diff --git a/packages/google-identity-accesscontextmanager/.eslintignore b/packages/google-identity-accesscontextmanager/.eslintignore
new file mode 100644
index 00000000000..ea5b04aebe6
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/.eslintignore
@@ -0,0 +1,7 @@
+**/node_modules
+**/coverage
+test/fixtures
+build/
+docs/
+protos/
+samples/generated/
diff --git a/packages/google-identity-accesscontextmanager/.eslintrc.json b/packages/google-identity-accesscontextmanager/.eslintrc.json
new file mode 100644
index 00000000000..78215349546
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/.eslintrc.json
@@ -0,0 +1,3 @@
+{
+  "extends": "./node_modules/gts"
+}
diff --git a/packages/google-identity-accesscontextmanager/.gitattributes b/packages/google-identity-accesscontextmanager/.gitattributes
new file mode 100644
index 00000000000..33739cb74e4
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/.gitattributes
@@ -0,0 +1,4 @@
+*.ts text eol=lf
+*.js text eol=lf
+protos/* linguist-generated
+**/api-extractor.json  linguist-language=JSON-with-Comments
diff --git a/packages/google-identity-accesscontextmanager/.github/.OwlBot.yaml b/packages/google-identity-accesscontextmanager/.github/.OwlBot.yaml
new file mode 100644
index 00000000000..0aa8c8337f3
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/.github/.OwlBot.yaml
@@ -0,0 +1,22 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+docker:
+  image: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest
+
+deep-remove-regex:
+  - /owl-bot-staging
+
+deep-copy-regex:
+  - source: /google/identity/accesscontextmanager/(.*)/.*-nodejs/(.*)
+    dest: /owl-bot-staging/$1/$2
diff --git a/packages/google-identity-accesscontextmanager/.gitignore b/packages/google-identity-accesscontextmanager/.gitignore
new file mode 100644
index 00000000000..5d32b23782f
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/.gitignore
@@ -0,0 +1,14 @@
+**/*.log
+**/node_modules
+.coverage
+coverage
+.nyc_output
+docs/
+out/
+build/
+system-test/secrets.js
+system-test/*key.json
+*.lock
+.DS_Store
+package-lock.json
+__pycache__
diff --git a/packages/google-identity-accesscontextmanager/.jsdoc.js b/packages/google-identity-accesscontextmanager/.jsdoc.js
new file mode 100644
index 00000000000..b233b1bd5f4
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/.jsdoc.js
@@ -0,0 +1,55 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+'use strict';
+
+module.exports = {
+  opts: {
+    readme: './README.md',
+    package: './package.json',
+    template: './node_modules/jsdoc-fresh',
+    recurse: true,
+    verbose: true,
+    destination: './docs/'
+  },
+  plugins: [
+    'plugins/markdown',
+    'jsdoc-region-tag'
+  ],
+  source: {
+    excludePattern: '(^|\\/|\\\\)[._]',
+    include: [
+      'build/src',
+      'protos'
+    ],
+    includePattern: '\\.js$'
+  },
+  templates: {
+    copyright: 'Copyright 2022 Google LLC',
+    includeDate: false,
+    sourceFiles: false,
+    systemName: '@google-cloud/access-context-manager',
+    theme: 'lumen',
+    default: {
+      outputSourceFiles: false
+    }
+  },
+  markdown: {
+    idInHeadings: true
+  }
+};
diff --git a/packages/google-identity-accesscontextmanager/.mocharc.js b/packages/google-identity-accesscontextmanager/.mocharc.js
new file mode 100644
index 00000000000..0b600509bed
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/.mocharc.js
@@ -0,0 +1,29 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+const config = {
+  "enable-source-maps": true,
+  "throw-deprecation": true,
+  "timeout": 10000,
+  "recursive": true
+}
+if (process.env.MOCHA_THROW_DEPRECATION === 'false') {
+  delete config['throw-deprecation'];
+}
+if (process.env.MOCHA_REPORTER) {
+  config.reporter = process.env.MOCHA_REPORTER;
+}
+if (process.env.MOCHA_REPORTER_OUTPUT) {
+  config['reporter-option'] = `output=${process.env.MOCHA_REPORTER_OUTPUT}`;
+}
+module.exports = config
diff --git a/packages/google-identity-accesscontextmanager/.nycrc b/packages/google-identity-accesscontextmanager/.nycrc
new file mode 100644
index 00000000000..b18d5472b62
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/.nycrc
@@ -0,0 +1,24 @@
+{
+  "report-dir": "./.coverage",
+  "reporter": ["text", "lcov"],
+  "exclude": [
+    "**/*-test",
+    "**/.coverage",
+    "**/apis",
+    "**/benchmark",
+    "**/conformance",
+    "**/docs",
+    "**/samples",
+    "**/scripts",
+    "**/protos",
+    "**/test",
+    "**/*.d.ts",
+    ".jsdoc.js",
+    "**/.jsdoc.js",
+    "karma.conf.js",
+    "webpack-tests.config.js",
+    "webpack.config.js"
+  ],
+  "exclude-after-remap": false,
+  "all": true
+}
diff --git a/packages/google-identity-accesscontextmanager/.prettierignore b/packages/google-identity-accesscontextmanager/.prettierignore
new file mode 100644
index 00000000000..9340ad9b86d
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/.prettierignore
@@ -0,0 +1,6 @@
+**/node_modules
+**/coverage
+test/fixtures
+build/
+docs/
+protos/
diff --git a/packages/google-identity-accesscontextmanager/.prettierrc.js b/packages/google-identity-accesscontextmanager/.prettierrc.js
new file mode 100644
index 00000000000..d1b95106f4c
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/.prettierrc.js
@@ -0,0 +1,17 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+module.exports = {
+  ...require('gts/.prettierrc.json')
+}
diff --git a/packages/google-identity-accesscontextmanager/.repo-metadata.json b/packages/google-identity-accesscontextmanager/.repo-metadata.json
new file mode 100644
index 00000000000..74c9e5b87d8
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/.repo-metadata.json
@@ -0,0 +1,16 @@
+{
+  "name": "accesscontextmanager",
+  "name_pretty": "Access Context Manager",
+  "product_documentation": "https://cloud.google.com/access-context-manager/",
+  "client_documentation": "https://cloud.google.com/nodejs/docs/reference/access-context-manager/latest",
+  "issue_tracker": "https://github.com/googleapis/nodejs-access-context-manager/issues",
+  "release_level": "stable",
+  "language": "nodejs",
+  "repo": "googleapis/nodejs-access-context-manager",
+  "distribution_name": "@google-cloud/access-context-manager",
+  "api_id": "accesscontextmanager.googleapis.com",
+  "default_version": "v1",
+  "requires_billing": true,
+  "api_shortname": "accesscontextmanager",
+  "library_type": "GAPIC_AUTO"
+}
diff --git a/packages/google-identity-accesscontextmanager/CHANGELOG.md b/packages/google-identity-accesscontextmanager/CHANGELOG.md
new file mode 100644
index 00000000000..e5d62729027
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/CHANGELOG.md
@@ -0,0 +1,70 @@
+# Changelog
+
+## [2.2.0](https://github.com/googleapis/nodejs-access-context-manager/compare/v2.1.1...v2.2.0) (2022-11-11)
+
+
+### Features
+
+* Added AccessPolicy.scopes, EgressTo.external_resources, and IAM methods ([#78](https://github.com/googleapis/nodejs-access-context-manager/issues/78)) ([a35b05f](https://github.com/googleapis/nodejs-access-context-manager/commit/a35b05ff0a3a67d167ab11c6f90c1aee08290c1e))
+
+
+### Bug Fixes
+
+* Allow passing gax instance to client constructor ([#67](https://github.com/googleapis/nodejs-access-context-manager/issues/67)) ([41905db](https://github.com/googleapis/nodejs-access-context-manager/commit/41905db97be6c0f3d6f4da125fc84c68a4f322ac))
+* **deps:** Use google-gax v3.5.2 ([#74](https://github.com/googleapis/nodejs-access-context-manager/issues/74)) ([f6d2ff5](https://github.com/googleapis/nodejs-access-context-manager/commit/f6d2ff532b5ec98daeb88caa4474947662f109b5))
+* Do not import the whole google-gax from proto JS ([#1553](https://github.com/googleapis/nodejs-access-context-manager/issues/1553)) ([#66](https://github.com/googleapis/nodejs-access-context-manager/issues/66)) ([48df277](https://github.com/googleapis/nodejs-access-context-manager/commit/48df27751cc269c9220532b56b71751b463ce33e))
+* Preserve default values in x-goog-request-params header ([#69](https://github.com/googleapis/nodejs-access-context-manager/issues/69)) ([695b8ca](https://github.com/googleapis/nodejs-access-context-manager/commit/695b8caf46174de399adf92aa1a9ea6770835d21))
+* Regenerated protos JS and TS definitions ([#77](https://github.com/googleapis/nodejs-access-context-manager/issues/77)) ([fb66a21](https://github.com/googleapis/nodejs-access-context-manager/commit/fb66a2100f0c92c54e1c07b0b3398f19f040342d))
+* use google-gax v3.3.0 ([48df277](https://github.com/googleapis/nodejs-access-context-manager/commit/48df27751cc269c9220532b56b71751b463ce33e))
+
+## [2.1.1](https://github.com/googleapis/nodejs-access-context-manager/compare/v2.1.0...v2.1.1) (2022-08-23)
+
+
+### Bug Fixes
+
+* better support for fallback mode ([#61](https://github.com/googleapis/nodejs-access-context-manager/issues/61)) ([9780d0e](https://github.com/googleapis/nodejs-access-context-manager/commit/9780d0e0839b27aed6553304a845d7b603c7eddf))
+* change import long to require ([#62](https://github.com/googleapis/nodejs-access-context-manager/issues/62)) ([71e7a44](https://github.com/googleapis/nodejs-access-context-manager/commit/71e7a446fb61ddcd3e4e5ea812e3720e0ba2e703))
+* remove pip install statements ([#1546](https://github.com/googleapis/nodejs-access-context-manager/issues/1546)) ([#64](https://github.com/googleapis/nodejs-access-context-manager/issues/64)) ([7eacb41](https://github.com/googleapis/nodejs-access-context-manager/commit/7eacb417850097b5f7d04227691b43458c5563fb))
+
+## [2.1.0](https://github.com/googleapis/nodejs-access-context-manager/compare/v2.0.0...v2.1.0) (2022-06-29)
+
+
+### Features
+
+* support regapic LRO ([#55](https://github.com/googleapis/nodejs-access-context-manager/issues/55)) ([585f329](https://github.com/googleapis/nodejs-access-context-manager/commit/585f329f40cd1034584f56dc800d0d55e13f39a3))
+
+## [2.0.0](https://github.com/googleapis/nodejs-access-context-manager/compare/v1.0.0...v2.0.0) (2022-05-19)
+
+
+### ⚠ BREAKING CHANGES
+
+* update library to use Node 12 (#50)
+
+### Build System
+
+* update library to use Node 12 ([#50](https://github.com/googleapis/nodejs-access-context-manager/issues/50)) ([fe0e2cf](https://github.com/googleapis/nodejs-access-context-manager/commit/fe0e2cf6ca60289f68c7126192c852bf10cbd82b))
+
+## [1.0.0](https://github.com/googleapis/nodejs-access-context-manager/compare/v0.2.0...v1.0.0) (2022-03-23)
+
+
+### Features
+
+* promote to stable ([#37](https://github.com/googleapis/nodejs-access-context-manager/issues/37)) ([7273284](https://github.com/googleapis/nodejs-access-context-manager/commit/72732849e7dfb075e016a0ca8d632fbc49f490cf))
+
+## 0.2.0 (2021-10-13)
+
+
+### Features
+
+* add templated files from docker image ([6b3da98](https://www.github.com/googleapis/nodejs-access-context-manager/commit/6b3da980098e92b1caf308aaab3bca3c337b51fe))
+* initial stub of library ([8dd75ee](https://www.github.com/googleapis/nodejs-access-context-manager/commit/8dd75eeebbfecb73cf040c806432883632e3553c))
+
+
+### Bug Fixes
+
+* nodejs package name access-context-manager ([#4](https://www.github.com/googleapis/nodejs-access-context-manager/issues/4)) ([8dba0ec](https://www.github.com/googleapis/nodejs-access-context-manager/commit/8dba0ec12577ca8c14992c0fb38c413ead1f4084))
+
+
+### Build System
+
+* release first version at 0.2.0 ([#6](https://www.github.com/googleapis/nodejs-access-context-manager/issues/6)) ([9129a08](https://www.github.com/googleapis/nodejs-access-context-manager/commit/9129a0887f2080285ea5142d682f6f97eba2b833))
diff --git a/packages/google-identity-accesscontextmanager/CODE_OF_CONDUCT.md b/packages/google-identity-accesscontextmanager/CODE_OF_CONDUCT.md
new file mode 100644
index 00000000000..2add2547a81
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/CODE_OF_CONDUCT.md
@@ -0,0 +1,94 @@
+<!-- # Generated by synthtool. DO NOT EDIT! !-->
+# Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of
+experience, education, socio-economic status, nationality, personal appearance,
+race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+*   Using welcoming and inclusive language
+*   Being respectful of differing viewpoints and experiences
+*   Gracefully accepting constructive criticism
+*   Focusing on what is best for the community
+*   Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+*   The use of sexualized language or imagery and unwelcome sexual attention or
+    advances
+*   Trolling, insulting/derogatory comments, and personal or political attacks
+*   Public or private harassment
+*   Publishing others' private information, such as a physical or electronic
+    address, without explicit permission
+*   Other conduct which could reasonably be considered inappropriate in a
+    professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, or to ban temporarily or permanently any
+contributor for other behaviors that they deem inappropriate, threatening,
+offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+This Code of Conduct also applies outside the project spaces when the Project
+Steward has a reasonable belief that an individual's behavior may have a
+negative impact on the project or its community.
+
+## Conflict Resolution
+
+We do not believe that all conflict is bad; healthy debate and disagreement
+often yield positive results. However, it is never okay to be disrespectful or
+to engage in behavior that violates the project’s code of conduct.
+
+If you see someone violating the code of conduct, you are encouraged to address
+the behavior directly with those involved. Many issues can be resolved quickly
+and easily, and this gives people more control over the outcome of their
+dispute. If you are unable to resolve the matter for any reason, or if the
+behavior is threatening or harassing, report it. We are dedicated to providing
+an environment where participants feel welcome and safe.
+
+Reports should be directed to *googleapis-stewards@google.com*, the
+Project Steward(s) for *Google Cloud Client Libraries*. It is the Project Steward’s duty to
+receive and address reported violations of the code of conduct. They will then
+work with a committee consisting of representatives from the Open Source
+Programs Office and the Google Open Source Strategy team. If for any reason you
+are uncomfortable reaching out to the Project Steward, please email
+opensource@google.com.
+
+We will investigate every complaint, but you may not receive a direct response.
+We will use our discretion in determining when and how to follow up on reported
+incidents, which may range from not taking action to permanent expulsion from
+the project and project-sponsored spaces. We will notify the accused of the
+report and provide them an opportunity to discuss it before any action is taken.
+The identity of the reporter will be omitted from the details of the report
+supplied to the accused. In potentially harmful situations, such as ongoing
+harassment or threats to anyone's safety, we may take action without notice.
+
+## Attribution
+
+This Code of Conduct is adapted from the Contributor Covenant, version 1.4,
+available at
+https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
\ No newline at end of file
diff --git a/packages/google-identity-accesscontextmanager/CONTRIBUTING.md b/packages/google-identity-accesscontextmanager/CONTRIBUTING.md
new file mode 100644
index 00000000000..29e81acb3d3
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/CONTRIBUTING.md
@@ -0,0 +1,76 @@
+# How to become a contributor and submit your own code
+
+**Table of contents**
+
+* [Contributor License Agreements](#contributor-license-agreements)
+* [Contributing a patch](#contributing-a-patch)
+* [Running the tests](#running-the-tests)
+* [Releasing the library](#releasing-the-library)
+
+## Contributor License Agreements
+
+We'd love to accept your sample apps and patches! Before we can take them, we
+have to jump a couple of legal hurdles.
+
+Please fill out either the individual or corporate Contributor License Agreement
+(CLA).
+
+  * If you are an individual writing original source code and you're sure you
+    own the intellectual property, then you'll need to sign an [individual CLA](https://developers.google.com/open-source/cla/individual).
+  * If you work for a company that wants to allow you to contribute your work,
+    then you'll need to sign a [corporate CLA](https://developers.google.com/open-source/cla/corporate).
+
+Follow either of the two links above to access the appropriate CLA and
+instructions for how to sign and return it. Once we receive it, we'll be able to
+accept your pull requests.
+
+## Contributing A Patch
+
+1.  Submit an issue describing your proposed change to the repo in question.
+1.  The repo owner will respond to your issue promptly.
+1.  If your proposed change is accepted, and you haven't already done so, sign a
+    Contributor License Agreement (see details above).
+1.  Fork the desired repo, develop and test your code changes.
+1.  Ensure that your code adheres to the existing style in the code to which
+    you are contributing.
+1.  Ensure that your code has an appropriate set of tests which all pass.
+1.  Title your pull request following [Conventional Commits](https://www.conventionalcommits.org/) styling.
+1.  Submit a pull request.
+
+### Before you begin
+
+1.  [Select or create a Cloud Platform project][projects].
+1.  [Enable billing for your project][billing]. 
+1.  [Enable the Access Context Manager API][enable_api]. 
+1.  [Set up authentication with a service account][auth] so you can access the
+    API from your local workstation.
+
+
+## Running the tests
+
+1.  [Prepare your environment for Node.js setup][setup].
+
+1.  Install dependencies:
+
+        npm install
+
+1.  Run the tests:
+
+        # Run unit tests.
+        npm test
+
+        # Run sample integration tests.
+        npm run samples-test
+
+        # Run all system tests.
+        npm run system-test
+
+1.  Lint (and maybe fix) any changes:
+
+        npm run fix
+
+[setup]: https://cloud.google.com/nodejs/docs/setup
+[projects]: https://console.cloud.google.com/project
+[billing]: https://support.google.com/cloud/answer/6293499#enable-billing
+[enable_api]: https://console.cloud.google.com/flows/enableapi?apiid=accesscontextmanager.googleapis.com
+[auth]: https://cloud.google.com/docs/authentication/getting-started
\ No newline at end of file
diff --git a/packages/google-identity-accesscontextmanager/LICENSE b/packages/google-identity-accesscontextmanager/LICENSE
new file mode 100644
index 00000000000..d6456956733
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/packages/google-identity-accesscontextmanager/README.md b/packages/google-identity-accesscontextmanager/README.md
new file mode 100644
index 00000000000..20a5341ee5d
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/README.md
@@ -0,0 +1,184 @@
+[//]: # "This README.md file is auto-generated, all changes to this file will be lost."
+[//]: # "To regenerate it, use `python -m synthtool`."
+<img src="https://avatars2.githubusercontent.com/u/2810941?v=3&s=96" alt="Google Cloud Platform logo" title="Google Cloud Platform" align="right" height="96" width="96"/>
+
+# [Access Context Manager: Node.js Client](https://github.com/googleapis/nodejs-access-context-manager)
+
+[![release level](https://img.shields.io/badge/release%20level-stable-brightgreen.svg?style=flat)](https://cloud.google.com/terms/launch-stages)
+[![npm version](https://img.shields.io/npm/v/@google-cloud/access-context-manager.svg)](https://www.npmjs.org/package/@google-cloud/access-context-manager)
+
+
+
+
+accesscontextmanager client for Node.js
+
+
+A comprehensive list of changes in each version may be found in
+[the CHANGELOG](https://github.com/googleapis/nodejs-access-context-manager/blob/main/CHANGELOG.md).
+
+* [Access Context Manager Node.js Client API Reference][client-docs]
+* [Access Context Manager Documentation][product-docs]
+* [github.com/googleapis/nodejs-access-context-manager](https://github.com/googleapis/nodejs-access-context-manager)
+
+Read more about the client libraries for Cloud APIs, including the older
+Google APIs Client Libraries, in [Client Libraries Explained][explained].
+
+[explained]: https://cloud.google.com/apis/docs/client-libraries-explained
+
+**Table of contents:**
+
+
+* [Quickstart](#quickstart)
+  * [Before you begin](#before-you-begin)
+  * [Installing the client library](#installing-the-client-library)
+  * [Using the client library](#using-the-client-library)
+* [Samples](#samples)
+* [Versioning](#versioning)
+* [Contributing](#contributing)
+* [License](#license)
+
+## Quickstart
+
+### Before you begin
+
+1.  [Select or create a Cloud Platform project][projects].
+1.  [Enable billing for your project][billing].
+1.  [Enable the Access Context Manager API][enable_api].
+1.  [Set up authentication with a service account][auth] so you can access the
+    API from your local workstation.
+
+### Installing the client library
+
+```bash
+npm install @google-cloud/access-context-manager
+```
+
+
+### Using the client library
+
+```javascript
+/**
+ * TODO(developer): Uncomment these variables before running the sample.
+ */
+/**
+ *  Required. Resource name for the container to list AccessPolicy instances
+ *  from.
+ *  Format:
+ *  `organizations/{org_id}`
+ */
+// const parent = 'abc123'
+/**
+ *  Number of AccessPolicy instances to include in the list. Default 100.
+ */
+// const pageSize = 1234
+/**
+ *  Next page token for the next batch of AccessPolicy instances. Defaults to
+ *  the first page of results.
+ */
+// const pageToken = 'abc123'
+
+// Imports the Accesscontextmanager library
+const {AccessContextManagerClient} =
+  require('@google-cloud/access-context-manager').v1;
+
+// Instantiates a client
+const accesscontextmanagerClient = new AccessContextManagerClient();
+
+async function listAccessPolicies() {
+  // Construct request
+  const request = {
+    parent,
+  };
+
+  // Run request
+  const iterable = await accesscontextmanagerClient.listAccessPoliciesAsync(
+    request
+  );
+  for await (const response of iterable) {
+    console.log(response);
+  }
+}
+
+listAccessPolicies();
+
+```
+
+
+
+## Samples
+
+Samples are in the [`samples/`](https://github.com/googleapis/nodejs-access-context-manager/tree/main/samples) directory. Each sample's `README.md` has instructions for running its sample.
+
+| Sample                      | Source Code                       | Try it |
+| --------------------------- | --------------------------------- | ------ |
+| Quickstart | [source code](https://github.com/googleapis/nodejs-access-context-manager/blob/main/samples/quickstart.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-access-context-manager&page=editor&open_in_editor=samples/quickstart.js,samples/README.md) |
+
+
+
+The [Access Context Manager Node.js Client API Reference][client-docs] documentation
+also contains samples.
+
+## Supported Node.js Versions
+
+Our client libraries follow the [Node.js release schedule](https://nodejs.org/en/about/releases/).
+Libraries are compatible with all current _active_ and _maintenance_ versions of
+Node.js.
+If you are using an end-of-life version of Node.js, we recommend that you update
+as soon as possible to an actively supported LTS version.
+
+Google's client libraries support legacy versions of Node.js runtimes on a
+best-efforts basis with the following warnings:
+
+* Legacy versions are not tested in continuous integration.
+* Some security patches and features cannot be backported.
+* Dependencies cannot be kept up-to-date.
+
+Client libraries targeting some end-of-life versions of Node.js are available, and
+can be installed through npm [dist-tags](https://docs.npmjs.com/cli/dist-tag).
+The dist-tags follow the naming convention `legacy-(version)`.
+For example, `npm install @google-cloud/access-context-manager@legacy-8` installs client libraries
+for versions compatible with Node.js 8.
+
+## Versioning
+
+This library follows [Semantic Versioning](http://semver.org/).
+
+
+
+This library is considered to be **stable**. The code surface will not change in backwards-incompatible ways
+unless absolutely necessary (e.g. because of critical security issues) or with
+an extensive deprecation period. Issues and requests against **stable** libraries
+are addressed with the highest priority.
+
+
+
+
+
+
+More Information: [Google Cloud Platform Launch Stages][launch_stages]
+
+[launch_stages]: https://cloud.google.com/terms/launch-stages
+
+## Contributing
+
+Contributions welcome! See the [Contributing Guide](https://github.com/googleapis/nodejs-access-context-manager/blob/main/CONTRIBUTING.md).
+
+Please note that this `README.md`, the `samples/README.md`,
+and a variety of configuration files in this repository (including `.nycrc` and `tsconfig.json`)
+are generated from a central template. To edit one of these files, make an edit
+to its templates in
+[directory](https://github.com/googleapis/synthtool).
+
+## License
+
+Apache Version 2.0
+
+See [LICENSE](https://github.com/googleapis/nodejs-access-context-manager/blob/main/LICENSE)
+
+[client-docs]: https://cloud.google.com/nodejs/docs/reference/access-context-manager/latest
+[product-docs]: https://cloud.google.com/access-context-manager/
+[shell_img]: https://gstatic.com/cloudssh/images/open-btn.png
+[projects]: https://console.cloud.google.com/project
+[billing]: https://support.google.com/cloud/answer/6293499#enable-billing
+[enable_api]: https://console.cloud.google.com/flows/enableapi?apiid=accesscontextmanager.googleapis.com
+[auth]: https://cloud.google.com/docs/authentication/getting-started
diff --git a/packages/google-identity-accesscontextmanager/linkinator.config.json b/packages/google-identity-accesscontextmanager/linkinator.config.json
new file mode 100644
index 00000000000..befd23c8633
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/linkinator.config.json
@@ -0,0 +1,16 @@
+{
+  "recurse": true,
+  "skip": [
+    "https://codecov.io/gh/googleapis/",
+    "www.googleapis.com",
+    "img.shields.io",
+    "https://console.cloud.google.com/cloudshell",
+    "https://support.google.com"
+  ],
+  "silent": true,
+  "concurrency": 5,
+  "retry": true,
+  "retryErrors": true,
+  "retryErrorsCount": 5,
+  "retryErrorsJitter": 3000
+}
diff --git a/packages/google-identity-accesscontextmanager/package.json b/packages/google-identity-accesscontextmanager/package.json
new file mode 100644
index 00000000000..a6163f45955
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/package.json
@@ -0,0 +1,66 @@
+{
+  "name": "@google-cloud/access-context-manager",
+  "version": "2.2.0",
+  "description": "accesscontextmanager client for Node.js",
+  "repository": "googleapis/nodejs-access-context-manager",
+  "license": "Apache-2.0",
+  "author": "Google LLC",
+  "main": "build/src/index.js",
+  "files": [
+    "build/src",
+    "build/protos"
+  ],
+  "keywords": [
+    "google apis client",
+    "google api client",
+    "google apis",
+    "google api",
+    "google",
+    "google cloud platform",
+    "google cloud",
+    "cloud",
+    "google accesscontextmanager",
+    "accesscontextmanager",
+    "accesscontextmanager service"
+  ],
+  "scripts": {
+    "clean": "gts clean",
+    "compile": "tsc -p . && cp -r protos build/",
+    "compile-protos": "compileProtos src",
+    "docs": "jsdoc -c .jsdoc.js",
+    "predocs-test": "npm run docs",
+    "docs-test": "linkinator docs",
+    "fix": "gts fix",
+    "lint": "gts check",
+    "prepare": "npm run compile-protos && npm run compile",
+    "system-test": "c8 mocha build/system-test",
+    "test": "c8 mocha build/test",
+    "samples-test": "cd samples/ && npm link ../ && npm test",
+    "prelint": "cd samples; npm link ../; npm i"
+  },
+  "dependencies": {
+    "google-gax": "^3.5.2"
+  },
+  "devDependencies": {
+    "@types/mocha": "^9.0.0",
+    "@types/node": "^18.0.0",
+    "@types/sinon": "^10.0.0",
+    "c8": "^7.7.2",
+    "gts": "^3.1.0",
+    "jsdoc": "^4.0.0",
+    "jsdoc-fresh": "^2.0.0",
+    "jsdoc-region-tag": "^2.0.0",
+    "linkinator": "^4.0.0",
+    "mocha": "^9.2.2",
+    "null-loader": "^4.0.1",
+    "pack-n-play": "^1.0.0-2",
+    "sinon": "^14.0.0",
+    "ts-loader": "^9.1.2",
+    "typescript": "^4.6.4",
+    "webpack": "^5.36.2",
+    "webpack-cli": "^4.7.0"
+  },
+  "engines": {
+    "node": ">=12.0.0"
+  }
+}
diff --git a/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/type/device_resources.proto b/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/type/device_resources.proto
new file mode 100644
index 00000000000..a3f000cf8a0
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/type/device_resources.proto
@@ -0,0 +1,83 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.identity.accesscontextmanager.type;
+
+option csharp_namespace = "Google.Identity.AccessContextManager.Type";
+option go_package = "google.golang.org/genproto/googleapis/identity/accesscontextmanager/type";
+option java_package = "com.google.identity.accesscontextmanager.type";
+option java_multiple_files = true;
+option java_outer_classname = "TypeProto";
+option php_namespace = "Google\\Identity\\AccessContextManager\\Type";
+option ruby_package = "Google::Identity::AccessContextManager::Type";
+
+// The encryption state of the device.
+enum DeviceEncryptionStatus {
+  // The encryption status of the device is not specified or not known.
+  ENCRYPTION_UNSPECIFIED = 0;
+
+  // The device does not support encryption.
+  ENCRYPTION_UNSUPPORTED = 1;
+
+  // The device supports encryption, but is currently unencrypted.
+  UNENCRYPTED = 2;
+
+  // The device is encrypted.
+  ENCRYPTED = 3;
+}
+
+// The operating system type of the device.
+// Next id: 7
+enum OsType {
+  // The operating system of the device is not specified or not known.
+  OS_UNSPECIFIED = 0;
+
+  // A desktop Mac operating system.
+  DESKTOP_MAC = 1;
+
+  // A desktop Windows operating system.
+  DESKTOP_WINDOWS = 2;
+
+  // A desktop Linux operating system.
+  DESKTOP_LINUX = 3;
+
+  // A desktop ChromeOS operating system.
+  DESKTOP_CHROME_OS = 6;
+
+  // An Android operating system.
+  ANDROID = 4;
+
+  // An iOS operating system.
+  IOS = 5;
+}
+
+// The degree to which the device is managed by the Cloud organization.
+enum DeviceManagementLevel {
+  // The device's management level is not specified or not known.
+  MANAGEMENT_UNSPECIFIED = 0;
+
+  // The device is not managed.
+  NONE = 1;
+
+  // Basic management is enabled, which is generally limited to monitoring and
+  // wiping the corporate account.
+  BASIC = 2;
+
+  // Complete device management. This includes more thorough monitoring and the
+  // ability to directly manage the device (such as remote wiping). This can be
+  // enabled through the Android Enterprise Platform.
+  COMPLETE = 3;
+}
diff --git a/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/v1/access_context_manager.proto b/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/v1/access_context_manager.proto
new file mode 100644
index 00000000000..3a71d81f34e
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/v1/access_context_manager.proto
@@ -0,0 +1,986 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.identity.accesscontextmanager.v1;
+
+import "google/api/annotations.proto";
+import "google/api/client.proto";
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
+import "google/iam/v1/iam_policy.proto";
+import "google/iam/v1/policy.proto";
+import "google/identity/accesscontextmanager/v1/access_level.proto";
+import "google/identity/accesscontextmanager/v1/access_policy.proto";
+import "google/identity/accesscontextmanager/v1/gcp_user_access_binding.proto";
+import "google/identity/accesscontextmanager/v1/service_perimeter.proto";
+import "google/longrunning/operations.proto";
+import "google/protobuf/field_mask.proto";
+
+option csharp_namespace = "Google.Identity.AccessContextManager.V1";
+option go_package = "google.golang.org/genproto/googleapis/identity/accesscontextmanager/v1;accesscontextmanager";
+option java_multiple_files = true;
+option java_outer_classname = "AccessContextManagerProto";
+option java_package = "com.google.identity.accesscontextmanager.v1";
+option objc_class_prefix = "GACM";
+option php_namespace = "Google\\Identity\\AccessContextManager\\V1";
+option ruby_package = "Google::Identity::AccessContextManager::V1";
+
+// API for setting [access levels]
+// [google.identity.accesscontextmanager.v1.AccessLevel] and [service
+// perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+// for Google Cloud projects. Each organization has one [access policy]
+// [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
+// [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+// and [service perimeters]
+// [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
+// [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
+// applicable to all resources in the organization.
