5 files changed, 0 insertions, 866 deletions
diff --git a/third_party/googleapis/google/iam/v2/BUILD.bazel b/third_party/googleapis/google/iam/v2/BUILD.bazel
deleted file mode 100644
index 53bf23a..0000000
--- a/third_party/googleapis/google/iam/v2/BUILD.bazel
+++ /dev/null
@@ -1,399 +0,0 @@
-# This file was automatically generated by BuildFileGenerator
-# https://github.com/googleapis/rules_gapic/tree/master/bazel
-
-# Most of the manual changes to this file will be overwritten.
-# It's **only** allowed to change the following rule attribute values:
-# - names of *_gapic_assembly_* rules
-# - certain parameters of *_gapic_library rules, including but not limited to:
-#    * extra_protoc_parameters
-#    * extra_protoc_file_parameters
-# The complete list of preserved parameters can be found in the source code.
-
-# This is an API workspace, having public visibility by default makes perfect sense.
-package(default_visibility = ["//visibility:public"])
-
-##############################################################################
-# Common
-##############################################################################
-load("@rules_proto//proto:defs.bzl", "proto_library")
-load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info")
-
-proto_library(
-    name = "iam_proto",
-    srcs = [
-        "deny.proto",
-        "policy.proto",
-    ],
-    deps = [
-        "//google/api:annotations_proto",
-        "//google/api:client_proto",
-        "//google/api:field_behavior_proto",
-        "//google/longrunning:operations_proto",
-        "//google/type:expr_proto",
-        "@com_google_protobuf//:timestamp_proto",
-    ],
-)
-
-proto_library_with_info(
-    name = "iam_proto_with_info",
-    deps = [
-        ":iam_proto",
-        "//google/cloud:common_resources_proto",
-    ],
-)
-
-##############################################################################
-# Java
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "java_gapic_assembly_gradle_pkg",
-    "java_gapic_library",
-    "java_gapic_test",
-    "java_grpc_library",
-    "java_proto_library",
-)
-
-java_proto_library(
-    name = "iam_java_proto",
-    deps = [":iam_proto"],
-)
-
-java_grpc_library(
-    name = "iam_java_grpc",
-    srcs = [":iam_proto"],
-    deps = [":iam_java_proto"],
-)
-
-java_gapic_library(
-    name = "iam_java_gapic",
-    srcs = [":iam_proto_with_info"],
-    gapic_yaml = None,
-    grpc_service_config = "iam_grpc_service_config.json",
-    rest_numeric_enums = False,
-    service_yaml = "iam_v2.yaml",
-    test_deps = [
-        ":iam_java_grpc",
-    ],
-    transport = "grpc+rest",
-    deps = [
-        ":iam_java_proto",
-        "//google/api:api_java_proto",
-    ],
-)
-
-java_gapic_test(
-    name = "iam_java_gapic_test_suite",
-    test_classes = [
-        "com.google.iam.v2.PoliciesClientHttpJsonTest",
-        "com.google.iam.v2.PoliciesClientTest",
-    ],
-    runtime_deps = [":iam_java_gapic_test"],
-)
-
-# Open Source Packages
-java_gapic_assembly_gradle_pkg(
-    name = "google-cloud-iam-v2-java",
-    include_samples = True,
-    transport = "grpc+rest",
-    deps = [
-        ":iam_java_gapic",
-        ":iam_java_grpc",
-        ":iam_java_proto",
-        ":iam_proto",
-    ],
-)
-
-##############################################################################
-# Go
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "go_gapic_assembly_pkg",
-    "go_gapic_library",
-    "go_proto_library",
-    "go_test",
-)
-
-go_proto_library(
-    name = "iam_go_proto",
-    compilers = ["@io_bazel_rules_go//proto:go_grpc"],
-    importpath = "google.golang.org/genproto/googleapis/iam/v2",
