diff --git a/bigqueryconnection/v1beta1/bigqueryconnection-api.json b/bigqueryconnection/v1beta1/bigqueryconnection-api.json
index 473a6112b3e..b94e2135079 100644
--- a/bigqueryconnection/v1beta1/bigqueryconnection-api.json
+++ b/bigqueryconnection/v1beta1/bigqueryconnection-api.json
@@ -395,7 +395,7 @@
       }
     }
   },
-  "revision": "20220903",
+  "revision": "20230129",
   "rootUrl": "https://bigqueryconnection.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -455,7 +455,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/bigqueryconnection/v1beta1/bigqueryconnection-gen.go b/bigqueryconnection/v1beta1/bigqueryconnection-gen.go
index 5459eccc69d..bc25e9858e3 100644
--- a/bigqueryconnection/v1beta1/bigqueryconnection-gen.go
+++ b/bigqueryconnection/v1beta1/bigqueryconnection-gen.go
@@ -305,7 +305,9 @@ type Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -322,9 +324,7 @@ type Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/binaryauthorization/v1/binaryauthorization-api.json b/binaryauthorization/v1/binaryauthorization-api.json
index c1a77d74f4e..90bc59a7ac9 100644
--- a/binaryauthorization/v1/binaryauthorization-api.json
+++ b/binaryauthorization/v1/binaryauthorization-api.json
@@ -551,7 +551,7 @@
       }
     }
   },
-  "revision": "20220902",
+  "revision": "20230127",
   "rootUrl": "https://binaryauthorization.googleapis.com/",
   "schemas": {
     "AdmissionRule": {
@@ -696,7 +696,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/binaryauthorization/v1/binaryauthorization-gen.go b/binaryauthorization/v1/binaryauthorization-gen.go
index 4640c052dfe..e1620e2430a 100644
--- a/binaryauthorization/v1/binaryauthorization-gen.go
+++ b/binaryauthorization/v1/binaryauthorization-gen.go
@@ -467,7 +467,9 @@ type Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -484,9 +486,7 @@ type Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/binaryauthorization/v1beta1/binaryauthorization-api.json b/binaryauthorization/v1beta1/binaryauthorization-api.json
index e19a2a9134d..0336378ec1d 100644
--- a/binaryauthorization/v1beta1/binaryauthorization-api.json
+++ b/binaryauthorization/v1beta1/binaryauthorization-api.json
@@ -551,7 +551,7 @@
       }
     }
   },
-  "revision": "20220902",
+  "revision": "20230127",
   "rootUrl": "https://binaryauthorization.googleapis.com/",
   "schemas": {
     "AdmissionRule": {
@@ -696,7 +696,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/binaryauthorization/v1beta1/binaryauthorization-gen.go b/binaryauthorization/v1beta1/binaryauthorization-gen.go
index 3396ff6b93e..22f1b48d833 100644
--- a/binaryauthorization/v1beta1/binaryauthorization-gen.go
+++ b/binaryauthorization/v1beta1/binaryauthorization-gen.go
@@ -469,7 +469,9 @@ type Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -486,9 +488,7 @@ type Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/chat/v1/chat-api.json b/chat/v1/chat-api.json
index b426f5f6c7b..83df57067b7 100644
--- a/chat/v1/chat-api.json
+++ b/chat/v1/chat-api.json
@@ -323,7 +323,7 @@
                   "type": "string"
                 },
                 "threadKey": {
-                  "description": "Optional. Deprecated: Use thread.thread_key instead. Opaque thread identifier. To start or add to a thread, create a message and specify a `threadKey` or the thread.name. For example usage, see [Start or reply to a message thread](/chat/api/guides/crudl/messages#start_or_reply_to_a_message_thread).",
+                  "description": "Optional. Deprecated: Use thread.thread_key instead. Opaque thread identifier. To start or add to a thread, create a message and specify a `threadKey` or the thread.name. For example usage, see [Start or reply to a message thread](https://developers.google.com/chat/api/guides/crudl/messages#start_or_reply_to_a_message_thread).",
                   "location": "query",
                   "type": "string"
                 }
@@ -474,7 +474,7 @@
             "attachments": {
               "methods": {
                 "get": {
-                  "description": "Gets the metadata of a message attachment. The attachment data is fetched using the media API. Requires [service account authentication](https://developers.google.com/chat/api/guides/auth/service-accounts).",
+                  "description": "Gets the metadata of a message attachment. The attachment data is fetched using the [media API](https://developers.google.com/chat/api/reference/rest/v1/media/download). Requires [service account authentication](https://developers.google.com/chat/api/guides/auth/service-accounts).",
                   "flatPath": "v1/spaces/{spacesId}/messages/{messagesId}/attachments/{attachmentsId}",
                   "httpMethod": "GET",
                   "id": "chat.spaces.messages.attachments.get",
@@ -502,7 +502,7 @@
       }
     }
   },
-  "revision": "20230119",
+  "revision": "20230131",
   "rootUrl": "https://chat.googleapis.com/",
   "schemas": {
     "ActionParameter": {
@@ -521,7 +521,7 @@
       "type": "object"
     },
     "ActionResponse": {
-      "description": "Parameters that a Chat app can use to configure how it's response is posted.",
+      "description": "Parameters that a Chat app can use to configure how its response is posted.",
       "id": "ActionResponse",
       "properties": {
         "dialogAction": {
@@ -609,7 +609,7 @@
       "type": "object"
     },
     "Annotation": {
-      "description": "Annotations associated with the plain-text body of the message. Example plain-text message body: ``` Hello @FooBot how are you!\" ``` The corresponding annotations metadata: ``` \"annotations\":[{ \"type\":\"USER_MENTION\", \"startIndex\":6, \"length\":7, \"userMention\": { \"user\": { \"name\":\"users/107946847022116401880\", \"displayName\":\"FooBot\", \"avatarUrl\":\"https://goo.gl/aeDtrS\", \"type\":\"BOT\" }, \"type\":\"MENTION\" } }] ```",
+      "description": "Annotations associated with the plain-text body of the message. Example plain-text message body: ``` Hello @FooBot how are you!\" ``` The corresponding annotations metadata: ``` \"annotations\":[{ \"type\":\"USER_MENTION\", \"startIndex\":6, \"length\":7, \"userMention\": { \"user\": { \"name\":\"users/{user}\", \"displayName\":\"FooBot\", \"avatarUrl\":\"https://goo.gl/aeDtrS\", \"type\":\"BOT\" }, \"type\":\"MENTION\" } }] ```",
       "id": "Annotation",
       "properties": {
         "length": {
@@ -805,7 +805,7 @@
       "properties": {
         "card": {
           "$ref": "GoogleAppsCardV1Card",
-          "description": "Card proto that allows Chat apps to specify UI elements and editable widgets."
+          "description": "Cards support a defined layout, interactive UI elements like buttons, and rich media like images. Use this card to present detailed information, gather information from users, and guide users to take a next step."
         },
         "cardId": {
           "description": "Required for `cardsV2` messages. Chat app-specified identifier for this widget. Scoped within a message.",
@@ -2264,7 +2264,7 @@
           "enumDescriptions": [
             "Default value. The user isn't a member of the space, but might be invited.",
             "A member of the space. The user has basic permissions, like sending messages to the space. In 1:1 and unnamed group conversations, everyone has this role.",
-            "A space manager. The user has all basic permissions plus administrative permissions that allow them to manage the space, like adding or removing members. Only supports SpaceType.SPACE."
+            "A space manager. The user has all basic permissions plus administrative permissions that allow them to manage the space, like adding or removing members. Only supported in SpaceType.SPACE."
           ],
           "readOnly": true,
           "type": "string"
@@ -2310,7 +2310,7 @@
           "type": "string"
         },
         "attachment": {
-          "description": "User uploaded attachment.",
+          "description": "User-uploaded attachment.",
           "items": {
             "$ref": "Attachment"
           },
@@ -2324,7 +2324,7 @@
           "type": "array"
         },
         "cardsV2": {
-          "description": "Richly formatted and interactive cards that display UI elements and editable widgets, such as: - Formatted text - Buttons - Clickable images - Checkboxes - Radio buttons - Input widgets. Cards are usually displayed below the text-body of a Chat message, but can situationally appear other places, such as [dialogs](https://developers.google.com/chat/how-tos/dialogs). The `cardId` is a unique identifier among cards in the same message and for identifying user input values. Currently supported widgets include: - `TextParagraph` - `DecoratedText` - `Image` - `ButtonList` - `Divider`",
+          "description": "Richly formatted and interactive cards that display UI elements and editable widgets, such as: - Formatted text - Buttons - Clickable images - Checkboxes - Radio buttons - Input widgets. Cards are usually displayed below the text body of a Chat message, but can situationally appear other places, such as [dialogs](https://developers.google.com/chat/how-tos/dialogs). The `cardId` is a unique identifier among cards in the same message and for identifying user input values. Currently supported widgets include: - `TextParagraph` - `DecoratedText` - `Image` - `ButtonList` - `Divider`",
           "items": {
             "$ref": "CardWithId"
           },
@@ -2379,7 +2379,7 @@
         },
         "thread": {
           "$ref": "Thread",
-          "description": "The thread the message belongs to. For example usage, see [Start or reply to a message thread](/chat/api/guides/crudl/messages#start_or_reply_to_a_message_thread)."
+          "description": "The thread the message belongs to. For example usage, see [Start or reply to a message thread](https://developers.google.com/chat/api/guides/crudl/messages#start_or_reply_to_a_message_thread)."
         },
         "threadReply": {
           "description": "Output only. When `true`, the message is a response in a reply thread. When `false`, the message is visible in the space's top-level conversation as either the first message of a thread or a message with no threaded replies. If the space doesn't support reply in threads, this field is always `false`.",
@@ -2633,7 +2633,7 @@
           "type": "string"
         },
         "threadKey": {
-          "description": "Optional. Opaque thread identifier. To start or add to a thread, create a message and specify a `threadKey` or the thread.name. For example usage, see [Start or reply to a message thread](/chat/api/guides/crudl/messages#start_or_reply_to_a_message_thread). For other requests, this is an output only field.",
+          "description": "Optional. Opaque thread identifier. To start or add to a thread, create a message and specify a `threadKey` or the thread.name. For example usage, see [Start or reply to a message thread](https://developers.google.com/chat/api/guides/crudl/messages#start_or_reply_to_a_message_thread). For other requests, this is an output only field.",
           "type": "string"
         }
       },
diff --git a/chat/v1/chat-gen.go b/chat/v1/chat-gen.go
index 40cf404ed06..e84f8ce1794 100644
--- a/chat/v1/chat-gen.go
+++ b/chat/v1/chat-gen.go
@@ -259,7 +259,7 @@ func (s *ActionParameter) MarshalJSON() ([]byte, error) {
 }
 
 // ActionResponse: Parameters that a Chat app can use to configure how
-// it's response is posted.
+// its response is posted.
 type ActionResponse struct {
 	// DialogAction: Input only. A response to an event related to a dialog
 	// (https://developers.google.com/chat/how-tos/dialogs). Must be
@@ -438,7 +438,7 @@ func (s *ActionStatus) MarshalJSON() ([]byte, error) {
 // message. Example plain-text message body: ``` Hello @FooBot how are
 // you!" ``` The corresponding annotations metadata: ```
 // "annotations":[{ "type":"USER_MENTION", "startIndex":6, "length":7,
-// "userMention": { "user": { "name":"users/107946847022116401880",
+// "userMention": { "user": { "name":"users/{user}",
 // "displayName":"FooBot", "avatarUrl":"https://goo.gl/aeDtrS",
 // "type":"BOT" }, "type":"MENTION" } }] ```
 type Annotation struct {
@@ -732,8 +732,10 @@ func (s *CardHeader) MarshalJSON() ([]byte, error) {
 
 // CardWithId: Widgets for Chat apps to specify.
 type CardWithId struct {
-	// Card: Card proto that allows Chat apps to specify UI elements and
-	// editable widgets.
+	// Card: Cards support a defined layout, interactive UI elements like
+	// buttons, and rich media like images. Use this card to present
+	// detailed information, gather information from users, and guide users
+	// to take a next step.
 	Card *GoogleAppsCardV1Card `json:"card,omitempty"`
 
 	// CardId: Required for `cardsV2` messages. Chat app-specified
@@ -3344,7 +3346,7 @@ type Membership struct {
 	// group conversations, everyone has this role.
 	//   "ROLE_MANAGER" - A space manager. The user has all basic
 	// permissions plus administrative permissions that allow them to manage
-	// the space, like adding or removing members. Only supports
+	// the space, like adding or removing members. Only supported in
 	// SpaceType.SPACE.
 	Role string `json:"role,omitempty"`
 
@@ -3400,7 +3402,7 @@ type Message struct {
 	// mentions stripped out.
 	ArgumentText string `json:"argumentText,omitempty"`
 
-	// Attachment: User uploaded attachment.
+	// Attachment: User-uploaded attachment.
 	Attachment []*Attachment `json:"attachment,omitempty"`
 
 	// Cards: Deprecated: Use `cards_v2` instead. Rich, formatted and
@@ -3412,7 +3414,7 @@ type Message struct {
 	// CardsV2: Richly formatted and interactive cards that display UI
 	// elements and editable widgets, such as: - Formatted text - Buttons -
 	// Clickable images - Checkboxes - Radio buttons - Input widgets. Cards
-	// are usually displayed below the text-body of a Chat message, but can
+	// are usually displayed below the text body of a Chat message, but can
 	// situationally appear other places, such as dialogs
 	// (https://developers.google.com/chat/how-tos/dialogs). The `cardId` is
 	// a unique identifier among cards in the same message and for
@@ -3470,7 +3472,7 @@ type Message struct {
 
 	// Thread: The thread the message belongs to. For example usage, see
 	// Start or reply to a message thread
-	// (/chat/api/guides/crudl/messages#start_or_reply_to_a_message_thread).
+	// (https://developers.google.com/chat/api/guides/crudl/messages#start_or_reply_to_a_message_thread).
 	Thread *Thread `json:"thread,omitempty"`
 
 	// ThreadReply: Output only. When `true`, the message is a response in a
@@ -3926,7 +3928,7 @@ type Thread struct {
 	// thread, create a message and specify a `threadKey` or the
 	// thread.name. For example usage, see Start or reply to a message
 	// thread
-	// (/chat/api/guides/crudl/messages#start_or_reply_to_a_message_thread).
+	// (https://developers.google.com/chat/api/guides/crudl/messages#start_or_reply_to_a_message_thread).
 	// For other requests, this is an output only field.
 	ThreadKey string `json:"threadKey,omitempty"`
 
@@ -5116,7 +5118,7 @@ func (c *SpacesMessagesCreateCall) RequestId(requestId string) *SpacesMessagesCr
 // to a thread, create a message and specify a `threadKey` or the
 // thread.name. For example usage, see Start or reply to a message
 // thread
-// (/chat/api/guides/crudl/messages#start_or_reply_to_a_message_thread).
+// (https://developers.google.com/chat/api/guides/crudl/messages#start_or_reply_to_a_message_thread).
 func (c *SpacesMessagesCreateCall) ThreadKey(threadKey string) *SpacesMessagesCreateCall {
 	c.urlParams_.Set("threadKey", threadKey)
 	return c
@@ -5254,7 +5256,7 @@ func (c *SpacesMessagesCreateCall) Do(opts ...googleapi.CallOption) (*Message, e
 	//       "type": "string"
 	//     },
 	//     "threadKey": {
-	//       "description": "Optional. Deprecated: Use thread.thread_key instead. Opaque thread identifier. To start or add to a thread, create a message and specify a `threadKey` or the thread.name. For example usage, see [Start or reply to a message thread](/chat/api/guides/crudl/messages#start_or_reply_to_a_message_thread).",
+	//       "description": "Optional. Deprecated: Use thread.thread_key instead. Opaque thread identifier. To start or add to a thread, create a message and specify a `threadKey` or the thread.name. For example usage, see [Start or reply to a message thread](https://developers.google.com/chat/api/guides/crudl/messages#start_or_reply_to_a_message_thread).",
 	//       "location": "query",
 	//       "type": "string"
 	//     }
@@ -5972,8 +5974,9 @@ type SpacesMessagesAttachmentsGetCall struct {
 }
 