+// AccessPolicies
+service AccessContextManager {
+  option (google.api.default_host) = "accesscontextmanager.googleapis.com";
+  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
+
+  // Lists all [access policies]
+  // [google.identity.accesscontextmanager.v1.AccessPolicy] in an
+  // organization.
+  rpc ListAccessPolicies(ListAccessPoliciesRequest) returns (ListAccessPoliciesResponse) {
+    option (google.api.http) = {
+      get: "/v1/accessPolicies"
+    };
+  }
+
+  // Returns an [access policy]
+  // [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
+  rpc GetAccessPolicy(GetAccessPolicyRequest) returns (AccessPolicy) {
+    option (google.api.http) = {
+      get: "/v1/{name=accessPolicies/*}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Creates an access policy. This method fails if the organization already has
+  // an access policy. The long-running operation has a successful status
+  // after the access policy propagates to long-lasting storage.
+  // Syntactic and basic semantic errors are returned in `metadata` as a
+  // BadRequest proto.
+  rpc CreateAccessPolicy(AccessPolicy) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/accessPolicies"
+      body: "*"
+    };
+    option (google.longrunning.operation_info) = {
+      response_type: "AccessPolicy"
+      metadata_type: "AccessContextManagerOperationMetadata"
+    };
+  }
+
+  // Updates an [access policy]
+  // [google.identity.accesscontextmanager.v1.AccessPolicy]. The
+  // long-running operation from this RPC has a successful status after the
+  // changes to the [access policy]
+  // [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
+  // to long-lasting storage.
+  rpc UpdateAccessPolicy(UpdateAccessPolicyRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      patch: "/v1/{policy.name=accessPolicies/*}"
+      body: "policy"
+    };
+    option (google.api.method_signature) = "policy,update_mask";
+    option (google.longrunning.operation_info) = {
+      response_type: "AccessPolicy"
+      metadata_type: "AccessContextManagerOperationMetadata"
+    };
+  }
+
+  // Deletes an [access policy]
+  // [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
+  // resource name. The long-running operation has a successful status after the
+  // [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
+  // is removed from long-lasting storage.
+  rpc DeleteAccessPolicy(DeleteAccessPolicyRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      delete: "/v1/{name=accessPolicies/*}"
+    };
+    option (google.api.method_signature) = "name";
+    option (google.longrunning.operation_info) = {
+      response_type: "google.protobuf.Empty"
+      metadata_type: "AccessContextManagerOperationMetadata"
+    };
+  }
+
+  // Lists all [access levels]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] for an access
+  // policy.
+  rpc ListAccessLevels(ListAccessLevelsRequest) returns (ListAccessLevelsResponse) {
+    option (google.api.http) = {
+      get: "/v1/{parent=accessPolicies/*}/accessLevels"
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Gets an [access level]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
+  // name.
+  rpc GetAccessLevel(GetAccessLevelRequest) returns (AccessLevel) {
+    option (google.api.http) = {
+      get: "/v1/{name=accessPolicies/*/accessLevels/*}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Creates an [access level]
+  // [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+  // operation from this RPC has a successful status after the [access
+  // level] [google.identity.accesscontextmanager.v1.AccessLevel]
+  // propagates to long-lasting storage. If [access levels]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] contain
+  // errors, an error response is returned for the first error encountered.
+  rpc CreateAccessLevel(CreateAccessLevelRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{parent=accessPolicies/*}/accessLevels"
+      body: "access_level"
+    };
+    option (google.api.method_signature) = "parent,access_level";
+    option (google.longrunning.operation_info) = {
+      response_type: "AccessLevel"
+      metadata_type: "AccessContextManagerOperationMetadata"
+    };
+  }
+
+  // Updates an [access level]
+  // [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+  // operation from this RPC has a successful status after the changes to
+  // the [access level]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] propagate
+  // to long-lasting storage. If [access levels]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] contain
+  // errors, an error response is returned for the first error encountered.
+  rpc UpdateAccessLevel(UpdateAccessLevelRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      patch: "/v1/{access_level.name=accessPolicies/*/accessLevels/*}"
+      body: "access_level"
+    };
+    option (google.api.method_signature) = "access_level,update_mask";
+    option (google.longrunning.operation_info) = {
+      response_type: "AccessLevel"
+      metadata_type: "AccessContextManagerOperationMetadata"
+    };
+  }
+
+  // Deletes an [access level]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
+  // name. The long-running operation from this RPC has a successful status
+  // after the [access level]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
+  // from long-lasting storage.
+  rpc DeleteAccessLevel(DeleteAccessLevelRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      delete: "/v1/{name=accessPolicies/*/accessLevels/*}"
+    };
+    option (google.api.method_signature) = "name";
+    option (google.longrunning.operation_info) = {
+      response_type: "google.protobuf.Empty"
+      metadata_type: "AccessContextManagerOperationMetadata"
+    };
+  }
+
+  // Replaces all existing [access levels]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
+  // policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
+  // the [access levels]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
+  // is done atomically. The long-running operation from this RPC has a
+  // successful status after all replacements propagate to long-lasting
+  // storage. If the replacement contains errors, an error response is returned
+  // for the first error encountered.  Upon error, the replacement is cancelled,
+  // and existing [access levels]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] are not
+  // affected. The Operation.response field contains
+  // ReplaceAccessLevelsResponse. Removing [access levels]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
+  // [service perimeters]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
+  // error.
+  rpc ReplaceAccessLevels(ReplaceAccessLevelsRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{parent=accessPolicies/*}/accessLevels:replaceAll"
+      body: "*"
+    };
+    option (google.longrunning.operation_info) = {
+      response_type: "ReplaceAccessLevelsResponse"
+      metadata_type: "AccessContextManagerOperationMetadata"
+    };
+  }
+
+  // Lists all [service perimeters]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
+  // access policy.
+  rpc ListServicePerimeters(ListServicePerimetersRequest) returns (ListServicePerimetersResponse) {
+    option (google.api.http) = {
+      get: "/v1/{parent=accessPolicies/*}/servicePerimeters"
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Gets a [service perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+  // resource name.
+  rpc GetServicePerimeter(GetServicePerimeterRequest) returns (ServicePerimeter) {
+    option (google.api.http) = {
+      get: "/v1/{name=accessPolicies/*/servicePerimeters/*}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Creates a [service perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+  // long-running operation from this RPC has a successful status after the
+  // [service perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter]
+  // propagates to long-lasting storage. If a [service perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+  // errors, an error response is returned for the first error encountered.
+  rpc CreateServicePerimeter(CreateServicePerimeterRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{parent=accessPolicies/*}/servicePerimeters"
+      body: "service_perimeter"
+    };
+    option (google.api.method_signature) = "parent,service_perimeter";
+    option (google.longrunning.operation_info) = {
+      response_type: "ServicePerimeter"
+      metadata_type: "AccessContextManagerOperationMetadata"
+    };
+  }
+
+  // Updates a [service perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+  // long-running operation from this RPC has a successful status after the
+  // [service perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter]
+  // propagates to long-lasting storage. If a [service perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+  // errors, an error response is returned for the first error encountered.
+  rpc UpdateServicePerimeter(UpdateServicePerimeterRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      patch: "/v1/{service_perimeter.name=accessPolicies/*/servicePerimeters/*}"
+      body: "service_perimeter"
+    };
+    option (google.api.method_signature) = "service_perimeter,update_mask";
+    option (google.longrunning.operation_info) = {
+      response_type: "ServicePerimeter"
+      metadata_type: "AccessContextManagerOperationMetadata"
+    };
+  }
+
+  // Deletes a [service perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+  // resource name. The long-running operation from this RPC has a successful
+  // status after the [service perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
+  // long-lasting storage.
+  rpc DeleteServicePerimeter(DeleteServicePerimeterRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      delete: "/v1/{name=accessPolicies/*/servicePerimeters/*}"
+    };
+    option (google.api.method_signature) = "name";
+    option (google.longrunning.operation_info) = {
+      response_type: "google.protobuf.Empty"
+      metadata_type: "AccessContextManagerOperationMetadata"
+    };
+  }
+
+  // Replace all existing [service perimeters]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
+  // policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
+  // [service perimeters]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
+  // is done atomically. The long-running operation from this RPC has a
+  // successful status after all replacements propagate to long-lasting storage.
+  // Replacements containing errors result in an error response for the first
+  // error encountered. Upon an error, replacement are cancelled and existing
+  // [service perimeters]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
+  // affected. The Operation.response field contains
+  // ReplaceServicePerimetersResponse.
+  rpc ReplaceServicePerimeters(ReplaceServicePerimetersRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{parent=accessPolicies/*}/servicePerimeters:replaceAll"
+      body: "*"
+    };
+    option (google.longrunning.operation_info) = {
+      response_type: "ReplaceServicePerimetersResponse"
+      metadata_type: "AccessContextManagerOperationMetadata"
+    };
+  }
+
+  // Commits the dry-run specification for all the [service perimeters]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
+  // [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+  // A commit operation on a service perimeter involves copying its `spec` field
+  // to the `status` field of the service perimeter. Only [service perimeters]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] with
+  // `use_explicit_dry_run_spec` field set to true are affected by a commit
+  // operation. The long-running operation from this RPC has a successful
+  // status after the dry-run specifications for all the [service perimeters]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
+  // committed. If a commit fails, it causes the long-running operation to
+  // return an error response and the entire commit operation is cancelled.
+  // When successful, the Operation.response field contains
+  // CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
+  // cleared after a successful commit operation.
+  rpc CommitServicePerimeters(CommitServicePerimetersRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{parent=accessPolicies/*}/servicePerimeters:commit"
+      body: "*"
+    };
+    option (google.longrunning.operation_info) = {
+      response_type: "CommitServicePerimetersResponse"
+      metadata_type: "AccessContextManagerOperationMetadata"
+    };
+  }
+
+  // Lists all [GcpUserAccessBindings]
+  // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] for a
+  // Google Cloud organization.
+  rpc ListGcpUserAccessBindings(ListGcpUserAccessBindingsRequest) returns (ListGcpUserAccessBindingsResponse) {
+    option (google.api.http) = {
+      get: "/v1/{parent=organizations/*}/gcpUserAccessBindings"
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Gets the [GcpUserAccessBinding]
+  // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] with
+  // the given name.
+  rpc GetGcpUserAccessBinding(GetGcpUserAccessBindingRequest) returns (GcpUserAccessBinding) {
+    option (google.api.http) = {
+      get: "/v1/{name=organizations/*/gcpUserAccessBindings/*}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Creates a [GcpUserAccessBinding]
+  // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
+  // client specifies a [name]
+  // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
+  // the server ignores it. Fails if a resource already exists with the same
+  // [group_key]
+  // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
+  // Completion of this long-running operation does not necessarily signify that
+  // the new binding is deployed onto all affected users, which may take more
+  // time.
+  rpc CreateGcpUserAccessBinding(CreateGcpUserAccessBindingRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{parent=organizations/*}/gcpUserAccessBindings"
+      body: "gcp_user_access_binding"
+    };
+    option (google.api.method_signature) = "parent,gcp_user_access_binding";
+    option (google.longrunning.operation_info) = {
+      response_type: "GcpUserAccessBinding"
+      metadata_type: "GcpUserAccessBindingOperationMetadata"
+    };
+  }
+
+  // Updates a [GcpUserAccessBinding]
+  // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding].
+  // Completion of this long-running operation does not necessarily signify that
+  // the changed binding is deployed onto all affected users, which may take
+  // more time.
+  rpc UpdateGcpUserAccessBinding(UpdateGcpUserAccessBindingRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      patch: "/v1/{gcp_user_access_binding.name=organizations/*/gcpUserAccessBindings/*}"
+      body: "gcp_user_access_binding"
+    };
+    option (google.api.method_signature) = "gcp_user_access_binding,update_mask";
+    option (google.longrunning.operation_info) = {
+      response_type: "GcpUserAccessBinding"
+      metadata_type: "GcpUserAccessBindingOperationMetadata"
+    };
+  }
+
+  // Deletes a [GcpUserAccessBinding]
+  // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding].
+  // Completion of this long-running operation does not necessarily signify that
+  // the binding deletion is deployed onto all affected users, which may take
+  // more time.
+  rpc DeleteGcpUserAccessBinding(DeleteGcpUserAccessBindingRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      delete: "/v1/{name=organizations/*/gcpUserAccessBindings/*}"
+    };
+    option (google.api.method_signature) = "name";
+    option (google.longrunning.operation_info) = {
+      response_type: "google.protobuf.Empty"
+      metadata_type: "GcpUserAccessBindingOperationMetadata"
+    };
+  }
+
+  // Sets the IAM policy for the specified Access Context Manager
+  // [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+  // This method replaces the existing IAM policy on the access policy. The IAM
+  // policy controls the set of users who can perform specific operations on the
+  // Access Context Manager [access
+  // policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+  rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) {
+    option (google.api.http) = {
+      post: "/v1/{resource=accessPolicies/*}:setIamPolicy"
+      body: "*"
+    };
+  }
+
+  // Gets the IAM policy for the specified Access Context Manager
+  // [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+  rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) {
+    option (google.api.http) = {
+      post: "/v1/{resource=accessPolicies/*}:getIamPolicy"
+      body: "*"
+    };
+  }
+
+  // Returns the IAM permissions that the caller has on the specified Access
+  // Context Manager resource. The resource can be an
+  // [AccessPolicy][google.identity.accesscontextmanager.v1.AccessPolicy],
+  // [AccessLevel][google.identity.accesscontextmanager.v1.AccessLevel], or
+  // [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
+  // ]. This method does not support other resources.
+  rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) {
+    option (google.api.http) = {
+      post: "/v1/{resource=accessPolicies/*}:testIamPermissions"
+      body: "*"
+      additional_bindings {
+        post: "/v1/{resource=accessPolicies/*/accessLevels/*}:testIamPermissions"
+        body: "*"
+      }
+      additional_bindings {
+        post: "/v1/{resource=accessPolicies/*/servicePerimeters/*}:testIamPermissions"
+        body: "*"
+      }
+    };
+  }
+}
+
+// A request to list all `AccessPolicies` for a container.
+message ListAccessPoliciesRequest {
+  // Required. Resource name for the container to list AccessPolicy instances
+  // from.
+  //
+  // Format:
+  // `organizations/{org_id}`
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "cloudresourcemanager.googleapis.com/Organization"
+    }
+  ];
+
+  // Number of AccessPolicy instances to include in the list. Default 100.
+  int32 page_size = 2;
+
+  // Next page token for the next batch of AccessPolicy instances. Defaults to
+  // the first page of results.
+  string page_token = 3;
+}
+
+// A response to `ListAccessPoliciesRequest`.
+message ListAccessPoliciesResponse {
+  // List of the AccessPolicy instances.
+  repeated AccessPolicy access_policies = 1;
+
+  // The pagination token to retrieve the next page of results. If the value is
+  // empty, no further results remain.
+  string next_page_token = 2;
+}
+
+// A request to get a particular `AccessPolicy`.
+message GetAccessPolicyRequest {
+  // Required. Resource name for the access policy to get.
+  //
+  // Format `accessPolicies/{policy_id}`
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "accesscontextmanager.googleapis.com/AccessPolicy"
+    }
+  ];
+}
+
+// A request to update an `AccessPolicy`.
+message UpdateAccessPolicyRequest {
+  // Required. The updated AccessPolicy.
+  AccessPolicy policy = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. Mask to control which fields get updated. Must be non-empty.
+  google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// A request to delete an `AccessPolicy`.
+message DeleteAccessPolicyRequest {
+  // Required. Resource name for the access policy to delete.
+  //
+  // Format `accessPolicies/{policy_id}`
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "accesscontextmanager.googleapis.com/AccessPolicy"
+    }
+  ];
+}
+
+// A request to list all `AccessLevels` in an `AccessPolicy`.
+message ListAccessLevelsRequest {
+  // Required. Resource name for the access policy to list [Access Levels]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] from.
+  //
+  // Format:
+  // `accessPolicies/{policy_id}`
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "accesscontextmanager.googleapis.com/AccessLevel"
+    }
+  ];
+
+  // Number of [Access Levels]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] to include in
+  // the list. Default 100.
+  int32 page_size = 2;
+
+  // Next page token for the next batch of [Access Level]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] instances.
+  // Defaults to the first page of results.
+  string page_token = 3;
+
+  // Whether to return `BasicLevels` in the Cloud Common Expression language, as
+  // `CustomLevels`, rather than as `BasicLevels`. Defaults to returning
+  // `AccessLevels` in the format they were defined.
+  LevelFormat access_level_format = 4;
+}
+
+// A response to `ListAccessLevelsRequest`.
+message ListAccessLevelsResponse {
+  // List of the [Access Level]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] instances.
+  repeated AccessLevel access_levels = 1;
+
+  // The pagination token to retrieve the next page of results. If the value is
+  // empty, no further results remain.
+  string next_page_token = 2;
+}
+
+// A request to get a particular `AccessLevel`.
+message GetAccessLevelRequest {
+  // Required. Resource name for the [Access Level]
+  // [google.identity.accesscontextmanager.v1.AccessLevel].
+  //
+  // Format:
+  // `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "accesscontextmanager.googleapis.com/AccessLevel"
+    }
+  ];
+
+  // Whether to return `BasicLevels` in the Cloud Common Expression
+  // Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where
+  // [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+  // are returned as `BasicLevels` or `CustomLevels` based on how they were
+  // created. If set to CEL, all [Access Levels]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] are returned as
+  // `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
+  // `CustomLevels`.
+  LevelFormat access_level_format = 2;
+}
+
+// A request to create an `AccessLevel`.
+message CreateAccessLevelRequest {
+  // Required. Resource name for the access policy which owns this [Access
+  // Level] [google.identity.accesscontextmanager.v1.AccessLevel].
+  //
+  // Format: `accessPolicies/{policy_id}`
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "accesscontextmanager.googleapis.com/AccessLevel"
+    }
+  ];
+
+  // Required. The [Access Level]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] to create.
+  // Syntactic correctness of the [Access Level]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] is a
+  // precondition for creation.
+  AccessLevel access_level = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// A request to update an `AccessLevel`.
+message UpdateAccessLevelRequest {
+  // Required. The updated [Access Level]
+  // [google.identity.accesscontextmanager.v1.AccessLevel]. Syntactic
+  // correctness of the [Access Level]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] is a
+  // precondition for creation.
+  AccessLevel access_level = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. Mask to control which fields get updated. Must be non-empty.
+  google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// A request to delete an `AccessLevel`.
+message DeleteAccessLevelRequest {
+  // Required. Resource name for the [Access Level]
+  // [google.identity.accesscontextmanager.v1.AccessLevel].
+  //
+  // Format:
+  // `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "accesscontextmanager.googleapis.com/AccessLevel"
+    }
+  ];
+}
+
+// A request to replace all existing Access Levels in an Access Policy with
+// the Access Levels provided. This is done atomically.
+message ReplaceAccessLevelsRequest {
+  // Required. Resource name for the access policy which owns these
+  // [Access Levels]
+  // [google.identity.accesscontextmanager.v1.AccessLevel].
+  //
+  // Format: `accessPolicies/{policy_id}`
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "accesscontextmanager.googleapis.com/AccessLevel"
+    }
+  ];
+
+  // Required. The desired [Access Levels]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] that should
+  // replace all existing [Access Levels]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] in the
+  // [Access Policy]
+  // [google.identity.accesscontextmanager.v1.AccessPolicy].
+  repeated AccessLevel access_levels = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. The etag for the version of the [Access Policy]
+  // [google.identity.accesscontextmanager.v1.AccessPolicy] that this
+  // replace operation is to be performed on. If, at the time of replace, the
+  // etag for the Access Policy stored in Access Context Manager is different
+  // from the specified etag, then the replace operation will not be performed
+  // and the call will fail. This field is not required. If etag is not
+  // provided, the operation will be performed as if a valid etag is provided.
+  string etag = 4;
+}
+
+// A response to ReplaceAccessLevelsRequest. This will be put inside of
+// Operation.response field.
+message ReplaceAccessLevelsResponse {
+  // List of the [Access Level]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] instances.
+  repeated AccessLevel access_levels = 1;
+}
+
+// A request to list all `ServicePerimeters` in an `AccessPolicy`.
+message ListServicePerimetersRequest {
+  // Required. Resource name for the access policy to list [Service Perimeters]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] from.
+  //
+  // Format:
+  // `accessPolicies/{policy_id}`
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "accesscontextmanager.googleapis.com/ServicePerimeter"
+    }
+  ];
+
+  // Number of [Service Perimeters]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] to include
+  // in the list. Default 100.
+  int32 page_size = 2;
+
+  // Next page token for the next batch of [Service Perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] instances.
+  // Defaults to the first page of results.
+  string page_token = 3;
+}
+
+// A response to `ListServicePerimetersRequest`.
+message ListServicePerimetersResponse {
+  // List of the [Service Perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] instances.
+  repeated ServicePerimeter service_perimeters = 1;
+
+  // The pagination token to retrieve the next page of results. If the value is
+  // empty, no further results remain.
+  string next_page_token = 2;
+}
+
+// A request to get a particular `ServicePerimeter`.
+message GetServicePerimeterRequest {
+  // Required. Resource name for the [Service Perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter].
+  //
+  // Format:
+  // `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "accesscontextmanager.googleapis.com/ServicePerimeter"
+    }
+  ];
+}
+
+// A request to create a `ServicePerimeter`.
+message CreateServicePerimeterRequest {
+  // Required. Resource name for the access policy which owns this [Service
+  // Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter].
+  //
+  // Format: `accessPolicies/{policy_id}`
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "accesscontextmanager.googleapis.com/ServicePerimeter"
+    }
+  ];
+
+  // Required. The [Service Perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] to create.
+  // Syntactic correctness of the [Service Perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] is a
+  // precondition for creation.
+  ServicePerimeter service_perimeter = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// A request to update a `ServicePerimeter`.
+message UpdateServicePerimeterRequest {
+  // Required. The updated `ServicePerimeter`. Syntactic correctness of the
+  // `ServicePerimeter` is a precondition for creation.
+  ServicePerimeter service_perimeter = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. Mask to control which fields get updated. Must be non-empty.
+  google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// A request to delete a `ServicePerimeter`.
+message DeleteServicePerimeterRequest {
+  // Required. Resource name for the [Service Perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter].
+  //
+  // Format:
+  // `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "accesscontextmanager.googleapis.com/ServicePerimeter"
+    }
+  ];
+}
+
+// A request to replace all existing Service Perimeters in an Access Policy
+// with the Service Perimeters provided. This is done atomically.
+message ReplaceServicePerimetersRequest {
+  // Required. Resource name for the access policy which owns these
+  // [Service Perimeters]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter].
+  //
+  // Format: `accessPolicies/{policy_id}`
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "accesscontextmanager.googleapis.com/ServicePerimeter"
+    }
+  ];
+
+  // Required. The desired [Service Perimeters]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] that should
+  // replace all existing [Service Perimeters]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] in the
+  // [Access Policy]
+  // [google.identity.accesscontextmanager.v1.AccessPolicy].
+  repeated ServicePerimeter service_perimeters = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. The etag for the version of the [Access Policy]
+  // [google.identity.accesscontextmanager.v1.AccessPolicy] that this
+  // replace operation is to be performed on. If, at the time of replace, the
+  // etag for the Access Policy stored in Access Context Manager is different
+  // from the specified etag, then the replace operation will not be performed
+  // and the call will fail. This field is not required. If etag is not
+  // provided, the operation will be performed as if a valid etag is provided.
+  string etag = 3;
+}
+
+// A response to ReplaceServicePerimetersRequest. This will be put inside of
+// Operation.response field.
+message ReplaceServicePerimetersResponse {
+  // List of the [Service Perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] instances.
+  repeated ServicePerimeter service_perimeters = 1;
+}
+
+// A request to commit dry-run specs in all [Service Perimeters]
+// [google.identity.accesscontextmanager.v1.ServicePerimeter] belonging to
+// an [Access Policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+message CommitServicePerimetersRequest {
+  // Required. Resource name for the parent [Access Policy]
+  // [google.identity.accesscontextmanager.v1.AccessPolicy] which owns all
+  // [Service Perimeters]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] in scope for
+  // the commit operation.
+  //
+  // Format: `accessPolicies/{policy_id}`
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "accesscontextmanager.googleapis.com/ServicePerimeter"
+    }
+  ];
+
+  // Optional. The etag for the version of the [Access Policy]
+  // [google.identity.accesscontextmanager.v1.AccessPolicy] that this
+  // commit operation is to be performed on. If, at the time of commit, the
+  // etag for the Access Policy stored in Access Context Manager is different
+  // from the specified etag, then the commit operation will not be performed
+  // and the call will fail. This field is not required. If etag is not
+  // provided, the operation will be performed as if a valid etag is provided.
+  string etag = 2;
+}
+
+// A response to CommitServicePerimetersRequest. This will be put inside of
+// Operation.response field.
+message CommitServicePerimetersResponse {
+  // List of all the [Service Perimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] instances in
+  // the [Access Policy]
+  // [google.identity.accesscontextmanager.v1.AccessPolicy].
+  repeated ServicePerimeter service_perimeters = 1;
+}
+
+// The format used in an `AccessLevel`.
+enum LevelFormat {
+  // The format was not specified.
+  LEVEL_FORMAT_UNSPECIFIED = 0;
+
+  // Uses the format the resource was defined in. BasicLevels are returned as
+  // BasicLevels, CustomLevels are returned as CustomLevels.
+  AS_DEFINED = 1;
+
+  // Use Cloud Common Expression Language when returning the resource.  Both
+  // BasicLevels and CustomLevels are returned as CustomLevels.
+  CEL = 2;
+}
+
+// Request of [ListGcpUserAccessBindings]
+// [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].
+message ListGcpUserAccessBindingsRequest {
+  // Required. Example: "organizations/256"
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "cloudresourcemanager.googleapis.com/Organization"
+    }
+  ];
+
+  // Optional. Maximum number of items to return. The server may return fewer items.
+  // If left blank, the server may return any number of items.
+  int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. If left blank, returns the first page. To enumerate all items, use the
+  // [next_page_token]
+  // [google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse.next_page_token]
+  // from your previous list operation.
+  string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Response of [ListGcpUserAccessBindings]
+// [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].
+message ListGcpUserAccessBindingsResponse {
+  // [GcpUserAccessBinding]
+  // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
+  repeated GcpUserAccessBinding gcp_user_access_bindings = 1;
+
+  // Token to get the next page of items. If blank, there are no more items.
+  string next_page_token = 2;
+}
+
+// Request of [GetGcpUserAccessBinding]
+// [google.identity.accesscontextmanager.v1.AccessContextManager.GetGcpUserAccessBinding].
+message GetGcpUserAccessBindingRequest {
+  // Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "accesscontextmanager.googleapis.com/GcpUserAccessBinding"
+    }
+  ];
+}
+
+// Request of [CreateGcpUserAccessBinding]
+// [google.identity.accesscontextmanager.v1.AccessContextManager.CreateGcpUserAccessBinding].
+message CreateGcpUserAccessBindingRequest {
+  // Required. Example: "organizations/256"
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "cloudresourcemanager.googleapis.com/Organization"
+    }
+  ];
+
+  // Required. [GcpUserAccessBinding]
+  // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
+  GcpUserAccessBinding gcp_user_access_binding = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// Request of [UpdateGcpUserAccessBinding]
+// [google.identity.accesscontextmanager.v1.AccessContextManager.UpdateGcpUserAccessBinding].
+message UpdateGcpUserAccessBindingRequest {
+  // Required. [GcpUserAccessBinding]
+  // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
+  GcpUserAccessBinding gcp_user_access_binding = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. Only the fields specified in this mask are updated. Because name and
+  // group_key cannot be changed, update_mask is required and must always be:
+  //
+  // update_mask {
+  // paths: "access_levels"
+  // }
+  google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// Request of [DeleteGcpUserAccessBinding]
+// [google.identity.accesscontextmanager.v1.AccessContextManager.DeleteGcpUserAccessBinding].
+message DeleteGcpUserAccessBindingRequest {
+  // Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "accesscontextmanager.googleapis.com/GcpUserAccessBinding"
+    }
+  ];
+}
+
+// Currently, a completed operation means nothing. In the future, this metadata
+// and a completed operation may indicate that the binding has taken effect and
+// is affecting access decisions for all users.
+message GcpUserAccessBindingOperationMetadata {
+
+}
+
+// Metadata of Access Context Manager's Long Running Operations.
+message AccessContextManagerOperationMetadata {
+
+}
diff --git a/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/v1/access_level.proto b/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/v1/access_level.proto
new file mode 100644
index 00000000000..b7b9c75c620
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/v1/access_level.proto
@@ -0,0 +1,192 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.identity.accesscontextmanager.v1;
+
+import "google/api/resource.proto";
+import "google/identity/accesscontextmanager/type/device_resources.proto";
+import "google/protobuf/timestamp.proto";
+import "google/type/expr.proto";
+
+option csharp_namespace = "Google.Identity.AccessContextManager.V1";
+option go_package = "google.golang.org/genproto/googleapis/identity/accesscontextmanager/v1;accesscontextmanager";
+option java_multiple_files = true;
+option java_outer_classname = "AccessLevelProto";
+option java_package = "com.google.identity.accesscontextmanager.v1";
+option objc_class_prefix = "GACM";
+option php_namespace = "Google\\Identity\\AccessContextManager\\V1";
+option ruby_package = "Google::Identity::AccessContextManager::V1";
+
+// An `AccessLevel` is a label that can be applied to requests to Google Cloud
+// services, along with a list of requirements necessary for the label to be
+// applied.
+message AccessLevel {
+  option (google.api.resource) = {
+    type: "accesscontextmanager.googleapis.com/AccessLevel"
+    pattern: "accessPolicies/{access_policy}/accessLevels/{access_level}"
+  };
+
+  // Required. Resource name for the Access Level. The `short_name` component
+  // must begin with a letter and only include alphanumeric and '_'. Format:
+  // `accessPolicies/{access_policy}/accessLevels/{access_level}`. The maximum
+  // length of the `access_level` component is 50 characters.
+  string name = 1;
+
+  // Human readable title. Must be unique within the Policy.
+  string title = 2;
+
+  // Description of the `AccessLevel` and its use. Does not affect behavior.
+  string description = 3;
+
+  // Required. Describes the necessary conditions for the level to apply.
+  oneof level {
+    // A `BasicLevel` composed of `Conditions`.
+    BasicLevel basic = 4;
+
+    // A `CustomLevel` written in the Common Expression Language.
+    CustomLevel custom = 5;
+  }
+
+  // Output only. Time the `AccessLevel` was created in UTC.
+  google.protobuf.Timestamp create_time = 6;
+
+  // Output only. Time the `AccessLevel` was updated in UTC.
+  google.protobuf.Timestamp update_time = 7;
+}
+
+// `BasicLevel` is an `AccessLevel` using a set of recommended features.
+message BasicLevel {
+  // Options for how the `conditions` list should be combined to determine if
+  // this `AccessLevel` is applied. Default is AND.
+  enum ConditionCombiningFunction {
+    // All `Conditions` must be true for the `BasicLevel` to be true.
+    AND = 0;
+
+    // If at least one `Condition` is true, then the `BasicLevel` is true.
+    OR = 1;
+  }
+
+  // Required. A list of requirements for the `AccessLevel` to be granted.
+  repeated Condition conditions = 1;
+
+  // How the `conditions` list should be combined to determine if a request is
+  // granted this `AccessLevel`. If AND is used, each `Condition` in
+  // `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
+  // is used, at least one `Condition` in `conditions` must be satisfied for the
+  // `AccessLevel` to be applied. Default behavior is AND.
+  ConditionCombiningFunction combining_function = 2;
+}
+
+// A condition necessary for an `AccessLevel` to be granted. The Condition is an
+// AND over its fields. So a Condition is true if: 1) the request IP is from one
+// of the listed subnetworks AND 2) the originating device complies with the
+// listed device policy AND 3) all listed access levels are granted AND 4) the
+// request was sent at a time allowed by the DateTimeRestriction.
+message Condition {
+  // CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
+  // a CIDR IP address block, the specified IP address portion must be properly
+  // truncated (i.e. all the host bits must be zero) or the input is considered
+  // malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is
+  // not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
+  // "2001:db8::1/32" is not. The originating IP of a request must be in one of
+  // the listed subnets in order for this Condition to be true. If empty, all IP
+  // addresses are allowed.