-    protos = [":iam_proto"],
-    deps = [
-        "//google/api:annotations_go_proto",
-        "//google/longrunning:longrunning_go_proto",
-        "//google/type:expr_go_proto",
-    ],
-)
-
-go_gapic_library(
-    name = "iam_go_gapic",
-    srcs = [":iam_proto_with_info"],
-    grpc_service_config = "iam_grpc_service_config.json",
-    importpath = "cloud.google.com/go/iam/apiv2;iam",
-    metadata = True,
-    rest_numeric_enums = False,
-    service_yaml = "iam_v2.yaml",
-    transport = "grpc+rest",
-    deps = [
-        ":iam_go_proto",
-        "//google/longrunning:longrunning_go_proto",
-        "@com_google_cloud_go//longrunning:go_default_library",
-        "@com_google_cloud_go//longrunning/autogen:go_default_library",
-    ],
-)
-
-go_test(
-    name = "iam_go_gapic_test",
-    srcs = [":iam_go_gapic_srcjar_test"],
-    embed = [":iam_go_gapic"],
-    importpath = "cloud.google.com/go/iam/apiv2",
-)
-
-# Open Source Packages
-go_gapic_assembly_pkg(
-    name = "gapi-cloud-iam-v2-go",
-    deps = [
-        ":iam_go_gapic",
-        ":iam_go_gapic_srcjar-metadata.srcjar",
-        ":iam_go_gapic_srcjar-test.srcjar",
-        ":iam_go_proto",
-    ],
-)
-
-##############################################################################
-# Python
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "py_gapic_assembly_pkg",
-    "py_gapic_library",
-    "py_test",
-)
-
-py_gapic_library(
-    name = "iam_py_gapic",
-    srcs = [":iam_proto"],
-    grpc_service_config = "iam_grpc_service_config.json",
-    opt_args = [
-        "python-gapic-name=iam",
-        "python-gapic-namespace=google.cloud",
-        "warehouse-package-name=google-cloud-iam",
-    ],
-    rest_numeric_enums = False,
-    service_yaml = "iam_v2.yaml",
-    transport = "grpc",
-    deps = [
-    ],
-)
-
-py_test(
-    name = "iam_py_gapic_test",
-    srcs = [
-        "iam_py_gapic_pytest.py",
-        "iam_py_gapic_test.py",
-    ],
-    legacy_create_init = False,
-    deps = [":iam_py_gapic"],
-)
-
-# Open Source Packages
-py_gapic_assembly_pkg(
-    name = "iam-v2-py",
-    deps = [
-        ":iam_py_gapic",
-    ],
-)
-
-##############################################################################
-# PHP
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "php_gapic_assembly_pkg",
-    "php_gapic_library",
-    "php_grpc_library",
-    "php_proto_library",
-)
-
-php_proto_library(
-    name = "iam_php_proto",
-    deps = [":iam_proto"],
-)
-
-php_grpc_library(
-    name = "iam_php_grpc",
-    srcs = [":iam_proto"],
-    deps = [":iam_php_proto"],
-)
-
-php_gapic_library(
-    name = "iam_php_gapic",
-    srcs = [":iam_proto_with_info"],
-    grpc_service_config = "iam_grpc_service_config.json",
-    rest_numeric_enums = False,
-    service_yaml = "iam_v2.yaml",
-    deps = [
-        ":iam_php_grpc",
-        ":iam_php_proto",
-    ],
-)
-
-# Open Source Packages
-php_gapic_assembly_pkg(
-    name = "google-cloud-iam-v2-php",
-    deps = [
-        ":iam_php_gapic",
-        ":iam_php_grpc",
-        ":iam_php_proto",
-    ],
-)
-
-##############################################################################
-# Node.js
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "nodejs_gapic_assembly_pkg",
-    "nodejs_gapic_library",
-)
-
-nodejs_gapic_library(
-    name = "iam_nodejs_gapic",
-    package_name = "@google-cloud/iam",
-    src = ":iam_proto_with_info",
-    extra_protoc_parameters = ["metadata"],
-    grpc_service_config = "iam_grpc_service_config.json",
-    package = "google.iam.v2",
-    rest_numeric_enums = False,
-    service_yaml = "iam_v2.yaml",
-    deps = [],
-)
-
-nodejs_gapic_assembly_pkg(