 // Get: Gets the metadata of a message attachment. The attachment data
-// is fetched using the media API. Requires service account
-// authentication
+// is fetched using the media API
+// (https://developers.google.com/chat/api/reference/rest/v1/media/download).
+// Requires service account authentication
 // (https://developers.google.com/chat/api/guides/auth/service-accounts).
 //
 //   - name: Resource name of the attachment, in the form
@@ -6083,7 +6086,7 @@ func (c *SpacesMessagesAttachmentsGetCall) Do(opts ...googleapi.CallOption) (*At
 	}
 	return ret, nil
 	// {
-	//   "description": "Gets the metadata of a message attachment. The attachment data is fetched using the media API. Requires [service account authentication](https://developers.google.com/chat/api/guides/auth/service-accounts).",
+	//   "description": "Gets the metadata of a message attachment. The attachment data is fetched using the [media API](https://developers.google.com/chat/api/reference/rest/v1/media/download). Requires [service account authentication](https://developers.google.com/chat/api/guides/auth/service-accounts).",
 	//   "flatPath": "v1/spaces/{spacesId}/messages/{messagesId}/attachments/{attachmentsId}",
 	//   "httpMethod": "GET",
 	//   "id": "chat.spaces.messages.attachments.get",
diff --git a/chromemanagement/v1/chromemanagement-api.json b/chromemanagement/v1/chromemanagement-api.json
index a0c6d2fe1c7..fe2f73afd99 100644
--- a/chromemanagement/v1/chromemanagement-api.json
+++ b/chromemanagement/v1/chromemanagement-api.json
@@ -764,7 +764,7 @@
       }
     }
   },
-  "revision": "20230129",
+  "revision": "20230202",
   "rootUrl": "https://chromemanagement.googleapis.com/",
   "schemas": {
     "GoogleChromeManagementV1AndroidAppInfo": {
@@ -2630,6 +2630,14 @@
           "readOnly": true,
           "type": "array"
         },
+        "peripheralsReport": {
+          "description": "Output only. Peripherals reports collected periodically sorted in a decreasing order of report_time.",
+          "items": {
+            "$ref": "GoogleChromeManagementV1PeripheralsReport"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
         "serialNumber": {
           "description": "Output only. Device serial number. This value is the same as the Admin Console's Serial Number in the ChromeOS Devices tab.",
           "readOnly": true,
diff --git a/chromemanagement/v1/chromemanagement-gen.go b/chromemanagement/v1/chromemanagement-gen.go
index 54fa059f44b..d263ae2546d 100644
--- a/chromemanagement/v1/chromemanagement-gen.go
+++ b/chromemanagement/v1/chromemanagement-gen.go
@@ -2688,6 +2688,10 @@ type GoogleChromeManagementV1TelemetryDevice struct {
 	// ChromeOS update status.
 	OsUpdateStatus []*GoogleChromeManagementV1OsUpdateStatus `json:"osUpdateStatus,omitempty"`
 
+	// PeripheralsReport: Output only. Peripherals reports collected
+	// periodically sorted in a decreasing order of report_time.
+	PeripheralsReport []*GoogleChromeManagementV1PeripheralsReport `json:"peripheralsReport,omitempty"`
+
 	// SerialNumber: Output only. Device serial number. This value is the
 	// same as the Admin Console's Serial Number in the ChromeOS Devices
 	// tab.
diff --git a/cloudbilling/v1/cloudbilling-api.json b/cloudbilling/v1/cloudbilling-api.json
index a41b0d877c7..61102cd62af 100644
--- a/cloudbilling/v1/cloudbilling-api.json
+++ b/cloudbilling/v1/cloudbilling-api.json
@@ -521,7 +521,7 @@
       }
     }
   },
-  "revision": "20220908",
+  "revision": "20230130",
   "rootUrl": "https://cloudbilling.googleapis.com/",
   "schemas": {
     "AggregationInfo": {
@@ -644,7 +644,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/cloudbilling/v1/cloudbilling-gen.go b/cloudbilling/v1/cloudbilling-gen.go
index 26855d0bb85..4d9e271b4e1 100644
--- a/cloudbilling/v1/cloudbilling-gen.go
+++ b/cloudbilling/v1/cloudbilling-gen.go
@@ -430,7 +430,9 @@ type Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -447,9 +449,7 @@ type Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/cloudbilling/v1beta/cloudbilling-api.json b/cloudbilling/v1beta/cloudbilling-api.json
index 3cdd412f5d1..c960dd1d2e3 100644
--- a/cloudbilling/v1beta/cloudbilling-api.json
+++ b/cloudbilling/v1beta/cloudbilling-api.json
@@ -170,7 +170,7 @@
       }
     }
   },
-  "revision": "20221206",
+  "revision": "20230130",
   "rootUrl": "https://cloudbilling.googleapis.com/",
   "schemas": {
     "CacheFillRegions": {
@@ -736,6 +736,36 @@
       },
       "type": "object"
     },
+    "InterRegionEgress": {
+      "description": "Egress traffic between two regions.",
+      "id": "InterRegionEgress",
+      "properties": {
+        "destinationRegion": {
+          "description": "Which [region](https://cloud.google.com/compute/docs/regions-zones) the egress data goes to.",
+          "type": "string"
+        },
+        "egressRate": {
+          "$ref": "Usage",
+          "description": "VM to VM egress usage. Expected units such as \"GiBy/s, By/s, etc.\""
+        },
+        "sourceRegion": {
+          "description": "Which [region](https://cloud.google.com/compute/docs/regions-zones) the egress data comes from.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "IntraRegionEgress": {
+      "description": "Egress traffic within the same region. When source region and destination region are in the same zone, using the internal IP addresses, there isn't any egress charge.",
+      "id": "IntraRegionEgress",
+      "properties": {
+        "egressRate": {
+          "$ref": "Usage",
+          "description": "VM to VM egress usage. Expected units such as \"GiBy/s, By/s, etc.\""
+        }
+      },
+      "type": "object"
+    },
     "MachineType": {
       "description": "Specification of machine series, memory, and number of vCPUs.",
       "id": "MachineType",
@@ -1178,6 +1208,19 @@
       },
       "type": "object"
     },
+    "VmToVmEgressWorkload": {
+      "description": "Specify VM to VM egress.",
+      "id": "VmToVmEgressWorkload",
+      "properties": {
+        "interRegionEgress": {
+          "$ref": "InterRegionEgress"
+        },
+        "intraRegionEgress": {
+          "$ref": "IntraRegionEgress"
+        }
+      },
+      "type": "object"
+    },
     "Workload": {
       "description": "Specifies usage on a single Google Cloud product over a time frame. Each Google Cloud product has its own message, containing specific product configuration parameters of the product usage amounts along each dimension in which the product is billed.",
       "id": "Workload",
@@ -1221,6 +1264,10 @@
         "standardTierEgressWorkload": {
           "$ref": "StandardTierEgressWorkload",
           "description": "Usage on Standard Tier Internet Egress."
+        },
+        "vmToVmEgressWorkload": {
+          "$ref": "VmToVmEgressWorkload",
+          "description": "Usage on Vm to Vm Egress."
         }
       },
       "type": "object"
diff --git a/cloudbilling/v1beta/cloudbilling-gen.go b/cloudbilling/v1beta/cloudbilling-gen.go
index a5d357a6ba4..f2227cc3ee6 100644
--- a/cloudbilling/v1beta/cloudbilling-gen.go
+++ b/cloudbilling/v1beta/cloudbilling-gen.go
@@ -1097,6 +1097,77 @@ func (s *GuestAccelerator) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+// InterRegionEgress: Egress traffic between two regions.
+type InterRegionEgress struct {
+	// DestinationRegion: Which region
+	// (https://cloud.google.com/compute/docs/regions-zones) the egress data
+	// goes to.
+	DestinationRegion string `json:"destinationRegion,omitempty"`
+
+	// EgressRate: VM to VM egress usage. Expected units such as "GiBy/s,
+	// By/s, etc."
+	EgressRate *Usage `json:"egressRate,omitempty"`
+
+	// SourceRegion: Which region
+	// (https://cloud.google.com/compute/docs/regions-zones) the egress data
+	// comes from.
+	SourceRegion string `json:"sourceRegion,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "DestinationRegion")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "DestinationRegion") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InterRegionEgress) MarshalJSON() ([]byte, error) {
+	type NoMethod InterRegionEgress
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// IntraRegionEgress: Egress traffic within the same region. When source
+// region and destination region are in the same zone, using the
+// internal IP addresses, there isn't any egress charge.
+type IntraRegionEgress struct {
+	// EgressRate: VM to VM egress usage. Expected units such as "GiBy/s,
+	// By/s, etc."
+	EgressRate *Usage `json:"egressRate,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "EgressRate") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "EgressRate") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *IntraRegionEgress) MarshalJSON() ([]byte, error) {
+	type NoMethod IntraRegionEgress
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // MachineType: Specification of machine series, memory, and number of
 // vCPUs.
 type MachineType struct {
@@ -1967,6 +2038,36 @@ func (s *VmResourceBasedCud) UnmarshalJSON(data []byte) error {
 	return nil
 }
 
+// VmToVmEgressWorkload: Specify VM to VM egress.
+type VmToVmEgressWorkload struct {
+	InterRegionEgress *InterRegionEgress `json:"interRegionEgress,omitempty"`
+
+	IntraRegionEgress *IntraRegionEgress `json:"intraRegionEgress,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "InterRegionEgress")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "InterRegionEgress") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *VmToVmEgressWorkload) MarshalJSON() ([]byte, error) {
+	type NoMethod VmToVmEgressWorkload
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // Workload: Specifies usage on a single Google Cloud product over a
 // time frame. Each Google Cloud product has its own message, containing
 // specific product configuration parameters of the product usage
@@ -2005,6 +2106,9 @@ type Workload struct {
 	// StandardTierEgressWorkload: Usage on Standard Tier Internet Egress.
 	StandardTierEgressWorkload *StandardTierEgressWorkload `json:"standardTierEgressWorkload,omitempty"`
 
+	// VmToVmEgressWorkload: Usage on Vm to Vm Egress.
+	VmToVmEgressWorkload *VmToVmEgressWorkload `json:"vmToVmEgressWorkload,omitempty"`
+
 	// ForceSendFields is a list of field names (e.g.
 	// "CloudCdnEgressWorkload") to unconditionally include in API requests.
 	// By default, fields with empty or default values are omitted from API
diff --git a/cloudkms/v1/cloudkms-api.json b/cloudkms/v1/cloudkms-api.json
index fdb5170a504..f95f3caa985 100644
--- a/cloudkms/v1/cloudkms-api.json
+++ b/cloudkms/v1/cloudkms-api.json
@@ -1676,7 +1676,7 @@
       }
     }
   },
-  "revision": "20221107",
+  "revision": "20230127",
   "rootUrl": "https://cloudkms.googleapis.com/",
   "schemas": {
     "AsymmetricDecryptRequest": {
@@ -1865,7 +1865,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/cloudkms/v1/cloudkms-gen.go b/cloudkms/v1/cloudkms-gen.go
index 66b8efe7093..98e0b92fd8c 100644
--- a/cloudkms/v1/cloudkms-gen.go
+++ b/cloudkms/v1/cloudkms-gen.go
@@ -637,7 +637,9 @@ type Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -654,9 +656,7 @@ type Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/cloudtrace/v2/cloudtrace-api.json b/cloudtrace/v2/cloudtrace-api.json
index 0ad5de07a78..c0ec86391c1 100644
--- a/cloudtrace/v2/cloudtrace-api.json
+++ b/cloudtrace/v2/cloudtrace-api.json
@@ -181,7 +181,7 @@
       }
     }
   },
-  "revision": "20230118",
+  "revision": "20230126",
   "rootUrl": "https://cloudtrace.googleapis.com/",
   "schemas": {
     "Annotation": {
@@ -362,7 +362,7 @@
       "type": "object"
     },
     "Span": {
-      "description": "A span represents a single operation within a trace. Spans can be nested to form a trace tree. Often, a trace contains a root span that describes the end-to-end latency, and one or more subspans for its sub-operations. A trace can also contain multiple root spans, or none at all. Spans do not need to be contiguous—there might be gaps or overlaps between spans in a trace.",
+      "description": "A span represents a single operation within a trace. Spans can be nested to form a trace tree. Often, a trace contains a root span that describes the end-to-end latency, and one or more subspans for its sub-operations. A trace can also contain multiple root spans, or none at all. Spans do not need to be contiguous. There might be gaps or overlaps between spans in a trace.",
       "id": "Span",
       "properties": {
         "attributes": {
diff --git a/cloudtrace/v2/cloudtrace-gen.go b/cloudtrace/v2/cloudtrace-gen.go
index a45d134fb2f..1de1f361efc 100644
--- a/cloudtrace/v2/cloudtrace-gen.go
+++ b/cloudtrace/v2/cloudtrace-gen.go
@@ -496,7 +496,7 @@ func (s *Module) MarshalJSON() ([]byte, error) {
 // be nested to form a trace tree. Often, a trace contains a root span
 // that describes the end-to-end latency, and one or more subspans for
 // its sub-operations. A trace can also contain multiple root spans, or
-// none at all. Spans do not need to be contiguous—there might be gaps
+// none at all. Spans do not need to be contiguous. There might be gaps
 // or overlaps between spans in a trace.
 type Span struct {
 	// Attributes: A set of attributes on the span. You can have up to 32
diff --git a/containeranalysis/v1/containeranalysis-api.json b/containeranalysis/v1/containeranalysis-api.json
index d98b7c896b4..e8f9e2cbf93 100644
--- a/containeranalysis/v1/containeranalysis-api.json
+++ b/containeranalysis/v1/containeranalysis-api.json
@@ -755,7 +755,7 @@
       }
     }
   },
-  "revision": "20230120",
+  "revision": "20230127",
   "rootUrl": "https://containeranalysis.googleapis.com/",
   "schemas": {
     "AliasContext": {
@@ -922,7 +922,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/containeranalysis/v1/containeranalysis-gen.go b/containeranalysis/v1/containeranalysis-gen.go
index 7e6810d43d1..c7154e53f6f 100644
--- a/containeranalysis/v1/containeranalysis-gen.go
+++ b/containeranalysis/v1/containeranalysis-gen.go
@@ -530,7 +530,9 @@ type Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -547,9 +549,7 @@ type Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/containeranalysis/v1alpha1/containeranalysis-api.json b/containeranalysis/v1alpha1/containeranalysis-api.json
index b883a5f6290..2f245912471 100644
--- a/containeranalysis/v1alpha1/containeranalysis-api.json
+++ b/containeranalysis/v1alpha1/containeranalysis-api.json
@@ -1229,7 +1229,7 @@
       }
     }
   },
-  "revision": "20230120",
+  "revision": "20230127",
   "rootUrl": "https://containeranalysis.googleapis.com/",
   "schemas": {
     "AnalysisCompleted": {
@@ -1327,7 +1327,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/containeranalysis/v1alpha1/containeranalysis-gen.go b/containeranalysis/v1alpha1/containeranalysis-gen.go
index ecc33f9ea96..bd13710819f 100644
--- a/containeranalysis/v1alpha1/containeranalysis-gen.go
+++ b/containeranalysis/v1alpha1/containeranalysis-gen.go
@@ -494,7 +494,9 @@ type Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -511,9 +513,7 @@ type Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/containeranalysis/v1beta1/containeranalysis-api.json b/containeranalysis/v1beta1/containeranalysis-api.json
index 846ba09b32d..5d6bd4a85c8 100644
--- a/containeranalysis/v1beta1/containeranalysis-api.json
+++ b/containeranalysis/v1beta1/containeranalysis-api.json
@@ -755,7 +755,7 @@
       }
     }
   },
-  "revision": "20230120",
+  "revision": "20230127",
   "rootUrl": "https://containeranalysis.googleapis.com/",
   "schemas": {
     "AliasContext": {
@@ -948,7 +948,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/containeranalysis/v1beta1/containeranalysis-gen.go b/containeranalysis/v1beta1/containeranalysis-gen.go
index 847aa1ea335..e992e623f88 100644
--- a/containeranalysis/v1beta1/containeranalysis-gen.go
+++ b/containeranalysis/v1beta1/containeranalysis-gen.go
@@ -606,7 +606,9 @@ type Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -623,9 +625,7 @@ type Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/dataplex/v1/dataplex-api.json b/dataplex/v1/dataplex-api.json
index 0f7b283144f..2f270904128 100644
--- a/dataplex/v1/dataplex-api.json
+++ b/dataplex/v1/dataplex-api.json
@@ -3980,7 +3980,7 @@
       }
     }
   },
-  "revision": "20230120",
+  "revision": "20230125",
   "rootUrl": "https://dataplex.googleapis.com/",
   "schemas": {
     "Empty": {
@@ -4659,7 +4659,7 @@
       "type": "object"
     },
     "GoogleCloudDataplexV1DataAccessSpec": {
-      "description": "DataAccessSpec holds the access control configuration to be enforced on data stored within resources (eg: rows, columns in BigQuery Tables). When associated with data,the data is only accessible to principals explicitly granted access through the DataAttribute. Principals with access to the containing resource are not implicitly granted access.",
+      "description": "DataAccessSpec holds the access control configuration to be enforced on data stored within resources (eg: rows, columns in BigQuery Tables). When associated with data, the data is only accessible to principals explicitly granted access through the DataAccessSpec. Principals with access to the containing resource are not implicitly granted access.",
       "id": "GoogleCloudDataplexV1DataAccessSpec",
       "properties": {
         "readers": {
@@ -8114,7 +8114,7 @@
           "description": "The condition that is associated with this binding.If the condition evaluates to true, then this binding applies to the current request.If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. members can have the following values: allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding. domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com.",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. members can have the following values: allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/dataplex/v1/dataplex-gen.go b/dataplex/v1/dataplex-gen.go
index a5fa0e87d04..001997a1362 100644
--- a/dataplex/v1/dataplex-gen.go
+++ b/dataplex/v1/dataplex-gen.go
@@ -1332,9 +1332,9 @@ func (s *GoogleCloudDataplexV1ContentSqlScript) MarshalJSON() ([]byte, error) {
 