+  repeated string ip_subnetworks = 1;
+
+  // Device specific restrictions, all restrictions must hold for the
+  // Condition to be true. If not specified, all devices are allowed.
+  DevicePolicy device_policy = 2;
+
+  // A list of other access levels defined in the same `Policy`, referenced by
+  // resource name. Referencing an `AccessLevel` which does not exist is an
+  // error. All access levels listed must be granted for the Condition
+  // to be true. Example:
+  // "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+  repeated string required_access_levels = 3;
+
+  // Whether to negate the Condition. If true, the Condition becomes a NAND over
+  // its non-empty fields, each field must be false for the Condition overall to
+  // be satisfied. Defaults to false.
+  bool negate = 5;
+
+  // The request must be made by one of the provided user or service
+  // accounts. Groups are not supported.
+  // Syntax:
+  // `user:{emailid}`
+  // `serviceAccount:{emailid}`
+  // If not specified, a request may come from any user.
+  repeated string members = 6;
+
+  // The request must originate from one of the provided countries/regions.
+  // Must be valid ISO 3166-1 alpha-2 codes.
+  repeated string regions = 7;
+}
+
+// `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language
+// to represent the necessary conditions for the level to apply to a request.
+// See CEL spec at: https://github.com/google/cel-spec
+message CustomLevel {
+  // Required. A Cloud CEL expression evaluating to a boolean.
+  google.type.Expr expr = 1;
+}
+
+// `DevicePolicy` specifies device specific restrictions necessary to acquire a
+// given access level. A `DevicePolicy` specifies requirements for requests from
+// devices to be granted access levels, it does not do any enforcement on the
+// device. `DevicePolicy` acts as an AND over all specified fields, and each
+// repeated field is an OR over its elements. Any unset fields are ignored. For
+// example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
+// DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
+// true for requests originating from encrypted Linux desktops and encrypted
+// Windows desktops.
+message DevicePolicy {
+  // Whether or not screenlock is required for the DevicePolicy to be true.
+  // Defaults to `false`.
+  bool require_screenlock = 1;
+
+  // Allowed encryptions statuses, an empty list allows all statuses.
+  repeated google.identity.accesscontextmanager.type.DeviceEncryptionStatus allowed_encryption_statuses = 2;
+
+  // Allowed OS versions, an empty list allows all types and all versions.
+  repeated OsConstraint os_constraints = 3;
+
+  // Allowed device management levels, an empty list allows all management
+  // levels.
+  repeated google.identity.accesscontextmanager.type.DeviceManagementLevel allowed_device_management_levels = 6;
+
+  // Whether the device needs to be approved by the customer admin.
+  bool require_admin_approval = 7;
+
+  // Whether the device needs to be corp owned.
+  bool require_corp_owned = 8;
+}
+
+// A restriction on the OS type and version of devices making requests.
+message OsConstraint {
+  // Required. The allowed OS type.
+  google.identity.accesscontextmanager.type.OsType os_type = 1;
+
+  // The minimum allowed OS version. If not set, any version of this OS
+  // satisfies the constraint. Format: `"major.minor.patch"`.
+  // Examples: `"10.5.301"`, `"9.2.1"`.
+  string minimum_version = 2;
+
+  // Only allows requests from devices with a verified Chrome OS.
+  // Verifications includes requirements that the device is enterprise-managed,
+  // conformant to domain policies, and the caller has permission to call
+  // the API targeted by the request.
+  bool require_verified_chrome_os = 3;
+}
diff --git a/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/v1/access_policy.proto b/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/v1/access_policy.proto
new file mode 100644
index 00000000000..74746478457
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/v1/access_policy.proto
@@ -0,0 +1,81 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.identity.accesscontextmanager.v1;
+
+import "google/api/resource.proto";
+import "google/protobuf/timestamp.proto";
+
+option csharp_namespace = "Google.Identity.AccessContextManager.V1";
+option go_package = "google.golang.org/genproto/googleapis/identity/accesscontextmanager/v1;accesscontextmanager";
+option java_multiple_files = true;
+option java_outer_classname = "PolicyProto";
+option java_package = "com.google.identity.accesscontextmanager.v1";
+option objc_class_prefix = "GACM";
+option php_namespace = "Google\\Identity\\AccessContextManager\\V1";
+option ruby_package = "Google::Identity::AccessContextManager::V1";
+
+// `AccessPolicy` is a container for `AccessLevels` (which define the necessary
+// attributes to use Google Cloud services) and `ServicePerimeters` (which
+// define regions of services able to freely pass data within a perimeter). An
+// access policy is globally visible within an organization, and the
+// restrictions it specifies apply to all projects within an organization.
+message AccessPolicy {
+  option (google.api.resource) = {
+    type: "accesscontextmanager.googleapis.com/AccessPolicy"
+    pattern: "accessPolicies/{access_policy}"
+  };
+
+  // Output only. Resource name of the `AccessPolicy`. Format:
+  // `accessPolicies/{access_policy}`
+  string name = 1;
+
+  // Required. The parent of this `AccessPolicy` in the Cloud Resource
+  // Hierarchy. Currently immutable once created. Format:
+  // `organizations/{organization_id}`
+  string parent = 2;
+
+  // Required. Human readable title. Does not affect behavior.
+  string title = 3;
+
+  // The scopes of a policy define which resources an ACM policy can restrict,
+  // and where ACM resources can be referenced.
+  // For example, a policy with scopes=["folders/123"] has the following
+  // behavior:
+  // - vpcsc perimeters can only restrict projects within folders/123
+  // - access levels can only be referenced by resources within folders/123.
+  // If empty, there are no limitations on which resources can be restricted by
+  // an ACM policy, and there are no limitations on where ACM resources can be
+  // referenced.
+  // Only one policy can include a given scope (attempting to create a second
+  // policy which includes "folders/123" will result in an error).
+  // Currently, scopes cannot be modified after a policy is created.
+  // Currently, policies can only have a single scope.
+  // Format: list of `folders/{folder_number}` or `projects/{project_number}`
+  repeated string scopes = 7;
+
+  // Output only. Time the `AccessPolicy` was created in UTC.
+  google.protobuf.Timestamp create_time = 4;
+
+  // Output only. Time the `AccessPolicy` was updated in UTC.
+  google.protobuf.Timestamp update_time = 5;
+
+  // Output only. An opaque identifier for the current version of the
+  // `AccessPolicy`. This will always be a strongly validated etag, meaning that
+  // two Access Polices will be identical if and only if their etags are
+  // identical. Clients should not expect this to be in any specific format.
+  string etag = 6;
+}
diff --git a/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/v1/gcp_user_access_binding.proto b/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/v1/gcp_user_access_binding.proto
new file mode 100644
index 00000000000..5dbded9cc49
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/v1/gcp_user_access_binding.proto
@@ -0,0 +1,68 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.identity.accesscontextmanager.v1;
+
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
+
+option csharp_namespace = "Google.Identity.AccessContextManager.V1";
+option go_package = "google.golang.org/genproto/googleapis/identity/accesscontextmanager/v1;accesscontextmanager";
+option java_multiple_files = true;
+option java_outer_classname = "GcpUserAccessBindingProto";
+option java_package = "com.google.identity.accesscontextmanager.v1";
+option objc_class_prefix = "GACM";
+option php_namespace = "Google\\Identity\\AccessContextManager\\V1";
+option ruby_package = "Google::Identity::AccessContextManager::V1";
+
+// Restricts access to Cloud Console and Google Cloud APIs for a set of users
+// using Context-Aware Access.
+message GcpUserAccessBinding {
+  option (google.api.resource) = {
+    type: "accesscontextmanager.googleapis.com/GcpUserAccessBinding"
+    pattern: "organizations/{organization}/gcpUserAccessBindings/{gcp_user_access_binding}"
+  };
+
+  // Immutable. Assigned by the server during creation. The last segment has an arbitrary
+  // length and has only URI unreserved characters (as defined by
+  // [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)).
+  // Should not be specified by the client during creation.
+  // Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
+  string name = 1 [(google.api.field_behavior) = IMMUTABLE];
+
+  // Required. Immutable. Google Group id whose members are subject to this binding's restrictions.
+  // See "id" in the [G Suite Directory API's Groups resource]
+  // (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource).
+  // If a group's email address/alias is changed, this resource will continue
+  // to point at the changed group. This field does not accept group email
+  // addresses or aliases.
+  // Example: "01d520gv4vjcrht"
+  string group_key = 2 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.field_behavior) = IMMUTABLE
+  ];
+
+  // Required. Access level that a user must have to be granted access. Only one access
+  // level is supported, not multiple. This repeated field must have exactly
+  // one element.
+  // Example: "accessPolicies/9522/accessLevels/device_trusted"
+  repeated string access_levels = 3 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "accesscontextmanager.googleapis.com/AccessLevel"
+    }
+  ];
+}
diff --git a/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/v1/service_perimeter.proto b/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/v1/service_perimeter.proto
new file mode 100644
index 00000000000..c0851cbe1d9
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/protos/google/identity/accesscontextmanager/v1/service_perimeter.proto
@@ -0,0 +1,472 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.identity.accesscontextmanager.v1;
+
+import "google/api/resource.proto";
+import "google/protobuf/timestamp.proto";
+
+option csharp_namespace = "Google.Identity.AccessContextManager.V1";
+option go_package = "google.golang.org/genproto/googleapis/identity/accesscontextmanager/v1;accesscontextmanager";
+option java_multiple_files = true;
+option java_outer_classname = "ServicePerimeterProto";
+option java_package = "com.google.identity.accesscontextmanager.v1";
+option objc_class_prefix = "GACM";
+option php_namespace = "Google\\Identity\\AccessContextManager\\V1";
+option ruby_package = "Google::Identity::AccessContextManager::V1";
+
+// `ServicePerimeter` describes a set of Google Cloud resources which can freely
+// import and export data amongst themselves, but not export outside of the
+// `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
+// has a target outside of the `ServicePerimeter`, the request will be blocked.
+// Otherwise the request is allowed. There are two types of Service Perimeter -
+// Regular and Bridge. Regular Service Perimeters cannot overlap, a single
+// Google Cloud project can only belong to a single regular Service Perimeter.
+// Service Perimeter Bridges can contain only Google Cloud projects as members,
+// a single Google Cloud project may belong to multiple Service Perimeter
+// Bridges.
+message ServicePerimeter {
+  option (google.api.resource) = {
+    type: "accesscontextmanager.googleapis.com/ServicePerimeter"
+    pattern: "accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}"
+  };
+
+  // Specifies the type of the Perimeter. There are two types: regular and
+  // bridge. Regular Service Perimeter contains resources, access levels, and
+  // restricted services. Every resource can be in at most ONE
+  // regular Service Perimeter.
+  //
+  // In addition to being in a regular service perimeter, a resource can also
+  // be in zero or more perimeter bridges.  A perimeter bridge only contains
+  // resources.  Cross project operations are permitted if all effected
+  // resources share some perimeter (whether bridge or regular). Perimeter
+  // Bridge does not contain access levels or services: those are governed
+  // entirely by the regular perimeter that resource is in.
+  //
+  // Perimeter Bridges are typically useful when building more complex toplogies
+  // with many independent perimeters that need to share some data with a common
+  // perimeter, but should not be able to share data among themselves.
+  enum PerimeterType {
+    // Regular Perimeter.
+    PERIMETER_TYPE_REGULAR = 0;
+
+    // Perimeter Bridge.
+    PERIMETER_TYPE_BRIDGE = 1;
+  }
+
+  // Required. Resource name for the ServicePerimeter.  The `short_name`
+  // component must begin with a letter and only include alphanumeric and '_'.
+  // Format:
+  // `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`
+  string name = 1;
+
+  // Human readable title. Must be unique within the Policy.
+  string title = 2;
+
+  // Description of the `ServicePerimeter` and its use. Does not affect
+  // behavior.
+  string description = 3;
+
+  // Output only. Time the `ServicePerimeter` was created in UTC.
+  google.protobuf.Timestamp create_time = 4;
+
+  // Output only. Time the `ServicePerimeter` was updated in UTC.
+  google.protobuf.Timestamp update_time = 5;
+
+  // Perimeter type indicator. A single project is
+  // allowed to be a member of single regular perimeter, but multiple service
+  // perimeter bridges. A project cannot be a included in a perimeter bridge
+  // without being included in regular perimeter. For perimeter bridges,
+  // the restricted service list as well as access level lists must be
+  // empty.
+  PerimeterType perimeter_type = 6;
+
+  // Current ServicePerimeter configuration. Specifies sets of resources,
+  // restricted services and access levels that determine perimeter
+  // content and boundaries.
+  ServicePerimeterConfig status = 7;
+
+  // Proposed (or dry run) ServicePerimeter configuration. This configuration
+  // allows to specify and test ServicePerimeter configuration without enforcing
+  // actual access restrictions. Only allowed to be set when the
+  // "use_explicit_dry_run_spec" flag is set.
+  ServicePerimeterConfig spec = 8;
+
+  // Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly
+  // exists  for all Service Perimeters, and that spec is identical to the
+  // status for those Service Perimeters. When this flag is set, it inhibits the
+  // generation of the implicit spec, thereby allowing the user to explicitly
+  // provide a configuration ("spec") to use in a dry-run version of the Service
+  // Perimeter. This allows the user to test changes to the enforced config
+  // ("status") without actually enforcing them. This testing is done through
+  // analyzing the differences between currently enforced and suggested
+  // restrictions. use_explicit_dry_run_spec must bet set to True if any of the
+  // fields in the spec are set to non-default values.
+  bool use_explicit_dry_run_spec = 9;
+}
+
+// `ServicePerimeterConfig` specifies a set of Google Cloud resources that
+// describe specific Service Perimeter configuration.
+message ServicePerimeterConfig {
+  // Specifies how APIs are allowed to communicate within the Service
+  // Perimeter.
+  message VpcAccessibleServices {
+    // Whether to restrict API calls within the Service Perimeter to the list of
+    // APIs specified in 'allowed_services'.
+    bool enable_restriction = 1;
+
+    // The list of APIs usable within the Service Perimeter. Must be empty
+    // unless 'enable_restriction' is True. You can specify a list of individual
+    // services, as well as include the 'RESTRICTED-SERVICES' value, which
+    // automatically includes all of the services protected by the perimeter.
+    repeated string allowed_services = 2;
+  }
+
+  // Specifies the types of identities that are allowed access in either
+  // [IngressFrom]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom]
+  // or [EgressFrom]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]
+  // rules.
+  enum IdentityType {
+    // No blanket identity group specified.
+    IDENTITY_TYPE_UNSPECIFIED = 0;
+
+    // Authorize access from all identities outside the perimeter.
+    ANY_IDENTITY = 1;
+
+    // Authorize access from all human users outside the perimeter.
+    ANY_USER_ACCOUNT = 2;
+
+    // Authorize access from all service accounts outside the perimeter.
+    ANY_SERVICE_ACCOUNT = 3;
+  }
+
+  // An allowed method or permission of a service specified in [ApiOperation]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
+  message MethodSelector {
+    // The API method name or Cloud IAM permission name to allow.
+    oneof kind {
+      // Value for `method` should be a valid method name for the corresponding
+      // `service_name` in [ApiOperation]
+      // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
+      // If `*` used as value for `method`, then ALL methods and permissions are
+      // allowed.
+      string method = 1;
+
+      // Value for `permission` should be a valid Cloud IAM permission for the
+      // corresponding `service_name` in [ApiOperation]
+      // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
+      string permission = 2;
+    }
+  }
+
+  // Identification for an API Operation.
+  message ApiOperation {
+    // The name of the API whose methods or permissions the [IngressPolicy]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+    // or [EgressPolicy]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+    // want to allow. A single [ApiOperation]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
+    // with `service_name` field set to `*` will allow all methods AND
+    // permissions for all services.
+    string service_name = 1;
+
+    // API methods or permissions to allow. Method or permission must belong to
+    // the service specified by `service_name` field. A single [MethodSelector]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector]
+    // entry with `*` specified for the `method` field will allow all methods
+    // AND permissions for the service specified in `service_name`.
+    repeated MethodSelector method_selectors = 2;
+  }
+
+  // The source that [IngressPolicy]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+  // authorizes access from.
+  message IngressSource {
+    // Allowed ingress source. It can be one of [AccessLevel]
+    // [google.identity.accesscontextmanager.v1.AccessLevel] or Google
+    // Cloud resource.
+    oneof source {
+      // An [AccessLevel]
+      // [google.identity.accesscontextmanager.v1.AccessLevel] resource
+      // name that allow resources within the [ServicePerimeters]
+      // [google.identity.accesscontextmanager.v1.ServicePerimeter] to be
+      // accessed from the internet. [AccessLevels]
+      // [google.identity.accesscontextmanager.v1.AccessLevel] listed must
+      // be in the same policy as this [ServicePerimeter]
+      // [google.identity.accesscontextmanager.v1.ServicePerimeter].
+      // Referencing a nonexistent [AccessLevel]
+      // [google.identity.accesscontextmanager.v1.AccessLevel] will cause
+      // an error. If no [AccessLevel]
+      // [google.identity.accesscontextmanager.v1.AccessLevel] names are
+      // listed, resources within the perimeter can only be accessed via Google
+      // Cloud calls with request origins within the perimeter. Example:
+      // `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is
+      // specified for `access_level`, then all [IngressSources]
+      // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource]
+      // will be allowed.
+      string access_level = 1;
+
+      // A Google Cloud resource that is allowed to ingress the perimeter.
+      // Requests from these resources will be allowed to access perimeter data.
+      // Currently only projects are allowed.
+      // Format: `projects/{project_number}`
+      // The project may be in any Google Cloud organization, not just the
+      // organization that the perimeter is defined in. `*` is not allowed, the
+      // case of allowing all Google Cloud resources only is not supported.
+      string resource = 2;
+    }
+  }
+
+  // Defines the conditions under which an [IngressPolicy]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+  // matches a request. Conditions are based on information about the source of
+  // the request. The request must satisfy what is defined in `sources` AND
+  // identity related fields in order to match.
+  message IngressFrom {
+    // Sources that this [IngressPolicy]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+    // authorizes access from.
+    repeated IngressSource sources = 1;
+
+    // A list of identities that are allowed access through this ingress
+    // policy. Should be in the format of email address. The email address
+    // should represent individual user or service account only.
+    repeated string identities = 2;
+
+    // Specifies the type of identities that are allowed access from outside the
+    // perimeter. If left unspecified, then members of `identities` field will
+    // be allowed access.
+    IdentityType identity_type = 3;
+  }
+
+  // Defines the conditions under which an [IngressPolicy]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+  // matches a request. Conditions are based on information about the
+  // [ApiOperation]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
+  // intended to be performed on the target resource of the request. The request
+  // must satisfy what is defined in `operations` AND `resources` in order to
+  // match.
+  message IngressTo {
+    // A list of [ApiOperations]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
+    // allowed to be performed by the sources specified in corresponding
+    // [IngressFrom]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom]
+    // in this [ServicePerimeter]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeter].
+    repeated ApiOperation operations = 1;
+
+    // A list of resources, currently only projects in the form
+    // `projects/<projectnumber>`, protected by this [ServicePerimeter]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeter] that are
+    // allowed to be accessed by sources defined in the corresponding
+    // [IngressFrom]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom].
+    // If a single `*` is specified, then access to all resources inside the
+    // perimeter are allowed.
+    repeated string resources = 2;
+  }
+
+  // Policy for ingress into [ServicePerimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter].
+  //
+  // [IngressPolicies]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+  // match requests based on `ingress_from` and `ingress_to` stanzas.  For an
+  // ingress policy to match, both the `ingress_from` and `ingress_to` stanzas
+  // must be matched. If an [IngressPolicy]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+  // matches a request, the request is allowed through the perimeter boundary
+  // from outside the perimeter.
+  //
+  // For example, access from the internet can be allowed either
+  // based on an [AccessLevel]
+  // [google.identity.accesscontextmanager.v1.AccessLevel] or, for traffic
+  // hosted on Google Cloud, the project of the source network. For access from
+  // private networks, using the project of the hosting network is required.
+  //
+  // Individual ingress policies can be limited by restricting which
+  // services and/or actions they match using the `ingress_to` field.
+  message IngressPolicy {
+    // Defines the conditions on the source of a request causing this
+    // [IngressPolicy]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+    // to apply.
+    IngressFrom ingress_from = 1;
+
+    // Defines the conditions on the [ApiOperation]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
+    // and request destination that cause this [IngressPolicy]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+    // to apply.
+    IngressTo ingress_to = 2;
+  }
+
+  // Defines the conditions under which an [EgressPolicy]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+  // matches a request. Conditions based on information about the source of the
+  // request. Note that if the destination of the request is also protected by a
+  // [ServicePerimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter], then that
+  // [ServicePerimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] must have
+  // an [IngressPolicy]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+  // which allows access in order for this request to succeed.
+  message EgressFrom {
+    // A list of identities that are allowed access through this [EgressPolicy].
+    // Should be in the format of email address. The email address should
+    // represent individual user or service account only.
+    repeated string identities = 1;
+
+    // Specifies the type of identities that are allowed access to outside the
+    // perimeter. If left unspecified, then members of `identities` field will
+    // be allowed access.
+    IdentityType identity_type = 2;
+  }
+
+  // Defines the conditions under which an [EgressPolicy]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+  // matches a request. Conditions are based on information about the
+  // [ApiOperation]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
+  // intended to be performed on the `resources` specified. Note that if the
+  // destination of the request is also protected by a [ServicePerimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter], then that
+  // [ServicePerimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] must have
+  // an [IngressPolicy]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+  // which allows access in order for this request to succeed. The request must
+  // match `operations` AND `resources` fields in order to be allowed egress out
+  // of the perimeter.
+  message EgressTo {
+    // A list of resources, currently only projects in the form
+    // `projects/<projectnumber>`, that are allowed to be accessed by sources
+    // defined in the corresponding [EgressFrom]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
+    // A request matches if it contains a resource in this list.  If `*` is
+    // specified for `resources`, then this [EgressTo]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
+    // rule will authorize access to all resources outside the perimeter.
+    repeated string resources = 1;
+
+    // A list of [ApiOperations]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
+    // allowed to be performed by the sources specified in the corresponding
+    // [EgressFrom]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
+    // A request matches if it uses an operation/service in this list.
+    repeated ApiOperation operations = 2;
+
+    // A list of external resources that are allowed to be accessed. Only AWS
+    // and Azure resources are supported. For Amazon S3, the supported format is
+    // s3://BUCKET_NAME. For Azure Storage, the supported format is
+    // azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches
+    // if it contains an external resource in this list (Example:
+    // s3://bucket/path). Currently '*' is not allowed.
+    repeated string external_resources = 3;
+  }
+
+  // Policy for egress from perimeter.
+  //
+  // [EgressPolicies]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+  // match requests based on `egress_from` and `egress_to` stanzas.  For an
+  // [EgressPolicy]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+  // to match, both `egress_from` and `egress_to` stanzas must be matched. If an
+  // [EgressPolicy]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+  // matches a request, the request is allowed to span the [ServicePerimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] boundary.
+  // For example, an [EgressPolicy]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+  // can be used to allow VMs on networks within the [ServicePerimeter]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeter] to access a
+  // defined set of projects outside the perimeter in certain contexts (e.g. to
+  // read data from a Cloud Storage bucket or query against a BigQuery dataset).
+  //
+  // [EgressPolicies]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+  // are concerned with the *resources* that a request relates as well as the
+  // API services and API actions being used.  They do not related to the
+  // direction of data movement.  More detailed documentation for this concept
+  // can be found in the descriptions of [EgressFrom]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]
+  // and [EgressTo]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo].
+  message EgressPolicy {
+    // Defines conditions on the source of a request causing this [EgressPolicy]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+    // to apply.
+    EgressFrom egress_from = 1;
+
+    // Defines the conditions on the [ApiOperation]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
+    // and destination resources that cause this [EgressPolicy]
+    // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+    // to apply.
+    EgressTo egress_to = 2;
+  }
+
+  // A list of Google Cloud resources that are inside of the service perimeter.
+  // Currently only projects are allowed. Format: `projects/{project_number}`
+  repeated string resources = 1;
+
+  // A list of `AccessLevel` resource names that allow resources within the
+  // `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
+  // must be in the same policy as this `ServicePerimeter`. Referencing a
+  // nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
+  // listed, resources within the perimeter can only be accessed via Google
+  // Cloud calls with request origins within the perimeter. Example:
+  // `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
+  // For Service Perimeter Bridge, must be empty.
+  repeated string access_levels = 2;
+
+  // Google Cloud services that are subject to the Service Perimeter
+  // restrictions. For example, if `storage.googleapis.com` is specified, access
+  // to the storage buckets inside the perimeter must meet the perimeter's
+  // access restrictions.
+  repeated string restricted_services = 4;
+
+  // Configuration for APIs allowed within Perimeter.
+  VpcAccessibleServices vpc_accessible_services = 10;
+
+  // List of [IngressPolicies]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+  // to apply to the perimeter. A perimeter may have multiple [IngressPolicies]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy],
+  // each of which is evaluated separately. Access is granted if any [Ingress
+  // Policy]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+  // grants it. Must be empty for a perimeter bridge.
+  repeated IngressPolicy ingress_policies = 8;
+
+  // List of [EgressPolicies]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+  // to apply to the perimeter. A perimeter may have multiple [EgressPolicies]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy],
+  // each of which is evaluated separately. Access is granted if any
+  // [EgressPolicy]
+  // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+  // grants it. Must be empty for a perimeter bridge.
+  repeated EgressPolicy egress_policies = 9;
+}
diff --git a/packages/google-identity-accesscontextmanager/protos/protos.d.ts b/packages/google-identity-accesscontextmanager/protos/protos.d.ts
new file mode 100644
index 00000000000..f0fdebc02a4
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/protos/protos.d.ts
@@ -0,0 +1,13157 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import type {protobuf as $protobuf} from "google-gax";
+import Long = require("long");
+/** Namespace google. */
+export namespace google {
+
+    /** Namespace identity. */
+    namespace identity {
+
+        /** Namespace accesscontextmanager. */
+        namespace accesscontextmanager {
+
+            /** Namespace type. */
+            namespace type {
+
+                /** DeviceEncryptionStatus enum. */
+                enum DeviceEncryptionStatus {
+                    ENCRYPTION_UNSPECIFIED = 0,
+                    ENCRYPTION_UNSUPPORTED = 1,
+                    UNENCRYPTED = 2,
+                    ENCRYPTED = 3
+                }
+
+                /** OsType enum. */
+                enum OsType {
+                    OS_UNSPECIFIED = 0,
+                    DESKTOP_MAC = 1,
+                    DESKTOP_WINDOWS = 2,
+                    DESKTOP_LINUX = 3,
+                    DESKTOP_CHROME_OS = 6,
+                    ANDROID = 4,
+                    IOS = 5
+                }
+
+                /** DeviceManagementLevel enum. */
+                enum DeviceManagementLevel {
+                    MANAGEMENT_UNSPECIFIED = 0,
+                    NONE = 1,
+                    BASIC = 2,
+                    COMPLETE = 3
+                }
+            }
+
+            /** Namespace v1. */
+            namespace v1 {
+
+                /** Represents an AccessContextManager */
+                class AccessContextManager extends $protobuf.rpc.Service {
+
+                    /**
+                     * Constructs a new AccessContextManager service.
+                     * @param rpcImpl RPC implementation
+                     * @param [requestDelimited=false] Whether requests are length-delimited
+                     * @param [responseDelimited=false] Whether responses are length-delimited
+                     */
+                    constructor(rpcImpl: $protobuf.RPCImpl, requestDelimited?: boolean, responseDelimited?: boolean);
+
+                    /**
+                     * Creates new AccessContextManager service using the specified rpc implementation.
+                     * @param rpcImpl RPC implementation
+                     * @param [requestDelimited=false] Whether requests are length-delimited
+                     * @param [responseDelimited=false] Whether responses are length-delimited
+                     * @returns RPC service. Useful where requests and/or responses are streamed.
+                     */
+                    public static create(rpcImpl: $protobuf.RPCImpl, requestDelimited?: boolean, responseDelimited?: boolean): AccessContextManager;
+
+                    /**
+                     * Calls ListAccessPolicies.
+                     * @param request ListAccessPoliciesRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and ListAccessPoliciesResponse
+                     */
+                    public listAccessPolicies(request: google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.ListAccessPoliciesCallback): void;
+
+                    /**
+                     * Calls ListAccessPolicies.
+                     * @param request ListAccessPoliciesRequest message or plain object
+                     * @returns Promise
+                     */
+                    public listAccessPolicies(request: google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest): Promise<google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse>;
+
+                    /**
+                     * Calls GetAccessPolicy.
+                     * @param request GetAccessPolicyRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and AccessPolicy
+                     */
+                    public getAccessPolicy(request: google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.GetAccessPolicyCallback): void;
+
+                    /**
+                     * Calls GetAccessPolicy.
+                     * @param request GetAccessPolicyRequest message or plain object
+                     * @returns Promise
+                     */
+                    public getAccessPolicy(request: google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest): Promise<google.identity.accesscontextmanager.v1.AccessPolicy>;
+
+                    /**
+                     * Calls CreateAccessPolicy.
+                     * @param request AccessPolicy message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Operation
+                     */
+                    public createAccessPolicy(request: google.identity.accesscontextmanager.v1.IAccessPolicy, callback: google.identity.accesscontextmanager.v1.AccessContextManager.CreateAccessPolicyCallback): void;
+
+                    /**
+                     * Calls CreateAccessPolicy.
+                     * @param request AccessPolicy message or plain object
+                     * @returns Promise
+                     */
+                    public createAccessPolicy(request: google.identity.accesscontextmanager.v1.IAccessPolicy): Promise<google.longrunning.Operation>;
+
+                    /**
+                     * Calls UpdateAccessPolicy.
+                     * @param request UpdateAccessPolicyRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Operation
+                     */
+                    public updateAccessPolicy(request: google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.UpdateAccessPolicyCallback): void;
+
+                    /**
+                     * Calls UpdateAccessPolicy.
+                     * @param request UpdateAccessPolicyRequest message or plain object
+                     * @returns Promise
+                     */
+                    public updateAccessPolicy(request: google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest): Promise<google.longrunning.Operation>;
+
+                    /**
+                     * Calls DeleteAccessPolicy.
+                     * @param request DeleteAccessPolicyRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Operation
+                     */
+                    public deleteAccessPolicy(request: google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.DeleteAccessPolicyCallback): void;
+
+                    /**
+                     * Calls DeleteAccessPolicy.
+                     * @param request DeleteAccessPolicyRequest message or plain object
+                     * @returns Promise
+                     */
+                    public deleteAccessPolicy(request: google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest): Promise<google.longrunning.Operation>;
+
+                    /**
+                     * Calls ListAccessLevels.
+                     * @param request ListAccessLevelsRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and ListAccessLevelsResponse
+                     */
+                    public listAccessLevels(request: google.identity.accesscontextmanager.v1.IListAccessLevelsRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.ListAccessLevelsCallback): void;
+
+                    /**
+                     * Calls ListAccessLevels.
+                     * @param request ListAccessLevelsRequest message or plain object
+                     * @returns Promise
+                     */
+                    public listAccessLevels(request: google.identity.accesscontextmanager.v1.IListAccessLevelsRequest): Promise<google.identity.accesscontextmanager.v1.ListAccessLevelsResponse>;
+
+                    /**
+                     * Calls GetAccessLevel.
+                     * @param request GetAccessLevelRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and AccessLevel
+                     */
+                    public getAccessLevel(request: google.identity.accesscontextmanager.v1.IGetAccessLevelRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.GetAccessLevelCallback): void;
+
+                    /**
+                     * Calls GetAccessLevel.
+                     * @param request GetAccessLevelRequest message or plain object
+                     * @returns Promise
+                     */
+                    public getAccessLevel(request: google.identity.accesscontextmanager.v1.IGetAccessLevelRequest): Promise<google.identity.accesscontextmanager.v1.AccessLevel>;
+
+                    /**
+                     * Calls CreateAccessLevel.
+                     * @param request CreateAccessLevelRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Operation
+                     */
+                    public createAccessLevel(request: google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.CreateAccessLevelCallback): void;
+
+                    /**
+                     * Calls CreateAccessLevel.