-    name = "iam-v2-nodejs",
-    deps = [
-        ":iam_nodejs_gapic",
-        ":iam_proto",
-    ],
-)
-
-##############################################################################
-# Ruby
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "ruby_cloud_gapic_library",
-    "ruby_gapic_assembly_pkg",
-    "ruby_grpc_library",
-    "ruby_proto_library",
-)
-
-ruby_proto_library(
-    name = "iam_ruby_proto",
-    deps = [":iam_proto"],
-)
-
-ruby_grpc_library(
-    name = "iam_ruby_grpc",
-    srcs = [":iam_proto"],
-    deps = [":iam_ruby_proto"],
-)
-
-ruby_cloud_gapic_library(
-    name = "iam_ruby_gapic",
-    srcs = [":iam_proto_with_info"],
-    extra_protoc_parameters = [
-        "ruby-cloud-api-id=iam.googleapis.com",
-        "ruby-cloud-api-shortname=iam",
-        "ruby-cloud-gem-name=google-iam-v2",
-        "ruby-cloud-product-url=https://cloud.google.com/iam",
-        "ruby-cloud-wrapper-gem-override=google-iam-client",
-    ],
-    grpc_service_config = "iam_grpc_service_config.json",
-    rest_numeric_enums = False,
-    ruby_cloud_description = "Manages identity and access control policies for Google Cloud Platform resources.",
-    ruby_cloud_title = "IAM V2",
-    service_yaml = "iam_v2.yaml",
-    deps = [
-        ":iam_ruby_grpc",
-        ":iam_ruby_proto",
-    ],
-)
-
-# Open Source Packages
-ruby_gapic_assembly_pkg(
-    name = "google-cloud-iam-v2-ruby",
-    deps = [
-        ":iam_ruby_gapic",
-        ":iam_ruby_grpc",
-        ":iam_ruby_proto",
-    ],
-)
-
-##############################################################################
-# C#
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "csharp_gapic_assembly_pkg",
-    "csharp_gapic_library",
-    "csharp_grpc_library",
-    "csharp_proto_library",
-)
-
-csharp_proto_library(
-    name = "iam_csharp_proto",
-    deps = [":iam_proto"],
-)
-
-csharp_grpc_library(
-    name = "iam_csharp_grpc",
-    srcs = [":iam_proto"],
-    deps = [":iam_csharp_proto"],
-)
-
-csharp_gapic_library(
-    name = "iam_csharp_gapic",
-    srcs = [":iam_proto_with_info"],
-    common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json",
-    grpc_service_config = "iam_grpc_service_config.json",
-    rest_numeric_enums = False,
-    service_yaml = "iam_v2.yaml",
-    deps = [
-        ":iam_csharp_grpc",
-        ":iam_csharp_proto",
-    ],
-)
-
-# Open Source Packages
-csharp_gapic_assembly_pkg(
-    name = "google-cloud-iam-v2-csharp",
-    deps = [
-        ":iam_csharp_gapic",
-        ":iam_csharp_grpc",
-        ":iam_csharp_proto",
-    ],
-)
-
-##############################################################################
-# C++
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "cc_grpc_library",
-    "cc_proto_library",
-)
-
-cc_proto_library(
-    name = "iam_cc_proto",
-    deps = [":iam_proto"],
-)
-
-cc_grpc_library(
-    name = "iam_cc_grpc",
-    srcs = [":iam_proto"],
-    grpc_only = True,
-    deps = [":iam_cc_proto"],
-)
diff --git a/third_party/googleapis/google/iam/v2/deny.proto b/third_party/googleapis/google/iam/v2/deny.proto
deleted file mode 100644
index db9f15f..0000000
--- a/third_party/googleapis/google/iam/v2/deny.proto
+++ /dev/null
@@ -1,109 +0,0 @@
-// Copyright 2022 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.iam.v2;
-
-import "google/type/expr.proto";
-
-option csharp_namespace = "Google.Cloud.Iam.V2";
-option go_package = "google.golang.org/genproto/googleapis/iam/v2;iam";
-option java_multiple_files = true;
-option java_outer_classname = "DenyRuleProto";
-option java_package = "com.google.iam.v2";
-option php_namespace = "Google\\Cloud\\Iam\\V2";
-
-// A deny rule in an IAM deny policy.