 // GoogleCloudDataplexV1DataAccessSpec: DataAccessSpec holds the access
 // control configuration to be enforced on data stored within resources
-// (eg: rows, columns in BigQuery Tables). When associated with data,the
-// data is only accessible to principals explicitly granted access
-// through the DataAttribute. Principals with access to the containing
+// (eg: rows, columns in BigQuery Tables). When associated with data,
+// the data is only accessible to principals explicitly granted access
+// through the DataAccessSpec. Principals with access to the containing
 // resource are not implicitly granted access.
 type GoogleCloudDataplexV1DataAccessSpec struct {
 	// Readers: Optional. The format of strings follows the pattern followed
@@ -6504,9 +6504,11 @@ type GoogleIamV1Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa].
 	// group:{emailid}: An email address that represents a Google group. For
-	// example, admins@example.com. deleted:user:{emailid}?uid={uniqueid}:
-	// An email address (plus unique identifier) representing a user that
-	// has been recently deleted. For example,
+	// example, admins@example.com. domain:{domain}: The G Suite domain
+	// (primary) that represents all the users of that domain. For example,
+	// google.com or example.com. deleted:user:{emailid}?uid={uniqueid}: An
+	// email address (plus unique identifier) representing a user that has
+	// been recently deleted. For example,
 	// alice@example.com?uid=123456789012345678901. If the user is
 	// recovered, this value reverts to user:{emailid} and the recovered
 	// user retains the role in the binding.
@@ -6521,9 +6523,7 @@ type GoogleIamV1Binding struct {
 	// that has been recently deleted. For example,
 	// admins@example.com?uid=123456789012345678901. If the group is
 	// recovered, this value reverts to group:{emailid} and the recovered
-	// group retains the role in the binding. domain:{domain}: The G Suite
-	// domain (primary) that represents all the users of that domain. For
-	// example, google.com or example.com.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of members, or principals.
diff --git a/gameservices/v1beta/gameservices-api.json b/gameservices/v1beta/gameservices-api.json
index 0b55992b0eb..c913155d50d 100644
--- a/gameservices/v1beta/gameservices-api.json
+++ b/gameservices/v1beta/gameservices-api.json
@@ -401,7 +401,7 @@
       }
     }
   },
-  "revision": "20220825",
+  "revision": "20230125",
   "rootUrl": "https://gameservices.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -492,7 +492,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/gameservices/v1beta/gameservices-gen.go b/gameservices/v1beta/gameservices-gen.go
index a7e69286eba..a7acb4e6afc 100644
--- a/gameservices/v1beta/gameservices-gen.go
+++ b/gameservices/v1beta/gameservices-gen.go
@@ -349,7 +349,9 @@ type Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -366,9 +368,7 @@ type Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/ml/v1/ml-api.json b/ml/v1/ml-api.json
index ac43a07dfd2..5d14126d231 100644
--- a/ml/v1/ml-api.json
+++ b/ml/v1/ml-api.json
@@ -1486,7 +1486,7 @@
       }
     }
   },
-  "revision": "20220826",
+  "revision": "20230128",
   "rootUrl": "https://ml.googleapis.com/",
   "schemas": {
     "GoogleApi__HttpBody": {
@@ -3705,7 +3705,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/ml/v1/ml-gen.go b/ml/v1/ml-gen.go
index 420e0d1af1e..50edeb74d88 100644
--- a/ml/v1/ml-gen.go
+++ b/ml/v1/ml-gen.go
@@ -4277,7 +4277,9 @@ type GoogleIamV1__Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -4294,9 +4296,7 @@ type GoogleIamV1__Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/networksecurity/v1/networksecurity-api.json b/networksecurity/v1/networksecurity-api.json
index 772ea1e3e28..1602c2231f4 100644
--- a/networksecurity/v1/networksecurity-api.json
+++ b/networksecurity/v1/networksecurity-api.json
@@ -1037,7 +1037,7 @@
       }
     }
   },
-  "revision": "20220902",
+  "revision": "20230130",
   "rootUrl": "https://networksecurity.googleapis.com/",
   "schemas": {
     "AuthorizationPolicy": {
@@ -1306,7 +1306,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/networksecurity/v1/networksecurity-gen.go b/networksecurity/v1/networksecurity-gen.go
index 6d716bfcb40..688eb8d6c83 100644
--- a/networksecurity/v1/networksecurity-gen.go
+++ b/networksecurity/v1/networksecurity-gen.go
@@ -693,7 +693,9 @@ type GoogleIamV1Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -710,9 +712,7 @@ type GoogleIamV1Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/networksecurity/v1beta1/networksecurity-api.json b/networksecurity/v1beta1/networksecurity-api.json
index c75baa9bfa8..171e97f4349 100644
--- a/networksecurity/v1beta1/networksecurity-api.json
+++ b/networksecurity/v1beta1/networksecurity-api.json
@@ -1259,7 +1259,7 @@
       }
     }
   },
-  "revision": "20221205",
+  "revision": "20230130",
   "rootUrl": "https://networksecurity.googleapis.com/",
   "schemas": {
     "AuthorizationPolicy": {
@@ -1528,7 +1528,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/networksecurity/v1beta1/networksecurity-gen.go b/networksecurity/v1beta1/networksecurity-gen.go
index e1c695cf2f5..d66a05947da 100644
--- a/networksecurity/v1beta1/networksecurity-gen.go
+++ b/networksecurity/v1beta1/networksecurity-gen.go
@@ -741,7 +741,9 @@ type GoogleIamV1Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -758,9 +760,7 @@ type GoogleIamV1Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/run/v1/run-api.json b/run/v1/run-api.json
index 47bbb18bc30..461c43d1d56 100644
--- a/run/v1/run-api.json
+++ b/run/v1/run-api.json
@@ -2289,7 +2289,7 @@
       }
     }
   },
-  "revision": "20230122",
+  "revision": "20230129",
   "rootUrl": "https://run.googleapis.com/",
   "schemas": {
     "Addressable": {
@@ -2374,7 +2374,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/run/v1/run-gen.go b/run/v1/run-gen.go
index e8e61f6b2ea..dbc89b708d5 100644
--- a/run/v1/run-gen.go
+++ b/run/v1/run-gen.go
@@ -564,7 +564,9 @@ type Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -581,9 +583,7 @@ type Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/run/v2/run-api.json b/run/v2/run-api.json
index fb2c2aa0ef4..d9301afd417 100644
--- a/run/v2/run-api.json
+++ b/run/v2/run-api.json
@@ -1087,7 +1087,7 @@
       }
     }
   },
-  "revision": "20230122",
+  "revision": "20230129",
   "rootUrl": "https://run.googleapis.com/",
   "schemas": {
     "GoogleCloudRunV2BinaryAuthorization": {
@@ -2959,7 +2959,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/run/v2/run-gen.go b/run/v2/run-gen.go
index ba04ab64809..8d788f1db99 100644
--- a/run/v2/run-gen.go
+++ b/run/v2/run-gen.go
@@ -2883,7 +2883,9 @@ type GoogleIamV1Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -2900,9 +2902,7 @@ type GoogleIamV1Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/safebrowsing/v4/safebrowsing-api.json b/safebrowsing/v4/safebrowsing-api.json
index 720309d1dcd..1650d940e14 100644
--- a/safebrowsing/v4/safebrowsing-api.json
+++ b/safebrowsing/v4/safebrowsing-api.json
@@ -127,7 +127,7 @@
           },
           "path": "v4/encodedFullHashes/{encodedRequest}",
           "response": {
-            "$ref": "GoogleSecuritySafebrowsingV4FindFullHashesResponse"
+            "$ref": "FindFullHashesResponse"
           }
         }
       }
@@ -163,7 +163,7 @@
           },
           "path": "v4/encodedUpdates/{encodedRequest}",
           "response": {
-            "$ref": "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse"
+            "$ref": "FetchThreatListUpdatesResponse"
           }
         }
       }
@@ -179,10 +179,10 @@
           "parameters": {},
           "path": "v4/fullHashes:find",
           "request": {
-            "$ref": "GoogleSecuritySafebrowsingV4FindFullHashesRequest"
+            "$ref": "FindFullHashesRequest"
           },
           "response": {
-            "$ref": "GoogleSecuritySafebrowsingV4FindFullHashesResponse"
+            "$ref": "FindFullHashesResponse"
           }
         }
       }
@@ -198,10 +198,10 @@
           "parameters": {},
           "path": "v4/threatHits",
           "request": {
-            "$ref": "GoogleSecuritySafebrowsingV4ThreatHit"
+            "$ref": "ThreatHit"
           },
           "response": {
-            "$ref": "GoogleProtobufEmpty"
+            "$ref": "Empty"
           }
         }
       }
@@ -217,10 +217,10 @@
           "parameters": {},
           "path": "v4/threatListUpdates:fetch",
           "request": {
-            "$ref": "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequest"
+            "$ref": "FetchThreatListUpdatesRequest"
           },
           "response": {
-            "$ref": "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse"
+            "$ref": "FetchThreatListUpdatesResponse"
           }
         }
       }
@@ -236,7 +236,7 @@
           "parameters": {},
           "path": "v4/threatLists",
           "response": {
-            "$ref": "GoogleSecuritySafebrowsingV4ListThreatListsResponse"
+            "$ref": "ListThreatListsResponse"
           }
         }
       }
@@ -252,27 +252,21 @@
           "parameters": {},
           "path": "v4/threatMatches:find",
           "request": {
-            "$ref": "GoogleSecuritySafebrowsingV4FindThreatMatchesRequest"
+            "$ref": "FindThreatMatchesRequest"
           },
           "response": {
-            "$ref": "GoogleSecuritySafebrowsingV4FindThreatMatchesResponse"
+            "$ref": "FindThreatMatchesResponse"
           }
         }
       }
     }
   },
-  "revision": "20230121",
+  "revision": "20230129",
   "rootUrl": "https://safebrowsing.googleapis.com/",
   "schemas": {
-    "GoogleProtobufEmpty": {
-      "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }",
-      "id": "GoogleProtobufEmpty",
-      "properties": {},
-      "type": "object"
-    },
-    "GoogleSecuritySafebrowsingV4Checksum": {
+    "Checksum": {
       "description": "The expected state of a client's local database.",
-      "id": "GoogleSecuritySafebrowsingV4Checksum",
+      "id": "Checksum",
       "properties": {
         "sha256": {
           "description": "The SHA256 hash of the client state; that is, of the sorted list of all hashes present in the database.",
@@ -282,9 +276,9 @@
       },
       "type": "object"
     },
-    "GoogleSecuritySafebrowsingV4ClientInfo": {
+    "ClientInfo": {
       "description": "The client metadata associated with Safe Browsing API requests.",
-      "id": "GoogleSecuritySafebrowsingV4ClientInfo",
+      "id": "ClientInfo",
       "properties": {
         "clientId": {
           "description": "A client ID that (hopefully) uniquely identifies the client implementation of the Safe Browsing API.",
@@ -297,30 +291,191 @@
       },
       "type": "object"
     },
-    "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequest": {
+    "Constraints": {
+      "description": "The constraints for this update.",
+      "id": "Constraints",
+      "properties": {
+        "deviceLocation": {
+          "description": "A client's physical location, expressed as a ISO 31166-1 alpha-2 region code.",
+          "type": "string"
+        },
+        "language": {
+          "description": "Requests the lists for a specific language. Expects ISO 639 alpha-2 format.",
+          "type": "string"
+        },
+        "maxDatabaseEntries": {
+          "description": "Sets the maximum number of entries that the client is willing to have in the local database for the specified list. This should be a power of 2 between 2**10 and 2**20. If zero, no database size limit is set.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maxUpdateEntries": {
+          "description": "The maximum size in number of entries. The update will not contain more entries than this value. This should be a power of 2 between 2**10 and 2**20. If zero, no update size limit is set.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "region": {
+          "description": "Requests the list for a specific geographic location. If not set the server may pick that value based on the user's IP address. Expects ISO 3166-1 alpha-2 format.",
+          "type": "string"
+        },
+        "supportedCompressions": {
+          "description": "The compression types supported by the client.",
+          "items": {
+            "enum": [
+              "COMPRESSION_TYPE_UNSPECIFIED",
+              "RAW",
+              "RICE"
+            ],
+            "enumDescriptions": [
+              "Unknown.",
+              "Raw, uncompressed data.",
+              "Rice-Golomb encoded data."
+            ],
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "Empty": {
+      "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }",
+      "id": "Empty",
+      "properties": {},
+      "type": "object"
+    },
+    "FetchThreatListUpdatesRequest": {
       "description": "Describes a Safe Browsing API update request. Clients can request updates for multiple lists in a single request. The server may not respond to all requests, if the server has no updates for that list. NOTE: Field index 2 is unused. NEXT: 5",
-      "id": "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequest",
+      "id": "FetchThreatListUpdatesRequest",
       "properties": {
         "client": {
-          "$ref": "GoogleSecuritySafebrowsingV4ClientInfo",
+          "$ref": "ClientInfo",
           "description": "The client metadata."
         },
         "listUpdateRequests": {
           "description": "The requested threat list updates.",
           "items": {
-            "$ref": "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateRequest"
+            "$ref": "ListUpdateRequest"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "FetchThreatListUpdatesResponse": {
+      "id": "FetchThreatListUpdatesResponse",
+      "properties": {
+        "listUpdateResponses": {
+          "description": "The list updates requested by the clients. The number of responses here may be less than the number of requests sent by clients. This is the case, for example, if the server has no updates for a particular list.",
+          "items": {
+            "$ref": "ListUpdateResponse"
+          },
+          "type": "array"
+        },
+        "minimumWaitDuration": {
+          "description": "The minimum duration the client must wait before issuing any update request. If this field is not set clients may update as soon as they want.",
+          "format": "google-duration",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "FindFullHashesRequest": {
+      "description": "Request to return full hashes matched by the provided hash prefixes.",
+      "id": "FindFullHashesRequest",
+      "properties": {
+        "apiClient": {
+          "$ref": "ClientInfo",
+          "description": "Client metadata associated with callers of higher-level APIs built on top of the client's implementation."
+        },
+        "client": {
+          "$ref": "ClientInfo",
+          "description": "The client metadata."
+        },
+        "clientStates": {
+          "description": "The current client states for each of the client's local threat lists.",
+          "items": {
+            "format": "byte",
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "threatInfo": {
+          "$ref": "ThreatInfo",
+          "description": "The lists and hashes to be checked."
+        }
+      },
+      "type": "object"
+    },
+    "FindFullHashesResponse": {
+      "id": "FindFullHashesResponse",
+      "properties": {
+        "matches": {
+          "description": "The full hashes that matched the requested prefixes.",
+          "items": {
+            "$ref": "ThreatMatch"
+          },
+          "type": "array"
+        },
+        "minimumWaitDuration": {
+          "description": "The minimum duration the client must wait before issuing any find hashes request. If this field is not set, clients can issue a request as soon as they want.",
+          "format": "google-duration",
+          "type": "string"
+        },
+        "negativeCacheDuration": {
+          "description": "For requested entities that did not match the threat list, how long to cache the response.",
+          "format": "google-duration",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "FindThreatMatchesRequest": {
+      "description": "Request to check entries against lists.",
+      "id": "FindThreatMatchesRequest",
+      "properties": {
+        "client": {
+          "$ref": "ClientInfo",
+          "description": "The client metadata."
+        },
+        "threatInfo": {
+          "$ref": "ThreatInfo",
+          "description": "The lists and entries to be checked for matches."
+        }
+      },
+      "type": "object"
+    },
+    "FindThreatMatchesResponse": {
+      "id": "FindThreatMatchesResponse",
+      "properties": {
+        "matches": {
+          "description": "The threat list matches.",
+          "items": {
+            "$ref": "ThreatMatch"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ListThreatListsResponse": {
+      "id": "ListThreatListsResponse",
+      "properties": {
+        "threatLists": {
+          "description": "The lists available for download by the client.",
+          "items": {
+            "$ref": "ThreatListDescriptor"
           },
           "type": "array"
         }
       },
       "type": "object"
     },
-    "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateRequest": {
+    "ListUpdateRequest": {
       "description": "A single list update request.",
-      "id": "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateRequest",
+      "id": "ListUpdateRequest",
       "properties": {
         "constraints": {
-          "$ref": "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateRequestConstraints",
+          "$ref": "Constraints",
           "description": "The constraints associated with this request."
         },
         "platformType": {
@@ -423,83 +578,19 @@
       },
       "type": "object"
     },
-    "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateRequestConstraints": {
-      "description": "The constraints for this update.",
-      "id": "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateRequestConstraints",
-      "properties": {
-        "deviceLocation": {
-          "description": "A client's physical location, expressed as a ISO 31166-1 alpha-2 region code.",
-          "type": "string"
-        },
-        "language": {
-          "description": "Requests the lists for a specific language. Expects ISO 639 alpha-2 format.",
-          "type": "string"
-        },
-        "maxDatabaseEntries": {
-          "description": "Sets the maximum number of entries that the client is willing to have in the local database for the specified list. This should be a power of 2 between 2**10 and 2**20. If zero, no database size limit is set.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "maxUpdateEntries": {
-          "description": "The maximum size in number of entries. The update will not contain more entries than this value. This should be a power of 2 between 2**10 and 2**20. If zero, no update size limit is set.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "region": {
-          "description": "Requests the list for a specific geographic location. If not set the server may pick that value based on the user's IP address. Expects ISO 3166-1 alpha-2 format.",
-          "type": "string"
-        },
-        "supportedCompressions": {
-          "description": "The compression types supported by the client.",
-          "items": {
-            "enum": [
-              "COMPRESSION_TYPE_UNSPECIFIED",
-              "RAW",
-              "RICE"
-            ],
-            "enumDescriptions": [
-              "Unknown.",
-              "Raw, uncompressed data.",
-              "Rice-Golomb encoded data."
-            ],
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse": {
-      "id": "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse",
-      "properties": {
-        "listUpdateResponses": {
-          "description": "The list updates requested by the clients. The number of responses here may be less than the number of requests sent by clients. This is the case, for example, if the server has no updates for a particular list.",
-          "items": {
-            "$ref": "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponseListUpdateResponse"
-          },
-          "type": "array"
-        },
-        "minimumWaitDuration": {
-          "description": "The minimum duration the client must wait before issuing any update request. If this field is not set clients may update as soon as they want.",
-          "format": "google-duration",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponseListUpdateResponse": {
+    "ListUpdateResponse": {
       "description": "An update to an individual list.",
-      "id": "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponseListUpdateResponse",
+      "id": "ListUpdateResponse",
       "properties": {
         "additions": {
           "description": "A set of entries to add to a local threat type's list. Repeated to allow for a combination of compressed and raw data to be sent in a single response.",
           "items": {
-            "$ref": "GoogleSecuritySafebrowsingV4ThreatEntrySet"
+            "$ref": "ThreatEntrySet"
           },
           "type": "array"
         },
         "checksum": {
-          "$ref": "GoogleSecuritySafebrowsingV4Checksum",
+          "$ref": "Checksum",
           "description": "The expected SHA256 hash of the client state; that is, of the sorted list of all hashes present in the database after applying the provided update. If the client state doesn't match the expected state, the client must disregard this update and retry later."
         },
         "newClientState": {
@@ -536,7 +627,7 @@
         "removals": {
           "description": "A set of entries to remove from a local threat type's list. In practice, this field is empty or contains exactly one ThreatEntrySet.",
           "items": {
-            "$ref": "GoogleSecuritySafebrowsingV4ThreatEntrySet"
+            "$ref": "ThreatEntrySet"
           },
           "type": "array"
         },
@@ -623,100 +714,26 @@
       },
       "type": "object"
     },
-    "GoogleSecuritySafebrowsingV4FindFullHashesRequest": {
-      "description": "Request to return full hashes matched by the provided hash prefixes.",
-      "id": "GoogleSecuritySafebrowsingV4FindFullHashesRequest",
-      "properties": {
-        "apiClient": {
-          "$ref": "GoogleSecuritySafebrowsingV4ClientInfo",
-          "description": "Client metadata associated with callers of higher-level APIs built on top of the client's implementation."
-        },
-        "client": {
-          "$ref": "GoogleSecuritySafebrowsingV4ClientInfo",
-          "description": "The client metadata."
-        },
-        "clientStates": {
-          "description": "The current client states for each of the client's local threat lists.",
-          "items": {
-            "format": "byte",
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "threatInfo": {
-          "$ref": "GoogleSecuritySafebrowsingV4ThreatInfo",
-          "description": "The lists and hashes to be checked."
-        }
-      },
-      "type": "object"
-    },
-    "GoogleSecuritySafebrowsingV4FindFullHashesResponse": {
-      "id": "GoogleSecuritySafebrowsingV4FindFullHashesResponse",
+    "MetadataEntry": {
+      "description": "A single metadata entry.",
+      "id": "MetadataEntry",
       "properties": {
-        "matches": {
-          "description": "The full hashes that matched the requested prefixes.",
-          "items": {
-            "$ref": "GoogleSecuritySafebrowsingV4ThreatMatch"
-          },
-          "type": "array"
-        },
-        "minimumWaitDuration": {
-          "description": "The minimum duration the client must wait before issuing any find hashes request. If this field is not set, clients can issue a request as soon as they want.",
-          "format": "google-duration",
+        "key": {
+          "description": "The metadata entry key. For JSON requests, the key is base64-encoded.",
+          "format": "byte",
           "type": "string"
         },
-        "negativeCacheDuration": {
-          "description": "For requested entities that did not match the threat list, how long to cache the response.",
-          "format": "google-duration",
+        "value": {
+          "description": "The metadata entry value. For JSON requests, the value is base64-encoded.",
+          "format": "byte",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "GoogleSecuritySafebrowsingV4FindThreatMatchesRequest": {
-      "description": "Request to check entries against lists.",
-      "id": "GoogleSecuritySafebrowsingV4FindThreatMatchesRequest",
-      "properties": {
-        "client": {
-          "$ref": "GoogleSecuritySafebrowsingV4ClientInfo",
-          "description": "The client metadata."
-        },
-        "threatInfo": {
-          "$ref": "GoogleSecuritySafebrowsingV4ThreatInfo",
-          "description": "The lists and entries to be checked for matches."
-        }
-      },
-      "type": "object"
-    },
-    "GoogleSecuritySafebrowsingV4FindThreatMatchesResponse": {
-      "id": "GoogleSecuritySafebrowsingV4FindThreatMatchesResponse",
-      "properties": {
-        "matches": {
-          "description": "The threat list matches.",
-          "items": {
-            "$ref": "GoogleSecuritySafebrowsingV4ThreatMatch"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "GoogleSecuritySafebrowsingV4ListThreatListsResponse": {
-      "id": "GoogleSecuritySafebrowsingV4ListThreatListsResponse",
-      "properties": {
-        "threatLists": {
-          "description": "The lists available for download by the client.",
-          "items": {
-            "$ref": "GoogleSecuritySafebrowsingV4ThreatListDescriptor"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "GoogleSecuritySafebrowsingV4RawHashes": {
+    "RawHashes": {
       "description": "The uncompressed threat entries in hash format of a particular prefix length. Hashes can be anywhere from 4 to 32 bytes in size. A large majority are 4 bytes, but some hashes are lengthened if they collide with the hash of a popular URL. Used for sending ThreatEntrySet to clients that do not support compression, or when sending non-4-byte hashes to clients that do support compression.",
-      "id": "GoogleSecuritySafebrowsingV4RawHashes",
+      "id": "RawHashes",
       "properties": {
         "prefixSize": {
           "description": "The number of bytes for each prefix encoded below. This field can be anywhere from 4 (shortest prefix) to 32 (full SHA256 hash).",
@@ -731,9 +748,9 @@
       },
       "type": "object"
     },
-    "GoogleSecuritySafebrowsingV4RawIndices": {
+    "RawIndices": {
       "description": "A set of raw indices to remove from a local list.",
-      "id": "GoogleSecuritySafebrowsingV4RawIndices",
+      "id": "RawIndices",
       "properties": {
         "indices": {
           "description": "The indices to remove from a lexicographically-sorted local list.",
@@ -746,9 +763,9 @@
       },
       "type": "object"
     },
-    "GoogleSecuritySafebrowsingV4RiceDeltaEncoding": {
+    "RiceDeltaEncoding": {
       "description": "The Rice-Golomb encoded data. Used for sending compressed 4-byte hashes or compressed removal indices.",
-      "id": "GoogleSecuritySafebrowsingV4RiceDeltaEncoding",
+      "id": "RiceDeltaEncoding",
       "properties": {
         "encodedData": {
           "description": "The encoded deltas that are encoded using the Golomb-Rice coder.",
@@ -773,9 +790,9 @@
       },
       "type": "object"
     },
-    "GoogleSecuritySafebrowsingV4ThreatEntry": {
+    "ThreatEntry": {
       "description": "An individual threat; for example, a malicious URL or its hash representation. Only one of these fields should be set.",
-      "id": "GoogleSecuritySafebrowsingV4ThreatEntry",
+      "id": "ThreatEntry",
       "properties": {
         "digest": {
           "description": "The digest of an executable in SHA256 format. The API supports both binary and hex digests. For JSON requests, digests are base64-encoded.",
@@ -794,40 +811,23 @@
       },
       "type": "object"
     },
-    "GoogleSecuritySafebrowsingV4ThreatEntryMetadata": {
+    "ThreatEntryMetadata": {
       "description": "The metadata associated with a specific threat entry. The client is expected to know the metadata key/value pairs associated with each threat type.",
-      "id": "GoogleSecuritySafebrowsingV4ThreatEntryMetadata",
+      "id": "ThreatEntryMetadata",
       "properties": {
         "entries": {
           "description": "The metadata entries.",
           "items": {
-            "$ref": "GoogleSecuritySafebrowsingV4ThreatEntryMetadataMetadataEntry"
+            "$ref": "MetadataEntry"
           },
           "type": "array"
         }
       },
       "type": "object"
     },
-    "GoogleSecuritySafebrowsingV4ThreatEntryMetadataMetadataEntry": {
-      "description": "A single metadata entry.",
-      "id": "GoogleSecuritySafebrowsingV4ThreatEntryMetadataMetadataEntry",
-      "properties": {
-        "key": {
-          "description": "The metadata entry key. For JSON requests, the key is base64-encoded.",
-          "format": "byte",
-          "type": "string"
-        },
-        "value": {
-          "description": "The metadata entry value. For JSON requests, the value is base64-encoded.",
-          "format": "byte",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "GoogleSecuritySafebrowsingV4ThreatEntrySet": {
+    "ThreatEntrySet": {
       "description": "A set of threats that should be added or removed from a client's local database.",
-      "id": "GoogleSecuritySafebrowsingV4ThreatEntrySet",
+      "id": "ThreatEntrySet",
       "properties": {
         "compressionType": {
           "description": "The compression type for the entries in this set.",
@@ -844,33 +844,33 @@
           "type": "string"
         },
         "rawHashes": {
-          "$ref": "GoogleSecuritySafebrowsingV4RawHashes",
+          "$ref": "RawHashes",
           "description": "The raw SHA256-formatted entries."
         },
         "rawIndices": {
-          "$ref": "GoogleSecuritySafebrowsingV4RawIndices",
+          "$ref": "RawIndices",
           "description": "The raw removal indices for a local list."
         },
         "riceHashes": {
-          "$ref": "GoogleSecuritySafebrowsingV4RiceDeltaEncoding",
+          "$ref": "RiceDeltaEncoding",
           "description": "The encoded 4-byte prefixes of SHA256-formatted entries, using a Golomb-Rice encoding. The hashes are converted to uint32, sorted in ascending order, then delta encoded and stored as encoded_data."
         },
         "riceIndices": {
-          "$ref": "GoogleSecuritySafebrowsingV4RiceDeltaEncoding",
+          "$ref": "RiceDeltaEncoding",
           "description": "The encoded local, lexicographically-sorted list indices, using a Golomb-Rice encoding. Used for sending compressed removal indices. The removal indices (uint32) are sorted in ascending order, then delta encoded and stored as encoded_data."
         }
       },
       "type": "object"
     },
-    "GoogleSecuritySafebrowsingV4ThreatHit": {
-      "id": "GoogleSecuritySafebrowsingV4ThreatHit",
+    "ThreatHit": {
+      "id": "ThreatHit",
       "properties": {
         "clientInfo": {
-          "$ref": "GoogleSecuritySafebrowsingV4ClientInfo",
+          "$ref": "ClientInfo",
           "description": "Client-reported identification."
         },
         "entry": {
-          "$ref": "GoogleSecuritySafebrowsingV4ThreatEntry",
+          "$ref": "ThreatEntry",
           "description": "The threat entry responsible for the hit. Full hash should be reported for hash-based hits."
         },
         "platformType": {
@@ -902,7 +902,7 @@
         "resources": {
           "description": "The resources related to the threat hit.",
           "items": {
-            "$ref": "GoogleSecuritySafebrowsingV4ThreatHitThreatSource"
+            "$ref": "ThreatSource"
           },
           "type": "array"
         },
@@ -951,68 +951,15 @@
           "type": "string"
         },
         "userInfo": {
-          "$ref": "GoogleSecuritySafebrowsingV4ThreatHitUserInfo",
+          "$ref": "UserInfo",
           "description": "Details about the user that encountered the threat."
         }
       },
       "type": "object"
     },
-    "GoogleSecuritySafebrowsingV4ThreatHitThreatSource": {
-      "description": "A single resource related to a threat hit.",
-      "id": "GoogleSecuritySafebrowsingV4ThreatHitThreatSource",
-      "properties": {
-        "referrer": {
-          "description": "Referrer of the resource. Only set if the referrer is available.",
-          "type": "string"
-        },
-        "remoteIp": {
-          "description": "The remote IP of the resource in ASCII format. Either IPv4 or IPv6.",
-          "type": "string"
-        },
-        "type": {
-          "description": "The type of source reported.",
-          "enum": [
-            "THREAT_SOURCE_TYPE_UNSPECIFIED",
-            "MATCHING_URL",
-            "TAB_URL",
-            "TAB_REDIRECT",
-            "TAB_RESOURCE"
-          ],
-          "enumDescriptions": [
-            "Unknown.",
-            "The URL that matched the threat list (for which GetFullHash returned a valid hash).",
-            "The final top-level URL of the tab that the client was browsing when the match occurred.",
-            "A redirect URL that was fetched before hitting the final TAB_URL.",
-            "A resource loaded within the final TAB_URL."
-          ],
-          "type": "string"
-        },
-        "url": {
-          "description": "The URL of the resource.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "GoogleSecuritySafebrowsingV4ThreatHitUserInfo": {
-      "description": "Details about the user that encountered the threat.",
-      "id": "GoogleSecuritySafebrowsingV4ThreatHitUserInfo",
-      "properties": {
-        "regionCode": {
-          "description": "The UN M.49 region code associated with the user's location.",
-          "type": "string"
-        },
-        "userId": {
-          "description": "Unique user identifier defined by the client.",
-          "format": "byte",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "GoogleSecuritySafebrowsingV4ThreatInfo": {
+    "ThreatInfo": {
       "description": "The information regarding one or more threats that a client submits when checking for matches in threat lists.",
-      "id": "GoogleSecuritySafebrowsingV4ThreatInfo",
+      "id": "ThreatInfo",
       "properties": {
         "platformTypes": {
           "description": "The platform types to be checked.",
@@ -1046,7 +993,7 @@
         "threatEntries": {
           "description": "The threat entries to be checked.",
           "items": {
-            "$ref": "GoogleSecuritySafebrowsingV4ThreatEntry"
+            "$ref": "ThreatEntry"
           },
           "type": "array"
         },
@@ -1125,9 +1072,9 @@
       },
       "type": "object"
     },
-    "GoogleSecuritySafebrowsingV4ThreatListDescriptor": {
+    "ThreatListDescriptor": {
       "description": "Describes an individual threat list. A list is defined by three parameters: the type of threat posed, the type of platform targeted by the threat, and the type of entries in the list.",
-      "id": "GoogleSecuritySafebrowsingV4ThreatListDescriptor",
+      "id": "ThreatListDescriptor",
       "properties": {
         "platformType": {
           "description": "The platform type targeted by the list's entries.",
@@ -1224,9 +1171,9 @@
       },
       "type": "object"
     },
-    "GoogleSecuritySafebrowsingV4ThreatMatch": {
+    "ThreatMatch": {
       "description": "A match when checking a threat entry in the Safe Browsing threat lists.",
-      "id": "GoogleSecuritySafebrowsingV4ThreatMatch",
+      "id": "ThreatMatch",
       "properties": {
         "cacheDuration": {
           "description": "The cache lifetime for the returned match. Clients must not cache this response for more than this duration to avoid false positives.",
@@ -1260,11 +1207,11 @@
           "type": "string"
         },
         "threat": {
-          "$ref": "GoogleSecuritySafebrowsingV4ThreatEntry",
+          "$ref": "ThreatEntry",
           "description": "The threat matching this threat."
         },
         "threatEntryMetadata": {
-          "$ref": "GoogleSecuritySafebrowsingV4ThreatEntryMetadata",
+          "$ref": "ThreatEntryMetadata",
           "description": "Optional metadata associated with this threat."
         },
         "threatEntryType": {
@@ -1335,6 +1282,59 @@
         }
       },
       "type": "object"
+    },
+    "ThreatSource": {
+      "description": "A single resource related to a threat hit.",
+      "id": "ThreatSource",
+      "properties": {
+        "referrer": {
+          "description": "Referrer of the resource. Only set if the referrer is available.",
+          "type": "string"
+        },
+        "remoteIp": {
+          "description": "The remote IP of the resource in ASCII format. Either IPv4 or IPv6.",
+          "type": "string"
+        },
+        "type": {
+          "description": "The type of source reported.",
+          "enum": [
+            "THREAT_SOURCE_TYPE_UNSPECIFIED",
+            "MATCHING_URL",
+            "TAB_URL",
+            "TAB_REDIRECT",
+            "TAB_RESOURCE"
+          ],
+          "enumDescriptions": [
+            "Unknown.",
+            "The URL that matched the threat list (for which GetFullHash returned a valid hash).",
+            "The final top-level URL of the tab that the client was browsing when the match occurred.",
+            "A redirect URL that was fetched before hitting the final TAB_URL.",
+            "A resource loaded within the final TAB_URL."
+          ],
+          "type": "string"
+        },
+        "url": {
+          "description": "The URL of the resource.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "UserInfo": {
+      "description": "Details about the user that encountered the threat.",
+      "id": "UserInfo",
+      "properties": {
+        "regionCode": {
+          "description": "The UN M.49 region code associated with the user's location.",
+          "type": "string"
+        },
+        "userId": {
+          "description": "Unique user identifier defined by the client.",
+          "format": "byte",
+          "type": "string"
+        }
+      },
+      "type": "object"
     }
   },
   "servicePath": "",
diff --git a/safebrowsing/v4/safebrowsing-gen.go b/safebrowsing/v4/safebrowsing-gen.go
index 30c93e9f967..731ebb8a0ba 100644
--- a/safebrowsing/v4/safebrowsing-gen.go
+++ b/safebrowsing/v4/safebrowsing-gen.go
@@ -206,20 +206,8 @@ type ThreatMatchesService struct {
 	s *Service
 }
 