+                     * @param request CreateAccessLevelRequest message or plain object
+                     * @returns Promise
+                     */
+                    public createAccessLevel(request: google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest): Promise<google.longrunning.Operation>;
+
+                    /**
+                     * Calls UpdateAccessLevel.
+                     * @param request UpdateAccessLevelRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Operation
+                     */
+                    public updateAccessLevel(request: google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.UpdateAccessLevelCallback): void;
+
+                    /**
+                     * Calls UpdateAccessLevel.
+                     * @param request UpdateAccessLevelRequest message or plain object
+                     * @returns Promise
+                     */
+                    public updateAccessLevel(request: google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest): Promise<google.longrunning.Operation>;
+
+                    /**
+                     * Calls DeleteAccessLevel.
+                     * @param request DeleteAccessLevelRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Operation
+                     */
+                    public deleteAccessLevel(request: google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.DeleteAccessLevelCallback): void;
+
+                    /**
+                     * Calls DeleteAccessLevel.
+                     * @param request DeleteAccessLevelRequest message or plain object
+                     * @returns Promise
+                     */
+                    public deleteAccessLevel(request: google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest): Promise<google.longrunning.Operation>;
+
+                    /**
+                     * Calls ReplaceAccessLevels.
+                     * @param request ReplaceAccessLevelsRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Operation
+                     */
+                    public replaceAccessLevels(request: google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.ReplaceAccessLevelsCallback): void;
+
+                    /**
+                     * Calls ReplaceAccessLevels.
+                     * @param request ReplaceAccessLevelsRequest message or plain object
+                     * @returns Promise
+                     */
+                    public replaceAccessLevels(request: google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest): Promise<google.longrunning.Operation>;
+
+                    /**
+                     * Calls ListServicePerimeters.
+                     * @param request ListServicePerimetersRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and ListServicePerimetersResponse
+                     */
+                    public listServicePerimeters(request: google.identity.accesscontextmanager.v1.IListServicePerimetersRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.ListServicePerimetersCallback): void;
+
+                    /**
+                     * Calls ListServicePerimeters.
+                     * @param request ListServicePerimetersRequest message or plain object
+                     * @returns Promise
+                     */
+                    public listServicePerimeters(request: google.identity.accesscontextmanager.v1.IListServicePerimetersRequest): Promise<google.identity.accesscontextmanager.v1.ListServicePerimetersResponse>;
+
+                    /**
+                     * Calls GetServicePerimeter.
+                     * @param request GetServicePerimeterRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and ServicePerimeter
+                     */
+                    public getServicePerimeter(request: google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.GetServicePerimeterCallback): void;
+
+                    /**
+                     * Calls GetServicePerimeter.
+                     * @param request GetServicePerimeterRequest message or plain object
+                     * @returns Promise
+                     */
+                    public getServicePerimeter(request: google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest): Promise<google.identity.accesscontextmanager.v1.ServicePerimeter>;
+
+                    /**
+                     * Calls CreateServicePerimeter.
+                     * @param request CreateServicePerimeterRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Operation
+                     */
+                    public createServicePerimeter(request: google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.CreateServicePerimeterCallback): void;
+
+                    /**
+                     * Calls CreateServicePerimeter.
+                     * @param request CreateServicePerimeterRequest message or plain object
+                     * @returns Promise
+                     */
+                    public createServicePerimeter(request: google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest): Promise<google.longrunning.Operation>;
+
+                    /**
+                     * Calls UpdateServicePerimeter.
+                     * @param request UpdateServicePerimeterRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Operation
+                     */
+                    public updateServicePerimeter(request: google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.UpdateServicePerimeterCallback): void;
+
+                    /**
+                     * Calls UpdateServicePerimeter.
+                     * @param request UpdateServicePerimeterRequest message or plain object
+                     * @returns Promise
+                     */
+                    public updateServicePerimeter(request: google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest): Promise<google.longrunning.Operation>;
+
+                    /**
+                     * Calls DeleteServicePerimeter.
+                     * @param request DeleteServicePerimeterRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Operation
+                     */
+                    public deleteServicePerimeter(request: google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.DeleteServicePerimeterCallback): void;
+
+                    /**
+                     * Calls DeleteServicePerimeter.
+                     * @param request DeleteServicePerimeterRequest message or plain object
+                     * @returns Promise
+                     */
+                    public deleteServicePerimeter(request: google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest): Promise<google.longrunning.Operation>;
+
+                    /**
+                     * Calls ReplaceServicePerimeters.
+                     * @param request ReplaceServicePerimetersRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Operation
+                     */
+                    public replaceServicePerimeters(request: google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.ReplaceServicePerimetersCallback): void;
+
+                    /**
+                     * Calls ReplaceServicePerimeters.
+                     * @param request ReplaceServicePerimetersRequest message or plain object
+                     * @returns Promise
+                     */
+                    public replaceServicePerimeters(request: google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest): Promise<google.longrunning.Operation>;
+
+                    /**
+                     * Calls CommitServicePerimeters.
+                     * @param request CommitServicePerimetersRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Operation
+                     */
+                    public commitServicePerimeters(request: google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.CommitServicePerimetersCallback): void;
+
+                    /**
+                     * Calls CommitServicePerimeters.
+                     * @param request CommitServicePerimetersRequest message or plain object
+                     * @returns Promise
+                     */
+                    public commitServicePerimeters(request: google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest): Promise<google.longrunning.Operation>;
+
+                    /**
+                     * Calls ListGcpUserAccessBindings.
+                     * @param request ListGcpUserAccessBindingsRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and ListGcpUserAccessBindingsResponse
+                     */
+                    public listGcpUserAccessBindings(request: google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindingsCallback): void;
+
+                    /**
+                     * Calls ListGcpUserAccessBindings.
+                     * @param request ListGcpUserAccessBindingsRequest message or plain object
+                     * @returns Promise
+                     */
+                    public listGcpUserAccessBindings(request: google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest): Promise<google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse>;
+
+                    /**
+                     * Calls GetGcpUserAccessBinding.
+                     * @param request GetGcpUserAccessBindingRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and GcpUserAccessBinding
+                     */
+                    public getGcpUserAccessBinding(request: google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.GetGcpUserAccessBindingCallback): void;
+
+                    /**
+                     * Calls GetGcpUserAccessBinding.
+                     * @param request GetGcpUserAccessBindingRequest message or plain object
+                     * @returns Promise
+                     */
+                    public getGcpUserAccessBinding(request: google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest): Promise<google.identity.accesscontextmanager.v1.GcpUserAccessBinding>;
+
+                    /**
+                     * Calls CreateGcpUserAccessBinding.
+                     * @param request CreateGcpUserAccessBindingRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Operation
+                     */
+                    public createGcpUserAccessBinding(request: google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.CreateGcpUserAccessBindingCallback): void;
+
+                    /**
+                     * Calls CreateGcpUserAccessBinding.
+                     * @param request CreateGcpUserAccessBindingRequest message or plain object
+                     * @returns Promise
+                     */
+                    public createGcpUserAccessBinding(request: google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest): Promise<google.longrunning.Operation>;
+
+                    /**
+                     * Calls UpdateGcpUserAccessBinding.
+                     * @param request UpdateGcpUserAccessBindingRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Operation
+                     */
+                    public updateGcpUserAccessBinding(request: google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.UpdateGcpUserAccessBindingCallback): void;
+
+                    /**
+                     * Calls UpdateGcpUserAccessBinding.
+                     * @param request UpdateGcpUserAccessBindingRequest message or plain object
+                     * @returns Promise
+                     */
+                    public updateGcpUserAccessBinding(request: google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest): Promise<google.longrunning.Operation>;
+
+                    /**
+                     * Calls DeleteGcpUserAccessBinding.
+                     * @param request DeleteGcpUserAccessBindingRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Operation
+                     */
+                    public deleteGcpUserAccessBinding(request: google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.DeleteGcpUserAccessBindingCallback): void;
+
+                    /**
+                     * Calls DeleteGcpUserAccessBinding.
+                     * @param request DeleteGcpUserAccessBindingRequest message or plain object
+                     * @returns Promise
+                     */
+                    public deleteGcpUserAccessBinding(request: google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest): Promise<google.longrunning.Operation>;
+
+                    /**
+                     * Calls SetIamPolicy.
+                     * @param request SetIamPolicyRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Policy
+                     */
+                    public setIamPolicy(request: google.iam.v1.ISetIamPolicyRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.SetIamPolicyCallback): void;
+
+                    /**
+                     * Calls SetIamPolicy.
+                     * @param request SetIamPolicyRequest message or plain object
+                     * @returns Promise
+                     */
+                    public setIamPolicy(request: google.iam.v1.ISetIamPolicyRequest): Promise<google.iam.v1.Policy>;
+
+                    /**
+                     * Calls GetIamPolicy.
+                     * @param request GetIamPolicyRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and Policy
+                     */
+                    public getIamPolicy(request: google.iam.v1.IGetIamPolicyRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.GetIamPolicyCallback): void;
+
+                    /**
+                     * Calls GetIamPolicy.
+                     * @param request GetIamPolicyRequest message or plain object
+                     * @returns Promise
+                     */
+                    public getIamPolicy(request: google.iam.v1.IGetIamPolicyRequest): Promise<google.iam.v1.Policy>;
+
+                    /**
+                     * Calls TestIamPermissions.
+                     * @param request TestIamPermissionsRequest message or plain object
+                     * @param callback Node-style callback called with the error, if any, and TestIamPermissionsResponse
+                     */
+                    public testIamPermissions(request: google.iam.v1.ITestIamPermissionsRequest, callback: google.identity.accesscontextmanager.v1.AccessContextManager.TestIamPermissionsCallback): void;
+
+                    /**
+                     * Calls TestIamPermissions.
+                     * @param request TestIamPermissionsRequest message or plain object
+                     * @returns Promise
+                     */
+                    public testIamPermissions(request: google.iam.v1.ITestIamPermissionsRequest): Promise<google.iam.v1.TestIamPermissionsResponse>;
+                }
+
+                namespace AccessContextManager {
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|listAccessPolicies}.
+                     * @param error Error, if any
+                     * @param [response] ListAccessPoliciesResponse
+                     */
+                    type ListAccessPoliciesCallback = (error: (Error|null), response?: google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|getAccessPolicy}.
+                     * @param error Error, if any
+                     * @param [response] AccessPolicy
+                     */
+                    type GetAccessPolicyCallback = (error: (Error|null), response?: google.identity.accesscontextmanager.v1.AccessPolicy) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|createAccessPolicy}.
+                     * @param error Error, if any
+                     * @param [response] Operation
+                     */
+                    type CreateAccessPolicyCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|updateAccessPolicy}.
+                     * @param error Error, if any
+                     * @param [response] Operation
+                     */
+                    type UpdateAccessPolicyCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|deleteAccessPolicy}.
+                     * @param error Error, if any
+                     * @param [response] Operation
+                     */
+                    type DeleteAccessPolicyCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|listAccessLevels}.
+                     * @param error Error, if any
+                     * @param [response] ListAccessLevelsResponse
+                     */
+                    type ListAccessLevelsCallback = (error: (Error|null), response?: google.identity.accesscontextmanager.v1.ListAccessLevelsResponse) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|getAccessLevel}.
+                     * @param error Error, if any
+                     * @param [response] AccessLevel
+                     */
+                    type GetAccessLevelCallback = (error: (Error|null), response?: google.identity.accesscontextmanager.v1.AccessLevel) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|createAccessLevel}.
+                     * @param error Error, if any
+                     * @param [response] Operation
+                     */
+                    type CreateAccessLevelCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|updateAccessLevel}.
+                     * @param error Error, if any
+                     * @param [response] Operation
+                     */
+                    type UpdateAccessLevelCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|deleteAccessLevel}.
+                     * @param error Error, if any
+                     * @param [response] Operation
+                     */
+                    type DeleteAccessLevelCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|replaceAccessLevels}.
+                     * @param error Error, if any
+                     * @param [response] Operation
+                     */
+                    type ReplaceAccessLevelsCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|listServicePerimeters}.
+                     * @param error Error, if any
+                     * @param [response] ListServicePerimetersResponse
+                     */
+                    type ListServicePerimetersCallback = (error: (Error|null), response?: google.identity.accesscontextmanager.v1.ListServicePerimetersResponse) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|getServicePerimeter}.
+                     * @param error Error, if any
+                     * @param [response] ServicePerimeter
+                     */
+                    type GetServicePerimeterCallback = (error: (Error|null), response?: google.identity.accesscontextmanager.v1.ServicePerimeter) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|createServicePerimeter}.
+                     * @param error Error, if any
+                     * @param [response] Operation
+                     */
+                    type CreateServicePerimeterCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|updateServicePerimeter}.
+                     * @param error Error, if any
+                     * @param [response] Operation
+                     */
+                    type UpdateServicePerimeterCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|deleteServicePerimeter}.
+                     * @param error Error, if any
+                     * @param [response] Operation
+                     */
+                    type DeleteServicePerimeterCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|replaceServicePerimeters}.
+                     * @param error Error, if any
+                     * @param [response] Operation
+                     */
+                    type ReplaceServicePerimetersCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|commitServicePerimeters}.
+                     * @param error Error, if any
+                     * @param [response] Operation
+                     */
+                    type CommitServicePerimetersCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|listGcpUserAccessBindings}.
+                     * @param error Error, if any
+                     * @param [response] ListGcpUserAccessBindingsResponse
+                     */
+                    type ListGcpUserAccessBindingsCallback = (error: (Error|null), response?: google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|getGcpUserAccessBinding}.
+                     * @param error Error, if any
+                     * @param [response] GcpUserAccessBinding
+                     */
+                    type GetGcpUserAccessBindingCallback = (error: (Error|null), response?: google.identity.accesscontextmanager.v1.GcpUserAccessBinding) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|createGcpUserAccessBinding}.
+                     * @param error Error, if any
+                     * @param [response] Operation
+                     */
+                    type CreateGcpUserAccessBindingCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|updateGcpUserAccessBinding}.
+                     * @param error Error, if any
+                     * @param [response] Operation
+                     */
+                    type UpdateGcpUserAccessBindingCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|deleteGcpUserAccessBinding}.
+                     * @param error Error, if any
+                     * @param [response] Operation
+                     */
+                    type DeleteGcpUserAccessBindingCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|setIamPolicy}.
+                     * @param error Error, if any
+                     * @param [response] Policy
+                     */
+                    type SetIamPolicyCallback = (error: (Error|null), response?: google.iam.v1.Policy) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|getIamPolicy}.
+                     * @param error Error, if any
+                     * @param [response] Policy
+                     */
+                    type GetIamPolicyCallback = (error: (Error|null), response?: google.iam.v1.Policy) => void;
+
+                    /**
+                     * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|testIamPermissions}.
+                     * @param error Error, if any
+                     * @param [response] TestIamPermissionsResponse
+                     */
+                    type TestIamPermissionsCallback = (error: (Error|null), response?: google.iam.v1.TestIamPermissionsResponse) => void;
+                }
+
+                /** Properties of a ListAccessPoliciesRequest. */
+                interface IListAccessPoliciesRequest {
+
+                    /** ListAccessPoliciesRequest parent */
+                    parent?: (string|null);
+
+                    /** ListAccessPoliciesRequest pageSize */
+                    pageSize?: (number|null);
+
+                    /** ListAccessPoliciesRequest pageToken */
+                    pageToken?: (string|null);
+                }
+
+                /** Represents a ListAccessPoliciesRequest. */
+                class ListAccessPoliciesRequest implements IListAccessPoliciesRequest {
+
+                    /**
+                     * Constructs a new ListAccessPoliciesRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest);
+
+                    /** ListAccessPoliciesRequest parent. */
+                    public parent: string;
+
+                    /** ListAccessPoliciesRequest pageSize. */
+                    public pageSize: number;
+
+                    /** ListAccessPoliciesRequest pageToken. */
+                    public pageToken: string;
+
+                    /**
+                     * Creates a new ListAccessPoliciesRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns ListAccessPoliciesRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest): google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest;
+
+                    /**
+                     * Encodes the specified ListAccessPoliciesRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest.verify|verify} messages.
+                     * @param message ListAccessPoliciesRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified ListAccessPoliciesRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest.verify|verify} messages.
+                     * @param message ListAccessPoliciesRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a ListAccessPoliciesRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns ListAccessPoliciesRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest;
+
+                    /**
+                     * Decodes a ListAccessPoliciesRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns ListAccessPoliciesRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest;
+
+                    /**
+                     * Verifies a ListAccessPoliciesRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a ListAccessPoliciesRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns ListAccessPoliciesRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest;
+
+                    /**
+                     * Creates a plain object from a ListAccessPoliciesRequest message. Also converts values to other types if specified.
+                     * @param message ListAccessPoliciesRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this ListAccessPoliciesRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for ListAccessPoliciesRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a ListAccessPoliciesResponse. */
+                interface IListAccessPoliciesResponse {
+
+                    /** ListAccessPoliciesResponse accessPolicies */
+                    accessPolicies?: (google.identity.accesscontextmanager.v1.IAccessPolicy[]|null);
+
+                    /** ListAccessPoliciesResponse nextPageToken */
+                    nextPageToken?: (string|null);
+                }
+
+                /** Represents a ListAccessPoliciesResponse. */
+                class ListAccessPoliciesResponse implements IListAccessPoliciesResponse {
+
+                    /**
+                     * Constructs a new ListAccessPoliciesResponse.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IListAccessPoliciesResponse);
+
+                    /** ListAccessPoliciesResponse accessPolicies. */
+                    public accessPolicies: google.identity.accesscontextmanager.v1.IAccessPolicy[];
+
+                    /** ListAccessPoliciesResponse nextPageToken. */
+                    public nextPageToken: string;
+
+                    /**
+                     * Creates a new ListAccessPoliciesResponse instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns ListAccessPoliciesResponse instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IListAccessPoliciesResponse): google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse;
+
+                    /**
+                     * Encodes the specified ListAccessPoliciesResponse message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse.verify|verify} messages.
+                     * @param message ListAccessPoliciesResponse message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IListAccessPoliciesResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified ListAccessPoliciesResponse message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse.verify|verify} messages.
+                     * @param message ListAccessPoliciesResponse message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IListAccessPoliciesResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a ListAccessPoliciesResponse message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns ListAccessPoliciesResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse;
+
+                    /**
+                     * Decodes a ListAccessPoliciesResponse message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns ListAccessPoliciesResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse;
+
+                    /**
+                     * Verifies a ListAccessPoliciesResponse message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a ListAccessPoliciesResponse message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns ListAccessPoliciesResponse
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse;
+
+                    /**
+                     * Creates a plain object from a ListAccessPoliciesResponse message. Also converts values to other types if specified.
+                     * @param message ListAccessPoliciesResponse
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this ListAccessPoliciesResponse to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for ListAccessPoliciesResponse
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a GetAccessPolicyRequest. */
+                interface IGetAccessPolicyRequest {
+
+                    /** GetAccessPolicyRequest name */
+                    name?: (string|null);
+                }
+
+                /** Represents a GetAccessPolicyRequest. */
+                class GetAccessPolicyRequest implements IGetAccessPolicyRequest {
+
+                    /**
+                     * Constructs a new GetAccessPolicyRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest);
+
+                    /** GetAccessPolicyRequest name. */
+                    public name: string;
+
+                    /**
+                     * Creates a new GetAccessPolicyRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns GetAccessPolicyRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest): google.identity.accesscontextmanager.v1.GetAccessPolicyRequest;
+
+                    /**
+                     * Encodes the specified GetAccessPolicyRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetAccessPolicyRequest.verify|verify} messages.
+                     * @param message GetAccessPolicyRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified GetAccessPolicyRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetAccessPolicyRequest.verify|verify} messages.
+                     * @param message GetAccessPolicyRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a GetAccessPolicyRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns GetAccessPolicyRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.GetAccessPolicyRequest;
+
+                    /**
+                     * Decodes a GetAccessPolicyRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns GetAccessPolicyRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.GetAccessPolicyRequest;
+
+                    /**
+                     * Verifies a GetAccessPolicyRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a GetAccessPolicyRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns GetAccessPolicyRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.GetAccessPolicyRequest;
+
+                    /**
+                     * Creates a plain object from a GetAccessPolicyRequest message. Also converts values to other types if specified.
+                     * @param message GetAccessPolicyRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.GetAccessPolicyRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this GetAccessPolicyRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for GetAccessPolicyRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of an UpdateAccessPolicyRequest. */
+                interface IUpdateAccessPolicyRequest {
+
+                    /** UpdateAccessPolicyRequest policy */
+                    policy?: (google.identity.accesscontextmanager.v1.IAccessPolicy|null);
+
+                    /** UpdateAccessPolicyRequest updateMask */
+                    updateMask?: (google.protobuf.IFieldMask|null);
+                }
+
+                /** Represents an UpdateAccessPolicyRequest. */
+                class UpdateAccessPolicyRequest implements IUpdateAccessPolicyRequest {
+
+                    /**
+                     * Constructs a new UpdateAccessPolicyRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest);
+
+                    /** UpdateAccessPolicyRequest policy. */
+                    public policy?: (google.identity.accesscontextmanager.v1.IAccessPolicy|null);
+
+                    /** UpdateAccessPolicyRequest updateMask. */
+                    public updateMask?: (google.protobuf.IFieldMask|null);
+
+                    /**
+                     * Creates a new UpdateAccessPolicyRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns UpdateAccessPolicyRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest): google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest;
+
+                    /**
+                     * Encodes the specified UpdateAccessPolicyRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest.verify|verify} messages.
+                     * @param message UpdateAccessPolicyRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified UpdateAccessPolicyRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest.verify|verify} messages.
+                     * @param message UpdateAccessPolicyRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes an UpdateAccessPolicyRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns UpdateAccessPolicyRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest;
+
+                    /**
+                     * Decodes an UpdateAccessPolicyRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns UpdateAccessPolicyRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest;
+
+                    /**
+                     * Verifies an UpdateAccessPolicyRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates an UpdateAccessPolicyRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns UpdateAccessPolicyRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest;
+
+                    /**
+                     * Creates a plain object from an UpdateAccessPolicyRequest message. Also converts values to other types if specified.
+                     * @param message UpdateAccessPolicyRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this UpdateAccessPolicyRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for UpdateAccessPolicyRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a DeleteAccessPolicyRequest. */
+                interface IDeleteAccessPolicyRequest {
+
+                    /** DeleteAccessPolicyRequest name */
+                    name?: (string|null);
+                }
+
+                /** Represents a DeleteAccessPolicyRequest. */
+                class DeleteAccessPolicyRequest implements IDeleteAccessPolicyRequest {
+
+                    /**
+                     * Constructs a new DeleteAccessPolicyRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest);
+
+                    /** DeleteAccessPolicyRequest name. */
+                    public name: string;
+
+                    /**
+                     * Creates a new DeleteAccessPolicyRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns DeleteAccessPolicyRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest): google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest;
+
+                    /**
+                     * Encodes the specified DeleteAccessPolicyRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest.verify|verify} messages.
+                     * @param message DeleteAccessPolicyRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified DeleteAccessPolicyRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest.verify|verify} messages.
+                     * @param message DeleteAccessPolicyRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a DeleteAccessPolicyRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns DeleteAccessPolicyRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest;
+
+                    /**
+                     * Decodes a DeleteAccessPolicyRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns DeleteAccessPolicyRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest;
+
+                    /**
+                     * Verifies a DeleteAccessPolicyRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a DeleteAccessPolicyRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns DeleteAccessPolicyRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest;
+
+                    /**
+                     * Creates a plain object from a DeleteAccessPolicyRequest message. Also converts values to other types if specified.
+                     * @param message DeleteAccessPolicyRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this DeleteAccessPolicyRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for DeleteAccessPolicyRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a ListAccessLevelsRequest. */
+                interface IListAccessLevelsRequest {
+
+                    /** ListAccessLevelsRequest parent */
+                    parent?: (string|null);
+
+                    /** ListAccessLevelsRequest pageSize */
+                    pageSize?: (number|null);
+
+                    /** ListAccessLevelsRequest pageToken */
+                    pageToken?: (string|null);
+
+                    /** ListAccessLevelsRequest accessLevelFormat */
+                    accessLevelFormat?: (google.identity.accesscontextmanager.v1.LevelFormat|keyof typeof google.identity.accesscontextmanager.v1.LevelFormat|null);
+                }
+
+                /** Represents a ListAccessLevelsRequest. */
+                class ListAccessLevelsRequest implements IListAccessLevelsRequest {
+
+                    /**
+                     * Constructs a new ListAccessLevelsRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IListAccessLevelsRequest);
+
+                    /** ListAccessLevelsRequest parent. */
+                    public parent: string;
+
+                    /** ListAccessLevelsRequest pageSize. */
+                    public pageSize: number;
+
+                    /** ListAccessLevelsRequest pageToken. */
+                    public pageToken: string;
+
+                    /** ListAccessLevelsRequest accessLevelFormat. */
+                    public accessLevelFormat: (google.identity.accesscontextmanager.v1.LevelFormat|keyof typeof google.identity.accesscontextmanager.v1.LevelFormat);
+
+                    /**
+                     * Creates a new ListAccessLevelsRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns ListAccessLevelsRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IListAccessLevelsRequest): google.identity.accesscontextmanager.v1.ListAccessLevelsRequest;
+
+                    /**
+                     * Encodes the specified ListAccessLevelsRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessLevelsRequest.verify|verify} messages.
+                     * @param message ListAccessLevelsRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IListAccessLevelsRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified ListAccessLevelsRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessLevelsRequest.verify|verify} messages.
+                     * @param message ListAccessLevelsRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IListAccessLevelsRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a ListAccessLevelsRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns ListAccessLevelsRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ListAccessLevelsRequest;
+
+                    /**
+                     * Decodes a ListAccessLevelsRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns ListAccessLevelsRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ListAccessLevelsRequest;
+
+                    /**
+                     * Verifies a ListAccessLevelsRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a ListAccessLevelsRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns ListAccessLevelsRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ListAccessLevelsRequest;
+
+                    /**
+                     * Creates a plain object from a ListAccessLevelsRequest message. Also converts values to other types if specified.
+                     * @param message ListAccessLevelsRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.ListAccessLevelsRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this ListAccessLevelsRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for ListAccessLevelsRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a ListAccessLevelsResponse. */
+                interface IListAccessLevelsResponse {
+
+                    /** ListAccessLevelsResponse accessLevels */
+                    accessLevels?: (google.identity.accesscontextmanager.v1.IAccessLevel[]|null);
+
+                    /** ListAccessLevelsResponse nextPageToken */
+                    nextPageToken?: (string|null);
+                }
+
+                /** Represents a ListAccessLevelsResponse. */
+                class ListAccessLevelsResponse implements IListAccessLevelsResponse {
+
+                    /**
+                     * Constructs a new ListAccessLevelsResponse.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IListAccessLevelsResponse);
+
+                    /** ListAccessLevelsResponse accessLevels. */
+                    public accessLevels: google.identity.accesscontextmanager.v1.IAccessLevel[];
+
+                    /** ListAccessLevelsResponse nextPageToken. */
+                    public nextPageToken: string;
+
+                    /**
+                     * Creates a new ListAccessLevelsResponse instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns ListAccessLevelsResponse instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IListAccessLevelsResponse): google.identity.accesscontextmanager.v1.ListAccessLevelsResponse;
+
+                    /**
+                     * Encodes the specified ListAccessLevelsResponse message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessLevelsResponse.verify|verify} messages.
+                     * @param message ListAccessLevelsResponse message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IListAccessLevelsResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified ListAccessLevelsResponse message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessLevelsResponse.verify|verify} messages.
+                     * @param message ListAccessLevelsResponse message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IListAccessLevelsResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a ListAccessLevelsResponse message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns ListAccessLevelsResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ListAccessLevelsResponse;
+
+                    /**
+                     * Decodes a ListAccessLevelsResponse message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns ListAccessLevelsResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ListAccessLevelsResponse;
+
+                    /**
+                     * Verifies a ListAccessLevelsResponse message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a ListAccessLevelsResponse message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns ListAccessLevelsResponse
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ListAccessLevelsResponse;
+
+                    /**
+                     * Creates a plain object from a ListAccessLevelsResponse message. Also converts values to other types if specified.
+                     * @param message ListAccessLevelsResponse
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.ListAccessLevelsResponse, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this ListAccessLevelsResponse to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for ListAccessLevelsResponse
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a GetAccessLevelRequest. */
+                interface IGetAccessLevelRequest {
+
+                    /** GetAccessLevelRequest name */
+                    name?: (string|null);
+
+                    /** GetAccessLevelRequest accessLevelFormat */
+                    accessLevelFormat?: (google.identity.accesscontextmanager.v1.LevelFormat|keyof typeof google.identity.accesscontextmanager.v1.LevelFormat|null);
+                }
+
+                /** Represents a GetAccessLevelRequest. */
+                class GetAccessLevelRequest implements IGetAccessLevelRequest {
+
+                    /**
+                     * Constructs a new GetAccessLevelRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IGetAccessLevelRequest);
+
+                    /** GetAccessLevelRequest name. */
+                    public name: string;
+
+                    /** GetAccessLevelRequest accessLevelFormat. */
+                    public accessLevelFormat: (google.identity.accesscontextmanager.v1.LevelFormat|keyof typeof google.identity.accesscontextmanager.v1.LevelFormat);
+
+                    /**
+                     * Creates a new GetAccessLevelRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns GetAccessLevelRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IGetAccessLevelRequest): google.identity.accesscontextmanager.v1.GetAccessLevelRequest;
+
+                    /**
+                     * Encodes the specified GetAccessLevelRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetAccessLevelRequest.verify|verify} messages.
+                     * @param message GetAccessLevelRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IGetAccessLevelRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified GetAccessLevelRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetAccessLevelRequest.verify|verify} messages.
+                     * @param message GetAccessLevelRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IGetAccessLevelRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a GetAccessLevelRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns GetAccessLevelRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.GetAccessLevelRequest;
+
+                    /**
+                     * Decodes a GetAccessLevelRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns GetAccessLevelRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.GetAccessLevelRequest;
+
+                    /**
+                     * Verifies a GetAccessLevelRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a GetAccessLevelRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns GetAccessLevelRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.GetAccessLevelRequest;
+
+                    /**
+                     * Creates a plain object from a GetAccessLevelRequest message. Also converts values to other types if specified.
+                     * @param message GetAccessLevelRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.GetAccessLevelRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this GetAccessLevelRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for GetAccessLevelRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a CreateAccessLevelRequest. */
+                interface ICreateAccessLevelRequest {
+
+                    /** CreateAccessLevelRequest parent */
+                    parent?: (string|null);
+
+                    /** CreateAccessLevelRequest accessLevel */
+                    accessLevel?: (google.identity.accesscontextmanager.v1.IAccessLevel|null);
+                }
+
+                /** Represents a CreateAccessLevelRequest. */
+                class CreateAccessLevelRequest implements ICreateAccessLevelRequest {
+
+                    /**
+                     * Constructs a new CreateAccessLevelRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest);
+
+                    /** CreateAccessLevelRequest parent. */
+                    public parent: string;
+
+                    /** CreateAccessLevelRequest accessLevel. */
+                    public accessLevel?: (google.identity.accesscontextmanager.v1.IAccessLevel|null);
+
+                    /**
+                     * Creates a new CreateAccessLevelRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns CreateAccessLevelRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest): google.identity.accesscontextmanager.v1.CreateAccessLevelRequest;
+
+                    /**
+                     * Encodes the specified CreateAccessLevelRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.CreateAccessLevelRequest.verify|verify} messages.
+                     * @param message CreateAccessLevelRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified CreateAccessLevelRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.CreateAccessLevelRequest.verify|verify} messages.
+                     * @param message CreateAccessLevelRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a CreateAccessLevelRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns CreateAccessLevelRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.CreateAccessLevelRequest;
+
+                    /**
+                     * Decodes a CreateAccessLevelRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns CreateAccessLevelRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.CreateAccessLevelRequest;
+
+                    /**
+                     * Verifies a CreateAccessLevelRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a CreateAccessLevelRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns CreateAccessLevelRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.CreateAccessLevelRequest;
+
+                    /**
+                     * Creates a plain object from a CreateAccessLevelRequest message. Also converts values to other types if specified.