-message DenyRule {
-  // The identities that are prevented from using one or more permissions on
-  // Google Cloud resources. This field can contain the following values:
-  //
-  // * `principalSet://goog/public:all`: A special identifier that represents
-  //   any principal that is on the internet, even if they do not have a Google
-  //   Account or are not logged in.
-  //
-  // * `principal://goog/subject/{email_id}`: A specific Google Account.
-  //   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
-  //   example, `principal://goog/subject/alice@example.com`.
-  //
-  // * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
-  //   Google Account that was deleted recently. For example,
-  //   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
-  //   the Google Account is recovered, this identifier reverts to the standard
-  //   identifier for a Google Account.
-  //
-  // * `principalSet://goog/group/{group_id}`: A Google group. For example,
-  //   `principalSet://goog/group/admins@example.com`.
-  //
-  // * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
-  //   that was deleted recently. For example,
-  //   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
-  //   the Google group is restored, this identifier reverts to the standard
-  //   identifier for a Google group.
-  //
-  // * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
-  //   A Google Cloud service account. For example,
-  //   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-  //
-  // * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
-  //   A Google Cloud service account that was deleted recently. For example,
-  //   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
-  //   If the service account is undeleted, this identifier reverts to the
-  //   standard identifier for a service account.
-  //
-  // * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
-  //   principals associated with the specified Google Workspace or Cloud
-  //   Identity customer ID. For example,
-  //   `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
-  repeated string denied_principals = 1;
-
-  // The identities that are excluded from the deny rule, even if they are
-  // listed in the `denied_principals`. For example, you could add a Google
-  // group to the `denied_principals`, then exclude specific users who belong to
-  // that group.
-  //
-  // This field can contain the same values as the `denied_principals` field,
-  // excluding `principalSet://goog/public:all`, which represents all users on
-  // the internet.
-  repeated string exception_principals = 2;
-
-  // The permissions that are explicitly denied by this rule. Each permission
-  // uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
-  // is the fully qualified domain name for the service. For example,
-  // `iam.googleapis.com/roles.list`.
-  repeated string denied_permissions = 3;
-
-  // Specifies the permissions that this rule excludes from the set of denied
-  // permissions given by `denied_permissions`. If a permission appears in
-  // `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
-  // denied.
-  //
-  // The excluded permissions can be specified using the same syntax as
-  // `denied_permissions`.
-  repeated string exception_permissions = 4;
-
-  // The condition that determines whether this deny rule applies to a request.
-  // If the condition expression evaluates to `true`, then the deny rule is
-  // applied; otherwise, the deny rule is not applied.
-  //
-  // Each deny rule is evaluated independently. If this deny rule does not apply
-  // to a request, other deny rules might still apply.
-  //
-  // The condition can use CEL functions that evaluate
-  // [resource
-  // tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
-  // functions and operators are not supported.