-// GoogleProtobufEmpty: A generic empty message that you can re-use to
-// avoid defining duplicated empty messages in your APIs. A typical
-// example is to use it as the request or the response type of an API
-// method. For instance: service Foo { rpc Bar(google.protobuf.Empty)
-// returns (google.protobuf.Empty); }
-type GoogleProtobufEmpty struct {
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-}
-
-// GoogleSecuritySafebrowsingV4Checksum: The expected state of a
-// client's local database.
-type GoogleSecuritySafebrowsingV4Checksum struct {
+// Checksum: The expected state of a client's local database.
+type Checksum struct {
 	// Sha256: The SHA256 hash of the client state; that is, of the sorted
 	// list of all hashes present in the database.
 	Sha256 string `json:"sha256,omitempty"`
@@ -241,15 +229,15 @@ type GoogleSecuritySafebrowsingV4Checksum struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4Checksum) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4Checksum
+func (s *Checksum) MarshalJSON() ([]byte, error) {
+	type NoMethod Checksum
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// GoogleSecuritySafebrowsingV4ClientInfo: The client metadata
-// associated with Safe Browsing API requests.
-type GoogleSecuritySafebrowsingV4ClientInfo struct {
+// ClientInfo: The client metadata associated with Safe Browsing API
+// requests.
+type ClientInfo struct {
 	// ClientId: A client ID that (hopefully) uniquely identifies the client
 	// implementation of the Safe Browsing API.
 	ClientId string `json:"clientId,omitempty"`
@@ -274,142 +262,14 @@ type GoogleSecuritySafebrowsingV4ClientInfo struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4ClientInfo) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4ClientInfo
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequest: Describes
-// a Safe Browsing API update request. Clients can request updates for
-// multiple lists in a single request. The server may not respond to all
-// requests, if the server has no updates for that list. NOTE: Field
-// index 2 is unused. NEXT: 5
-type GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequest struct {
-	// Client: The client metadata.
-	Client *GoogleSecuritySafebrowsingV4ClientInfo `json:"client,omitempty"`
-
-	// ListUpdateRequests: The requested threat list updates.
-	ListUpdateRequests []*GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateRequest `json:"listUpdateRequests,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Client") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Client") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequest) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequest
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateReq
-// uest: A single list update request.
-type GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateRequest struct {
-	// Constraints: The constraints associated with this request.
-	Constraints *GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateRequestConstraints `json:"constraints,omitempty"`
-
-	// PlatformType: The type of platform at risk by entries present in the
-	// list.
-	//
-	// Possible values:
-	//   "PLATFORM_TYPE_UNSPECIFIED" - Unknown platform.
-	//   "WINDOWS" - Threat posed to Windows.
-	//   "LINUX" - Threat posed to Linux.
-	//   "ANDROID" - Threat posed to Android.
-	//   "OSX" - Threat posed to OS X.
-	//   "IOS" - Threat posed to iOS.
-	//   "ANY_PLATFORM" - Threat posed to at least one of the defined
-	// platforms.
-	//   "ALL_PLATFORMS" - Threat posed to all defined platforms.
-	//   "CHROME" - Threat posed to Chrome.
-	PlatformType string `json:"platformType,omitempty"`
-
-	// State: The current state of the client for the requested list (the
-	// encrypted client state that was received from the last successful
-	// list update).
-	State string `json:"state,omitempty"`
-
-	// ThreatEntryType: The types of entries present in the list.
-	//
-	// Possible values:
-	//   "THREAT_ENTRY_TYPE_UNSPECIFIED" - Unspecified.
-	//   "URL" - A URL.
-	//   "EXECUTABLE" - An executable program.
-	//   "IP_RANGE" - An IP range.
-	//   "CHROME_EXTENSION" - Chrome extension.
-	//   "FILENAME" - Filename.
-	//   "CERT" - CERT
-	ThreatEntryType string `json:"threatEntryType,omitempty"`
-
-	// ThreatType: The type of threat posed by entries present in the list.
-	//
-	// Possible values:
-	//   "THREAT_TYPE_UNSPECIFIED" - Unknown.
-	//   "MALWARE" - Malware threat type.
-	//   "SOCIAL_ENGINEERING" - Social engineering threat type.
-	//   "UNWANTED_SOFTWARE" - Unwanted software threat type.
-	//   "POTENTIALLY_HARMFUL_APPLICATION" - Potentially harmful application
-	// threat type.
-	//   "SOCIAL_ENGINEERING_INTERNAL" - Social engineering threat type for
-	// internal use.
-	//   "API_ABUSE" - API abuse threat type.
-	//   "MALICIOUS_BINARY" - Malicious binary threat type.
-	//   "CSD_WHITELIST" - Client side detection whitelist threat type.
-	//   "CSD_DOWNLOAD_WHITELIST" - Client side download detection whitelist
-	// threat type.
-	//   "CLIENT_INCIDENT" - Client incident threat type.
-	//   "CLIENT_INCIDENT_WHITELIST" - Whitelist used when detecting client
-	// incident threats.
-	//   "APK_MALWARE_OFFLINE" - List used for offline APK checks in PAM.
-	//   "SUBRESOURCE_FILTER" - Patterns to be used for activating the
-	// subresource filter.
-	//   "SUSPICIOUS" - Entities that are suspected to present a threat.
-	//   "TRICK_TO_BILL" - Trick-to-bill threat type.
-	//   "HIGH_CONFIDENCE_ALLOWLIST" - URL expressions that are very likely
-	// to be safe.
-	//   "ACCURACY_TIPS" - An experimental threat type related to Jigsaw.
-	// See https://jigsaw.google.com/.
-	ThreatType string `json:"threatType,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Constraints") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Constraints") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateRequest) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateRequest
+func (s *ClientInfo) MarshalJSON() ([]byte, error) {
+	type NoMethod ClientInfo
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateReq
-// uestConstraints: The constraints for this update.
-type GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateRequestConstraints struct {
+// Constraints: The constraints for this update.
+type Constraints struct {
 	// DeviceLocation: A client's physical location, expressed as a ISO
 	// 31166-1 alpha-2 region code.
 	DeviceLocation string `json:"deviceLocation,omitempty"`
@@ -460,18 +320,63 @@ type GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateRequestC
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateRequestConstraints) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequestListUpdateRequestConstraints
+func (s *Constraints) MarshalJSON() ([]byte, error) {
+	type NoMethod Constraints
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// Empty: A generic empty message that you can re-use to avoid defining
+// duplicated empty messages in your APIs. A typical example is to use
+// it as the request or the response type of an API method. For
+// instance: service Foo { rpc Bar(google.protobuf.Empty) returns
+// (google.protobuf.Empty); }
+type Empty struct {
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+}
+
+// FetchThreatListUpdatesRequest: Describes a Safe Browsing API update
+// request. Clients can request updates for multiple lists in a single
+// request. The server may not respond to all requests, if the server
+// has no updates for that list. NOTE: Field index 2 is unused. NEXT: 5
+type FetchThreatListUpdatesRequest struct {
+	// Client: The client metadata.
+	Client *ClientInfo `json:"client,omitempty"`
+
+	// ListUpdateRequests: The requested threat list updates.
+	ListUpdateRequests []*ListUpdateRequest `json:"listUpdateRequests,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Client") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Client") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *FetchThreatListUpdatesRequest) MarshalJSON() ([]byte, error) {
+	type NoMethod FetchThreatListUpdatesRequest
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse struct {
+type FetchThreatListUpdatesResponse struct {
 	// ListUpdateResponses: The list updates requested by the clients. The
 	// number of responses here may be less than the number of requests sent
 	// by clients. This is the case, for example, if the server has no
 	// updates for a particular list.
-	ListUpdateResponses []*GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponseListUpdateResponse `json:"listUpdateResponses,omitempty"`
+	ListUpdateResponses []*ListUpdateResponse `json:"listUpdateResponses,omitempty"`
 
