3;
-}
-
-// A step that runs an executable for a PatchJob.
-message ExecStep {
-  // The ExecStepConfig for all Linux VMs targeted by the PatchJob.
-  ExecStepConfig linux_exec_step_config = 1;
-
-  // The ExecStepConfig for all Windows VMs targeted by the PatchJob.
-  ExecStepConfig windows_exec_step_config = 2;
-}
-
-// Common configurations for an ExecStep.
-message ExecStepConfig {
-  // The interpreter used to execute the a file.
-  enum Interpreter {
-    // Invalid for a Windows ExecStepConfig. For a Linux ExecStepConfig, the
-    // interpreter will be parsed from the shebang line of the script if
-    // unspecified.
-    INTERPRETER_UNSPECIFIED = 0;
-
-    // Indicates that the script is run with `/bin/sh` on Linux and `cmd`
-    // on Windows.
-    SHELL = 1;
-
-    // Indicates that the file is run with PowerShell flags
-    // `-NonInteractive`, `-NoProfile`, and `-ExecutionPolicy Bypass`.
-    POWERSHELL = 2;
-  }
-
-  // Location of the executable.
-  oneof executable {
-    // An absolute path to the executable on the VM.
-    string local_path = 1;
-
-    // A Google Cloud Storage object containing the executable.
-    GcsObject gcs_object = 2;
-  }
-
-  // Defaults to [0]. A list of possible return values that the
-  // execution can return to indicate a success.
-  repeated int32 allowed_success_codes = 3;
-
-  // The script interpreter to use to run the script. If no interpreter is
-  // specified the script will be executed directly, which will likely
-  // only succeed for scripts with [shebang lines]
-  // (https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
-  Interpreter interpreter = 4;
-}
-
-// Google Cloud Storage object representation.
-message GcsObject {
-  // Required. Bucket of the Google Cloud Storage object.
-  string bucket = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. Name of the Google Cloud Storage object.
-  string object = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. Generation number of the Google Cloud Storage object. This is used to
-  // ensure that the ExecStep specified by this PatchJob does not change.
-  int64 generation_number = 3 [(google.api.field_behavior) = REQUIRED];
-}
-
-// A filter to target VM instances for patching. The targeted
-// VMs must meet all criteria specified. So if both labels and zones are
-// specified, the patch job targets only VMs with those labels and in those
-// zones.
-message PatchInstanceFilter {
-  // Represents a group of VMs that can be identified as having all these
-  // labels, for example "env=prod and app=web".
-  message GroupLabel {
-    // Compute Engine instance labels that must be present for a VM instance to
-    // be targeted by this filter.
-    map<string, string> labels = 1;
-  }
-
-  // Target all VM instances in the project. If true, no other criteria is
-  // permitted.
-  bool all = 1;
-
-  // Targets VM instances matching at least one of these label sets. This allows
-  // targeting of disparate groups, for example "env=prod or env=staging".
-  repeated GroupLabel group_labels = 2;
-
-  // Targets VM instances in ANY of these zones. Leave empty to target VM
-  // instances in any zone.
-  repeated string zones = 3;
-
-  // Targets any of the VM instances specified. Instances are specified by their
-  // URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`,
-  // `projects/[PROJECT_ID]/zones/[ZONE]/instances/[INSTANCE_NAME]`, or
-  // `https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/[ZONE]/instances/[INSTANCE_NAME]`
-  repeated string instances = 4;
-
-  // Targets VMs whose name starts with one of these prefixes. Similar to
-  // labels, this is another way to group VMs when targeting configs, for
-  // example prefix="prod-".
-  repeated string instance_name_prefixes = 5;
-}
-
-// Patch rollout configuration specifications. Contains details on the
-// concurrency control when applying patch(es) to all targeted VMs.
-message PatchRollout {
-  // Type of the rollout.
-  enum Mode {
-    // Mode must be specified.
-    MODE_UNSPECIFIED = 0;
-
-    // Patches are applied one zone at a time. The patch job begins in the
-    // region with the lowest number of targeted VMs. Within the region,
-    // patching begins in the zone with the lowest number of targeted VMs. If
-    // multiple regions (or zones within a region) have the same number of
-    // targeted VMs, a tie-breaker is achieved by sorting the regions or zones
-    // in alphabetical order.
-    ZONE_BY_ZONE = 1;
-
-    // Patches are applied to VMs in all zones at the same time.
-    CONCURRENT_ZONES = 2;
-  }
-
-  // Mode of the patch rollout.
-  Mode mode = 1;
-
-  // The maximum number (or percentage) of VMs per zone to disrupt at any given
-  // moment. The number of VMs calculated from multiplying the percentage by the
-  // total number of VMs in a zone is rounded up.
-  //
-  // During patching, a VM is considered disrupted from the time the agent is
-  // notified to begin until patching has completed. This disruption time
-  // includes the time to complete reboot and any post-patch steps.
-  //
-  // A VM contributes to the disruption budget if its patching operation fails
-  // either when applying the patches, running pre or post patch steps, or if it
-  // fails to respond with a success notification before timing out. VMs that
-  // are not running or do not have an active agent do not count toward this
-  // disruption budget.
-  //
-  // For zone-by-zone rollouts, if the disruption budget in a zone is exceeded,
-  // the patch job stops, because continuing to the next zone requires
-  // completion of the patch process in the previous zone.
-  //
-  // For example, if the disruption budget has a fixed value of `10`, and 8 VMs
-  // fail to patch in the current zone, the patch job continues to patch 2 VMs
-  // at a time until the zone is completed. When that zone is completed
-  // successfully, patching begins with 10 VMs at a time in the next zone. If 10
-  // VMs in the next zone fail to patch, the patch job stops.
-  FixedOrPercent disruption_budget = 2;
-}