+                     * @param message CreateAccessLevelRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.CreateAccessLevelRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this CreateAccessLevelRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for CreateAccessLevelRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of an UpdateAccessLevelRequest. */
+                interface IUpdateAccessLevelRequest {
+
+                    /** UpdateAccessLevelRequest accessLevel */
+                    accessLevel?: (google.identity.accesscontextmanager.v1.IAccessLevel|null);
+
+                    /** UpdateAccessLevelRequest updateMask */
+                    updateMask?: (google.protobuf.IFieldMask|null);
+                }
+
+                /** Represents an UpdateAccessLevelRequest. */
+                class UpdateAccessLevelRequest implements IUpdateAccessLevelRequest {
+
+                    /**
+                     * Constructs a new UpdateAccessLevelRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest);
+
+                    /** UpdateAccessLevelRequest accessLevel. */
+                    public accessLevel?: (google.identity.accesscontextmanager.v1.IAccessLevel|null);
+
+                    /** UpdateAccessLevelRequest updateMask. */
+                    public updateMask?: (google.protobuf.IFieldMask|null);
+
+                    /**
+                     * Creates a new UpdateAccessLevelRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns UpdateAccessLevelRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest): google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest;
+
+                    /**
+                     * Encodes the specified UpdateAccessLevelRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest.verify|verify} messages.
+                     * @param message UpdateAccessLevelRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified UpdateAccessLevelRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest.verify|verify} messages.
+                     * @param message UpdateAccessLevelRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes an UpdateAccessLevelRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns UpdateAccessLevelRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest;
+
+                    /**
+                     * Decodes an UpdateAccessLevelRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns UpdateAccessLevelRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest;
+
+                    /**
+                     * Verifies an UpdateAccessLevelRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates an UpdateAccessLevelRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns UpdateAccessLevelRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest;
+
+                    /**
+                     * Creates a plain object from an UpdateAccessLevelRequest message. Also converts values to other types if specified.
+                     * @param message UpdateAccessLevelRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this UpdateAccessLevelRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for UpdateAccessLevelRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a DeleteAccessLevelRequest. */
+                interface IDeleteAccessLevelRequest {
+
+                    /** DeleteAccessLevelRequest name */
+                    name?: (string|null);
+                }
+
+                /** Represents a DeleteAccessLevelRequest. */
+                class DeleteAccessLevelRequest implements IDeleteAccessLevelRequest {
+
+                    /**
+                     * Constructs a new DeleteAccessLevelRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest);
+
+                    /** DeleteAccessLevelRequest name. */
+                    public name: string;
+
+                    /**
+                     * Creates a new DeleteAccessLevelRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns DeleteAccessLevelRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest): google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest;
+
+                    /**
+                     * Encodes the specified DeleteAccessLevelRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest.verify|verify} messages.
+                     * @param message DeleteAccessLevelRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified DeleteAccessLevelRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest.verify|verify} messages.
+                     * @param message DeleteAccessLevelRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a DeleteAccessLevelRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns DeleteAccessLevelRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest;
+
+                    /**
+                     * Decodes a DeleteAccessLevelRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns DeleteAccessLevelRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest;
+
+                    /**
+                     * Verifies a DeleteAccessLevelRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a DeleteAccessLevelRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns DeleteAccessLevelRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest;
+
+                    /**
+                     * Creates a plain object from a DeleteAccessLevelRequest message. Also converts values to other types if specified.
+                     * @param message DeleteAccessLevelRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this DeleteAccessLevelRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for DeleteAccessLevelRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a ReplaceAccessLevelsRequest. */
+                interface IReplaceAccessLevelsRequest {
+
+                    /** ReplaceAccessLevelsRequest parent */
+                    parent?: (string|null);
+
+                    /** ReplaceAccessLevelsRequest accessLevels */
+                    accessLevels?: (google.identity.accesscontextmanager.v1.IAccessLevel[]|null);
+
+                    /** ReplaceAccessLevelsRequest etag */
+                    etag?: (string|null);
+                }
+
+                /** Represents a ReplaceAccessLevelsRequest. */
+                class ReplaceAccessLevelsRequest implements IReplaceAccessLevelsRequest {
+
+                    /**
+                     * Constructs a new ReplaceAccessLevelsRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest);
+
+                    /** ReplaceAccessLevelsRequest parent. */
+                    public parent: string;
+
+                    /** ReplaceAccessLevelsRequest accessLevels. */
+                    public accessLevels: google.identity.accesscontextmanager.v1.IAccessLevel[];
+
+                    /** ReplaceAccessLevelsRequest etag. */
+                    public etag: string;
+
+                    /**
+                     * Creates a new ReplaceAccessLevelsRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns ReplaceAccessLevelsRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest): google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest;
+
+                    /**
+                     * Encodes the specified ReplaceAccessLevelsRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest.verify|verify} messages.
+                     * @param message ReplaceAccessLevelsRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified ReplaceAccessLevelsRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest.verify|verify} messages.
+                     * @param message ReplaceAccessLevelsRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a ReplaceAccessLevelsRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns ReplaceAccessLevelsRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest;
+
+                    /**
+                     * Decodes a ReplaceAccessLevelsRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns ReplaceAccessLevelsRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest;
+
+                    /**
+                     * Verifies a ReplaceAccessLevelsRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a ReplaceAccessLevelsRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns ReplaceAccessLevelsRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest;
+
+                    /**
+                     * Creates a plain object from a ReplaceAccessLevelsRequest message. Also converts values to other types if specified.
+                     * @param message ReplaceAccessLevelsRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this ReplaceAccessLevelsRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for ReplaceAccessLevelsRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a ReplaceAccessLevelsResponse. */
+                interface IReplaceAccessLevelsResponse {
+
+                    /** ReplaceAccessLevelsResponse accessLevels */
+                    accessLevels?: (google.identity.accesscontextmanager.v1.IAccessLevel[]|null);
+                }
+
+                /** Represents a ReplaceAccessLevelsResponse. */
+                class ReplaceAccessLevelsResponse implements IReplaceAccessLevelsResponse {
+
+                    /**
+                     * Constructs a new ReplaceAccessLevelsResponse.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse);
+
+                    /** ReplaceAccessLevelsResponse accessLevels. */
+                    public accessLevels: google.identity.accesscontextmanager.v1.IAccessLevel[];
+
+                    /**
+                     * Creates a new ReplaceAccessLevelsResponse instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns ReplaceAccessLevelsResponse instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse): google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse;
+
+                    /**
+                     * Encodes the specified ReplaceAccessLevelsResponse message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse.verify|verify} messages.
+                     * @param message ReplaceAccessLevelsResponse message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified ReplaceAccessLevelsResponse message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse.verify|verify} messages.
+                     * @param message ReplaceAccessLevelsResponse message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a ReplaceAccessLevelsResponse message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns ReplaceAccessLevelsResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse;
+
+                    /**
+                     * Decodes a ReplaceAccessLevelsResponse message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns ReplaceAccessLevelsResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse;
+
+                    /**
+                     * Verifies a ReplaceAccessLevelsResponse message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a ReplaceAccessLevelsResponse message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns ReplaceAccessLevelsResponse
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse;
+
+                    /**
+                     * Creates a plain object from a ReplaceAccessLevelsResponse message. Also converts values to other types if specified.
+                     * @param message ReplaceAccessLevelsResponse
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this ReplaceAccessLevelsResponse to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for ReplaceAccessLevelsResponse
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a ListServicePerimetersRequest. */
+                interface IListServicePerimetersRequest {
+
+                    /** ListServicePerimetersRequest parent */
+                    parent?: (string|null);
+
+                    /** ListServicePerimetersRequest pageSize */
+                    pageSize?: (number|null);
+
+                    /** ListServicePerimetersRequest pageToken */
+                    pageToken?: (string|null);
+                }
+
+                /** Represents a ListServicePerimetersRequest. */
+                class ListServicePerimetersRequest implements IListServicePerimetersRequest {
+
+                    /**
+                     * Constructs a new ListServicePerimetersRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IListServicePerimetersRequest);
+
+                    /** ListServicePerimetersRequest parent. */
+                    public parent: string;
+
+                    /** ListServicePerimetersRequest pageSize. */
+                    public pageSize: number;
+
+                    /** ListServicePerimetersRequest pageToken. */
+                    public pageToken: string;
+
+                    /**
+                     * Creates a new ListServicePerimetersRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns ListServicePerimetersRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IListServicePerimetersRequest): google.identity.accesscontextmanager.v1.ListServicePerimetersRequest;
+
+                    /**
+                     * Encodes the specified ListServicePerimetersRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListServicePerimetersRequest.verify|verify} messages.
+                     * @param message ListServicePerimetersRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IListServicePerimetersRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified ListServicePerimetersRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListServicePerimetersRequest.verify|verify} messages.
+                     * @param message ListServicePerimetersRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IListServicePerimetersRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a ListServicePerimetersRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns ListServicePerimetersRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ListServicePerimetersRequest;
+
+                    /**
+                     * Decodes a ListServicePerimetersRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns ListServicePerimetersRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ListServicePerimetersRequest;
+
+                    /**
+                     * Verifies a ListServicePerimetersRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a ListServicePerimetersRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns ListServicePerimetersRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ListServicePerimetersRequest;
+
+                    /**
+                     * Creates a plain object from a ListServicePerimetersRequest message. Also converts values to other types if specified.
+                     * @param message ListServicePerimetersRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.ListServicePerimetersRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this ListServicePerimetersRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for ListServicePerimetersRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a ListServicePerimetersResponse. */
+                interface IListServicePerimetersResponse {
+
+                    /** ListServicePerimetersResponse servicePerimeters */
+                    servicePerimeters?: (google.identity.accesscontextmanager.v1.IServicePerimeter[]|null);
+
+                    /** ListServicePerimetersResponse nextPageToken */
+                    nextPageToken?: (string|null);
+                }
+
+                /** Represents a ListServicePerimetersResponse. */
+                class ListServicePerimetersResponse implements IListServicePerimetersResponse {
+
+                    /**
+                     * Constructs a new ListServicePerimetersResponse.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IListServicePerimetersResponse);
+
+                    /** ListServicePerimetersResponse servicePerimeters. */
+                    public servicePerimeters: google.identity.accesscontextmanager.v1.IServicePerimeter[];
+
+                    /** ListServicePerimetersResponse nextPageToken. */
+                    public nextPageToken: string;
+
+                    /**
+                     * Creates a new ListServicePerimetersResponse instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns ListServicePerimetersResponse instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IListServicePerimetersResponse): google.identity.accesscontextmanager.v1.ListServicePerimetersResponse;
+
+                    /**
+                     * Encodes the specified ListServicePerimetersResponse message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListServicePerimetersResponse.verify|verify} messages.
+                     * @param message ListServicePerimetersResponse message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IListServicePerimetersResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified ListServicePerimetersResponse message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListServicePerimetersResponse.verify|verify} messages.
+                     * @param message ListServicePerimetersResponse message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IListServicePerimetersResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a ListServicePerimetersResponse message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns ListServicePerimetersResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ListServicePerimetersResponse;
+
+                    /**
+                     * Decodes a ListServicePerimetersResponse message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns ListServicePerimetersResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ListServicePerimetersResponse;
+
+                    /**
+                     * Verifies a ListServicePerimetersResponse message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a ListServicePerimetersResponse message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns ListServicePerimetersResponse
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ListServicePerimetersResponse;
+
+                    /**
+                     * Creates a plain object from a ListServicePerimetersResponse message. Also converts values to other types if specified.
+                     * @param message ListServicePerimetersResponse
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.ListServicePerimetersResponse, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this ListServicePerimetersResponse to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for ListServicePerimetersResponse
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a GetServicePerimeterRequest. */
+                interface IGetServicePerimeterRequest {
+
+                    /** GetServicePerimeterRequest name */
+                    name?: (string|null);
+                }
+
+                /** Represents a GetServicePerimeterRequest. */
+                class GetServicePerimeterRequest implements IGetServicePerimeterRequest {
+
+                    /**
+                     * Constructs a new GetServicePerimeterRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest);
+
+                    /** GetServicePerimeterRequest name. */
+                    public name: string;
+
+                    /**
+                     * Creates a new GetServicePerimeterRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns GetServicePerimeterRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest): google.identity.accesscontextmanager.v1.GetServicePerimeterRequest;
+
+                    /**
+                     * Encodes the specified GetServicePerimeterRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetServicePerimeterRequest.verify|verify} messages.
+                     * @param message GetServicePerimeterRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified GetServicePerimeterRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetServicePerimeterRequest.verify|verify} messages.
+                     * @param message GetServicePerimeterRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a GetServicePerimeterRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns GetServicePerimeterRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.GetServicePerimeterRequest;
+
+                    /**
+                     * Decodes a GetServicePerimeterRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns GetServicePerimeterRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.GetServicePerimeterRequest;
+
+                    /**
+                     * Verifies a GetServicePerimeterRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a GetServicePerimeterRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns GetServicePerimeterRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.GetServicePerimeterRequest;
+
+                    /**
+                     * Creates a plain object from a GetServicePerimeterRequest message. Also converts values to other types if specified.
+                     * @param message GetServicePerimeterRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.GetServicePerimeterRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this GetServicePerimeterRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for GetServicePerimeterRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a CreateServicePerimeterRequest. */
+                interface ICreateServicePerimeterRequest {
+
+                    /** CreateServicePerimeterRequest parent */
+                    parent?: (string|null);
+
+                    /** CreateServicePerimeterRequest servicePerimeter */
+                    servicePerimeter?: (google.identity.accesscontextmanager.v1.IServicePerimeter|null);
+                }
+
+                /** Represents a CreateServicePerimeterRequest. */
+                class CreateServicePerimeterRequest implements ICreateServicePerimeterRequest {
+
+                    /**
+                     * Constructs a new CreateServicePerimeterRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest);
+
+                    /** CreateServicePerimeterRequest parent. */
+                    public parent: string;
+
+                    /** CreateServicePerimeterRequest servicePerimeter. */
+                    public servicePerimeter?: (google.identity.accesscontextmanager.v1.IServicePerimeter|null);
+
+                    /**
+                     * Creates a new CreateServicePerimeterRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns CreateServicePerimeterRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest): google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest;
+
+                    /**
+                     * Encodes the specified CreateServicePerimeterRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest.verify|verify} messages.
+                     * @param message CreateServicePerimeterRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified CreateServicePerimeterRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest.verify|verify} messages.
+                     * @param message CreateServicePerimeterRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a CreateServicePerimeterRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns CreateServicePerimeterRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest;
+
+                    /**
+                     * Decodes a CreateServicePerimeterRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns CreateServicePerimeterRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest;
+
+                    /**
+                     * Verifies a CreateServicePerimeterRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a CreateServicePerimeterRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns CreateServicePerimeterRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest;
+
+                    /**
+                     * Creates a plain object from a CreateServicePerimeterRequest message. Also converts values to other types if specified.
+                     * @param message CreateServicePerimeterRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this CreateServicePerimeterRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for CreateServicePerimeterRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of an UpdateServicePerimeterRequest. */
+                interface IUpdateServicePerimeterRequest {
+
+                    /** UpdateServicePerimeterRequest servicePerimeter */
+                    servicePerimeter?: (google.identity.accesscontextmanager.v1.IServicePerimeter|null);
+
+                    /** UpdateServicePerimeterRequest updateMask */
+                    updateMask?: (google.protobuf.IFieldMask|null);
+                }
+
+                /** Represents an UpdateServicePerimeterRequest. */
+                class UpdateServicePerimeterRequest implements IUpdateServicePerimeterRequest {
+
+                    /**
+                     * Constructs a new UpdateServicePerimeterRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest);
+
+                    /** UpdateServicePerimeterRequest servicePerimeter. */
+                    public servicePerimeter?: (google.identity.accesscontextmanager.v1.IServicePerimeter|null);
+
+                    /** UpdateServicePerimeterRequest updateMask. */
+                    public updateMask?: (google.protobuf.IFieldMask|null);
+
+                    /**
+                     * Creates a new UpdateServicePerimeterRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns UpdateServicePerimeterRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest): google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest;
+
+                    /**
+                     * Encodes the specified UpdateServicePerimeterRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest.verify|verify} messages.
+                     * @param message UpdateServicePerimeterRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified UpdateServicePerimeterRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest.verify|verify} messages.
+                     * @param message UpdateServicePerimeterRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes an UpdateServicePerimeterRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns UpdateServicePerimeterRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest;
+
+                    /**
+                     * Decodes an UpdateServicePerimeterRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns UpdateServicePerimeterRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest;
+
+                    /**
+                     * Verifies an UpdateServicePerimeterRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates an UpdateServicePerimeterRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns UpdateServicePerimeterRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest;
+
+                    /**
+                     * Creates a plain object from an UpdateServicePerimeterRequest message. Also converts values to other types if specified.
+                     * @param message UpdateServicePerimeterRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this UpdateServicePerimeterRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for UpdateServicePerimeterRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a DeleteServicePerimeterRequest. */
+                interface IDeleteServicePerimeterRequest {
+
+                    /** DeleteServicePerimeterRequest name */
+                    name?: (string|null);
+                }
+
+                /** Represents a DeleteServicePerimeterRequest. */
+                class DeleteServicePerimeterRequest implements IDeleteServicePerimeterRequest {
+
+                    /**
+                     * Constructs a new DeleteServicePerimeterRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest);
+
+                    /** DeleteServicePerimeterRequest name. */
+                    public name: string;
+
+                    /**
+                     * Creates a new DeleteServicePerimeterRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns DeleteServicePerimeterRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest): google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest;
+
+                    /**
+                     * Encodes the specified DeleteServicePerimeterRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest.verify|verify} messages.
+                     * @param message DeleteServicePerimeterRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified DeleteServicePerimeterRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest.verify|verify} messages.
+                     * @param message DeleteServicePerimeterRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a DeleteServicePerimeterRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns DeleteServicePerimeterRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest;
+
+                    /**
+                     * Decodes a DeleteServicePerimeterRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns DeleteServicePerimeterRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest;
+
+                    /**
+                     * Verifies a DeleteServicePerimeterRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a DeleteServicePerimeterRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns DeleteServicePerimeterRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest;
+
+                    /**
+                     * Creates a plain object from a DeleteServicePerimeterRequest message. Also converts values to other types if specified.
+                     * @param message DeleteServicePerimeterRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this DeleteServicePerimeterRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for DeleteServicePerimeterRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a ReplaceServicePerimetersRequest. */
+                interface IReplaceServicePerimetersRequest {
+
+                    /** ReplaceServicePerimetersRequest parent */
+                    parent?: (string|null);
+
+                    /** ReplaceServicePerimetersRequest servicePerimeters */
+                    servicePerimeters?: (google.identity.accesscontextmanager.v1.IServicePerimeter[]|null);
+
+                    /** ReplaceServicePerimetersRequest etag */
+                    etag?: (string|null);
+                }
+
+                /** Represents a ReplaceServicePerimetersRequest. */
+                class ReplaceServicePerimetersRequest implements IReplaceServicePerimetersRequest {
+
+                    /**
+                     * Constructs a new ReplaceServicePerimetersRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest);
+
+                    /** ReplaceServicePerimetersRequest parent. */
+                    public parent: string;
+
+                    /** ReplaceServicePerimetersRequest servicePerimeters. */
+                    public servicePerimeters: google.identity.accesscontextmanager.v1.IServicePerimeter[];
+
+                    /** ReplaceServicePerimetersRequest etag. */
+                    public etag: string;
+
+                    /**
+                     * Creates a new ReplaceServicePerimetersRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns ReplaceServicePerimetersRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest): google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest;
+
+                    /**
+                     * Encodes the specified ReplaceServicePerimetersRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest.verify|verify} messages.
+                     * @param message ReplaceServicePerimetersRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified ReplaceServicePerimetersRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest.verify|verify} messages.
+                     * @param message ReplaceServicePerimetersRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a ReplaceServicePerimetersRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns ReplaceServicePerimetersRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest;
+
+                    /**
+                     * Decodes a ReplaceServicePerimetersRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns ReplaceServicePerimetersRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest;
+
+                    /**
+                     * Verifies a ReplaceServicePerimetersRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a ReplaceServicePerimetersRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns ReplaceServicePerimetersRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest;
+
+                    /**
+                     * Creates a plain object from a ReplaceServicePerimetersRequest message. Also converts values to other types if specified.
+                     * @param message ReplaceServicePerimetersRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this ReplaceServicePerimetersRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for ReplaceServicePerimetersRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a ReplaceServicePerimetersResponse. */
+                interface IReplaceServicePerimetersResponse {
+
+                    /** ReplaceServicePerimetersResponse servicePerimeters */
+                    servicePerimeters?: (google.identity.accesscontextmanager.v1.IServicePerimeter[]|null);
+                }
+
+                /** Represents a ReplaceServicePerimetersResponse. */
+                class ReplaceServicePerimetersResponse implements IReplaceServicePerimetersResponse {
+
+                    /**
+                     * Constructs a new ReplaceServicePerimetersResponse.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse);
+
+                    /** ReplaceServicePerimetersResponse servicePerimeters. */
+                    public servicePerimeters: google.identity.accesscontextmanager.v1.IServicePerimeter[];
+
+                    /**
+                     * Creates a new ReplaceServicePerimetersResponse instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns ReplaceServicePerimetersResponse instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse): google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse;
+
+                    /**
+                     * Encodes the specified ReplaceServicePerimetersResponse message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse.verify|verify} messages.
+                     * @param message ReplaceServicePerimetersResponse message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified ReplaceServicePerimetersResponse message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse.verify|verify} messages.
+                     * @param message ReplaceServicePerimetersResponse message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a ReplaceServicePerimetersResponse message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns ReplaceServicePerimetersResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse;
+
+                    /**
+                     * Decodes a ReplaceServicePerimetersResponse message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns ReplaceServicePerimetersResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse;
+
+                    /**
+                     * Verifies a ReplaceServicePerimetersResponse message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a ReplaceServicePerimetersResponse message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns ReplaceServicePerimetersResponse
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse;
+
+                    /**
+                     * Creates a plain object from a ReplaceServicePerimetersResponse message. Also converts values to other types if specified.
+                     * @param message ReplaceServicePerimetersResponse
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this ReplaceServicePerimetersResponse to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for ReplaceServicePerimetersResponse
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a CommitServicePerimetersRequest. */
+                interface ICommitServicePerimetersRequest {
+
+                    /** CommitServicePerimetersRequest parent */
+                    parent?: (string|null);
+
+                    /** CommitServicePerimetersRequest etag */
+                    etag?: (string|null);
+                }
+
+                /** Represents a CommitServicePerimetersRequest. */
+                class CommitServicePerimetersRequest implements ICommitServicePerimetersRequest {
+
+                    /**
+                     * Constructs a new CommitServicePerimetersRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest);
+
+                    /** CommitServicePerimetersRequest parent. */
+                    public parent: string;
+
+                    /** CommitServicePerimetersRequest etag. */
+                    public etag: string;
+
+                    /**
+                     * Creates a new CommitServicePerimetersRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns CommitServicePerimetersRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest): google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest;
+
+                    /**
+                     * Encodes the specified CommitServicePerimetersRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest.verify|verify} messages.
+                     * @param message CommitServicePerimetersRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified CommitServicePerimetersRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest.verify|verify} messages.
+                     * @param message CommitServicePerimetersRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a CommitServicePerimetersRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns CommitServicePerimetersRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest;
+
+                    /**
+                     * Decodes a CommitServicePerimetersRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns CommitServicePerimetersRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest;
+
+                    /**
+                     * Verifies a CommitServicePerimetersRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a CommitServicePerimetersRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns CommitServicePerimetersRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest;
+
+                    /**
+                     * Creates a plain object from a CommitServicePerimetersRequest message. Also converts values to other types if specified.
+                     * @param message CommitServicePerimetersRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this CommitServicePerimetersRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for CommitServicePerimetersRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a CommitServicePerimetersResponse. */
+                interface ICommitServicePerimetersResponse {
+
+                    /** CommitServicePerimetersResponse servicePerimeters */
+                    servicePerimeters?: (google.identity.accesscontextmanager.v1.IServicePerimeter[]|null);
+                }
+
+                /** Represents a CommitServicePerimetersResponse. */
+                class CommitServicePerimetersResponse implements ICommitServicePerimetersResponse {
+
+                    /**
+                     * Constructs a new CommitServicePerimetersResponse.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse);
+
+                    /** CommitServicePerimetersResponse servicePerimeters. */
+                    public servicePerimeters: google.identity.accesscontextmanager.v1.IServicePerimeter[];
+
+                    /**
+                     * Creates a new CommitServicePerimetersResponse instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns CommitServicePerimetersResponse instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse): google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse;
+
+                    /**
+                     * Encodes the specified CommitServicePerimetersResponse message. Does not implicitly {@link google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse.verify|verify} messages.
+                     * @param message CommitServicePerimetersResponse message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified CommitServicePerimetersResponse message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse.verify|verify} messages.
+                     * @param message CommitServicePerimetersResponse message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a CommitServicePerimetersResponse message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns CommitServicePerimetersResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse;
+
+                    /**
+                     * Decodes a CommitServicePerimetersResponse message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns CommitServicePerimetersResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse;
+
+                    /**
+                     * Verifies a CommitServicePerimetersResponse message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a CommitServicePerimetersResponse message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns CommitServicePerimetersResponse
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse;
+
+                    /**
+                     * Creates a plain object from a CommitServicePerimetersResponse message. Also converts values to other types if specified.
+                     * @param message CommitServicePerimetersResponse
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this CommitServicePerimetersResponse to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for CommitServicePerimetersResponse
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** LevelFormat enum. */
+                enum LevelFormat {
+                    LEVEL_FORMAT_UNSPECIFIED = 0,
+                    AS_DEFINED = 1,
+                    CEL = 2
+                }
+
+                /** Properties of a ListGcpUserAccessBindingsRequest. */
+                interface IListGcpUserAccessBindingsRequest {
+
+                    /** ListGcpUserAccessBindingsRequest parent */
+                    parent?: (string|null);
+
+                    /** ListGcpUserAccessBindingsRequest pageSize */
+                    pageSize?: (number|null);
+
+                    /** ListGcpUserAccessBindingsRequest pageToken */
+                    pageToken?: (string|null);
+                }
+
+                /** Represents a ListGcpUserAccessBindingsRequest. */
+                class ListGcpUserAccessBindingsRequest implements IListGcpUserAccessBindingsRequest {
+
+                    /**
+                     * Constructs a new ListGcpUserAccessBindingsRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest);
+
+                    /** ListGcpUserAccessBindingsRequest parent. */
+                    public parent: string;
+
+                    /** ListGcpUserAccessBindingsRequest pageSize. */
+                    public pageSize: number;
+
+                    /** ListGcpUserAccessBindingsRequest pageToken. */
+                    public pageToken: string;
+
+                    /**
+                     * Creates a new ListGcpUserAccessBindingsRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns ListGcpUserAccessBindingsRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest): google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest;
+
+                    /**
+                     * Encodes the specified ListGcpUserAccessBindingsRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest.verify|verify} messages.
+                     * @param message ListGcpUserAccessBindingsRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified ListGcpUserAccessBindingsRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest.verify|verify} messages.
+                     * @param message ListGcpUserAccessBindingsRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a ListGcpUserAccessBindingsRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns ListGcpUserAccessBindingsRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest;
+
+                    /**
+                     * Decodes a ListGcpUserAccessBindingsRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns ListGcpUserAccessBindingsRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest;
+
+                    /**
+                     * Verifies a ListGcpUserAccessBindingsRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a ListGcpUserAccessBindingsRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns ListGcpUserAccessBindingsRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest;
+
+                    /**
+                     * Creates a plain object from a ListGcpUserAccessBindingsRequest message. Also converts values to other types if specified.
+                     * @param message ListGcpUserAccessBindingsRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this ListGcpUserAccessBindingsRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for ListGcpUserAccessBindingsRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a ListGcpUserAccessBindingsResponse. */
+                interface IListGcpUserAccessBindingsResponse {
+
+                    /** ListGcpUserAccessBindingsResponse gcpUserAccessBindings */
+                    gcpUserAccessBindings?: (google.identity.accesscontextmanager.v1.IGcpUserAccessBinding[]|null);
+
+                    /** ListGcpUserAccessBindingsResponse nextPageToken */
+                    nextPageToken?: (string|null);
+                }
+
+                /** Represents a ListGcpUserAccessBindingsResponse. */
+                class ListGcpUserAccessBindingsResponse implements IListGcpUserAccessBindingsResponse {
+
+                    /**
+                     * Constructs a new ListGcpUserAccessBindingsResponse.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsResponse);
+
+                    /** ListGcpUserAccessBindingsResponse gcpUserAccessBindings. */
+                    public gcpUserAccessBindings: google.identity.accesscontextmanager.v1.IGcpUserAccessBinding[];
+
+                    /** ListGcpUserAccessBindingsResponse nextPageToken. */
+                    public nextPageToken: string;
+
+                    /**
+                     * Creates a new ListGcpUserAccessBindingsResponse instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns ListGcpUserAccessBindingsResponse instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsResponse): google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse;
+
+                    /**
+                     * Encodes the specified ListGcpUserAccessBindingsResponse message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse.verify|verify} messages.
+                     * @param message ListGcpUserAccessBindingsResponse message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified ListGcpUserAccessBindingsResponse message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse.verify|verify} messages.
+                     * @param message ListGcpUserAccessBindingsResponse message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a ListGcpUserAccessBindingsResponse message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns ListGcpUserAccessBindingsResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse;
+
+                    /**
+                     * Decodes a ListGcpUserAccessBindingsResponse message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns ListGcpUserAccessBindingsResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse;
+
+                    /**
+                     * Verifies a ListGcpUserAccessBindingsResponse message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a ListGcpUserAccessBindingsResponse message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns ListGcpUserAccessBindingsResponse
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse;
+
+                    /**
+                     * Creates a plain object from a ListGcpUserAccessBindingsResponse message. Also converts values to other types if specified.
+                     * @param message ListGcpUserAccessBindingsResponse
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this ListGcpUserAccessBindingsResponse to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for ListGcpUserAccessBindingsResponse
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a GetGcpUserAccessBindingRequest. */
+                interface IGetGcpUserAccessBindingRequest {
+
+                    /** GetGcpUserAccessBindingRequest name */
+                    name?: (string|null);
+                }
+
+                /** Represents a GetGcpUserAccessBindingRequest. */
+                class GetGcpUserAccessBindingRequest implements IGetGcpUserAccessBindingRequest {
+
+                    /**
+                     * Constructs a new GetGcpUserAccessBindingRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest);
+
+                    /** GetGcpUserAccessBindingRequest name. */
+                    public name: string;
+
+                    /**
+                     * Creates a new GetGcpUserAccessBindingRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns GetGcpUserAccessBindingRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest): google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest;
+
+                    /**
+                     * Encodes the specified GetGcpUserAccessBindingRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest.verify|verify} messages.
+                     * @param message GetGcpUserAccessBindingRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified GetGcpUserAccessBindingRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest.verify|verify} messages.
+                     * @param message GetGcpUserAccessBindingRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a GetGcpUserAccessBindingRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns GetGcpUserAccessBindingRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest;
+
+                    /**
+                     * Decodes a GetGcpUserAccessBindingRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns GetGcpUserAccessBindingRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest;
+
+                    /**
+                     * Verifies a GetGcpUserAccessBindingRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a GetGcpUserAccessBindingRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns GetGcpUserAccessBindingRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest;
+
+                    /**
+                     * Creates a plain object from a GetGcpUserAccessBindingRequest message. Also converts values to other types if specified.
+                     * @param message GetGcpUserAccessBindingRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this GetGcpUserAccessBindingRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for GetGcpUserAccessBindingRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a CreateGcpUserAccessBindingRequest. */
+                interface ICreateGcpUserAccessBindingRequest {
+
+                    /** CreateGcpUserAccessBindingRequest parent */
+                    parent?: (string|null);
+
+                    /** CreateGcpUserAccessBindingRequest gcpUserAccessBinding */
+                    gcpUserAccessBinding?: (google.identity.accesscontextmanager.v1.IGcpUserAccessBinding|null);
+                }
+
+                /** Represents a CreateGcpUserAccessBindingRequest. */
+                class CreateGcpUserAccessBindingRequest implements ICreateGcpUserAccessBindingRequest {
+
+                    /**
+                     * Constructs a new CreateGcpUserAccessBindingRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest);
+
+                    /** CreateGcpUserAccessBindingRequest parent. */
+                    public parent: string;
+
+                    /** CreateGcpUserAccessBindingRequest gcpUserAccessBinding. */
+                    public gcpUserAccessBinding?: (google.identity.accesscontextmanager.v1.IGcpUserAccessBinding|null);
+
+                    /**
+                     * Creates a new CreateGcpUserAccessBindingRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns CreateGcpUserAccessBindingRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest): google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest;
+
+                    /**
+                     * Encodes the specified CreateGcpUserAccessBindingRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest.verify|verify} messages.
+                     * @param message CreateGcpUserAccessBindingRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified CreateGcpUserAccessBindingRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest.verify|verify} messages.
+                     * @param message CreateGcpUserAccessBindingRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a CreateGcpUserAccessBindingRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns CreateGcpUserAccessBindingRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest;
+
+                    /**
+                     * Decodes a CreateGcpUserAccessBindingRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns CreateGcpUserAccessBindingRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest;
+
+                    /**
+                     * Verifies a CreateGcpUserAccessBindingRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a CreateGcpUserAccessBindingRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns CreateGcpUserAccessBindingRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest;
+
+                    /**
+                     * Creates a plain object from a CreateGcpUserAccessBindingRequest message. Also converts values to other types if specified.
+                     * @param message CreateGcpUserAccessBindingRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this CreateGcpUserAccessBindingRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for CreateGcpUserAccessBindingRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of an UpdateGcpUserAccessBindingRequest. */
+                interface IUpdateGcpUserAccessBindingRequest {
+
+                    /** UpdateGcpUserAccessBindingRequest gcpUserAccessBinding */
+                    gcpUserAccessBinding?: (google.identity.accesscontextmanager.v1.IGcpUserAccessBinding|null);
+
+                    /** UpdateGcpUserAccessBindingRequest updateMask */
+                    updateMask?: (google.protobuf.IFieldMask|null);
+                }
+
+                /** Represents an UpdateGcpUserAccessBindingRequest. */
+                class UpdateGcpUserAccessBindingRequest implements IUpdateGcpUserAccessBindingRequest {
+
+                    /**
+                     * Constructs a new UpdateGcpUserAccessBindingRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest);
+
+                    /** UpdateGcpUserAccessBindingRequest gcpUserAccessBinding. */
+                    public gcpUserAccessBinding?: (google.identity.accesscontextmanager.v1.IGcpUserAccessBinding|null);
+
+                    /** UpdateGcpUserAccessBindingRequest updateMask. */
+                    public updateMask?: (google.protobuf.IFieldMask|null);
+
+                    /**
+                     * Creates a new UpdateGcpUserAccessBindingRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns UpdateGcpUserAccessBindingRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest): google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest;
+
+                    /**
+                     * Encodes the specified UpdateGcpUserAccessBindingRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest.verify|verify} messages.
+                     * @param message UpdateGcpUserAccessBindingRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified UpdateGcpUserAccessBindingRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest.verify|verify} messages.
+                     * @param message UpdateGcpUserAccessBindingRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes an UpdateGcpUserAccessBindingRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns UpdateGcpUserAccessBindingRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest;
+
+                    /**
+                     * Decodes an UpdateGcpUserAccessBindingRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns UpdateGcpUserAccessBindingRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest;
+
+                    /**
+                     * Verifies an UpdateGcpUserAccessBindingRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates an UpdateGcpUserAccessBindingRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns UpdateGcpUserAccessBindingRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest;
+
+                    /**
+                     * Creates a plain object from an UpdateGcpUserAccessBindingRequest message. Also converts values to other types if specified.
+                     * @param message UpdateGcpUserAccessBindingRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this UpdateGcpUserAccessBindingRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for UpdateGcpUserAccessBindingRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a DeleteGcpUserAccessBindingRequest. */
+                interface IDeleteGcpUserAccessBindingRequest {
+
+                    /** DeleteGcpUserAccessBindingRequest name */
+                    name?: (string|null);
+                }
+
+                /** Represents a DeleteGcpUserAccessBindingRequest. */
+                class DeleteGcpUserAccessBindingRequest implements IDeleteGcpUserAccessBindingRequest {
+
+                    /**
+                     * Constructs a new DeleteGcpUserAccessBindingRequest.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest);
+
+                    /** DeleteGcpUserAccessBindingRequest name. */
+                    public name: string;
+
+                    /**
+                     * Creates a new DeleteGcpUserAccessBindingRequest instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns DeleteGcpUserAccessBindingRequest instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest): google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest;
+
+                    /**
+                     * Encodes the specified DeleteGcpUserAccessBindingRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest.verify|verify} messages.
+                     * @param message DeleteGcpUserAccessBindingRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified DeleteGcpUserAccessBindingRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest.verify|verify} messages.
+                     * @param message DeleteGcpUserAccessBindingRequest message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a DeleteGcpUserAccessBindingRequest message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns DeleteGcpUserAccessBindingRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest;
+
+                    /**
+                     * Decodes a DeleteGcpUserAccessBindingRequest message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns DeleteGcpUserAccessBindingRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest;
+
+                    /**
+                     * Verifies a DeleteGcpUserAccessBindingRequest message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a DeleteGcpUserAccessBindingRequest message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns DeleteGcpUserAccessBindingRequest
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest;
+
+                    /**
+                     * Creates a plain object from a DeleteGcpUserAccessBindingRequest message. Also converts values to other types if specified.
+                     * @param message DeleteGcpUserAccessBindingRequest
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this DeleteGcpUserAccessBindingRequest to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for DeleteGcpUserAccessBindingRequest
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a GcpUserAccessBindingOperationMetadata. */
+                interface IGcpUserAccessBindingOperationMetadata {
+                }
+
+                /** Represents a GcpUserAccessBindingOperationMetadata. */
+                class GcpUserAccessBindingOperationMetadata implements IGcpUserAccessBindingOperationMetadata {
+
+                    /**
+                     * Constructs a new GcpUserAccessBindingOperationMetadata.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata);
+
+                    /**
+                     * Creates a new GcpUserAccessBindingOperationMetadata instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns GcpUserAccessBindingOperationMetadata instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata): google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata;
+
+                    /**
+                     * Encodes the specified GcpUserAccessBindingOperationMetadata message. Does not implicitly {@link google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata.verify|verify} messages.
+                     * @param message GcpUserAccessBindingOperationMetadata message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified GcpUserAccessBindingOperationMetadata message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata.verify|verify} messages.
+                     * @param message GcpUserAccessBindingOperationMetadata message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a GcpUserAccessBindingOperationMetadata message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns GcpUserAccessBindingOperationMetadata
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata;
+
+                    /**
+                     * Decodes a GcpUserAccessBindingOperationMetadata message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns GcpUserAccessBindingOperationMetadata
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata;
+
+                    /**
+                     * Verifies a GcpUserAccessBindingOperationMetadata message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a GcpUserAccessBindingOperationMetadata message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns GcpUserAccessBindingOperationMetadata
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata;
+
+                    /**
+                     * Creates a plain object from a GcpUserAccessBindingOperationMetadata message. Also converts values to other types if specified.
+                     * @param message GcpUserAccessBindingOperationMetadata
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this GcpUserAccessBindingOperationMetadata to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for GcpUserAccessBindingOperationMetadata
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of an AccessContextManagerOperationMetadata. */
+                interface IAccessContextManagerOperationMetadata {
+                }
+
+                /** Represents an AccessContextManagerOperationMetadata. */
+                class AccessContextManagerOperationMetadata implements IAccessContextManagerOperationMetadata {
+
+                    /**
+                     * Constructs a new AccessContextManagerOperationMetadata.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata);
+
+                    /**
+                     * Creates a new AccessContextManagerOperationMetadata instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns AccessContextManagerOperationMetadata instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata): google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata;
+
+                    /**
+                     * Encodes the specified AccessContextManagerOperationMetadata message. Does not implicitly {@link google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata.verify|verify} messages.
+                     * @param message AccessContextManagerOperationMetadata message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified AccessContextManagerOperationMetadata message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata.verify|verify} messages.
+                     * @param message AccessContextManagerOperationMetadata message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes an AccessContextManagerOperationMetadata message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns AccessContextManagerOperationMetadata
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata;
+
+                    /**
+                     * Decodes an AccessContextManagerOperationMetadata message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns AccessContextManagerOperationMetadata
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata;
+
+                    /**
+                     * Verifies an AccessContextManagerOperationMetadata message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates an AccessContextManagerOperationMetadata message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns AccessContextManagerOperationMetadata
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata;
+
+                    /**
+                     * Creates a plain object from an AccessContextManagerOperationMetadata message. Also converts values to other types if specified.
+                     * @param message AccessContextManagerOperationMetadata
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this AccessContextManagerOperationMetadata to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for AccessContextManagerOperationMetadata
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of an AccessLevel. */
+                interface IAccessLevel {
+
+                    /** AccessLevel name */
+                    name?: (string|null);
+
+                    /** AccessLevel title */
+                    title?: (string|null);
+
+                    /** AccessLevel description */
+                    description?: (string|null);
+
+                    /** AccessLevel basic */
+                    basic?: (google.identity.accesscontextmanager.v1.IBasicLevel|null);
+
+                    /** AccessLevel custom */
+                    custom?: (google.identity.accesscontextmanager.v1.ICustomLevel|null);
+
+                    /** AccessLevel createTime */
+                    createTime?: (google.protobuf.ITimestamp|null);
+
+                    /** AccessLevel updateTime */
+                    updateTime?: (google.protobuf.ITimestamp|null);
+                }
+
+                /** Represents an AccessLevel. */
+                class AccessLevel implements IAccessLevel {
+
+                    /**
+                     * Constructs a new AccessLevel.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IAccessLevel);
+
+                    /** AccessLevel name. */
+                    public name: string;
+
+                    /** AccessLevel title. */
+                    public title: string;
+
+                    /** AccessLevel description. */
+                    public description: string;
+
+                    /** AccessLevel basic. */
+                    public basic?: (google.identity.accesscontextmanager.v1.IBasicLevel|null);
+
+                    /** AccessLevel custom. */
+                    public custom?: (google.identity.accesscontextmanager.v1.ICustomLevel|null);
+
+                    /** AccessLevel createTime. */
+                    public createTime?: (google.protobuf.ITimestamp|null);
+
+                    /** AccessLevel updateTime. */
+                    public updateTime?: (google.protobuf.ITimestamp|null);
+
+                    /** AccessLevel level. */
+                    public level?: ("basic"|"custom");
+
+                    /**
+                     * Creates a new AccessLevel instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns AccessLevel instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IAccessLevel): google.identity.accesscontextmanager.v1.AccessLevel;
+
+                    /**
+                     * Encodes the specified AccessLevel message. Does not implicitly {@link google.identity.accesscontextmanager.v1.AccessLevel.verify|verify} messages.
+                     * @param message AccessLevel message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IAccessLevel, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified AccessLevel message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.AccessLevel.verify|verify} messages.
+                     * @param message AccessLevel message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IAccessLevel, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes an AccessLevel message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns AccessLevel
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.AccessLevel;
+
+                    /**
+                     * Decodes an AccessLevel message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns AccessLevel
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.AccessLevel;
+
+                    /**
+                     * Verifies an AccessLevel message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates an AccessLevel message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns AccessLevel
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.AccessLevel;
+
+                    /**
+                     * Creates a plain object from an AccessLevel message. Also converts values to other types if specified.
+                     * @param message AccessLevel
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.AccessLevel, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this AccessLevel to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for AccessLevel
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a BasicLevel. */
+                interface IBasicLevel {
+
+                    /** BasicLevel conditions */
+                    conditions?: (google.identity.accesscontextmanager.v1.ICondition[]|null);
+
+                    /** BasicLevel combiningFunction */
+                    combiningFunction?: (google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction|keyof typeof google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction|null);
+                }
+
+                /** Represents a BasicLevel. */
+                class BasicLevel implements IBasicLevel {
+
+                    /**
+                     * Constructs a new BasicLevel.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IBasicLevel);
+
+                    /** BasicLevel conditions. */
+                    public conditions: google.identity.accesscontextmanager.v1.ICondition[];
+
+                    /** BasicLevel combiningFunction. */
+                    public combiningFunction: (google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction|keyof typeof google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction);
+
+                    /**
+                     * Creates a new BasicLevel instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns BasicLevel instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IBasicLevel): google.identity.accesscontextmanager.v1.BasicLevel;
+
+                    /**
+                     * Encodes the specified BasicLevel message. Does not implicitly {@link google.identity.accesscontextmanager.v1.BasicLevel.verify|verify} messages.
+                     * @param message BasicLevel message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IBasicLevel, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified BasicLevel message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.BasicLevel.verify|verify} messages.
+                     * @param message BasicLevel message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IBasicLevel, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a BasicLevel message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns BasicLevel
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.BasicLevel;
+
+                    /**
+                     * Decodes a BasicLevel message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns BasicLevel
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.BasicLevel;
+
+                    /**
+                     * Verifies a BasicLevel message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a BasicLevel message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns BasicLevel
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.BasicLevel;
+
+                    /**
+                     * Creates a plain object from a BasicLevel message. Also converts values to other types if specified.
+                     * @param message BasicLevel
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.BasicLevel, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this BasicLevel to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for BasicLevel
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                namespace BasicLevel {
+
+                    /** ConditionCombiningFunction enum. */
+                    enum ConditionCombiningFunction {
+                        AND = 0,
+                        OR = 1
+                    }
+                }
+
+                /** Properties of a Condition. */
+                interface ICondition {
+
+                    /** Condition ipSubnetworks */
+                    ipSubnetworks?: (string[]|null);
+
+                    /** Condition devicePolicy */
+                    devicePolicy?: (google.identity.accesscontextmanager.v1.IDevicePolicy|null);
+
+                    /** Condition requiredAccessLevels */
+                    requiredAccessLevels?: (string[]|null);
+
+                    /** Condition negate */
+                    negate?: (boolean|null);
+
+                    /** Condition members */
+                    members?: (string[]|null);
+
+                    /** Condition regions */
+                    regions?: (string[]|null);
+                }
+
+                /** Represents a Condition. */
+                class Condition implements ICondition {
+
+                    /**
+                     * Constructs a new Condition.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.ICondition);
+
+                    /** Condition ipSubnetworks. */
+                    public ipSubnetworks: string[];
+
+                    /** Condition devicePolicy. */
+                    public devicePolicy?: (google.identity.accesscontextmanager.v1.IDevicePolicy|null);
+
+                    /** Condition requiredAccessLevels. */
+                    public requiredAccessLevels: string[];
+
+                    /** Condition negate. */
+                    public negate: boolean;
+
+                    /** Condition members. */
+                    public members: string[];
+
+                    /** Condition regions. */
+                    public regions: string[];
+
+                    /**
+                     * Creates a new Condition instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns Condition instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.ICondition): google.identity.accesscontextmanager.v1.Condition;
+
+                    /**
+                     * Encodes the specified Condition message. Does not implicitly {@link google.identity.accesscontextmanager.v1.Condition.verify|verify} messages.
+                     * @param message Condition message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.ICondition, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified Condition message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.Condition.verify|verify} messages.
+                     * @param message Condition message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ICondition, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a Condition message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns Condition
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.Condition;
+
+                    /**
+                     * Decodes a Condition message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns Condition
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.Condition;
+
+                    /**
+                     * Verifies a Condition message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a Condition message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns Condition
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.Condition;
+
+                    /**
+                     * Creates a plain object from a Condition message. Also converts values to other types if specified.
+                     * @param message Condition
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.Condition, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this Condition to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for Condition
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a CustomLevel. */
+                interface ICustomLevel {
+
+                    /** CustomLevel expr */
+                    expr?: (google.type.IExpr|null);
+                }
+
+                /** Represents a CustomLevel. */
+                class CustomLevel implements ICustomLevel {
+
+                    /**
+                     * Constructs a new CustomLevel.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.ICustomLevel);
+
+                    /** CustomLevel expr. */
+                    public expr?: (google.type.IExpr|null);
+
+                    /**
+                     * Creates a new CustomLevel instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns CustomLevel instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.ICustomLevel): google.identity.accesscontextmanager.v1.CustomLevel;
+
+                    /**
+                     * Encodes the specified CustomLevel message. Does not implicitly {@link google.identity.accesscontextmanager.v1.CustomLevel.verify|verify} messages.
+                     * @param message CustomLevel message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.ICustomLevel, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified CustomLevel message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.CustomLevel.verify|verify} messages.
+                     * @param message CustomLevel message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ICustomLevel, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a CustomLevel message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns CustomLevel
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.CustomLevel;
+
+                    /**
+                     * Decodes a CustomLevel message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns CustomLevel
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.CustomLevel;
+
+                    /**
+                     * Verifies a CustomLevel message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a CustomLevel message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns CustomLevel
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.CustomLevel;
+
+                    /**
+                     * Creates a plain object from a CustomLevel message. Also converts values to other types if specified.
+                     * @param message CustomLevel
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.CustomLevel, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this CustomLevel to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for CustomLevel
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a DevicePolicy. */
+                interface IDevicePolicy {
+
+                    /** DevicePolicy requireScreenlock */
+                    requireScreenlock?: (boolean|null);
+
+                    /** DevicePolicy allowedEncryptionStatuses */
+                    allowedEncryptionStatuses?: (google.identity.accesscontextmanager.type.DeviceEncryptionStatus[]|null);
+
+                    /** DevicePolicy osConstraints */
+                    osConstraints?: (google.identity.accesscontextmanager.v1.IOsConstraint[]|null);
+
+                    /** DevicePolicy allowedDeviceManagementLevels */
+                    allowedDeviceManagementLevels?: (google.identity.accesscontextmanager.type.DeviceManagementLevel[]|null);
+
+                    /** DevicePolicy requireAdminApproval */
+                    requireAdminApproval?: (boolean|null);
+
+                    /** DevicePolicy requireCorpOwned */
+                    requireCorpOwned?: (boolean|null);
+                }
+
+                /** Represents a DevicePolicy. */
+                class DevicePolicy implements IDevicePolicy {
+
+                    /**
+                     * Constructs a new DevicePolicy.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IDevicePolicy);
+
+                    /** DevicePolicy requireScreenlock. */
+                    public requireScreenlock: boolean;
+
+                    /** DevicePolicy allowedEncryptionStatuses. */
+                    public allowedEncryptionStatuses: google.identity.accesscontextmanager.type.DeviceEncryptionStatus[];
+
+                    /** DevicePolicy osConstraints. */
+                    public osConstraints: google.identity.accesscontextmanager.v1.IOsConstraint[];
+
+                    /** DevicePolicy allowedDeviceManagementLevels. */
+                    public allowedDeviceManagementLevels: google.identity.accesscontextmanager.type.DeviceManagementLevel[];
+
+                    /** DevicePolicy requireAdminApproval. */
+                    public requireAdminApproval: boolean;
+
+                    /** DevicePolicy requireCorpOwned. */
+                    public requireCorpOwned: boolean;
+
+                    /**
+                     * Creates a new DevicePolicy instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns DevicePolicy instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IDevicePolicy): google.identity.accesscontextmanager.v1.DevicePolicy;
+
+                    /**
+                     * Encodes the specified DevicePolicy message. Does not implicitly {@link google.identity.accesscontextmanager.v1.DevicePolicy.verify|verify} messages.
+                     * @param message DevicePolicy message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IDevicePolicy, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified DevicePolicy message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.DevicePolicy.verify|verify} messages.
+                     * @param message DevicePolicy message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IDevicePolicy, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a DevicePolicy message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns DevicePolicy
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.DevicePolicy;
+
+                    /**
+                     * Decodes a DevicePolicy message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns DevicePolicy
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.DevicePolicy;
+
+                    /**
+                     * Verifies a DevicePolicy message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a DevicePolicy message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns DevicePolicy
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.DevicePolicy;
+
+                    /**
+                     * Creates a plain object from a DevicePolicy message. Also converts values to other types if specified.
+                     * @param message DevicePolicy
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.DevicePolicy, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this DevicePolicy to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for DevicePolicy
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of an OsConstraint. */
+                interface IOsConstraint {
+
+                    /** OsConstraint osType */
+                    osType?: (google.identity.accesscontextmanager.type.OsType|keyof typeof google.identity.accesscontextmanager.type.OsType|null);
+
+                    /** OsConstraint minimumVersion */
+                    minimumVersion?: (string|null);
+
+                    /** OsConstraint requireVerifiedChromeOs */
+                    requireVerifiedChromeOs?: (boolean|null);
+                }
+
+                /** Represents an OsConstraint. */
+                class OsConstraint implements IOsConstraint {
+
+                    /**
+                     * Constructs a new OsConstraint.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IOsConstraint);
+
+                    /** OsConstraint osType. */
+                    public osType: (google.identity.accesscontextmanager.type.OsType|keyof typeof google.identity.accesscontextmanager.type.OsType);
+
+                    /** OsConstraint minimumVersion. */
+                    public minimumVersion: string;
+
+                    /** OsConstraint requireVerifiedChromeOs. */
+                    public requireVerifiedChromeOs: boolean;
+
+                    /**
+                     * Creates a new OsConstraint instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns OsConstraint instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IOsConstraint): google.identity.accesscontextmanager.v1.OsConstraint;
+
+                    /**
+                     * Encodes the specified OsConstraint message. Does not implicitly {@link google.identity.accesscontextmanager.v1.OsConstraint.verify|verify} messages.
+                     * @param message OsConstraint message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IOsConstraint, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified OsConstraint message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.OsConstraint.verify|verify} messages.
+                     * @param message OsConstraint message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IOsConstraint, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes an OsConstraint message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns OsConstraint
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.OsConstraint;
+
+                    /**
+                     * Decodes an OsConstraint message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns OsConstraint
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.OsConstraint;
+
+                    /**
+                     * Verifies an OsConstraint message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates an OsConstraint message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns OsConstraint
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.OsConstraint;
+
+                    /**
+                     * Creates a plain object from an OsConstraint message. Also converts values to other types if specified.
+                     * @param message OsConstraint
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.OsConstraint, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this OsConstraint to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for OsConstraint
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of an AccessPolicy. */
+                interface IAccessPolicy {
+
+                    /** AccessPolicy name */
+                    name?: (string|null);
+
+                    /** AccessPolicy parent */
+                    parent?: (string|null);
+
+                    /** AccessPolicy title */
+                    title?: (string|null);
+
+                    /** AccessPolicy scopes */
+                    scopes?: (string[]|null);
+
+                    /** AccessPolicy createTime */
+                    createTime?: (google.protobuf.ITimestamp|null);
+
+                    /** AccessPolicy updateTime */
+                    updateTime?: (google.protobuf.ITimestamp|null);
+
+                    /** AccessPolicy etag */
+                    etag?: (string|null);
+                }
+
+                /** Represents an AccessPolicy. */
+                class AccessPolicy implements IAccessPolicy {
+
+                    /**
+                     * Constructs a new AccessPolicy.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IAccessPolicy);
+
+                    /** AccessPolicy name. */
+                    public name: string;
+
+                    /** AccessPolicy parent. */
+                    public parent: string;
+
+                    /** AccessPolicy title. */
+                    public title: string;
+
+                    /** AccessPolicy scopes. */
+                    public scopes: string[];
+
+                    /** AccessPolicy createTime. */
+                    public createTime?: (google.protobuf.ITimestamp|null);
+
+                    /** AccessPolicy updateTime. */
+                    public updateTime?: (google.protobuf.ITimestamp|null);
+
+                    /** AccessPolicy etag. */
+                    public etag: string;
+
+                    /**
+                     * Creates a new AccessPolicy instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns AccessPolicy instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IAccessPolicy): google.identity.accesscontextmanager.v1.AccessPolicy;
+
+                    /**
+                     * Encodes the specified AccessPolicy message. Does not implicitly {@link google.identity.accesscontextmanager.v1.AccessPolicy.verify|verify} messages.
+                     * @param message AccessPolicy message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IAccessPolicy, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified AccessPolicy message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.AccessPolicy.verify|verify} messages.
+                     * @param message AccessPolicy message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IAccessPolicy, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes an AccessPolicy message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns AccessPolicy
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.AccessPolicy;
+
+                    /**
+                     * Decodes an AccessPolicy message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns AccessPolicy
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.AccessPolicy;
+
+                    /**
+                     * Verifies an AccessPolicy message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates an AccessPolicy message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns AccessPolicy
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.AccessPolicy;
+
+                    /**
+                     * Creates a plain object from an AccessPolicy message. Also converts values to other types if specified.
+                     * @param message AccessPolicy
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.AccessPolicy, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this AccessPolicy to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for AccessPolicy
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a GcpUserAccessBinding. */
+                interface IGcpUserAccessBinding {
+
+                    /** GcpUserAccessBinding name */
+                    name?: (string|null);
+
+                    /** GcpUserAccessBinding groupKey */
+                    groupKey?: (string|null);
+
+                    /** GcpUserAccessBinding accessLevels */
+                    accessLevels?: (string[]|null);
+                }
+
+                /** Represents a GcpUserAccessBinding. */
+                class GcpUserAccessBinding implements IGcpUserAccessBinding {
+
+                    /**
+                     * Constructs a new GcpUserAccessBinding.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IGcpUserAccessBinding);
+
+                    /** GcpUserAccessBinding name. */
+                    public name: string;
+
+                    /** GcpUserAccessBinding groupKey. */
+                    public groupKey: string;
+
+                    /** GcpUserAccessBinding accessLevels. */
+                    public accessLevels: string[];
+
+                    /**
+                     * Creates a new GcpUserAccessBinding instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns GcpUserAccessBinding instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IGcpUserAccessBinding): google.identity.accesscontextmanager.v1.GcpUserAccessBinding;
+
+                    /**
+                     * Encodes the specified GcpUserAccessBinding message. Does not implicitly {@link google.identity.accesscontextmanager.v1.GcpUserAccessBinding.verify|verify} messages.
+                     * @param message GcpUserAccessBinding message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IGcpUserAccessBinding, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified GcpUserAccessBinding message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.GcpUserAccessBinding.verify|verify} messages.
+                     * @param message GcpUserAccessBinding message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IGcpUserAccessBinding, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a GcpUserAccessBinding message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns GcpUserAccessBinding
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.GcpUserAccessBinding;
+
+                    /**
+                     * Decodes a GcpUserAccessBinding message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns GcpUserAccessBinding
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.GcpUserAccessBinding;
+
+                    /**
+                     * Verifies a GcpUserAccessBinding message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a GcpUserAccessBinding message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns GcpUserAccessBinding
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.GcpUserAccessBinding;
+
+                    /**
+                     * Creates a plain object from a GcpUserAccessBinding message. Also converts values to other types if specified.
+                     * @param message GcpUserAccessBinding
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.GcpUserAccessBinding, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this GcpUserAccessBinding to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for GcpUserAccessBinding
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                /** Properties of a ServicePerimeter. */
+                interface IServicePerimeter {
+
+                    /** ServicePerimeter name */
+                    name?: (string|null);
+
+                    /** ServicePerimeter title */
+                    title?: (string|null);
+
+                    /** ServicePerimeter description */
+                    description?: (string|null);
+
+                    /** ServicePerimeter createTime */
+                    createTime?: (google.protobuf.ITimestamp|null);
+
+                    /** ServicePerimeter updateTime */
+                    updateTime?: (google.protobuf.ITimestamp|null);
+
+                    /** ServicePerimeter perimeterType */
+                    perimeterType?: (google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType|keyof typeof google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType|null);
+
+                    /** ServicePerimeter status */
+                    status?: (google.identity.accesscontextmanager.v1.IServicePerimeterConfig|null);
+
+                    /** ServicePerimeter spec */
+                    spec?: (google.identity.accesscontextmanager.v1.IServicePerimeterConfig|null);
+
+                    /** ServicePerimeter useExplicitDryRunSpec */
+                    useExplicitDryRunSpec?: (boolean|null);
+                }
+
+                /** Represents a ServicePerimeter. */
+                class ServicePerimeter implements IServicePerimeter {
+
+                    /**
+                     * Constructs a new ServicePerimeter.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IServicePerimeter);
+
+                    /** ServicePerimeter name. */
+                    public name: string;
+
+                    /** ServicePerimeter title. */
+                    public title: string;
+
+                    /** ServicePerimeter description. */
+                    public description: string;
+
+                    /** ServicePerimeter createTime. */
+                    public createTime?: (google.protobuf.ITimestamp|null);
+
+                    /** ServicePerimeter updateTime. */
+                    public updateTime?: (google.protobuf.ITimestamp|null);
+
+                    /** ServicePerimeter perimeterType. */
+                    public perimeterType: (google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType|keyof typeof google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType);
+
+                    /** ServicePerimeter status. */
+                    public status?: (google.identity.accesscontextmanager.v1.IServicePerimeterConfig|null);
+
+                    /** ServicePerimeter spec. */
+                    public spec?: (google.identity.accesscontextmanager.v1.IServicePerimeterConfig|null);
+
+                    /** ServicePerimeter useExplicitDryRunSpec. */
+                    public useExplicitDryRunSpec: boolean;
+
+                    /**
+                     * Creates a new ServicePerimeter instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns ServicePerimeter instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IServicePerimeter): google.identity.accesscontextmanager.v1.ServicePerimeter;
+
+                    /**
+                     * Encodes the specified ServicePerimeter message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeter.verify|verify} messages.
+                     * @param message ServicePerimeter message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IServicePerimeter, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified ServicePerimeter message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeter.verify|verify} messages.
+                     * @param message ServicePerimeter message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IServicePerimeter, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a ServicePerimeter message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns ServicePerimeter
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ServicePerimeter;
+
+                    /**
+                     * Decodes a ServicePerimeter message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns ServicePerimeter
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ServicePerimeter;
+
+                    /**
+                     * Verifies a ServicePerimeter message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a ServicePerimeter message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns ServicePerimeter
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ServicePerimeter;
+
+                    /**
+                     * Creates a plain object from a ServicePerimeter message. Also converts values to other types if specified.
+                     * @param message ServicePerimeter
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.ServicePerimeter, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this ServicePerimeter to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for ServicePerimeter
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                namespace ServicePerimeter {
+
+                    /** PerimeterType enum. */
+                    enum PerimeterType {
+                        PERIMETER_TYPE_REGULAR = 0,
+                        PERIMETER_TYPE_BRIDGE = 1
+                    }
+                }
+
+                /** Properties of a ServicePerimeterConfig. */
+                interface IServicePerimeterConfig {
+
+                    /** ServicePerimeterConfig resources */
+                    resources?: (string[]|null);
+
+                    /** ServicePerimeterConfig accessLevels */
+                    accessLevels?: (string[]|null);
+
+                    /** ServicePerimeterConfig restrictedServices */
+                    restrictedServices?: (string[]|null);
+
+                    /** ServicePerimeterConfig vpcAccessibleServices */
+                    vpcAccessibleServices?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IVpcAccessibleServices|null);
+
+                    /** ServicePerimeterConfig ingressPolicies */
+                    ingressPolicies?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressPolicy[]|null);
+
+                    /** ServicePerimeterConfig egressPolicies */
+                    egressPolicies?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressPolicy[]|null);
+                }
+
+                /** Represents a ServicePerimeterConfig. */
+                class ServicePerimeterConfig implements IServicePerimeterConfig {
+
+                    /**
+                     * Constructs a new ServicePerimeterConfig.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.identity.accesscontextmanager.v1.IServicePerimeterConfig);
+
+                    /** ServicePerimeterConfig resources. */
+                    public resources: string[];
+
+                    /** ServicePerimeterConfig accessLevels. */
+                    public accessLevels: string[];
+
+                    /** ServicePerimeterConfig restrictedServices. */
+                    public restrictedServices: string[];
+
+                    /** ServicePerimeterConfig vpcAccessibleServices. */
+                    public vpcAccessibleServices?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IVpcAccessibleServices|null);
+
+                    /** ServicePerimeterConfig ingressPolicies. */
+                    public ingressPolicies: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressPolicy[];
+
+                    /** ServicePerimeterConfig egressPolicies. */
+                    public egressPolicies: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressPolicy[];
+
+                    /**
+                     * Creates a new ServicePerimeterConfig instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns ServicePerimeterConfig instance
+                     */
+                    public static create(properties?: google.identity.accesscontextmanager.v1.IServicePerimeterConfig): google.identity.accesscontextmanager.v1.ServicePerimeterConfig;
+
+                    /**
+                     * Encodes the specified ServicePerimeterConfig message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.verify|verify} messages.