 	// MinimumWaitDuration: The minimum duration the client must wait before
 	// issuing any update request. If this field is not set clients may
@@ -500,143 +405,28 @@ type GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponseListUpdateRe
-// sponse: An update to an individual list.
-type GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponseListUpdateResponse struct {
-	// Additions: A set of entries to add to a local threat type's list.
-	// Repeated to allow for a combination of compressed and raw data to be
-	// sent in a single response.
-	Additions []*GoogleSecuritySafebrowsingV4ThreatEntrySet `json:"additions,omitempty"`
-
-	// Checksum: The expected SHA256 hash of the client state; that is, of
-	// the sorted list of all hashes present in the database after applying
-	// the provided update. If the client state doesn't match the expected
-	// state, the client must disregard this update and retry later.
-	Checksum *GoogleSecuritySafebrowsingV4Checksum `json:"checksum,omitempty"`
-
-	// NewClientState: The new client state, in encrypted format. Opaque to
-	// clients.
-	NewClientState string `json:"newClientState,omitempty"`
-
-	// PlatformType: The platform type for which data is returned.
-	//
-	// Possible values:
-	//   "PLATFORM_TYPE_UNSPECIFIED" - Unknown platform.
-	//   "WINDOWS" - Threat posed to Windows.
-	//   "LINUX" - Threat posed to Linux.
-	//   "ANDROID" - Threat posed to Android.
-	//   "OSX" - Threat posed to OS X.
-	//   "IOS" - Threat posed to iOS.
-	//   "ANY_PLATFORM" - Threat posed to at least one of the defined
-	// platforms.
-	//   "ALL_PLATFORMS" - Threat posed to all defined platforms.
-	//   "CHROME" - Threat posed to Chrome.
-	PlatformType string `json:"platformType,omitempty"`
-
-	// Removals: A set of entries to remove from a local threat type's list.
-	// In practice, this field is empty or contains exactly one
-	// ThreatEntrySet.
-	Removals []*GoogleSecuritySafebrowsingV4ThreatEntrySet `json:"removals,omitempty"`
-
-	// ResponseType: The type of response. This may indicate that an action
-	// is required by the client when the response is received.
-	//
-	// Possible values:
-	//   "RESPONSE_TYPE_UNSPECIFIED" - Unknown.
-	//   "PARTIAL_UPDATE" - Partial updates are applied to the client's
-	// existing local database.
-	//   "FULL_UPDATE" - Full updates replace the client's entire local
-	// database. This means that either the client was seriously out-of-date
-	// or the client is believed to be corrupt.
-	ResponseType string `json:"responseType,omitempty"`
-
-	// ThreatEntryType: The format of the threats.
-	//
-	// Possible values:
-	//   "THREAT_ENTRY_TYPE_UNSPECIFIED" - Unspecified.
-	//   "URL" - A URL.
-	//   "EXECUTABLE" - An executable program.
-	//   "IP_RANGE" - An IP range.
-	//   "CHROME_EXTENSION" - Chrome extension.
-	//   "FILENAME" - Filename.
-	//   "CERT" - CERT
-	ThreatEntryType string `json:"threatEntryType,omitempty"`
-
-	// ThreatType: The threat type for which data is returned.
-	//
-	// Possible values:
-	//   "THREAT_TYPE_UNSPECIFIED" - Unknown.
-	//   "MALWARE" - Malware threat type.
-	//   "SOCIAL_ENGINEERING" - Social engineering threat type.
-	//   "UNWANTED_SOFTWARE" - Unwanted software threat type.
-	//   "POTENTIALLY_HARMFUL_APPLICATION" - Potentially harmful application
-	// threat type.
-	//   "SOCIAL_ENGINEERING_INTERNAL" - Social engineering threat type for
-	// internal use.
-	//   "API_ABUSE" - API abuse threat type.
-	//   "MALICIOUS_BINARY" - Malicious binary threat type.
-	//   "CSD_WHITELIST" - Client side detection whitelist threat type.
-	//   "CSD_DOWNLOAD_WHITELIST" - Client side download detection whitelist
-	// threat type.
-	//   "CLIENT_INCIDENT" - Client incident threat type.
-	//   "CLIENT_INCIDENT_WHITELIST" - Whitelist used when detecting client
-	// incident threats.
-	//   "APK_MALWARE_OFFLINE" - List used for offline APK checks in PAM.
-	//   "SUBRESOURCE_FILTER" - Patterns to be used for activating the
-	// subresource filter.
-	//   "SUSPICIOUS" - Entities that are suspected to present a threat.
-	//   "TRICK_TO_BILL" - Trick-to-bill threat type.
-	//   "HIGH_CONFIDENCE_ALLOWLIST" - URL expressions that are very likely
-	// to be safe.
-	//   "ACCURACY_TIPS" - An experimental threat type related to Jigsaw.
-	// See https://jigsaw.google.com/.
-	ThreatType string `json:"threatType,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Additions") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Additions") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponseListUpdateResponse) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponseListUpdateResponse
+func (s *FetchThreatListUpdatesResponse) MarshalJSON() ([]byte, error) {
+	type NoMethod FetchThreatListUpdatesResponse
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// GoogleSecuritySafebrowsingV4FindFullHashesRequest: Request to return
-// full hashes matched by the provided hash prefixes.
-type GoogleSecuritySafebrowsingV4FindFullHashesRequest struct {
+// FindFullHashesRequest: Request to return full hashes matched by the
+// provided hash prefixes.
+type FindFullHashesRequest struct {
 	// ApiClient: Client metadata associated with callers of higher-level
 	// APIs built on top of the client's implementation.
-	ApiClient *GoogleSecuritySafebrowsingV4ClientInfo `json:"apiClient,omitempty"`
+	ApiClient *ClientInfo `json:"apiClient,omitempty"`
 
 	// Client: The client metadata.
-	Client *GoogleSecuritySafebrowsingV4ClientInfo `json:"client,omitempty"`
+	Client *ClientInfo `json:"client,omitempty"`
 
 	// ClientStates: The current client states for each of the client's
 	// local threat lists.
 	ClientStates []string `json:"clientStates,omitempty"`
 
 	// ThreatInfo: The lists and hashes to be checked.
-	ThreatInfo *GoogleSecuritySafebrowsingV4ThreatInfo `json:"threatInfo,omitempty"`
+	ThreatInfo *ThreatInfo `json:"threatInfo,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "ApiClient") to
 	// unconditionally include in API requests. By default, fields with
@@ -655,15 +445,15 @@ type GoogleSecuritySafebrowsingV4FindFullHashesRequest struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4FindFullHashesRequest) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4FindFullHashesRequest
+func (s *FindFullHashesRequest) MarshalJSON() ([]byte, error) {
+	type NoMethod FindFullHashesRequest
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type GoogleSecuritySafebrowsingV4FindFullHashesResponse struct {
+type FindFullHashesResponse struct {
 	// Matches: The full hashes that matched the requested prefixes.
-	Matches []*GoogleSecuritySafebrowsingV4ThreatMatch `json:"matches,omitempty"`
+	Matches []*ThreatMatch `json:"matches,omitempty"`
 
 	// MinimumWaitDuration: The minimum duration the client must wait before
 	// issuing any find hashes request. If this field is not set, clients
@@ -695,20 +485,19 @@ type GoogleSecuritySafebrowsingV4FindFullHashesResponse struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4FindFullHashesResponse) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4FindFullHashesResponse
+func (s *FindFullHashesResponse) MarshalJSON() ([]byte, error) {
+	type NoMethod FindFullHashesResponse
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// GoogleSecuritySafebrowsingV4FindThreatMatchesRequest: Request to
-// check entries against lists.
-type GoogleSecuritySafebrowsingV4FindThreatMatchesRequest struct {
+// FindThreatMatchesRequest: Request to check entries against lists.
+type FindThreatMatchesRequest struct {
 	// Client: The client metadata.
-	Client *GoogleSecuritySafebrowsingV4ClientInfo `json:"client,omitempty"`
+	Client *ClientInfo `json:"client,omitempty"`
 