-  google.type.Expr denial_condition = 5;
-}
diff --git a/third_party/googleapis/google/iam/v2/iam_grpc_service_config.json b/third_party/googleapis/google/iam/v2/iam_grpc_service_config.json
deleted file mode 100644
index 603087e..0000000
--- a/third_party/googleapis/google/iam/v2/iam_grpc_service_config.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-  "methodConfig": [
-    {
-      "name": [
-        {
-          "service": "google.iam.v2.Policies",
-          "method": "ListPolicies"
-        },
-        {
-          "service": "google.iam.v2.Policies",
-          "method": "GetPolicy"
-        },
-        {
-          "service": "google.iam.v2.Policies",
-          "method": "CreatePolicy"
-        },
-        {
-          "service": "google.iam.v2.Policies",
-          "method": "UpdatePolicy"
-        },
-        {
-          "service": "google.iam.v2.Policies",
-          "method": "DeletePolicy"
-        }
-      ],
-      "timeout": "60s",
-      "retryPolicy": {
-        "maxAttempts": 5,
-        "initialBackoff": "1s",
-        "maxBackoff": "10s",
-        "backoffMultiplier": 1.3,
-        "retryableStatusCodes": [
-          "UNAVAILABLE"
-        ]
-      }
-    }
-  ]
-}
diff --git a/third_party/googleapis/google/iam/v2/iam_v2.yaml b/third_party/googleapis/google/iam/v2/iam_v2.yaml
deleted file mode 100644
index 9e03ac8..0000000
--- a/third_party/googleapis/google/iam/v2/iam_v2.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-type: google.api.Service
-config_version: 3
-name: iam.googleapis.com
-title: Identity and Access Management (IAM) API
-
-apis:
-- name: google.iam.v2.Policies
-- name: google.longrunning.Operations
-
-types:
-- name: google.iam.v2.PolicyOperationMetadata
-
-documentation:
-  summary: |-
-    Manages identity and access control for Google Cloud Platform resources,
-    including the creation of service accounts, which you can use to
-    authenticate to Google and make API calls.
-
-http:
-  rules:
-  - selector: google.longrunning.Operations.GetOperation
-    get: '/v2/{name=policies/*/*/*/operations/*}'
-
-authentication:
-  rules:
-  - selector: 'google.iam.v2.Policies.*'
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
-  - selector: google.longrunning.Operations.GetOperation
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
diff --git a/third_party/googleapis/google/iam/v2/policy.proto b/third_party/googleapis/google/iam/v2/policy.proto
deleted file mode 100644
index d8923d3..0000000
--- a/third_party/googleapis/google/iam/v2/policy.proto
+++ /dev/null
@@ -1,287 +0,0 @@
-// Copyright 2022 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package google.iam.v2;
-
-import "google/api/annotations.proto";
-import "google/api/client.proto";
-import "google/api/field_behavior.proto";
-import "google/iam/v2/deny.proto";
-import "google/longrunning/operations.proto";
-import "google/protobuf/timestamp.proto";
-
-option csharp_namespace = "Google.Cloud.Iam.V2";
-option go_package = "google.golang.org/genproto/googleapis/iam/v2;iam";
-option java_multiple_files = true;
-option java_outer_classname = "PolicyProto";
-option java_package = "com.google.iam.v2";
-option php_namespace = "Google\\Cloud\\Iam\\V2";
-
-// An interface for managing Identity and Access Management (IAM) policies.
-service Policies {
-  option (google.api.default_host) = "iam.googleapis.com";
-  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
-
-  // Retrieves the policies of the specified kind that are attached to a
-  // resource.
-  //
-  // The response lists only policy metadata. In particular, policy rules are
-  // omitted.
-  rpc ListPolicies(ListPoliciesRequest) returns (ListPoliciesResponse) {
-    option (google.api.http) = {
-      get: "/v2/{parent=policies/*/*}"
-    };
-    option (google.api.method_signature) = "parent";
-  }
-
-  // Gets a policy.
-  rpc GetPolicy(GetPolicyRequest) returns (Policy) {
-    option (google.api.http) = {
-      get: "/v2/{name=policies/*/*/*}"
-    };
-    option (google.api.method_signature) = "name";
-  }
-
-  // Creates a policy.
-  rpc CreatePolicy(CreatePolicyRequest) returns (google.longrunning.Operation) {
-    option (google.api.http) = {
-      post: "/v2/{parent=policies/*/*}"
-      body: "policy"
-    };
-    option (google.api.method_signature) = "parent,policy,policy_id";
-    option (google.longrunning.operation_info) = {
-      response_type: "Policy"
-      metadata_type: "PolicyOperationMetadata"
-    };
-  }
-
-  // Updates the specified policy.
-  //
-  // You can update only the rules and the display name for the policy.