+                     * @param message ServicePerimeterConfig message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.identity.accesscontextmanager.v1.IServicePerimeterConfig, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified ServicePerimeterConfig message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.verify|verify} messages.
+                     * @param message ServicePerimeterConfig message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.identity.accesscontextmanager.v1.IServicePerimeterConfig, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes a ServicePerimeterConfig message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns ServicePerimeterConfig
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ServicePerimeterConfig;
+
+                    /**
+                     * Decodes a ServicePerimeterConfig message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns ServicePerimeterConfig
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ServicePerimeterConfig;
+
+                    /**
+                     * Verifies a ServicePerimeterConfig message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates a ServicePerimeterConfig message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns ServicePerimeterConfig
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ServicePerimeterConfig;
+
+                    /**
+                     * Creates a plain object from a ServicePerimeterConfig message. Also converts values to other types if specified.
+                     * @param message ServicePerimeterConfig
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this ServicePerimeterConfig to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+
+                    /**
+                     * Gets the default type url for ServicePerimeterConfig
+                     * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns The default type url
+                     */
+                    public static getTypeUrl(typeUrlPrefix?: string): string;
+                }
+
+                namespace ServicePerimeterConfig {
+
+                    /** Properties of a VpcAccessibleServices. */
+                    interface IVpcAccessibleServices {
+
+                        /** VpcAccessibleServices enableRestriction */
+                        enableRestriction?: (boolean|null);
+
+                        /** VpcAccessibleServices allowedServices */
+                        allowedServices?: (string[]|null);
+                    }
+
+                    /** Represents a VpcAccessibleServices. */
+                    class VpcAccessibleServices implements IVpcAccessibleServices {
+
+                        /**
+                         * Constructs a new VpcAccessibleServices.
+                         * @param [properties] Properties to set
+                         */
+                        constructor(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IVpcAccessibleServices);
+
+                        /** VpcAccessibleServices enableRestriction. */
+                        public enableRestriction: boolean;
+
+                        /** VpcAccessibleServices allowedServices. */
+                        public allowedServices: string[];
+
+                        /**
+                         * Creates a new VpcAccessibleServices instance using the specified properties.
+                         * @param [properties] Properties to set
+                         * @returns VpcAccessibleServices instance
+                         */
+                        public static create(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IVpcAccessibleServices): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices;
+
+                        /**
+                         * Encodes the specified VpcAccessibleServices message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices.verify|verify} messages.
+                         * @param message VpcAccessibleServices message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encode(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IVpcAccessibleServices, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Encodes the specified VpcAccessibleServices message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices.verify|verify} messages.
+                         * @param message VpcAccessibleServices message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IVpcAccessibleServices, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Decodes a VpcAccessibleServices message from the specified reader or buffer.
+                         * @param reader Reader or buffer to decode from
+                         * @param [length] Message length if known beforehand
+                         * @returns VpcAccessibleServices
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices;
+
+                        /**
+                         * Decodes a VpcAccessibleServices message from the specified reader or buffer, length delimited.
+                         * @param reader Reader or buffer to decode from
+                         * @returns VpcAccessibleServices
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices;
+
+                        /**
+                         * Verifies a VpcAccessibleServices message.
+                         * @param message Plain object to verify
+                         * @returns `null` if valid, otherwise the reason why it is not
+                         */
+                        public static verify(message: { [k: string]: any }): (string|null);
+
+                        /**
+                         * Creates a VpcAccessibleServices message from a plain object. Also converts values to their respective internal types.
+                         * @param object Plain object
+                         * @returns VpcAccessibleServices
+                         */
+                        public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices;
+
+                        /**
+                         * Creates a plain object from a VpcAccessibleServices message. Also converts values to other types if specified.
+                         * @param message VpcAccessibleServices
+                         * @param [options] Conversion options
+                         * @returns Plain object
+                         */
+                        public static toObject(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                        /**
+                         * Converts this VpcAccessibleServices to JSON.
+                         * @returns JSON object
+                         */
+                        public toJSON(): { [k: string]: any };
+
+                        /**
+                         * Gets the default type url for VpcAccessibleServices
+                         * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns The default type url
+                         */
+                        public static getTypeUrl(typeUrlPrefix?: string): string;
+                    }
+
+                    /** IdentityType enum. */
+                    enum IdentityType {
+                        IDENTITY_TYPE_UNSPECIFIED = 0,
+                        ANY_IDENTITY = 1,
+                        ANY_USER_ACCOUNT = 2,
+                        ANY_SERVICE_ACCOUNT = 3
+                    }
+
+                    /** Properties of a MethodSelector. */
+                    interface IMethodSelector {
+
+                        /** MethodSelector method */
+                        method?: (string|null);
+
+                        /** MethodSelector permission */
+                        permission?: (string|null);
+                    }
+
+                    /** Represents a MethodSelector. */
+                    class MethodSelector implements IMethodSelector {
+
+                        /**
+                         * Constructs a new MethodSelector.
+                         * @param [properties] Properties to set
+                         */
+                        constructor(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IMethodSelector);
+
+                        /** MethodSelector method. */
+                        public method?: (string|null);
+
+                        /** MethodSelector permission. */
+                        public permission?: (string|null);
+
+                        /** MethodSelector kind. */
+                        public kind?: ("method"|"permission");
+
+                        /**
+                         * Creates a new MethodSelector instance using the specified properties.
+                         * @param [properties] Properties to set
+                         * @returns MethodSelector instance
+                         */
+                        public static create(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IMethodSelector): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector;
+
+                        /**
+                         * Encodes the specified MethodSelector message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector.verify|verify} messages.
+                         * @param message MethodSelector message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encode(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IMethodSelector, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Encodes the specified MethodSelector message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector.verify|verify} messages.
+                         * @param message MethodSelector message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IMethodSelector, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Decodes a MethodSelector message from the specified reader or buffer.
+                         * @param reader Reader or buffer to decode from
+                         * @param [length] Message length if known beforehand
+                         * @returns MethodSelector
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector;
+
+                        /**
+                         * Decodes a MethodSelector message from the specified reader or buffer, length delimited.
+                         * @param reader Reader or buffer to decode from
+                         * @returns MethodSelector
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector;
+
+                        /**
+                         * Verifies a MethodSelector message.
+                         * @param message Plain object to verify
+                         * @returns `null` if valid, otherwise the reason why it is not
+                         */
+                        public static verify(message: { [k: string]: any }): (string|null);
+
+                        /**
+                         * Creates a MethodSelector message from a plain object. Also converts values to their respective internal types.
+                         * @param object Plain object
+                         * @returns MethodSelector
+                         */
+                        public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector;
+
+                        /**
+                         * Creates a plain object from a MethodSelector message. Also converts values to other types if specified.
+                         * @param message MethodSelector
+                         * @param [options] Conversion options
+                         * @returns Plain object
+                         */
+                        public static toObject(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                        /**
+                         * Converts this MethodSelector to JSON.
+                         * @returns JSON object
+                         */
+                        public toJSON(): { [k: string]: any };
+
+                        /**
+                         * Gets the default type url for MethodSelector
+                         * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns The default type url
+                         */
+                        public static getTypeUrl(typeUrlPrefix?: string): string;
+                    }
+
+                    /** Properties of an ApiOperation. */
+                    interface IApiOperation {
+
+                        /** ApiOperation serviceName */
+                        serviceName?: (string|null);
+
+                        /** ApiOperation methodSelectors */
+                        methodSelectors?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IMethodSelector[]|null);
+                    }
+
+                    /** Represents an ApiOperation. */
+                    class ApiOperation implements IApiOperation {
+
+                        /**
+                         * Constructs a new ApiOperation.
+                         * @param [properties] Properties to set
+                         */
+                        constructor(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation);
+
+                        /** ApiOperation serviceName. */
+                        public serviceName: string;
+
+                        /** ApiOperation methodSelectors. */
+                        public methodSelectors: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IMethodSelector[];
+
+                        /**
+                         * Creates a new ApiOperation instance using the specified properties.
+                         * @param [properties] Properties to set
+                         * @returns ApiOperation instance
+                         */
+                        public static create(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation;
+
+                        /**
+                         * Encodes the specified ApiOperation message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.verify|verify} messages.
+                         * @param message ApiOperation message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encode(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Encodes the specified ApiOperation message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.verify|verify} messages.
+                         * @param message ApiOperation message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Decodes an ApiOperation message from the specified reader or buffer.
+                         * @param reader Reader or buffer to decode from
+                         * @param [length] Message length if known beforehand
+                         * @returns ApiOperation
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation;
+
+                        /**
+                         * Decodes an ApiOperation message from the specified reader or buffer, length delimited.
+                         * @param reader Reader or buffer to decode from
+                         * @returns ApiOperation
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation;
+
+                        /**
+                         * Verifies an ApiOperation message.
+                         * @param message Plain object to verify
+                         * @returns `null` if valid, otherwise the reason why it is not
+                         */
+                        public static verify(message: { [k: string]: any }): (string|null);
+
+                        /**
+                         * Creates an ApiOperation message from a plain object. Also converts values to their respective internal types.
+                         * @param object Plain object
+                         * @returns ApiOperation
+                         */
+                        public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation;
+
+                        /**
+                         * Creates a plain object from an ApiOperation message. Also converts values to other types if specified.
+                         * @param message ApiOperation
+                         * @param [options] Conversion options
+                         * @returns Plain object
+                         */
+                        public static toObject(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                        /**
+                         * Converts this ApiOperation to JSON.
+                         * @returns JSON object
+                         */
+                        public toJSON(): { [k: string]: any };
+
+                        /**
+                         * Gets the default type url for ApiOperation
+                         * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns The default type url
+                         */
+                        public static getTypeUrl(typeUrlPrefix?: string): string;
+                    }
+
+                    /** Properties of an IngressSource. */
+                    interface IIngressSource {
+
+                        /** IngressSource accessLevel */
+                        accessLevel?: (string|null);
+
+                        /** IngressSource resource */
+                        resource?: (string|null);
+                    }
+
+                    /** Represents an IngressSource. */
+                    class IngressSource implements IIngressSource {
+
+                        /**
+                         * Constructs a new IngressSource.
+                         * @param [properties] Properties to set
+                         */
+                        constructor(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressSource);
+
+                        /** IngressSource accessLevel. */
+                        public accessLevel?: (string|null);
+
+                        /** IngressSource resource. */
+                        public resource?: (string|null);
+
+                        /** IngressSource source. */
+                        public source?: ("accessLevel"|"resource");
+
+                        /**
+                         * Creates a new IngressSource instance using the specified properties.
+                         * @param [properties] Properties to set
+                         * @returns IngressSource instance
+                         */
+                        public static create(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressSource): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource;
+
+                        /**
+                         * Encodes the specified IngressSource message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource.verify|verify} messages.
+                         * @param message IngressSource message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encode(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressSource, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Encodes the specified IngressSource message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource.verify|verify} messages.
+                         * @param message IngressSource message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressSource, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Decodes an IngressSource message from the specified reader or buffer.
+                         * @param reader Reader or buffer to decode from
+                         * @param [length] Message length if known beforehand
+                         * @returns IngressSource
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource;
+
+                        /**
+                         * Decodes an IngressSource message from the specified reader or buffer, length delimited.
+                         * @param reader Reader or buffer to decode from
+                         * @returns IngressSource
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource;
+
+                        /**
+                         * Verifies an IngressSource message.
+                         * @param message Plain object to verify
+                         * @returns `null` if valid, otherwise the reason why it is not
+                         */
+                        public static verify(message: { [k: string]: any }): (string|null);
+
+                        /**
+                         * Creates an IngressSource message from a plain object. Also converts values to their respective internal types.
+                         * @param object Plain object
+                         * @returns IngressSource
+                         */
+                        public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource;
+
+                        /**
+                         * Creates a plain object from an IngressSource message. Also converts values to other types if specified.
+                         * @param message IngressSource
+                         * @param [options] Conversion options
+                         * @returns Plain object
+                         */
+                        public static toObject(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                        /**
+                         * Converts this IngressSource to JSON.
+                         * @returns JSON object
+                         */
+                        public toJSON(): { [k: string]: any };
+
+                        /**
+                         * Gets the default type url for IngressSource
+                         * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns The default type url
+                         */
+                        public static getTypeUrl(typeUrlPrefix?: string): string;
+                    }
+
+                    /** Properties of an IngressFrom. */
+                    interface IIngressFrom {
+
+                        /** IngressFrom sources */
+                        sources?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressSource[]|null);
+
+                        /** IngressFrom identities */
+                        identities?: (string[]|null);
+
+                        /** IngressFrom identityType */
+                        identityType?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType|keyof typeof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType|null);
+                    }
+
+                    /** Represents an IngressFrom. */
+                    class IngressFrom implements IIngressFrom {
+
+                        /**
+                         * Constructs a new IngressFrom.
+                         * @param [properties] Properties to set
+                         */
+                        constructor(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressFrom);
+
+                        /** IngressFrom sources. */
+                        public sources: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressSource[];
+
+                        /** IngressFrom identities. */
+                        public identities: string[];
+
+                        /** IngressFrom identityType. */
+                        public identityType: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType|keyof typeof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType);
+
+                        /**
+                         * Creates a new IngressFrom instance using the specified properties.
+                         * @param [properties] Properties to set
+                         * @returns IngressFrom instance
+                         */
+                        public static create(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressFrom): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom;
+
+                        /**
+                         * Encodes the specified IngressFrom message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom.verify|verify} messages.
+                         * @param message IngressFrom message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encode(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressFrom, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Encodes the specified IngressFrom message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom.verify|verify} messages.
+                         * @param message IngressFrom message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressFrom, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Decodes an IngressFrom message from the specified reader or buffer.
+                         * @param reader Reader or buffer to decode from
+                         * @param [length] Message length if known beforehand
+                         * @returns IngressFrom
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom;
+
+                        /**
+                         * Decodes an IngressFrom message from the specified reader or buffer, length delimited.
+                         * @param reader Reader or buffer to decode from
+                         * @returns IngressFrom
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom;
+
+                        /**
+                         * Verifies an IngressFrom message.
+                         * @param message Plain object to verify
+                         * @returns `null` if valid, otherwise the reason why it is not
+                         */
+                        public static verify(message: { [k: string]: any }): (string|null);
+
+                        /**
+                         * Creates an IngressFrom message from a plain object. Also converts values to their respective internal types.
+                         * @param object Plain object
+                         * @returns IngressFrom
+                         */
+                        public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom;
+
+                        /**
+                         * Creates a plain object from an IngressFrom message. Also converts values to other types if specified.
+                         * @param message IngressFrom
+                         * @param [options] Conversion options
+                         * @returns Plain object
+                         */
+                        public static toObject(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                        /**
+                         * Converts this IngressFrom to JSON.
+                         * @returns JSON object
+                         */
+                        public toJSON(): { [k: string]: any };
+
+                        /**
+                         * Gets the default type url for IngressFrom
+                         * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns The default type url
+                         */
+                        public static getTypeUrl(typeUrlPrefix?: string): string;
+                    }
+
+                    /** Properties of an IngressTo. */
+                    interface IIngressTo {
+
+                        /** IngressTo operations */
+                        operations?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation[]|null);
+
+                        /** IngressTo resources */
+                        resources?: (string[]|null);
+                    }
+
+                    /** Represents an IngressTo. */
+                    class IngressTo implements IIngressTo {
+
+                        /**
+                         * Constructs a new IngressTo.
+                         * @param [properties] Properties to set
+                         */
+                        constructor(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressTo);
+
+                        /** IngressTo operations. */
+                        public operations: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation[];
+
+                        /** IngressTo resources. */
+                        public resources: string[];
+
+                        /**
+                         * Creates a new IngressTo instance using the specified properties.
+                         * @param [properties] Properties to set
+                         * @returns IngressTo instance
+                         */
+                        public static create(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressTo): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo;
+
+                        /**
+                         * Encodes the specified IngressTo message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo.verify|verify} messages.
+                         * @param message IngressTo message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encode(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressTo, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Encodes the specified IngressTo message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo.verify|verify} messages.
+                         * @param message IngressTo message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressTo, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Decodes an IngressTo message from the specified reader or buffer.
+                         * @param reader Reader or buffer to decode from
+                         * @param [length] Message length if known beforehand
+                         * @returns IngressTo
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo;
+
+                        /**
+                         * Decodes an IngressTo message from the specified reader or buffer, length delimited.
+                         * @param reader Reader or buffer to decode from
+                         * @returns IngressTo
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo;
+
+                        /**
+                         * Verifies an IngressTo message.
+                         * @param message Plain object to verify
+                         * @returns `null` if valid, otherwise the reason why it is not
+                         */
+                        public static verify(message: { [k: string]: any }): (string|null);
+
+                        /**
+                         * Creates an IngressTo message from a plain object. Also converts values to their respective internal types.
+                         * @param object Plain object
+                         * @returns IngressTo
+                         */
+                        public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo;
+
+                        /**
+                         * Creates a plain object from an IngressTo message. Also converts values to other types if specified.
+                         * @param message IngressTo
+                         * @param [options] Conversion options
+                         * @returns Plain object
+                         */
+                        public static toObject(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                        /**
+                         * Converts this IngressTo to JSON.
+                         * @returns JSON object
+                         */
+                        public toJSON(): { [k: string]: any };
+
+                        /**
+                         * Gets the default type url for IngressTo
+                         * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns The default type url
+                         */
+                        public static getTypeUrl(typeUrlPrefix?: string): string;
+                    }
+
+                    /** Properties of an IngressPolicy. */
+                    interface IIngressPolicy {
+
+                        /** IngressPolicy ingressFrom */
+                        ingressFrom?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressFrom|null);
+
+                        /** IngressPolicy ingressTo */
+                        ingressTo?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressTo|null);
+                    }
+
+                    /** Represents an IngressPolicy. */
+                    class IngressPolicy implements IIngressPolicy {
+
+                        /**
+                         * Constructs a new IngressPolicy.
+                         * @param [properties] Properties to set
+                         */
+                        constructor(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressPolicy);
+
+                        /** IngressPolicy ingressFrom. */
+                        public ingressFrom?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressFrom|null);
+
+                        /** IngressPolicy ingressTo. */
+                        public ingressTo?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressTo|null);
+
+                        /**
+                         * Creates a new IngressPolicy instance using the specified properties.
+                         * @param [properties] Properties to set
+                         * @returns IngressPolicy instance
+                         */
+                        public static create(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressPolicy): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy;
+
+                        /**
+                         * Encodes the specified IngressPolicy message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy.verify|verify} messages.
+                         * @param message IngressPolicy message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encode(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressPolicy, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Encodes the specified IngressPolicy message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy.verify|verify} messages.
+                         * @param message IngressPolicy message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressPolicy, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Decodes an IngressPolicy message from the specified reader or buffer.
+                         * @param reader Reader or buffer to decode from
+                         * @param [length] Message length if known beforehand
+                         * @returns IngressPolicy
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy;
+
+                        /**
+                         * Decodes an IngressPolicy message from the specified reader or buffer, length delimited.
+                         * @param reader Reader or buffer to decode from
+                         * @returns IngressPolicy
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy;
+
+                        /**
+                         * Verifies an IngressPolicy message.
+                         * @param message Plain object to verify
+                         * @returns `null` if valid, otherwise the reason why it is not
+                         */
+                        public static verify(message: { [k: string]: any }): (string|null);
+
+                        /**
+                         * Creates an IngressPolicy message from a plain object. Also converts values to their respective internal types.
+                         * @param object Plain object
+                         * @returns IngressPolicy
+                         */
+                        public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy;
+
+                        /**
+                         * Creates a plain object from an IngressPolicy message. Also converts values to other types if specified.
+                         * @param message IngressPolicy
+                         * @param [options] Conversion options
+                         * @returns Plain object
+                         */
+                        public static toObject(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                        /**
+                         * Converts this IngressPolicy to JSON.
+                         * @returns JSON object
+                         */
+                        public toJSON(): { [k: string]: any };
+
+                        /**
+                         * Gets the default type url for IngressPolicy
+                         * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns The default type url
+                         */
+                        public static getTypeUrl(typeUrlPrefix?: string): string;
+                    }
+
+                    /** Properties of an EgressFrom. */
+                    interface IEgressFrom {
+
+                        /** EgressFrom identities */
+                        identities?: (string[]|null);
+
+                        /** EgressFrom identityType */
+                        identityType?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType|keyof typeof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType|null);
+                    }
+
+                    /** Represents an EgressFrom. */
+                    class EgressFrom implements IEgressFrom {
+
+                        /**
+                         * Constructs a new EgressFrom.
+                         * @param [properties] Properties to set
+                         */
+                        constructor(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressFrom);
+
+                        /** EgressFrom identities. */
+                        public identities: string[];
+
+                        /** EgressFrom identityType. */
+                        public identityType: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType|keyof typeof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType);
+
+                        /**
+                         * Creates a new EgressFrom instance using the specified properties.
+                         * @param [properties] Properties to set
+                         * @returns EgressFrom instance
+                         */
+                        public static create(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressFrom): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom;
+
+                        /**
+                         * Encodes the specified EgressFrom message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom.verify|verify} messages.
+                         * @param message EgressFrom message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encode(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressFrom, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Encodes the specified EgressFrom message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom.verify|verify} messages.
+                         * @param message EgressFrom message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressFrom, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Decodes an EgressFrom message from the specified reader or buffer.
+                         * @param reader Reader or buffer to decode from
+                         * @param [length] Message length if known beforehand
+                         * @returns EgressFrom
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom;
+
+                        /**
+                         * Decodes an EgressFrom message from the specified reader or buffer, length delimited.
+                         * @param reader Reader or buffer to decode from
+                         * @returns EgressFrom
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom;
+
+                        /**
+                         * Verifies an EgressFrom message.
+                         * @param message Plain object to verify
+                         * @returns `null` if valid, otherwise the reason why it is not
+                         */
+                        public static verify(message: { [k: string]: any }): (string|null);
+
+                        /**
+                         * Creates an EgressFrom message from a plain object. Also converts values to their respective internal types.
+                         * @param object Plain object
+                         * @returns EgressFrom
+                         */
+                        public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom;
+
+                        /**
+                         * Creates a plain object from an EgressFrom message. Also converts values to other types if specified.
+                         * @param message EgressFrom
+                         * @param [options] Conversion options
+                         * @returns Plain object
+                         */
+                        public static toObject(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                        /**
+                         * Converts this EgressFrom to JSON.
+                         * @returns JSON object
+                         */
+                        public toJSON(): { [k: string]: any };
+
+                        /**
+                         * Gets the default type url for EgressFrom
+                         * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns The default type url
+                         */
+                        public static getTypeUrl(typeUrlPrefix?: string): string;
+                    }
+
+                    /** Properties of an EgressTo. */
+                    interface IEgressTo {
+
+                        /** EgressTo resources */
+                        resources?: (string[]|null);
+
+                        /** EgressTo operations */
+                        operations?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation[]|null);
+
+                        /** EgressTo externalResources */
+                        externalResources?: (string[]|null);
+                    }
+
+                    /** Represents an EgressTo. */
+                    class EgressTo implements IEgressTo {
+
+                        /**
+                         * Constructs a new EgressTo.
+                         * @param [properties] Properties to set
+                         */
+                        constructor(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressTo);
+
+                        /** EgressTo resources. */
+                        public resources: string[];
+
+                        /** EgressTo operations. */
+                        public operations: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation[];
+
+                        /** EgressTo externalResources. */
+                        public externalResources: string[];
+
+                        /**
+                         * Creates a new EgressTo instance using the specified properties.
+                         * @param [properties] Properties to set
+                         * @returns EgressTo instance
+                         */
+                        public static create(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressTo): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo;
+
+                        /**
+                         * Encodes the specified EgressTo message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo.verify|verify} messages.
+                         * @param message EgressTo message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encode(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressTo, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Encodes the specified EgressTo message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo.verify|verify} messages.
+                         * @param message EgressTo message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressTo, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Decodes an EgressTo message from the specified reader or buffer.
+                         * @param reader Reader or buffer to decode from
+                         * @param [length] Message length if known beforehand
+                         * @returns EgressTo
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo;
+
+                        /**
+                         * Decodes an EgressTo message from the specified reader or buffer, length delimited.
+                         * @param reader Reader or buffer to decode from
+                         * @returns EgressTo
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo;
+
+                        /**
+                         * Verifies an EgressTo message.
+                         * @param message Plain object to verify
+                         * @returns `null` if valid, otherwise the reason why it is not
+                         */
+                        public static verify(message: { [k: string]: any }): (string|null);
+
+                        /**
+                         * Creates an EgressTo message from a plain object. Also converts values to their respective internal types.
+                         * @param object Plain object
+                         * @returns EgressTo
+                         */
+                        public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo;
+
+                        /**
+                         * Creates a plain object from an EgressTo message. Also converts values to other types if specified.
+                         * @param message EgressTo
+                         * @param [options] Conversion options
+                         * @returns Plain object
+                         */
+                        public static toObject(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                        /**
+                         * Converts this EgressTo to JSON.
+                         * @returns JSON object
+                         */
+                        public toJSON(): { [k: string]: any };
+
+                        /**
+                         * Gets the default type url for EgressTo
+                         * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns The default type url
+                         */
+                        public static getTypeUrl(typeUrlPrefix?: string): string;
+                    }
+
+                    /** Properties of an EgressPolicy. */
+                    interface IEgressPolicy {
+
+                        /** EgressPolicy egressFrom */
+                        egressFrom?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressFrom|null);
+
+                        /** EgressPolicy egressTo */
+                        egressTo?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressTo|null);
+                    }
+
+                    /** Represents an EgressPolicy. */
+                    class EgressPolicy implements IEgressPolicy {
+
+                        /**
+                         * Constructs a new EgressPolicy.
+                         * @param [properties] Properties to set
+                         */
+                        constructor(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressPolicy);
+
+                        /** EgressPolicy egressFrom. */
+                        public egressFrom?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressFrom|null);
+
+                        /** EgressPolicy egressTo. */
+                        public egressTo?: (google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressTo|null);
+
+                        /**
+                         * Creates a new EgressPolicy instance using the specified properties.
+                         * @param [properties] Properties to set
+                         * @returns EgressPolicy instance
+                         */
+                        public static create(properties?: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressPolicy): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy;
+
+                        /**
+                         * Encodes the specified EgressPolicy message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy.verify|verify} messages.
+                         * @param message EgressPolicy message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encode(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressPolicy, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Encodes the specified EgressPolicy message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy.verify|verify} messages.
+                         * @param message EgressPolicy message or plain object to encode
+                         * @param [writer] Writer to encode to
+                         * @returns Writer
+                         */
+                        public static encodeDelimited(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressPolicy, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                        /**
+                         * Decodes an EgressPolicy message from the specified reader or buffer.
+                         * @param reader Reader or buffer to decode from
+                         * @param [length] Message length if known beforehand
+                         * @returns EgressPolicy
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy;
+
+                        /**
+                         * Decodes an EgressPolicy message from the specified reader or buffer, length delimited.
+                         * @param reader Reader or buffer to decode from
+                         * @returns EgressPolicy
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy;
+
+                        /**
+                         * Verifies an EgressPolicy message.
+                         * @param message Plain object to verify
+                         * @returns `null` if valid, otherwise the reason why it is not
+                         */
+                        public static verify(message: { [k: string]: any }): (string|null);
+
+                        /**
+                         * Creates an EgressPolicy message from a plain object. Also converts values to their respective internal types.
+                         * @param object Plain object
+                         * @returns EgressPolicy
+                         */
+                        public static fromObject(object: { [k: string]: any }): google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy;
+
+                        /**
+                         * Creates a plain object from an EgressPolicy message. Also converts values to other types if specified.
+                         * @param message EgressPolicy
+                         * @param [options] Conversion options
+                         * @returns Plain object
+                         */
+                        public static toObject(message: google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                        /**
+                         * Converts this EgressPolicy to JSON.
+                         * @returns JSON object
+                         */
+                        public toJSON(): { [k: string]: any };
+
+                        /**
+                         * Gets the default type url for EgressPolicy
+                         * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns The default type url
+                         */
+                        public static getTypeUrl(typeUrlPrefix?: string): string;
+                    }
+                }
+            }
+        }
+    }
+
+    /** Namespace api. */
+    namespace api {
+
+        /** Properties of a Http. */
+        interface IHttp {
+
+            /** Http rules */
+            rules?: (google.api.IHttpRule[]|null);
+
+            /** Http fullyDecodeReservedExpansion */
+            fullyDecodeReservedExpansion?: (boolean|null);
+        }
+
+        /** Represents a Http. */
+        class Http implements IHttp {
+
+            /**
+             * Constructs a new Http.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.api.IHttp);
+
+            /** Http rules. */
+            public rules: google.api.IHttpRule[];
+
+            /** Http fullyDecodeReservedExpansion. */
+            public fullyDecodeReservedExpansion: boolean;
+
+            /**
+             * Creates a new Http instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns Http instance
+             */
+            public static create(properties?: google.api.IHttp): google.api.Http;
+
+            /**
+             * Encodes the specified Http message. Does not implicitly {@link google.api.Http.verify|verify} messages.
+             * @param message Http message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.api.IHttp, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified Http message, length delimited. Does not implicitly {@link google.api.Http.verify|verify} messages.
+             * @param message Http message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.api.IHttp, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a Http message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns Http
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.api.Http;
+
+            /**
+             * Decodes a Http message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns Http
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.api.Http;
+
+            /**
+             * Verifies a Http message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a Http message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns Http
+             */
+            public static fromObject(object: { [k: string]: any }): google.api.Http;
+
+            /**
+             * Creates a plain object from a Http message. Also converts values to other types if specified.
+             * @param message Http
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.api.Http, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this Http to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for Http
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a HttpRule. */
+        interface IHttpRule {
+
+            /** HttpRule selector */
+            selector?: (string|null);
+
+            /** HttpRule get */
+            get?: (string|null);
+
+            /** HttpRule put */
+            put?: (string|null);
+
+            /** HttpRule post */
+            post?: (string|null);
+
+            /** HttpRule delete */
+            "delete"?: (string|null);
+
+            /** HttpRule patch */
+            patch?: (string|null);
+
+            /** HttpRule custom */
+            custom?: (google.api.ICustomHttpPattern|null);
+
+            /** HttpRule body */
+            body?: (string|null);
+
+            /** HttpRule responseBody */
+            responseBody?: (string|null);
+
+            /** HttpRule additionalBindings */
+            additionalBindings?: (google.api.IHttpRule[]|null);
+        }
+
+        /** Represents a HttpRule. */
+        class HttpRule implements IHttpRule {
+
+            /**
+             * Constructs a new HttpRule.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.api.IHttpRule);
+
+            /** HttpRule selector. */
+            public selector: string;
+
+            /** HttpRule get. */
+            public get?: (string|null);
+
+            /** HttpRule put. */
+            public put?: (string|null);
+
+            /** HttpRule post. */
+            public post?: (string|null);
+
+            /** HttpRule delete. */
+            public delete?: (string|null);
+
+            /** HttpRule patch. */
+            public patch?: (string|null);
+
+            /** HttpRule custom. */
+            public custom?: (google.api.ICustomHttpPattern|null);
+
+            /** HttpRule body. */
+            public body: string;
+
+            /** HttpRule responseBody. */
+            public responseBody: string;
+
+            /** HttpRule additionalBindings. */
+            public additionalBindings: google.api.IHttpRule[];
+
+            /** HttpRule pattern. */
+            public pattern?: ("get"|"put"|"post"|"delete"|"patch"|"custom");
+
+            /**
+             * Creates a new HttpRule instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns HttpRule instance
+             */
+            public static create(properties?: google.api.IHttpRule): google.api.HttpRule;
+
+            /**
+             * Encodes the specified HttpRule message. Does not implicitly {@link google.api.HttpRule.verify|verify} messages.