 	// ThreatInfo: The lists and entries to be checked for matches.
-	ThreatInfo *GoogleSecuritySafebrowsingV4ThreatInfo `json:"threatInfo,omitempty"`
+	ThreatInfo *ThreatInfo `json:"threatInfo,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "Client") to
 	// unconditionally include in API requests. By default, fields with
@@ -727,21 +516,257 @@ type GoogleSecuritySafebrowsingV4FindThreatMatchesRequest struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4FindThreatMatchesRequest) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4FindThreatMatchesRequest
+func (s *FindThreatMatchesRequest) MarshalJSON() ([]byte, error) {
+	type NoMethod FindThreatMatchesRequest
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type GoogleSecuritySafebrowsingV4FindThreatMatchesResponse struct {
+type FindThreatMatchesResponse struct {
 	// Matches: The threat list matches.
-	Matches []*GoogleSecuritySafebrowsingV4ThreatMatch `json:"matches,omitempty"`
+	Matches []*ThreatMatch `json:"matches,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Matches") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Matches") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *FindThreatMatchesResponse) MarshalJSON() ([]byte, error) {
+	type NoMethod FindThreatMatchesResponse
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type ListThreatListsResponse struct {
+	// ThreatLists: The lists available for download by the client.
+	ThreatLists []*ThreatListDescriptor `json:"threatLists,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "ThreatLists") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "ThreatLists") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *ListThreatListsResponse) MarshalJSON() ([]byte, error) {
+	type NoMethod ListThreatListsResponse
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// ListUpdateRequest: A single list update request.
+type ListUpdateRequest struct {
+	// Constraints: The constraints associated with this request.
+	Constraints *Constraints `json:"constraints,omitempty"`
+
+	// PlatformType: The type of platform at risk by entries present in the
+	// list.
+	//
+	// Possible values:
+	//   "PLATFORM_TYPE_UNSPECIFIED" - Unknown platform.
+	//   "WINDOWS" - Threat posed to Windows.
+	//   "LINUX" - Threat posed to Linux.
+	//   "ANDROID" - Threat posed to Android.
+	//   "OSX" - Threat posed to OS X.
+	//   "IOS" - Threat posed to iOS.
+	//   "ANY_PLATFORM" - Threat posed to at least one of the defined
+	// platforms.
+	//   "ALL_PLATFORMS" - Threat posed to all defined platforms.
+	//   "CHROME" - Threat posed to Chrome.
+	PlatformType string `json:"platformType,omitempty"`
+
+	// State: The current state of the client for the requested list (the
+	// encrypted client state that was received from the last successful
+	// list update).
+	State string `json:"state,omitempty"`
+
+	// ThreatEntryType: The types of entries present in the list.
+	//
+	// Possible values:
+	//   "THREAT_ENTRY_TYPE_UNSPECIFIED" - Unspecified.
+	//   "URL" - A URL.
+	//   "EXECUTABLE" - An executable program.
+	//   "IP_RANGE" - An IP range.
+	//   "CHROME_EXTENSION" - Chrome extension.
+	//   "FILENAME" - Filename.
+	//   "CERT" - CERT
+	ThreatEntryType string `json:"threatEntryType,omitempty"`
+
+	// ThreatType: The type of threat posed by entries present in the list.
+	//
+	// Possible values:
+	//   "THREAT_TYPE_UNSPECIFIED" - Unknown.
+	//   "MALWARE" - Malware threat type.
+	//   "SOCIAL_ENGINEERING" - Social engineering threat type.
+	//   "UNWANTED_SOFTWARE" - Unwanted software threat type.
+	//   "POTENTIALLY_HARMFUL_APPLICATION" - Potentially harmful application
+	// threat type.
+	//   "SOCIAL_ENGINEERING_INTERNAL" - Social engineering threat type for
+	// internal use.
+	//   "API_ABUSE" - API abuse threat type.
+	//   "MALICIOUS_BINARY" - Malicious binary threat type.
+	//   "CSD_WHITELIST" - Client side detection whitelist threat type.
+	//   "CSD_DOWNLOAD_WHITELIST" - Client side download detection whitelist
+	// threat type.
+	//   "CLIENT_INCIDENT" - Client incident threat type.
+	//   "CLIENT_INCIDENT_WHITELIST" - Whitelist used when detecting client
+	// incident threats.
+	//   "APK_MALWARE_OFFLINE" - List used for offline APK checks in PAM.
+	//   "SUBRESOURCE_FILTER" - Patterns to be used for activating the
+	// subresource filter.
+	//   "SUSPICIOUS" - Entities that are suspected to present a threat.
+	//   "TRICK_TO_BILL" - Trick-to-bill threat type.
+	//   "HIGH_CONFIDENCE_ALLOWLIST" - URL expressions that are very likely
+	// to be safe.
+	//   "ACCURACY_TIPS" - An experimental threat type related to Jigsaw.
+	// See https://jigsaw.google.com/.
+	ThreatType string `json:"threatType,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Constraints") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Constraints") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *ListUpdateRequest) MarshalJSON() ([]byte, error) {
+	type NoMethod ListUpdateRequest
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// ListUpdateResponse: An update to an individual list.
+type ListUpdateResponse struct {
+	// Additions: A set of entries to add to a local threat type's list.
+	// Repeated to allow for a combination of compressed and raw data to be
+	// sent in a single response.
+	Additions []*ThreatEntrySet `json:"additions,omitempty"`
+
+	// Checksum: The expected SHA256 hash of the client state; that is, of
+	// the sorted list of all hashes present in the database after applying
+	// the provided update. If the client state doesn't match the expected
+	// state, the client must disregard this update and retry later.
+	Checksum *Checksum `json:"checksum,omitempty"`
+
+	// NewClientState: The new client state, in encrypted format. Opaque to
+	// clients.
+	NewClientState string `json:"newClientState,omitempty"`
+
+	// PlatformType: The platform type for which data is returned.
+	//
+	// Possible values:
+	//   "PLATFORM_TYPE_UNSPECIFIED" - Unknown platform.
+	//   "WINDOWS" - Threat posed to Windows.
+	//   "LINUX" - Threat posed to Linux.
+	//   "ANDROID" - Threat posed to Android.
+	//   "OSX" - Threat posed to OS X.
+	//   "IOS" - Threat posed to iOS.
+	//   "ANY_PLATFORM" - Threat posed to at least one of the defined
+	// platforms.
+	//   "ALL_PLATFORMS" - Threat posed to all defined platforms.
+	//   "CHROME" - Threat posed to Chrome.
+	PlatformType string `json:"platformType,omitempty"`
+
+	// Removals: A set of entries to remove from a local threat type's list.
+	// In practice, this field is empty or contains exactly one
+	// ThreatEntrySet.
+	Removals []*ThreatEntrySet `json:"removals,omitempty"`
+
+	// ResponseType: The type of response. This may indicate that an action
+	// is required by the client when the response is received.
+	//
+	// Possible values:
+	//   "RESPONSE_TYPE_UNSPECIFIED" - Unknown.
+	//   "PARTIAL_UPDATE" - Partial updates are applied to the client's
+	// existing local database.
+	//   "FULL_UPDATE" - Full updates replace the client's entire local
+	// database. This means that either the client was seriously out-of-date
+	// or the client is believed to be corrupt.
+	ResponseType string `json:"responseType,omitempty"`
+
+	// ThreatEntryType: The format of the threats.
+	//
+	// Possible values:
+	//   "THREAT_ENTRY_TYPE_UNSPECIFIED" - Unspecified.
+	//   "URL" - A URL.
+	//   "EXECUTABLE" - An executable program.
+	//   "IP_RANGE" - An IP range.
+	//   "CHROME_EXTENSION" - Chrome extension.
+	//   "FILENAME" - Filename.
+	//   "CERT" - CERT
+	ThreatEntryType string `json:"threatEntryType,omitempty"`
 
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
+	// ThreatType: The threat type for which data is returned.
+	//
+	// Possible values:
+	//   "THREAT_TYPE_UNSPECIFIED" - Unknown.
+	//   "MALWARE" - Malware threat type.
+	//   "SOCIAL_ENGINEERING" - Social engineering threat type.
+	//   "UNWANTED_SOFTWARE" - Unwanted software threat type.
+	//   "POTENTIALLY_HARMFUL_APPLICATION" - Potentially harmful application
+	// threat type.
+	//   "SOCIAL_ENGINEERING_INTERNAL" - Social engineering threat type for
+	// internal use.
+	//   "API_ABUSE" - API abuse threat type.
+	//   "MALICIOUS_BINARY" - Malicious binary threat type.
+	//   "CSD_WHITELIST" - Client side detection whitelist threat type.
+	//   "CSD_DOWNLOAD_WHITELIST" - Client side download detection whitelist
+	// threat type.
+	//   "CLIENT_INCIDENT" - Client incident threat type.
+	//   "CLIENT_INCIDENT_WHITELIST" - Whitelist used when detecting client
+	// incident threats.
+	//   "APK_MALWARE_OFFLINE" - List used for offline APK checks in PAM.
+	//   "SUBRESOURCE_FILTER" - Patterns to be used for activating the
+	// subresource filter.
+	//   "SUSPICIOUS" - Entities that are suspected to present a threat.
+	//   "TRICK_TO_BILL" - Trick-to-bill threat type.
+	//   "HIGH_CONFIDENCE_ALLOWLIST" - URL expressions that are very likely
+	// to be safe.
+	//   "ACCURACY_TIPS" - An experimental threat type related to Jigsaw.
+	// See https://jigsaw.google.com/.
+	ThreatType string `json:"threatType,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "Matches") to
+	// ForceSendFields is a list of field names (e.g. "Additions") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -749,7 +774,7 @@ type GoogleSecuritySafebrowsingV4FindThreatMatchesResponse struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "Matches") to include in
+	// NullFields is a list of field names (e.g. "Additions") to include in
 	// API requests with the JSON null value. By default, fields with empty
 	// values are omitted from API requests. However, any field with an
 	// empty value appearing in NullFields will be sent to the server as
@@ -758,21 +783,23 @@ type GoogleSecuritySafebrowsingV4FindThreatMatchesResponse struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4FindThreatMatchesResponse) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4FindThreatMatchesResponse
+func (s *ListUpdateResponse) MarshalJSON() ([]byte, error) {
+	type NoMethod ListUpdateResponse
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type GoogleSecuritySafebrowsingV4ListThreatListsResponse struct {
-	// ThreatLists: The lists available for download by the client.
-	ThreatLists []*GoogleSecuritySafebrowsingV4ThreatListDescriptor `json:"threatLists,omitempty"`
+// MetadataEntry: A single metadata entry.
+type MetadataEntry struct {
+	// Key: The metadata entry key. For JSON requests, the key is
+	// base64-encoded.
+	Key string `json:"key,omitempty"`
 
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
+	// Value: The metadata entry value. For JSON requests, the value is
+	// base64-encoded.
+	Value string `json:"value,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "ThreatLists") to
+	// ForceSendFields is a list of field names (e.g. "Key") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -780,29 +807,28 @@ type GoogleSecuritySafebrowsingV4ListThreatListsResponse struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "ThreatLists") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
+	// NullFields is a list of field names (e.g. "Key") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
 	// null. It is an error if a field in this list has a non-empty value.
 	// This may be used to include null fields in Patch requests.
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4ListThreatListsResponse) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4ListThreatListsResponse
+func (s *MetadataEntry) MarshalJSON() ([]byte, error) {
+	type NoMethod MetadataEntry
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// GoogleSecuritySafebrowsingV4RawHashes: The uncompressed threat
-// entries in hash format of a particular prefix length. Hashes can be
-// anywhere from 4 to 32 bytes in size. A large majority are 4 bytes,
-// but some hashes are lengthened if they collide with the hash of a
-// popular URL. Used for sending ThreatEntrySet to clients that do not
-// support compression, or when sending non-4-byte hashes to clients
-// that do support compression.
-type GoogleSecuritySafebrowsingV4RawHashes struct {
+// RawHashes: The uncompressed threat entries in hash format of a
+// particular prefix length. Hashes can be anywhere from 4 to 32 bytes
+// in size. A large majority are 4 bytes, but some hashes are lengthened
+// if they collide with the hash of a popular URL. Used for sending
+// ThreatEntrySet to clients that do not support compression, or when
+// sending non-4-byte hashes to clients that do support compression.
+type RawHashes struct {
 	// PrefixSize: The number of bytes for each prefix encoded below. This
 	// field can be anywhere from 4 (shortest prefix) to 32 (full SHA256
 	// hash).
@@ -830,15 +856,14 @@ type GoogleSecuritySafebrowsingV4RawHashes struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4RawHashes) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4RawHashes
+func (s *RawHashes) MarshalJSON() ([]byte, error) {
+	type NoMethod RawHashes
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// GoogleSecuritySafebrowsingV4RawIndices: A set of raw indices to
-// remove from a local list.
-type GoogleSecuritySafebrowsingV4RawIndices struct {
+// RawIndices: A set of raw indices to remove from a local list.
+type RawIndices struct {
 	// Indices: The indices to remove from a lexicographically-sorted local
 	// list.
 	Indices []int64 `json:"indices,omitempty"`
@@ -860,16 +885,15 @@ type GoogleSecuritySafebrowsingV4RawIndices struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4RawIndices) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4RawIndices
+func (s *RawIndices) MarshalJSON() ([]byte, error) {
+	type NoMethod RawIndices
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// GoogleSecuritySafebrowsingV4RiceDeltaEncoding: The Rice-Golomb
-// encoded data. Used for sending compressed 4-byte hashes or compressed
-// removal indices.
-type GoogleSecuritySafebrowsingV4RiceDeltaEncoding struct {
+// RiceDeltaEncoding: The Rice-Golomb encoded data. Used for sending
+// compressed 4-byte hashes or compressed removal indices.
+type RiceDeltaEncoding struct {
 	// EncodedData: The encoded deltas that are encoded using the
 	// Golomb-Rice coder.
 	EncodedData string `json:"encodedData,omitempty"`
@@ -906,16 +930,15 @@ type GoogleSecuritySafebrowsingV4RiceDeltaEncoding struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4RiceDeltaEncoding) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4RiceDeltaEncoding
+func (s *RiceDeltaEncoding) MarshalJSON() ([]byte, error) {
+	type NoMethod RiceDeltaEncoding
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// GoogleSecuritySafebrowsingV4ThreatEntry: An individual threat; for
-// example, a malicious URL or its hash representation. Only one of
-// these fields should be set.
-type GoogleSecuritySafebrowsingV4ThreatEntry struct {
+// ThreatEntry: An individual threat; for example, a malicious URL or
+// its hash representation. Only one of these fields should be set.
+type ThreatEntry struct {
 	// Digest: The digest of an executable in SHA256 format. The API
 	// supports both binary and hex digests. For JSON requests, digests are
 	// base64-encoded.
@@ -946,18 +969,18 @@ type GoogleSecuritySafebrowsingV4ThreatEntry struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4ThreatEntry) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4ThreatEntry
+func (s *ThreatEntry) MarshalJSON() ([]byte, error) {
+	type NoMethod ThreatEntry
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// GoogleSecuritySafebrowsingV4ThreatEntryMetadata: The metadata
-// associated with a specific threat entry. The client is expected to
-// know the metadata key/value pairs associated with each threat type.
-type GoogleSecuritySafebrowsingV4ThreatEntryMetadata struct {
+// ThreatEntryMetadata: The metadata associated with a specific threat
+// entry. The client is expected to know the metadata key/value pairs
+// associated with each threat type.
+type ThreatEntryMetadata struct {
 	// Entries: The metadata entries.
-	Entries []*GoogleSecuritySafebrowsingV4ThreatEntryMetadataMetadataEntry `json:"entries,omitempty"`
+	Entries []*MetadataEntry `json:"entries,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "Entries") to
 	// unconditionally include in API requests. By default, fields with
@@ -976,49 +999,15 @@ type GoogleSecuritySafebrowsingV4ThreatEntryMetadata struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4ThreatEntryMetadata) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4ThreatEntryMetadata
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// GoogleSecuritySafebrowsingV4ThreatEntryMetadataMetadataEntry: A
-// single metadata entry.
-type GoogleSecuritySafebrowsingV4ThreatEntryMetadataMetadataEntry struct {
-	// Key: The metadata entry key. For JSON requests, the key is
-	// base64-encoded.
-	Key string `json:"key,omitempty"`
-
-	// Value: The metadata entry value. For JSON requests, the value is
-	// base64-encoded.
-	Value string `json:"value,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Key") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Key") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *GoogleSecuritySafebrowsingV4ThreatEntryMetadataMetadataEntry) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4ThreatEntryMetadataMetadataEntry
+func (s *ThreatEntryMetadata) MarshalJSON() ([]byte, error) {
+	type NoMethod ThreatEntryMetadata
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// GoogleSecuritySafebrowsingV4ThreatEntrySet: A set of threats that
-// should be added or removed from a client's local database.
-type GoogleSecuritySafebrowsingV4ThreatEntrySet struct {
+// ThreatEntrySet: A set of threats that should be added or removed from
+// a client's local database.
+type ThreatEntrySet struct {
 	// CompressionType: The compression type for the entries in this set.
 	//
 	// Possible values:
@@ -1028,22 +1017,22 @@ type GoogleSecuritySafebrowsingV4ThreatEntrySet struct {
 	CompressionType string `json:"compressionType,omitempty"`
 