-  //
-  // To update a policy, you should use a read-modify-write loop:
-  //
-  // 1. Use [GetPolicy][google.iam.v2.Policies.GetPolicy] to read the current version of the policy.
-  // 2. Modify the policy as needed.
-  // 3. Use `UpdatePolicy` to write the updated policy.
-  //
-  // This pattern helps prevent conflicts between concurrent updates.
-  rpc UpdatePolicy(UpdatePolicyRequest) returns (google.longrunning.Operation) {
-    option (google.api.http) = {
-      put: "/v2/{policy.name=policies/*/*/*}"
-      body: "policy"
-    };
-    option (google.longrunning.operation_info) = {
-      response_type: "Policy"
-      metadata_type: "PolicyOperationMetadata"
-    };
-  }
-
-  // Deletes a policy. This action is permanent.
-  rpc DeletePolicy(DeletePolicyRequest) returns (google.longrunning.Operation) {
-    option (google.api.http) = {
-      delete: "/v2/{name=policies/*/*/*}"
-    };
-    option (google.api.method_signature) = "name";
-    option (google.longrunning.operation_info) = {
-      response_type: "Policy"
-      metadata_type: "PolicyOperationMetadata"
-    };
-  }
-}
-
-// Data for an IAM policy.
-message Policy {
-  // Immutable. The resource name of the `Policy`, which must be unique. Format:
-  // `policies/{attachment_point}/denypolicies/{policy_id}`
-  //
-  //
-  // The attachment point is identified by its URL-encoded full resource name,
-  // which means that the forward-slash character, `/`, must be written as
-  // `%2F`. For example,
-  // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-  //
-  // For organizations and folders, use the numeric ID in the full resource
-  // name. For projects, requests can use the alphanumeric or the numeric ID.
-  // Responses always contain the numeric ID.
-  string name = 1 [(google.api.field_behavior) = IMMUTABLE];
-
-  // Immutable. The globally unique ID of the `Policy`. Assigned automatically when the
-  // `Policy` is created.
-  string uid = 2 [(google.api.field_behavior) = IMMUTABLE];
-
-  // Output only. The kind of the `Policy`. Always contains the value `DenyPolicy`.
-  string kind = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // A user-specified description of the `Policy`. This value can be up to 63
-  // characters.
-  string display_name = 4;
-
-  // A key-value map to store arbitrary metadata for the `Policy`. Keys
-  // can be up to 63 characters. Values can be up to 255 characters.
-  map<string, string> annotations = 5;
-
-  // An opaque tag that identifies the current version of the `Policy`. IAM uses
-  // this value to help manage concurrent updates, so they do not cause one
-  // update to be overwritten by another.
-  //
-  // If this field is present in a [CreatePolicy][] request, the value is
-  // ignored.
-  string etag = 6;
-
-  // Output only. The time when the `Policy` was created.
-  google.protobuf.Timestamp create_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. The time when the `Policy` was last updated.
-  google.protobuf.Timestamp update_time = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // Output only. The time when the `Policy` was deleted. Empty if the policy is not deleted.
-  google.protobuf.Timestamp delete_time = 9 [(google.api.field_behavior) = OUTPUT_ONLY];
-
-  // A list of rules that specify the behavior of the `Policy`. All of the rules
-  // should be of the `kind` specified in the `Policy`.
-  repeated PolicyRule rules = 10;
-
-  // Immutable. Specifies that this policy is managed by an authority and can only be
-  // modified by that authority. Usage is restricted.
-  string managing_authority = 11 [(google.api.field_behavior) = IMMUTABLE];
-}
-
-// A single rule in a `Policy`.
-message PolicyRule {
-  oneof kind {
-    // A rule for a deny policy.
-    DenyRule deny_rule = 2;
-  }
-
-  // A user-specified description of the rule. This value can be up to 256
-  // characters.
-  string description = 1;
-}
-
-// Request message for `ListPolicies`.