 	// RawHashes: The raw SHA256-formatted entries.
-	RawHashes *GoogleSecuritySafebrowsingV4RawHashes `json:"rawHashes,omitempty"`
+	RawHashes *RawHashes `json:"rawHashes,omitempty"`
 
 	// RawIndices: The raw removal indices for a local list.
-	RawIndices *GoogleSecuritySafebrowsingV4RawIndices `json:"rawIndices,omitempty"`
+	RawIndices *RawIndices `json:"rawIndices,omitempty"`
 
 	// RiceHashes: The encoded 4-byte prefixes of SHA256-formatted entries,
 	// using a Golomb-Rice encoding. The hashes are converted to uint32,
 	// sorted in ascending order, then delta encoded and stored as
 	// encoded_data.
-	RiceHashes *GoogleSecuritySafebrowsingV4RiceDeltaEncoding `json:"riceHashes,omitempty"`
+	RiceHashes *RiceDeltaEncoding `json:"riceHashes,omitempty"`
 
 	// RiceIndices: The encoded local, lexicographically-sorted list
 	// indices, using a Golomb-Rice encoding. Used for sending compressed
 	// removal indices. The removal indices (uint32) are sorted in ascending
 	// order, then delta encoded and stored as encoded_data.
-	RiceIndices *GoogleSecuritySafebrowsingV4RiceDeltaEncoding `json:"riceIndices,omitempty"`
+	RiceIndices *RiceDeltaEncoding `json:"riceIndices,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "CompressionType") to
 	// unconditionally include in API requests. By default, fields with
@@ -1063,19 +1052,19 @@ type GoogleSecuritySafebrowsingV4ThreatEntrySet struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4ThreatEntrySet) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4ThreatEntrySet
+func (s *ThreatEntrySet) MarshalJSON() ([]byte, error) {
+	type NoMethod ThreatEntrySet
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type GoogleSecuritySafebrowsingV4ThreatHit struct {
+type ThreatHit struct {
 	// ClientInfo: Client-reported identification.
-	ClientInfo *GoogleSecuritySafebrowsingV4ClientInfo `json:"clientInfo,omitempty"`
+	ClientInfo *ClientInfo `json:"clientInfo,omitempty"`
 
 	// Entry: The threat entry responsible for the hit. Full hash should be
 	// reported for hash-based hits.
-	Entry *GoogleSecuritySafebrowsingV4ThreatEntry `json:"entry,omitempty"`
+	Entry *ThreatEntry `json:"entry,omitempty"`
 
 	// PlatformType: The platform type reported.
 	//
@@ -1093,7 +1082,7 @@ type GoogleSecuritySafebrowsingV4ThreatHit struct {
 	PlatformType string `json:"platformType,omitempty"`
 
 	// Resources: The resources related to the threat hit.
-	Resources []*GoogleSecuritySafebrowsingV4ThreatHitThreatSource `json:"resources,omitempty"`
+	Resources []*ThreatSource `json:"resources,omitempty"`
 
 	// ThreatType: The threat type reported.
 	//
@@ -1126,7 +1115,7 @@ type GoogleSecuritySafebrowsingV4ThreatHit struct {
 	ThreatType string `json:"threatType,omitempty"`
 
 	// UserInfo: Details about the user that encountered the threat.
-	UserInfo *GoogleSecuritySafebrowsingV4ThreatHitUserInfo `json:"userInfo,omitempty"`
+	UserInfo *UserInfo `json:"userInfo,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "ClientInfo") to
 	// unconditionally include in API requests. By default, fields with
@@ -1145,99 +1134,15 @@ type GoogleSecuritySafebrowsingV4ThreatHit struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4ThreatHit) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4ThreatHit
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// GoogleSecuritySafebrowsingV4ThreatHitThreatSource: A single resource
-// related to a threat hit.
-type GoogleSecuritySafebrowsingV4ThreatHitThreatSource struct {
-	// Referrer: Referrer of the resource. Only set if the referrer is
-	// available.
-	Referrer string `json:"referrer,omitempty"`
-
-	// RemoteIp: The remote IP of the resource in ASCII format. Either IPv4
-	// or IPv6.
-	RemoteIp string `json:"remoteIp,omitempty"`
-
-	// Type: The type of source reported.
-	//
-	// Possible values:
-	//   "THREAT_SOURCE_TYPE_UNSPECIFIED" - Unknown.
-	//   "MATCHING_URL" - The URL that matched the threat list (for which
-	// GetFullHash returned a valid hash).
-	//   "TAB_URL" - The final top-level URL of the tab that the client was
-	// browsing when the match occurred.
-	//   "TAB_REDIRECT" - A redirect URL that was fetched before hitting the
-	// final TAB_URL.
-	//   "TAB_RESOURCE" - A resource loaded within the final TAB_URL.
-	Type string `json:"type,omitempty"`
-
-	// Url: The URL of the resource.
-	Url string `json:"url,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Referrer") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Referrer") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *GoogleSecuritySafebrowsingV4ThreatHitThreatSource) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4ThreatHitThreatSource
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// GoogleSecuritySafebrowsingV4ThreatHitUserInfo: Details about the user
-// that encountered the threat.
-type GoogleSecuritySafebrowsingV4ThreatHitUserInfo struct {
-	// RegionCode: The UN M.49 region code associated with the user's
-	// location.
-	RegionCode string `json:"regionCode,omitempty"`
-
-	// UserId: Unique user identifier defined by the client.
-	UserId string `json:"userId,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "RegionCode") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "RegionCode") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *GoogleSecuritySafebrowsingV4ThreatHitUserInfo) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4ThreatHitUserInfo
+func (s *ThreatHit) MarshalJSON() ([]byte, error) {
+	type NoMethod ThreatHit
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// GoogleSecuritySafebrowsingV4ThreatInfo: The information regarding one
-// or more threats that a client submits when checking for matches in
-// threat lists.
-type GoogleSecuritySafebrowsingV4ThreatInfo struct {
+// ThreatInfo: The information regarding one or more threats that a
+// client submits when checking for matches in threat lists.
+type ThreatInfo struct {
 	// PlatformTypes: The platform types to be checked.
 	//
 	// Possible values:
@@ -1254,7 +1159,7 @@ type GoogleSecuritySafebrowsingV4ThreatInfo struct {
 	PlatformTypes []string `json:"platformTypes,omitempty"`
 
 	// ThreatEntries: The threat entries to be checked.
-	ThreatEntries []*GoogleSecuritySafebrowsingV4ThreatEntry `json:"threatEntries,omitempty"`
+	ThreatEntries []*ThreatEntry `json:"threatEntries,omitempty"`
 
 	// ThreatEntryTypes: The entry types to be checked.
 	//
@@ -1315,17 +1220,16 @@ type GoogleSecuritySafebrowsingV4ThreatInfo struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4ThreatInfo) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4ThreatInfo
+func (s *ThreatInfo) MarshalJSON() ([]byte, error) {
+	type NoMethod ThreatInfo
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// GoogleSecuritySafebrowsingV4ThreatListDescriptor: Describes an
-// individual threat list. A list is defined by three parameters: the
-// type of threat posed, the type of platform targeted by the threat,
-// and the type of entries in the list.
-type GoogleSecuritySafebrowsingV4ThreatListDescriptor struct {
+// ThreatListDescriptor: Describes an individual threat list. A list is
+// defined by three parameters: the type of threat posed, the type of
+// platform targeted by the threat, and the type of entries in the list.
+type ThreatListDescriptor struct {
 	// PlatformType: The platform type targeted by the list's entries.
 	//
 	// Possible values:
@@ -1400,15 +1304,15 @@ type GoogleSecuritySafebrowsingV4ThreatListDescriptor struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4ThreatListDescriptor) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4ThreatListDescriptor
+func (s *ThreatListDescriptor) MarshalJSON() ([]byte, error) {
+	type NoMethod ThreatListDescriptor
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// GoogleSecuritySafebrowsingV4ThreatMatch: A match when checking a
-// threat entry in the Safe Browsing threat lists.
-type GoogleSecuritySafebrowsingV4ThreatMatch struct {
+// ThreatMatch: A match when checking a threat entry in the Safe
+// Browsing threat lists.
+type ThreatMatch struct {
 	// CacheDuration: The cache lifetime for the returned match. Clients
 	// must not cache this response for more than this duration to avoid
 	// false positives.
@@ -1430,10 +1334,10 @@ type GoogleSecuritySafebrowsingV4ThreatMatch struct {
 	PlatformType string `json:"platformType,omitempty"`
 
 	// Threat: The threat matching this threat.
-	Threat *GoogleSecuritySafebrowsingV4ThreatEntry `json:"threat,omitempty"`
+	Threat *ThreatEntry `json:"threat,omitempty"`
 
 	// ThreatEntryMetadata: Optional metadata associated with this threat.
-	ThreatEntryMetadata *GoogleSecuritySafebrowsingV4ThreatEntryMetadata `json:"threatEntryMetadata,omitempty"`
+	ThreatEntryMetadata *ThreatEntryMetadata `json:"threatEntryMetadata,omitempty"`
 
 	// ThreatEntryType: The threat entry type matching this threat.
 	//
@@ -1494,8 +1398,89 @@ type GoogleSecuritySafebrowsingV4ThreatMatch struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *GoogleSecuritySafebrowsingV4ThreatMatch) MarshalJSON() ([]byte, error) {
-	type NoMethod GoogleSecuritySafebrowsingV4ThreatMatch
+func (s *ThreatMatch) MarshalJSON() ([]byte, error) {
+	type NoMethod ThreatMatch
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// ThreatSource: A single resource related to a threat hit.
+type ThreatSource struct {
+	// Referrer: Referrer of the resource. Only set if the referrer is
+	// available.
+	Referrer string `json:"referrer,omitempty"`
+
+	// RemoteIp: The remote IP of the resource in ASCII format. Either IPv4
+	// or IPv6.
+	RemoteIp string `json:"remoteIp,omitempty"`
+
+	// Type: The type of source reported.
+	//
+	// Possible values:
+	//   "THREAT_SOURCE_TYPE_UNSPECIFIED" - Unknown.
+	//   "MATCHING_URL" - The URL that matched the threat list (for which
+	// GetFullHash returned a valid hash).
+	//   "TAB_URL" - The final top-level URL of the tab that the client was
+	// browsing when the match occurred.
+	//   "TAB_REDIRECT" - A redirect URL that was fetched before hitting the
+	// final TAB_URL.
+	//   "TAB_RESOURCE" - A resource loaded within the final TAB_URL.
+	Type string `json:"type,omitempty"`
+
+	// Url: The URL of the resource.
+	Url string `json:"url,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Referrer") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Referrer") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *ThreatSource) MarshalJSON() ([]byte, error) {
+	type NoMethod ThreatSource
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// UserInfo: Details about the user that encountered the threat.
+type UserInfo struct {
+	// RegionCode: The UN M.49 region code associated with the user's
+	// location.
+	RegionCode string `json:"regionCode,omitempty"`
+
+	// UserId: Unique user identifier defined by the client.
+	UserId string `json:"userId,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "RegionCode") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "RegionCode") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *UserInfo) MarshalJSON() ([]byte, error) {
+	type NoMethod UserInfo
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
@@ -1597,15 +1582,13 @@ func (c *EncodedFullHashesGetCall) doRequest(alt string) (*http.Response, error)
 }
 
 // Do executes the "safebrowsing.encodedFullHashes.get" call.
-// Exactly one of *GoogleSecuritySafebrowsingV4FindFullHashesResponse or
-// error will be non-nil. Any non-2xx status code is an error. Response
-// headers are in either
-// *GoogleSecuritySafebrowsingV4FindFullHashesResponse.ServerResponse.Hea
-// der or (if a response was returned at all) in
-// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
-// whether the returned error was because http.StatusNotModified was
-// returned.
-func (c *EncodedFullHashesGetCall) Do(opts ...googleapi.CallOption) (*GoogleSecuritySafebrowsingV4FindFullHashesResponse, error) {
+// Exactly one of *FindFullHashesResponse or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *FindFullHashesResponse.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *EncodedFullHashesGetCall) Do(opts ...googleapi.CallOption) (*FindFullHashesResponse, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -1624,7 +1607,7 @@ func (c *EncodedFullHashesGetCall) Do(opts ...googleapi.CallOption) (*GoogleSecu
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &GoogleSecuritySafebrowsingV4FindFullHashesResponse{
+	ret := &FindFullHashesResponse{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -1664,7 +1647,7 @@ func (c *EncodedFullHashesGetCall) Do(opts ...googleapi.CallOption) (*GoogleSecu
 	//   },
 	//   "path": "v4/encodedFullHashes/{encodedRequest}",
 	//   "response": {
-	//     "$ref": "GoogleSecuritySafebrowsingV4FindFullHashesResponse"
+	//     "$ref": "FindFullHashesResponse"
 	//   }
 	// }
 
@@ -1767,16 +1750,13 @@ func (c *EncodedUpdatesGetCall) doRequest(alt string) (*http.Response, error) {
 }
 
 // Do executes the "safebrowsing.encodedUpdates.get" call.
-// Exactly one of
-// *GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse or error
-// will be non-nil. Any non-2xx status code is an error. Response
-// headers are in either
-// *GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse.ServerResp
-// onse.Header or (if a response was returned at all) in
-// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
-// whether the returned error was because http.StatusNotModified was
-// returned.
-func (c *EncodedUpdatesGetCall) Do(opts ...googleapi.CallOption) (*GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse, error) {
+// Exactly one of *FetchThreatListUpdatesResponse or error will be
+// non-nil. Any non-2xx status code is an error. Response headers are in
+// either *FetchThreatListUpdatesResponse.ServerResponse.Header or (if a
+// response was returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *EncodedUpdatesGetCall) Do(opts ...googleapi.CallOption) (*FetchThreatListUpdatesResponse, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -1795,7 +1775,7 @@ func (c *EncodedUpdatesGetCall) Do(opts ...googleapi.CallOption) (*GoogleSecurit
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse{
+	ret := &FetchThreatListUpdatesResponse{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -1835,7 +1815,7 @@ func (c *EncodedUpdatesGetCall) Do(opts ...googleapi.CallOption) (*GoogleSecurit
 	//   },
 	//   "path": "v4/encodedUpdates/{encodedRequest}",
 	//   "response": {
-	//     "$ref": "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse"
+	//     "$ref": "FetchThreatListUpdatesResponse"
 	//   }
 	// }
 
@@ -1844,17 +1824,17 @@ func (c *EncodedUpdatesGetCall) Do(opts ...googleapi.CallOption) (*GoogleSecurit
 // method id "safebrowsing.fullHashes.find":
 
 type FullHashesFindCall struct {
-	s                                                 *Service
-	googlesecuritysafebrowsingv4findfullhashesrequest *GoogleSecuritySafebrowsingV4FindFullHashesRequest
-	urlParams_                                        gensupport.URLParams
-	ctx_                                              context.Context
-	header_                                           http.Header
+	s                     *Service
+	findfullhashesrequest *FindFullHashesRequest
+	urlParams_            gensupport.URLParams
+	ctx_                  context.Context
+	header_               http.Header
 }
 
 // Find: Finds the full hashes that match the requested hash prefixes.
-func (r *FullHashesService) Find(googlesecuritysafebrowsingv4findfullhashesrequest *GoogleSecuritySafebrowsingV4FindFullHashesRequest) *FullHashesFindCall {
+func (r *FullHashesService) Find(findfullhashesrequest *FindFullHashesRequest) *FullHashesFindCall {
 	c := &FullHashesFindCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.googlesecuritysafebrowsingv4findfullhashesrequest = googlesecuritysafebrowsingv4findfullhashesrequest
+	c.findfullhashesrequest = findfullhashesrequest
 	return c
 }
 
@@ -1891,7 +1871,7 @@ func (c *FullHashesFindCall) doRequest(alt string) (*http.Response, error) {
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.googlesecuritysafebrowsingv4findfullhashesrequest)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.findfullhashesrequest)
 	if err != nil {
 		return nil, err
 	}
@@ -1909,15 +1889,13 @@ func (c *FullHashesFindCall) doRequest(alt string) (*http.Response, error) {
 }
 
 // Do executes the "safebrowsing.fullHashes.find" call.
-// Exactly one of *GoogleSecuritySafebrowsingV4FindFullHashesResponse or
-// error will be non-nil. Any non-2xx status code is an error. Response
-// headers are in either
-// *GoogleSecuritySafebrowsingV4FindFullHashesResponse.ServerResponse.Hea
-// der or (if a response was returned at all) in
-// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
-// whether the returned error was because http.StatusNotModified was
-// returned.
-func (c *FullHashesFindCall) Do(opts ...googleapi.CallOption) (*GoogleSecuritySafebrowsingV4FindFullHashesResponse, error) {
+// Exactly one of *FindFullHashesResponse or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *FindFullHashesResponse.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *FullHashesFindCall) Do(opts ...googleapi.CallOption) (*FindFullHashesResponse, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -1936,7 +1914,7 @@ func (c *FullHashesFindCall) Do(opts ...googleapi.CallOption) (*GoogleSecuritySa
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &GoogleSecuritySafebrowsingV4FindFullHashesResponse{
+	ret := &FindFullHashesResponse{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -1956,10 +1934,10 @@ func (c *FullHashesFindCall) Do(opts ...googleapi.CallOption) (*GoogleSecuritySa
 	//   "parameters": {},
 	//   "path": "v4/fullHashes:find",
 	//   "request": {
-	//     "$ref": "GoogleSecuritySafebrowsingV4FindFullHashesRequest"
+	//     "$ref": "FindFullHashesRequest"
 	//   },
 	//   "response": {
-	//     "$ref": "GoogleSecuritySafebrowsingV4FindFullHashesResponse"
+	//     "$ref": "FindFullHashesResponse"
 	//   }
 	// }
 
@@ -1968,18 +1946,18 @@ func (c *FullHashesFindCall) Do(opts ...googleapi.CallOption) (*GoogleSecuritySa
 // method id "safebrowsing.threatHits.create":
 
 type ThreatHitsCreateCall struct {
-	s                                     *Service
-	googlesecuritysafebrowsingv4threathit *GoogleSecuritySafebrowsingV4ThreatHit
-	urlParams_                            gensupport.URLParams
-	ctx_                                  context.Context
-	header_                               http.Header
+	s          *Service
+	threathit  *ThreatHit
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
 }
 
 // Create: Reports a Safe Browsing threat list hit to Google. Only
 // projects with TRUSTED_REPORTER visibility can use this method.
-func (r *ThreatHitsService) Create(googlesecuritysafebrowsingv4threathit *GoogleSecuritySafebrowsingV4ThreatHit) *ThreatHitsCreateCall {
+func (r *ThreatHitsService) Create(threathit *ThreatHit) *ThreatHitsCreateCall {
 	c := &ThreatHitsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.googlesecuritysafebrowsingv4threathit = googlesecuritysafebrowsingv4threathit
+	c.threathit = threathit
 	return c
 }
 
@@ -2016,7 +1994,7 @@ func (c *ThreatHitsCreateCall) doRequest(alt string) (*http.Response, error) {
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.googlesecuritysafebrowsingv4threathit)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.threathit)
 	if err != nil {
 		return nil, err
 	}
@@ -2034,13 +2012,13 @@ func (c *ThreatHitsCreateCall) doRequest(alt string) (*http.Response, error) {
 }
 
 // Do executes the "safebrowsing.threatHits.create" call.
-// Exactly one of *GoogleProtobufEmpty or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *GoogleProtobufEmpty.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ThreatHitsCreateCall) Do(opts ...googleapi.CallOption) (*GoogleProtobufEmpty, error) {
+// Exactly one of *Empty or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Empty.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *ThreatHitsCreateCall) Do(opts ...googleapi.CallOption) (*Empty, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -2059,7 +2037,7 @@ func (c *ThreatHitsCreateCall) Do(opts ...googleapi.CallOption) (*GoogleProtobuf
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &GoogleProtobufEmpty{
+	ret := &Empty{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -2079,10 +2057,10 @@ func (c *ThreatHitsCreateCall) Do(opts ...googleapi.CallOption) (*GoogleProtobuf
 	//   "parameters": {},
 	//   "path": "v4/threatHits",
 	//   "request": {
-	//     "$ref": "GoogleSecuritySafebrowsingV4ThreatHit"
+	//     "$ref": "ThreatHit"
 	//   },
 	//   "response": {
-	//     "$ref": "GoogleProtobufEmpty"
+	//     "$ref": "Empty"
 	//   }
 	// }
 
@@ -2091,18 +2069,18 @@ func (c *ThreatHitsCreateCall) Do(opts ...googleapi.CallOption) (*GoogleProtobuf
 // method id "safebrowsing.threatListUpdates.fetch":
 
 type ThreatListUpdatesFetchCall struct {
-	s                                                         *Service
-	googlesecuritysafebrowsingv4fetchthreatlistupdatesrequest *GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequest
-	urlParams_                                                gensupport.URLParams
-	ctx_                                                      context.Context
-	header_                                                   http.Header
+	s                             *Service
+	fetchthreatlistupdatesrequest *FetchThreatListUpdatesRequest
+	urlParams_                    gensupport.URLParams
+	ctx_                          context.Context
+	header_                       http.Header
 }
 
 // Fetch: Fetches the most recent threat list updates. A client can
 // request updates for multiple lists at once.
-func (r *ThreatListUpdatesService) Fetch(googlesecuritysafebrowsingv4fetchthreatlistupdatesrequest *GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequest) *ThreatListUpdatesFetchCall {
+func (r *ThreatListUpdatesService) Fetch(fetchthreatlistupdatesrequest *FetchThreatListUpdatesRequest) *ThreatListUpdatesFetchCall {
 	c := &ThreatListUpdatesFetchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.googlesecuritysafebrowsingv4fetchthreatlistupdatesrequest = googlesecuritysafebrowsingv4fetchthreatlistupdatesrequest
+	c.fetchthreatlistupdatesrequest = fetchthreatlistupdatesrequest
 	return c
 }
 
@@ -2139,7 +2117,7 @@ func (c *ThreatListUpdatesFetchCall) doRequest(alt string) (*http.Response, erro
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.googlesecuritysafebrowsingv4fetchthreatlistupdatesrequest)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.fetchthreatlistupdatesrequest)
 	if err != nil {
 		return nil, err
 	}
@@ -2157,16 +2135,13 @@ func (c *ThreatListUpdatesFetchCall) doRequest(alt string) (*http.Response, erro
 }
 
 // Do executes the "safebrowsing.threatListUpdates.fetch" call.
-// Exactly one of
-// *GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse or error
-// will be non-nil. Any non-2xx status code is an error. Response
-// headers are in either
-// *GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse.ServerResp
-// onse.Header or (if a response was returned at all) in
-// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
-// whether the returned error was because http.StatusNotModified was
-// returned.
-func (c *ThreatListUpdatesFetchCall) Do(opts ...googleapi.CallOption) (*GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse, error) {
+// Exactly one of *FetchThreatListUpdatesResponse or error will be
+// non-nil. Any non-2xx status code is an error. Response headers are in
+// either *FetchThreatListUpdatesResponse.ServerResponse.Header or (if a
+// response was returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ThreatListUpdatesFetchCall) Do(opts ...googleapi.CallOption) (*FetchThreatListUpdatesResponse, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -2185,7 +2160,7 @@ func (c *ThreatListUpdatesFetchCall) Do(opts ...googleapi.CallOption) (*GoogleSe
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse{
+	ret := &FetchThreatListUpdatesResponse{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -2205,10 +2180,10 @@ func (c *ThreatListUpdatesFetchCall) Do(opts ...googleapi.CallOption) (*GoogleSe
 	//   "parameters": {},
 	//   "path": "v4/threatListUpdates:fetch",
 	//   "request": {
-	//     "$ref": "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesRequest"
+	//     "$ref": "FetchThreatListUpdatesRequest"
 	//   },
 	//   "response": {
-	//     "$ref": "GoogleSecuritySafebrowsingV4FetchThreatListUpdatesResponse"
+	//     "$ref": "FetchThreatListUpdatesResponse"
 	//   }
 	// }
 
@@ -2289,15 +2264,13 @@ func (c *ThreatListsListCall) doRequest(alt string) (*http.Response, error) {
 }
 
 // Do executes the "safebrowsing.threatLists.list" call.
-// Exactly one of *GoogleSecuritySafebrowsingV4ListThreatListsResponse
-// or error will be non-nil. Any non-2xx status code is an error.
-// Response headers are in either
-// *GoogleSecuritySafebrowsingV4ListThreatListsResponse.ServerResponse.He
-// ader or (if a response was returned at all) in
-// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
-// whether the returned error was because http.StatusNotModified was
-// returned.
-func (c *ThreatListsListCall) Do(opts ...googleapi.CallOption) (*GoogleSecuritySafebrowsingV4ListThreatListsResponse, error) {
+// Exactly one of *ListThreatListsResponse or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *ListThreatListsResponse.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ThreatListsListCall) Do(opts ...googleapi.CallOption) (*ListThreatListsResponse, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -2316,7 +2289,7 @@ func (c *ThreatListsListCall) Do(opts ...googleapi.CallOption) (*GoogleSecurityS
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &GoogleSecuritySafebrowsingV4ListThreatListsResponse{
+	ret := &ListThreatListsResponse{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -2336,7 +2309,7 @@ func (c *ThreatListsListCall) Do(opts ...googleapi.CallOption) (*GoogleSecurityS
 	//   "parameters": {},
 	//   "path": "v4/threatLists",
 	//   "response": {
-	//     "$ref": "GoogleSecuritySafebrowsingV4ListThreatListsResponse"
+	//     "$ref": "ListThreatListsResponse"
 	//   }
 	// }
 
@@ -2345,17 +2318,17 @@ func (c *ThreatListsListCall) Do(opts ...googleapi.CallOption) (*GoogleSecurityS
 // method id "safebrowsing.threatMatches.find":
 
 type ThreatMatchesFindCall struct {
-	s                                                    *Service
-	googlesecuritysafebrowsingv4findthreatmatchesrequest *GoogleSecuritySafebrowsingV4FindThreatMatchesRequest
-	urlParams_                                           gensupport.URLParams
-	ctx_                                                 context.Context
-	header_                                              http.Header
+	s                        *Service
+	findthreatmatchesrequest *FindThreatMatchesRequest
+	urlParams_               gensupport.URLParams
+	ctx_                     context.Context
+	header_                  http.Header
 }
 
 // Find: Finds the threat entries that match the Safe Browsing lists.
-func (r *ThreatMatchesService) Find(googlesecuritysafebrowsingv4findthreatmatchesrequest *GoogleSecuritySafebrowsingV4FindThreatMatchesRequest) *ThreatMatchesFindCall {
+func (r *ThreatMatchesService) Find(findthreatmatchesrequest *FindThreatMatchesRequest) *ThreatMatchesFindCall {
 	c := &ThreatMatchesFindCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.googlesecuritysafebrowsingv4findthreatmatchesrequest = googlesecuritysafebrowsingv4findthreatmatchesrequest
+	c.findthreatmatchesrequest = findthreatmatchesrequest
 	return c
 }
 
@@ -2392,7 +2365,7 @@ func (c *ThreatMatchesFindCall) doRequest(alt string) (*http.Response, error) {
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.googlesecuritysafebrowsingv4findthreatmatchesrequest)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.findthreatmatchesrequest)
 	if err != nil {
 		return nil, err
 	}
@@ -2410,15 +2383,13 @@ func (c *ThreatMatchesFindCall) doRequest(alt string) (*http.Response, error) {
 }
 
 // Do executes the "safebrowsing.threatMatches.find" call.
-// Exactly one of *GoogleSecuritySafebrowsingV4FindThreatMatchesResponse
-// or error will be non-nil. Any non-2xx status code is an error.
-// Response headers are in either
-// *GoogleSecuritySafebrowsingV4FindThreatMatchesResponse.ServerResponse.
-// Header or (if a response was returned at all) in
-// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
-// whether the returned error was because http.StatusNotModified was
-// returned.
-func (c *ThreatMatchesFindCall) Do(opts ...googleapi.CallOption) (*GoogleSecuritySafebrowsingV4FindThreatMatchesResponse, error) {
+// Exactly one of *FindThreatMatchesResponse or error will be non-nil.
+// Any non-2xx status code is an error. Response headers are in either
+// *FindThreatMatchesResponse.ServerResponse.Header or (if a response
+// was returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ThreatMatchesFindCall) Do(opts ...googleapi.CallOption) (*FindThreatMatchesResponse, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -2437,7 +2408,7 @@ func (c *ThreatMatchesFindCall) Do(opts ...googleapi.CallOption) (*GoogleSecurit
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &GoogleSecuritySafebrowsingV4FindThreatMatchesResponse{
+	ret := &FindThreatMatchesResponse{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -2457,10 +2428,10 @@ func (c *ThreatMatchesFindCall) Do(opts ...googleapi.CallOption) (*GoogleSecurit
 	//   "parameters": {},
 	//   "path": "v4/threatMatches:find",
 	//   "request": {
-	//     "$ref": "GoogleSecuritySafebrowsingV4FindThreatMatchesRequest"
+	//     "$ref": "FindThreatMatchesRequest"
 	//   },
 	//   "response": {
-	//     "$ref": "GoogleSecuritySafebrowsingV4FindThreatMatchesResponse"
+	//     "$ref": "FindThreatMatchesResponse"
 	//   }
 	// }
 
diff --git a/secretmanager/v1/secretmanager-api.json b/secretmanager/v1/secretmanager-api.json
index 98dcb9088a4..bbfabff4234 100644
--- a/secretmanager/v1/secretmanager-api.json
+++ b/secretmanager/v1/secretmanager-api.json
@@ -643,7 +643,7 @@
       }
     }
   },
-  "revision": "20220826",
+  "revision": "20230128",
   "rootUrl": "https://secretmanager.googleapis.com/",
   "schemas": {
     "AccessSecretVersionResponse": {
@@ -752,7 +752,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/secretmanager/v1/secretmanager-gen.go b/secretmanager/v1/secretmanager-gen.go
index 7ffceb5fe64..812eb31c62d 100644
--- a/secretmanager/v1/secretmanager-gen.go
+++ b/secretmanager/v1/secretmanager-gen.go
@@ -444,7 +444,9 @@ type Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -461,9 +463,7 @@ type Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/servicemanagement/v1/servicemanagement-api.json b/servicemanagement/v1/servicemanagement-api.json
index 123e605bd4b..89e853e0797 100644
--- a/servicemanagement/v1/servicemanagement-api.json
+++ b/servicemanagement/v1/servicemanagement-api.json
@@ -829,7 +829,7 @@
       }
     }
   },
-  "revision": "20221125",
+  "revision": "20230131",
   "rootUrl": "https://servicemanagement.googleapis.com/",
   "schemas": {
     "Advice": {
@@ -1149,7 +1149,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/servicemanagement/v1/servicemanagement-gen.go b/servicemanagement/v1/servicemanagement-gen.go
index dd7fedef77c..4a0709ca345 100644
--- a/servicemanagement/v1/servicemanagement-gen.go
+++ b/servicemanagement/v1/servicemanagement-gen.go
@@ -892,7 +892,9 @@ type Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -909,9 +911,7 @@ type Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/sts/v1/sts-api.json b/sts/v1/sts-api.json
index 54123fcb9a4..2f0828e3e01 100644
--- a/sts/v1/sts-api.json
+++ b/sts/v1/sts-api.json
@@ -146,7 +146,7 @@
       }
     }
   },
-  "revision": "20230121",
+  "revision": "20230129",
   "rootUrl": "https://sts.googleapis.com/",
   "schemas": {
     "GoogleIamV1Binding": {
@@ -158,7 +158,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/sts/v1/sts-gen.go b/sts/v1/sts-gen.go
index 36aa63851f0..6ade2a71947 100644
--- a/sts/v1/sts-gen.go
+++ b/sts/v1/sts-gen.go
@@ -164,7 +164,9 @@ type GoogleIamV1Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -181,9 +183,7 @@ type GoogleIamV1Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
diff --git a/sts/v1beta/sts-api.json b/sts/v1beta/sts-api.json
index 71a25008411..c84dd095138 100644
--- a/sts/v1beta/sts-api.json
+++ b/sts/v1beta/sts-api.json
@@ -116,7 +116,7 @@
       }
     }
   },
-  "revision": "20220826",
+  "revision": "20230129",
   "rootUrl": "https://sts.googleapis.com/",
   "schemas": {
     "GoogleIamV1Binding": {
@@ -128,7 +128,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
diff --git a/sts/v1beta/sts-gen.go b/sts/v1beta/sts-gen.go
index b8b5a204341..f0bab41f2fe 100644
--- a/sts/v1beta/sts-gen.go
+++ b/sts/v1beta/sts-gen.go
@@ -164,7 +164,9 @@ type GoogleIamV1Binding struct {
 	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
 	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
 	// * `group:{emailid}`: An email address that represents a Google group.
-	// For example, `admins@example.com`. *
+	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
+	// domain (primary) that represents all the users of that domain. For
+	// example, `google.com` or `example.com`. *
 	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
 	// unique identifier) representing a user that has been recently
 	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
@@ -181,9 +183,7 @@ type GoogleIamV1Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding. * `domain:{domain}`: The G
-	// Suite domain (primary) that represents all the users of that domain.
-	// For example, `google.com` or `example.com`.
+	// group retains the role in the binding.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.