-message ListPoliciesRequest {
-  // Required. The resource that the policy is attached to, along with the kind of policy
-  // to list. Format:
-  // `policies/{attachment_point}/denypolicies`
-  //
-  //
-  // The attachment point is identified by its URL-encoded full resource name,
-  // which means that the forward-slash character, `/`, must be written as
-  // `%2F`. For example,
-  // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-  //
-  // For organizations and folders, use the numeric ID in the full resource
-  // name. For projects, you can use the alphanumeric or the numeric ID.
-  string parent = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // The maximum number of policies to return. IAM ignores this value and uses
-  // the value 1000.
-  int32 page_size = 2;
-
-  // A page token received in a [ListPoliciesResponse][google.iam.v2.ListPoliciesResponse]. Provide this token to
-  // retrieve the next page.
-  string page_token = 3;
-}
-
-// Response message for `ListPolicies`.
-message ListPoliciesResponse {
-  // Metadata for the policies that are attached to the resource.
-  repeated Policy policies = 1;
-
-  // A page token that you can use in a [ListPoliciesRequest][google.iam.v2.ListPoliciesRequest] to retrieve the
-  // next page. If this field is omitted, there are no additional pages.
-  string next_page_token = 2;
-}
-
-// Request message for `GetPolicy`.
-message GetPolicyRequest {
-  // Required. The resource name of the policy to retrieve. Format:
-  // `policies/{attachment_point}/denypolicies/{policy_id}`
-  //
-  //
-  // Use the URL-encoded full resource name, which means that the forward-slash
-  // character, `/`, must be written as `%2F`. For example,
-  // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-  //
-  // For organizations and folders, use the numeric ID in the full resource
-  // name. For projects, you can use the alphanumeric or the numeric ID.
-  string name = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// Request message for `CreatePolicy`.
-message CreatePolicyRequest {
-  // Required. The resource that the policy is attached to, along with the kind of policy
-  // to create. Format: `policies/{attachment_point}/denypolicies`
-  //
-  //
-  // The attachment point is identified by its URL-encoded full resource name,
-  // which means that the forward-slash character, `/`, must be written as
-  // `%2F`. For example,
-  // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-  //
-  // For organizations and folders, use the numeric ID in the full resource
-  // name. For projects, you can use the alphanumeric or the numeric ID.
-  string parent = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The policy to create.
-  Policy policy = 2 [(google.api.field_behavior) = REQUIRED];
-
-  // The ID to use for this policy, which will become the final component of
-  // the policy's resource name. The ID must contain 3 to 63 characters. It can
-  // contain lowercase letters and numbers, as well as dashes (`-`) and periods
-  // (`.`). The first character must be a lowercase letter.
-  string policy_id = 3;
-}
-
-// Request message for `UpdatePolicy`.
-message UpdatePolicyRequest {
-  // Required. The policy to update.
-  //
-  // To prevent conflicting updates, the `etag` value must match the value that
-  // is stored in IAM. If the `etag` values do not match, the request fails with
-  // a `409` error code and `ABORTED` status.
-  Policy policy = 1 [(google.api.field_behavior) = REQUIRED];
-}
-
-// Request message for `DeletePolicy`.
-message DeletePolicyRequest {
-  // Required. The resource name of the policy to delete. Format:
-  // `policies/{attachment_point}/denypolicies/{policy_id}`
-  //
-  //
-  // Use the URL-encoded full resource name, which means that the forward-slash
-  // character, `/`, must be written as `%2F`. For example,
-  // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-  //
-  // For organizations and folders, use the numeric ID in the full resource
-  // name. For projects, you can use the alphanumeric or the numeric ID.
-  string name = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Optional. The expected `etag` of the policy to delete. If the value does not match
-  // the value that is stored in IAM, the request fails with a `409` error code
-  // and `ABORTED` status.
-  //
-  // If you omit this field, the policy is deleted regardless of its current
-  // `etag`.
-  string etag = 2 [(google.api.field_behavior) = OPTIONAL];
-}
-
-// Metadata for long-running `Policy` operations.
-message PolicyOperationMetadata {
-  // Timestamp when the `google.longrunning.Operation` was created.
-  google.protobuf.Timestamp create_time = 1;
-}