+             * @param message HttpRule message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.api.IHttpRule, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified HttpRule message, length delimited. Does not implicitly {@link google.api.HttpRule.verify|verify} messages.
+             * @param message HttpRule message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.api.IHttpRule, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a HttpRule message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns HttpRule
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.api.HttpRule;
+
+            /**
+             * Decodes a HttpRule message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns HttpRule
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.api.HttpRule;
+
+            /**
+             * Verifies a HttpRule message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a HttpRule message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns HttpRule
+             */
+            public static fromObject(object: { [k: string]: any }): google.api.HttpRule;
+
+            /**
+             * Creates a plain object from a HttpRule message. Also converts values to other types if specified.
+             * @param message HttpRule
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.api.HttpRule, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this HttpRule to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for HttpRule
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a CustomHttpPattern. */
+        interface ICustomHttpPattern {
+
+            /** CustomHttpPattern kind */
+            kind?: (string|null);
+
+            /** CustomHttpPattern path */
+            path?: (string|null);
+        }
+
+        /** Represents a CustomHttpPattern. */
+        class CustomHttpPattern implements ICustomHttpPattern {
+
+            /**
+             * Constructs a new CustomHttpPattern.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.api.ICustomHttpPattern);
+
+            /** CustomHttpPattern kind. */
+            public kind: string;
+
+            /** CustomHttpPattern path. */
+            public path: string;
+
+            /**
+             * Creates a new CustomHttpPattern instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns CustomHttpPattern instance
+             */
+            public static create(properties?: google.api.ICustomHttpPattern): google.api.CustomHttpPattern;
+
+            /**
+             * Encodes the specified CustomHttpPattern message. Does not implicitly {@link google.api.CustomHttpPattern.verify|verify} messages.
+             * @param message CustomHttpPattern message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.api.ICustomHttpPattern, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified CustomHttpPattern message, length delimited. Does not implicitly {@link google.api.CustomHttpPattern.verify|verify} messages.
+             * @param message CustomHttpPattern message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.api.ICustomHttpPattern, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a CustomHttpPattern message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns CustomHttpPattern
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.api.CustomHttpPattern;
+
+            /**
+             * Decodes a CustomHttpPattern message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns CustomHttpPattern
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.api.CustomHttpPattern;
+
+            /**
+             * Verifies a CustomHttpPattern message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a CustomHttpPattern message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns CustomHttpPattern
+             */
+            public static fromObject(object: { [k: string]: any }): google.api.CustomHttpPattern;
+
+            /**
+             * Creates a plain object from a CustomHttpPattern message. Also converts values to other types if specified.
+             * @param message CustomHttpPattern
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.api.CustomHttpPattern, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this CustomHttpPattern to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for CustomHttpPattern
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** FieldBehavior enum. */
+        enum FieldBehavior {
+            FIELD_BEHAVIOR_UNSPECIFIED = 0,
+            OPTIONAL = 1,
+            REQUIRED = 2,
+            OUTPUT_ONLY = 3,
+            INPUT_ONLY = 4,
+            IMMUTABLE = 5,
+            UNORDERED_LIST = 6,
+            NON_EMPTY_DEFAULT = 7
+        }
+
+        /** Properties of a ResourceDescriptor. */
+        interface IResourceDescriptor {
+
+            /** ResourceDescriptor type */
+            type?: (string|null);
+
+            /** ResourceDescriptor pattern */
+            pattern?: (string[]|null);
+
+            /** ResourceDescriptor nameField */
+            nameField?: (string|null);
+
+            /** ResourceDescriptor history */
+            history?: (google.api.ResourceDescriptor.History|keyof typeof google.api.ResourceDescriptor.History|null);
+
+            /** ResourceDescriptor plural */
+            plural?: (string|null);
+
+            /** ResourceDescriptor singular */
+            singular?: (string|null);
+
+            /** ResourceDescriptor style */
+            style?: (google.api.ResourceDescriptor.Style[]|null);
+        }
+
+        /** Represents a ResourceDescriptor. */
+        class ResourceDescriptor implements IResourceDescriptor {
+
+            /**
+             * Constructs a new ResourceDescriptor.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.api.IResourceDescriptor);
+
+            /** ResourceDescriptor type. */
+            public type: string;
+
+            /** ResourceDescriptor pattern. */
+            public pattern: string[];
+
+            /** ResourceDescriptor nameField. */
+            public nameField: string;
+
+            /** ResourceDescriptor history. */
+            public history: (google.api.ResourceDescriptor.History|keyof typeof google.api.ResourceDescriptor.History);
+
+            /** ResourceDescriptor plural. */
+            public plural: string;
+
+            /** ResourceDescriptor singular. */
+            public singular: string;
+
+            /** ResourceDescriptor style. */
+            public style: google.api.ResourceDescriptor.Style[];
+
+            /**
+             * Creates a new ResourceDescriptor instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns ResourceDescriptor instance
+             */
+            public static create(properties?: google.api.IResourceDescriptor): google.api.ResourceDescriptor;
+
+            /**
+             * Encodes the specified ResourceDescriptor message. Does not implicitly {@link google.api.ResourceDescriptor.verify|verify} messages.
+             * @param message ResourceDescriptor message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.api.IResourceDescriptor, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified ResourceDescriptor message, length delimited. Does not implicitly {@link google.api.ResourceDescriptor.verify|verify} messages.
+             * @param message ResourceDescriptor message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.api.IResourceDescriptor, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a ResourceDescriptor message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns ResourceDescriptor
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.api.ResourceDescriptor;
+
+            /**
+             * Decodes a ResourceDescriptor message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns ResourceDescriptor
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.api.ResourceDescriptor;
+
+            /**
+             * Verifies a ResourceDescriptor message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a ResourceDescriptor message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns ResourceDescriptor
+             */
+            public static fromObject(object: { [k: string]: any }): google.api.ResourceDescriptor;
+
+            /**
+             * Creates a plain object from a ResourceDescriptor message. Also converts values to other types if specified.
+             * @param message ResourceDescriptor
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.api.ResourceDescriptor, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this ResourceDescriptor to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for ResourceDescriptor
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        namespace ResourceDescriptor {
+
+            /** History enum. */
+            enum History {
+                HISTORY_UNSPECIFIED = 0,
+                ORIGINALLY_SINGLE_PATTERN = 1,
+                FUTURE_MULTI_PATTERN = 2
+            }
+
+            /** Style enum. */
+            enum Style {
+                STYLE_UNSPECIFIED = 0,
+                DECLARATIVE_FRIENDLY = 1
+            }
+        }
+
+        /** Properties of a ResourceReference. */
+        interface IResourceReference {
+
+            /** ResourceReference type */
+            type?: (string|null);
+
+            /** ResourceReference childType */
+            childType?: (string|null);
+        }
+
+        /** Represents a ResourceReference. */
+        class ResourceReference implements IResourceReference {
+
+            /**
+             * Constructs a new ResourceReference.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.api.IResourceReference);
+
+            /** ResourceReference type. */
+            public type: string;
+
+            /** ResourceReference childType. */
+            public childType: string;
+
+            /**
+             * Creates a new ResourceReference instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns ResourceReference instance
+             */
+            public static create(properties?: google.api.IResourceReference): google.api.ResourceReference;
+
+            /**
+             * Encodes the specified ResourceReference message. Does not implicitly {@link google.api.ResourceReference.verify|verify} messages.
+             * @param message ResourceReference message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.api.IResourceReference, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified ResourceReference message, length delimited. Does not implicitly {@link google.api.ResourceReference.verify|verify} messages.
+             * @param message ResourceReference message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.api.IResourceReference, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a ResourceReference message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns ResourceReference
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.api.ResourceReference;
+
+            /**
+             * Decodes a ResourceReference message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns ResourceReference
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.api.ResourceReference;
+
+            /**
+             * Verifies a ResourceReference message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a ResourceReference message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns ResourceReference
+             */
+            public static fromObject(object: { [k: string]: any }): google.api.ResourceReference;
+
+            /**
+             * Creates a plain object from a ResourceReference message. Also converts values to other types if specified.
+             * @param message ResourceReference
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.api.ResourceReference, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this ResourceReference to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for ResourceReference
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+    }
+
+    /** Namespace protobuf. */
+    namespace protobuf {
+
+        /** Properties of a FileDescriptorSet. */
+        interface IFileDescriptorSet {
+
+            /** FileDescriptorSet file */
+            file?: (google.protobuf.IFileDescriptorProto[]|null);
+        }
+
+        /** Represents a FileDescriptorSet. */
+        class FileDescriptorSet implements IFileDescriptorSet {
+
+            /**
+             * Constructs a new FileDescriptorSet.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IFileDescriptorSet);
+
+            /** FileDescriptorSet file. */
+            public file: google.protobuf.IFileDescriptorProto[];
+
+            /**
+             * Creates a new FileDescriptorSet instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns FileDescriptorSet instance
+             */
+            public static create(properties?: google.protobuf.IFileDescriptorSet): google.protobuf.FileDescriptorSet;
+
+            /**
+             * Encodes the specified FileDescriptorSet message. Does not implicitly {@link google.protobuf.FileDescriptorSet.verify|verify} messages.
+             * @param message FileDescriptorSet message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IFileDescriptorSet, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified FileDescriptorSet message, length delimited. Does not implicitly {@link google.protobuf.FileDescriptorSet.verify|verify} messages.
+             * @param message FileDescriptorSet message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IFileDescriptorSet, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a FileDescriptorSet message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns FileDescriptorSet
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.FileDescriptorSet;
+
+            /**
+             * Decodes a FileDescriptorSet message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns FileDescriptorSet
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.FileDescriptorSet;
+
+            /**
+             * Verifies a FileDescriptorSet message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a FileDescriptorSet message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns FileDescriptorSet
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.FileDescriptorSet;
+
+            /**
+             * Creates a plain object from a FileDescriptorSet message. Also converts values to other types if specified.
+             * @param message FileDescriptorSet
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.FileDescriptorSet, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this FileDescriptorSet to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for FileDescriptorSet
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a FileDescriptorProto. */
+        interface IFileDescriptorProto {
+
+            /** FileDescriptorProto name */
+            name?: (string|null);
+
+            /** FileDescriptorProto package */
+            "package"?: (string|null);
+
+            /** FileDescriptorProto dependency */
+            dependency?: (string[]|null);
+
+            /** FileDescriptorProto publicDependency */
+            publicDependency?: (number[]|null);
+
+            /** FileDescriptorProto weakDependency */
+            weakDependency?: (number[]|null);
+
+            /** FileDescriptorProto messageType */
+            messageType?: (google.protobuf.IDescriptorProto[]|null);
+
+            /** FileDescriptorProto enumType */
+            enumType?: (google.protobuf.IEnumDescriptorProto[]|null);
+
+            /** FileDescriptorProto service */
+            service?: (google.protobuf.IServiceDescriptorProto[]|null);
+
+            /** FileDescriptorProto extension */
+            extension?: (google.protobuf.IFieldDescriptorProto[]|null);
+
+            /** FileDescriptorProto options */
+            options?: (google.protobuf.IFileOptions|null);
+
+            /** FileDescriptorProto sourceCodeInfo */
+            sourceCodeInfo?: (google.protobuf.ISourceCodeInfo|null);
+
+            /** FileDescriptorProto syntax */
+            syntax?: (string|null);
+
+            /** FileDescriptorProto edition */
+            edition?: (string|null);
+        }
+
+        /** Represents a FileDescriptorProto. */
+        class FileDescriptorProto implements IFileDescriptorProto {
+
+            /**
+             * Constructs a new FileDescriptorProto.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IFileDescriptorProto);
+
+            /** FileDescriptorProto name. */
+            public name: string;
+
+            /** FileDescriptorProto package. */
+            public package: string;
+
+            /** FileDescriptorProto dependency. */
+            public dependency: string[];
+
+            /** FileDescriptorProto publicDependency. */
+            public publicDependency: number[];
+
+            /** FileDescriptorProto weakDependency. */
+            public weakDependency: number[];
+
+            /** FileDescriptorProto messageType. */
+            public messageType: google.protobuf.IDescriptorProto[];
+
+            /** FileDescriptorProto enumType. */
+            public enumType: google.protobuf.IEnumDescriptorProto[];
+
+            /** FileDescriptorProto service. */
+            public service: google.protobuf.IServiceDescriptorProto[];
+
+            /** FileDescriptorProto extension. */
+            public extension: google.protobuf.IFieldDescriptorProto[];
+
+            /** FileDescriptorProto options. */
+            public options?: (google.protobuf.IFileOptions|null);
+
+            /** FileDescriptorProto sourceCodeInfo. */
+            public sourceCodeInfo?: (google.protobuf.ISourceCodeInfo|null);
+
+            /** FileDescriptorProto syntax. */
+            public syntax: string;
+
+            /** FileDescriptorProto edition. */
+            public edition: string;
+
+            /**
+             * Creates a new FileDescriptorProto instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns FileDescriptorProto instance
+             */
+            public static create(properties?: google.protobuf.IFileDescriptorProto): google.protobuf.FileDescriptorProto;
+
+            /**
+             * Encodes the specified FileDescriptorProto message. Does not implicitly {@link google.protobuf.FileDescriptorProto.verify|verify} messages.
+             * @param message FileDescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IFileDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified FileDescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.FileDescriptorProto.verify|verify} messages.
+             * @param message FileDescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IFileDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a FileDescriptorProto message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns FileDescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.FileDescriptorProto;
+
+            /**
+             * Decodes a FileDescriptorProto message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns FileDescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.FileDescriptorProto;
+
+            /**
+             * Verifies a FileDescriptorProto message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a FileDescriptorProto message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns FileDescriptorProto
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.FileDescriptorProto;
+
+            /**
+             * Creates a plain object from a FileDescriptorProto message. Also converts values to other types if specified.
+             * @param message FileDescriptorProto
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.FileDescriptorProto, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this FileDescriptorProto to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for FileDescriptorProto
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a DescriptorProto. */
+        interface IDescriptorProto {
+
+            /** DescriptorProto name */
+            name?: (string|null);
+
+            /** DescriptorProto field */
+            field?: (google.protobuf.IFieldDescriptorProto[]|null);
+
+            /** DescriptorProto extension */
+            extension?: (google.protobuf.IFieldDescriptorProto[]|null);
+
+            /** DescriptorProto nestedType */
+            nestedType?: (google.protobuf.IDescriptorProto[]|null);
+
+            /** DescriptorProto enumType */
+            enumType?: (google.protobuf.IEnumDescriptorProto[]|null);
+
+            /** DescriptorProto extensionRange */
+            extensionRange?: (google.protobuf.DescriptorProto.IExtensionRange[]|null);
+
+            /** DescriptorProto oneofDecl */
+            oneofDecl?: (google.protobuf.IOneofDescriptorProto[]|null);
+
+            /** DescriptorProto options */
+            options?: (google.protobuf.IMessageOptions|null);
+
+            /** DescriptorProto reservedRange */
+            reservedRange?: (google.protobuf.DescriptorProto.IReservedRange[]|null);
+
+            /** DescriptorProto reservedName */
+            reservedName?: (string[]|null);
+        }
+
+        /** Represents a DescriptorProto. */
+        class DescriptorProto implements IDescriptorProto {
+
+            /**
+             * Constructs a new DescriptorProto.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IDescriptorProto);
+
+            /** DescriptorProto name. */
+            public name: string;
+
+            /** DescriptorProto field. */
+            public field: google.protobuf.IFieldDescriptorProto[];
+
+            /** DescriptorProto extension. */
+            public extension: google.protobuf.IFieldDescriptorProto[];
+
+            /** DescriptorProto nestedType. */
+            public nestedType: google.protobuf.IDescriptorProto[];
+
+            /** DescriptorProto enumType. */
+            public enumType: google.protobuf.IEnumDescriptorProto[];
+
+            /** DescriptorProto extensionRange. */
+            public extensionRange: google.protobuf.DescriptorProto.IExtensionRange[];
+
+            /** DescriptorProto oneofDecl. */
+            public oneofDecl: google.protobuf.IOneofDescriptorProto[];
+
+            /** DescriptorProto options. */
+            public options?: (google.protobuf.IMessageOptions|null);
+
+            /** DescriptorProto reservedRange. */
+            public reservedRange: google.protobuf.DescriptorProto.IReservedRange[];
+
+            /** DescriptorProto reservedName. */
+            public reservedName: string[];
+
+            /**
+             * Creates a new DescriptorProto instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns DescriptorProto instance
+             */
+            public static create(properties?: google.protobuf.IDescriptorProto): google.protobuf.DescriptorProto;
+
+            /**
+             * Encodes the specified DescriptorProto message. Does not implicitly {@link google.protobuf.DescriptorProto.verify|verify} messages.
+             * @param message DescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified DescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.DescriptorProto.verify|verify} messages.
+             * @param message DescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a DescriptorProto message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns DescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.DescriptorProto;
+
+            /**
+             * Decodes a DescriptorProto message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns DescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.DescriptorProto;
+
+            /**
+             * Verifies a DescriptorProto message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a DescriptorProto message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns DescriptorProto
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.DescriptorProto;
+
+            /**
+             * Creates a plain object from a DescriptorProto message. Also converts values to other types if specified.
+             * @param message DescriptorProto
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.DescriptorProto, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this DescriptorProto to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for DescriptorProto
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        namespace DescriptorProto {
+
+            /** Properties of an ExtensionRange. */
+            interface IExtensionRange {
+
+                /** ExtensionRange start */
+                start?: (number|null);
+
+                /** ExtensionRange end */
+                end?: (number|null);
+
+                /** ExtensionRange options */
+                options?: (google.protobuf.IExtensionRangeOptions|null);
+            }
+
+            /** Represents an ExtensionRange. */
+            class ExtensionRange implements IExtensionRange {
+
+                /**
+                 * Constructs a new ExtensionRange.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.protobuf.DescriptorProto.IExtensionRange);
+
+                /** ExtensionRange start. */
+                public start: number;
+
+                /** ExtensionRange end. */
+                public end: number;
+
+                /** ExtensionRange options. */
+                public options?: (google.protobuf.IExtensionRangeOptions|null);
+
+                /**
+                 * Creates a new ExtensionRange instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns ExtensionRange instance
+                 */
+                public static create(properties?: google.protobuf.DescriptorProto.IExtensionRange): google.protobuf.DescriptorProto.ExtensionRange;
+
+                /**
+                 * Encodes the specified ExtensionRange message. Does not implicitly {@link google.protobuf.DescriptorProto.ExtensionRange.verify|verify} messages.
+                 * @param message ExtensionRange message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.protobuf.DescriptorProto.IExtensionRange, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified ExtensionRange message, length delimited. Does not implicitly {@link google.protobuf.DescriptorProto.ExtensionRange.verify|verify} messages.
+                 * @param message ExtensionRange message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.protobuf.DescriptorProto.IExtensionRange, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes an ExtensionRange message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns ExtensionRange
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.DescriptorProto.ExtensionRange;
+
+                /**
+                 * Decodes an ExtensionRange message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns ExtensionRange
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.DescriptorProto.ExtensionRange;
+
+                /**
+                 * Verifies an ExtensionRange message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates an ExtensionRange message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns ExtensionRange
+                 */
+                public static fromObject(object: { [k: string]: any }): google.protobuf.DescriptorProto.ExtensionRange;
+
+                /**
+                 * Creates a plain object from an ExtensionRange message. Also converts values to other types if specified.
+                 * @param message ExtensionRange
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.protobuf.DescriptorProto.ExtensionRange, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this ExtensionRange to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for ExtensionRange
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+
+            /** Properties of a ReservedRange. */
+            interface IReservedRange {
+
+                /** ReservedRange start */
+                start?: (number|null);
+
+                /** ReservedRange end */
+                end?: (number|null);
+            }
+
+            /** Represents a ReservedRange. */
+            class ReservedRange implements IReservedRange {
+
+                /**
+                 * Constructs a new ReservedRange.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.protobuf.DescriptorProto.IReservedRange);
+
+                /** ReservedRange start. */
+                public start: number;
+
+                /** ReservedRange end. */
+                public end: number;
+
+                /**
+                 * Creates a new ReservedRange instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns ReservedRange instance
+                 */
+                public static create(properties?: google.protobuf.DescriptorProto.IReservedRange): google.protobuf.DescriptorProto.ReservedRange;
+
+                /**
+                 * Encodes the specified ReservedRange message. Does not implicitly {@link google.protobuf.DescriptorProto.ReservedRange.verify|verify} messages.
+                 * @param message ReservedRange message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.protobuf.DescriptorProto.IReservedRange, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified ReservedRange message, length delimited. Does not implicitly {@link google.protobuf.DescriptorProto.ReservedRange.verify|verify} messages.
+                 * @param message ReservedRange message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.protobuf.DescriptorProto.IReservedRange, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes a ReservedRange message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns ReservedRange
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.DescriptorProto.ReservedRange;
+
+                /**
+                 * Decodes a ReservedRange message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns ReservedRange
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.DescriptorProto.ReservedRange;
+
+                /**
+                 * Verifies a ReservedRange message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates a ReservedRange message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns ReservedRange
+                 */
+                public static fromObject(object: { [k: string]: any }): google.protobuf.DescriptorProto.ReservedRange;
+
+                /**
+                 * Creates a plain object from a ReservedRange message. Also converts values to other types if specified.
+                 * @param message ReservedRange
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.protobuf.DescriptorProto.ReservedRange, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this ReservedRange to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for ReservedRange
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+        }
+
+        /** Properties of an ExtensionRangeOptions. */
+        interface IExtensionRangeOptions {
+
+            /** ExtensionRangeOptions uninterpretedOption */
+            uninterpretedOption?: (google.protobuf.IUninterpretedOption[]|null);
+        }
+
+        /** Represents an ExtensionRangeOptions. */
+        class ExtensionRangeOptions implements IExtensionRangeOptions {
+
+            /**
+             * Constructs a new ExtensionRangeOptions.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IExtensionRangeOptions);
+
+            /** ExtensionRangeOptions uninterpretedOption. */
+            public uninterpretedOption: google.protobuf.IUninterpretedOption[];
+
+            /**
+             * Creates a new ExtensionRangeOptions instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns ExtensionRangeOptions instance
+             */
+            public static create(properties?: google.protobuf.IExtensionRangeOptions): google.protobuf.ExtensionRangeOptions;
+
+            /**
+             * Encodes the specified ExtensionRangeOptions message. Does not implicitly {@link google.protobuf.ExtensionRangeOptions.verify|verify} messages.
+             * @param message ExtensionRangeOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IExtensionRangeOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified ExtensionRangeOptions message, length delimited. Does not implicitly {@link google.protobuf.ExtensionRangeOptions.verify|verify} messages.
+             * @param message ExtensionRangeOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IExtensionRangeOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes an ExtensionRangeOptions message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns ExtensionRangeOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.ExtensionRangeOptions;
+
+            /**
+             * Decodes an ExtensionRangeOptions message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns ExtensionRangeOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.ExtensionRangeOptions;
+
+            /**
+             * Verifies an ExtensionRangeOptions message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates an ExtensionRangeOptions message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns ExtensionRangeOptions
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.ExtensionRangeOptions;
+
+            /**
+             * Creates a plain object from an ExtensionRangeOptions message. Also converts values to other types if specified.
+             * @param message ExtensionRangeOptions
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.ExtensionRangeOptions, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this ExtensionRangeOptions to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for ExtensionRangeOptions
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a FieldDescriptorProto. */
+        interface IFieldDescriptorProto {
+
+            /** FieldDescriptorProto name */
+            name?: (string|null);
+
+            /** FieldDescriptorProto number */
+            number?: (number|null);
+
+            /** FieldDescriptorProto label */
+            label?: (google.protobuf.FieldDescriptorProto.Label|keyof typeof google.protobuf.FieldDescriptorProto.Label|null);
+
+            /** FieldDescriptorProto type */
+            type?: (google.protobuf.FieldDescriptorProto.Type|keyof typeof google.protobuf.FieldDescriptorProto.Type|null);
+
+            /** FieldDescriptorProto typeName */
+            typeName?: (string|null);
+
+            /** FieldDescriptorProto extendee */
+            extendee?: (string|null);
+
+            /** FieldDescriptorProto defaultValue */
+            defaultValue?: (string|null);
+
+            /** FieldDescriptorProto oneofIndex */
+            oneofIndex?: (number|null);
+
+            /** FieldDescriptorProto jsonName */
+            jsonName?: (string|null);
+
+            /** FieldDescriptorProto options */
+            options?: (google.protobuf.IFieldOptions|null);
+
+            /** FieldDescriptorProto proto3Optional */
+            proto3Optional?: (boolean|null);
+        }
+
+        /** Represents a FieldDescriptorProto. */
+        class FieldDescriptorProto implements IFieldDescriptorProto {
+
+            /**
+             * Constructs a new FieldDescriptorProto.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IFieldDescriptorProto);
+
+            /** FieldDescriptorProto name. */
+            public name: string;
+
+            /** FieldDescriptorProto number. */
+            public number: number;
+
+            /** FieldDescriptorProto label. */
+            public label: (google.protobuf.FieldDescriptorProto.Label|keyof typeof google.protobuf.FieldDescriptorProto.Label);
+
+            /** FieldDescriptorProto type. */
+            public type: (google.protobuf.FieldDescriptorProto.Type|keyof typeof google.protobuf.FieldDescriptorProto.Type);
+
+            /** FieldDescriptorProto typeName. */
+            public typeName: string;
+
+            /** FieldDescriptorProto extendee. */
+            public extendee: string;
+
+            /** FieldDescriptorProto defaultValue. */
+            public defaultValue: string;
+
+            /** FieldDescriptorProto oneofIndex. */
+            public oneofIndex: number;
+
+            /** FieldDescriptorProto jsonName. */
+            public jsonName: string;
+
+            /** FieldDescriptorProto options. */
+            public options?: (google.protobuf.IFieldOptions|null);
+
+            /** FieldDescriptorProto proto3Optional. */
+            public proto3Optional: boolean;
+
+            /**
+             * Creates a new FieldDescriptorProto instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns FieldDescriptorProto instance
+             */
+            public static create(properties?: google.protobuf.IFieldDescriptorProto): google.protobuf.FieldDescriptorProto;
+
+            /**
+             * Encodes the specified FieldDescriptorProto message. Does not implicitly {@link google.protobuf.FieldDescriptorProto.verify|verify} messages.
+             * @param message FieldDescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IFieldDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified FieldDescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.FieldDescriptorProto.verify|verify} messages.
+             * @param message FieldDescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IFieldDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a FieldDescriptorProto message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns FieldDescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.FieldDescriptorProto;
+
+            /**
+             * Decodes a FieldDescriptorProto message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns FieldDescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.FieldDescriptorProto;
+
+            /**
+             * Verifies a FieldDescriptorProto message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a FieldDescriptorProto message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns FieldDescriptorProto
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.FieldDescriptorProto;
+
+            /**
+             * Creates a plain object from a FieldDescriptorProto message. Also converts values to other types if specified.
+             * @param message FieldDescriptorProto
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.FieldDescriptorProto, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this FieldDescriptorProto to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for FieldDescriptorProto
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        namespace FieldDescriptorProto {
+
+            /** Type enum. */
+            enum Type {
+                TYPE_DOUBLE = 1,
+                TYPE_FLOAT = 2,
+                TYPE_INT64 = 3,
+                TYPE_UINT64 = 4,
+                TYPE_INT32 = 5,
+                TYPE_FIXED64 = 6,
+                TYPE_FIXED32 = 7,
+                TYPE_BOOL = 8,
+                TYPE_STRING = 9,
+                TYPE_GROUP = 10,
+                TYPE_MESSAGE = 11,
+                TYPE_BYTES = 12,
+                TYPE_UINT32 = 13,
+                TYPE_ENUM = 14,
+                TYPE_SFIXED32 = 15,
+                TYPE_SFIXED64 = 16,
+                TYPE_SINT32 = 17,
+                TYPE_SINT64 = 18
+            }
+
+            /** Label enum. */
+            enum Label {
+                LABEL_OPTIONAL = 1,
+                LABEL_REQUIRED = 2,
+                LABEL_REPEATED = 3
+            }
+        }
+
+        /** Properties of an OneofDescriptorProto. */
+        interface IOneofDescriptorProto {
+
+            /** OneofDescriptorProto name */
+            name?: (string|null);
+
+            /** OneofDescriptorProto options */
+            options?: (google.protobuf.IOneofOptions|null);
+        }
+
+        /** Represents an OneofDescriptorProto. */
+        class OneofDescriptorProto implements IOneofDescriptorProto {
+
+            /**
+             * Constructs a new OneofDescriptorProto.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IOneofDescriptorProto);
+
+            /** OneofDescriptorProto name. */
+            public name: string;
+
+            /** OneofDescriptorProto options. */
+            public options?: (google.protobuf.IOneofOptions|null);
+
+            /**
+             * Creates a new OneofDescriptorProto instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns OneofDescriptorProto instance
+             */
+            public static create(properties?: google.protobuf.IOneofDescriptorProto): google.protobuf.OneofDescriptorProto;
+
+            /**
+             * Encodes the specified OneofDescriptorProto message. Does not implicitly {@link google.protobuf.OneofDescriptorProto.verify|verify} messages.
+             * @param message OneofDescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IOneofDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified OneofDescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.OneofDescriptorProto.verify|verify} messages.
+             * @param message OneofDescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IOneofDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes an OneofDescriptorProto message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns OneofDescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.OneofDescriptorProto;
+
+            /**
+             * Decodes an OneofDescriptorProto message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns OneofDescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.OneofDescriptorProto;
+
+            /**
+             * Verifies an OneofDescriptorProto message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates an OneofDescriptorProto message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns OneofDescriptorProto
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.OneofDescriptorProto;
+
+            /**
+             * Creates a plain object from an OneofDescriptorProto message. Also converts values to other types if specified.
+             * @param message OneofDescriptorProto
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.OneofDescriptorProto, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this OneofDescriptorProto to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for OneofDescriptorProto
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of an EnumDescriptorProto. */
+        interface IEnumDescriptorProto {
+
+            /** EnumDescriptorProto name */
+            name?: (string|null);
+
+            /** EnumDescriptorProto value */
+            value?: (google.protobuf.IEnumValueDescriptorProto[]|null);
+
+            /** EnumDescriptorProto options */
+            options?: (google.protobuf.IEnumOptions|null);
+
+            /** EnumDescriptorProto reservedRange */
+            reservedRange?: (google.protobuf.EnumDescriptorProto.IEnumReservedRange[]|null);
+
+            /** EnumDescriptorProto reservedName */
+            reservedName?: (string[]|null);
+        }
+
+        /** Represents an EnumDescriptorProto. */
+        class EnumDescriptorProto implements IEnumDescriptorProto {
+
+            /**
+             * Constructs a new EnumDescriptorProto.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IEnumDescriptorProto);
+
+            /** EnumDescriptorProto name. */
+            public name: string;
+
+            /** EnumDescriptorProto value. */
+            public value: google.protobuf.IEnumValueDescriptorProto[];
+
+            /** EnumDescriptorProto options. */
+            public options?: (google.protobuf.IEnumOptions|null);
+
+            /** EnumDescriptorProto reservedRange. */
+            public reservedRange: google.protobuf.EnumDescriptorProto.IEnumReservedRange[];
+
+            /** EnumDescriptorProto reservedName. */
+            public reservedName: string[];
+
+            /**
+             * Creates a new EnumDescriptorProto instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns EnumDescriptorProto instance
+             */
+            public static create(properties?: google.protobuf.IEnumDescriptorProto): google.protobuf.EnumDescriptorProto;
+
+            /**
+             * Encodes the specified EnumDescriptorProto message. Does not implicitly {@link google.protobuf.EnumDescriptorProto.verify|verify} messages.
+             * @param message EnumDescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IEnumDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified EnumDescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.EnumDescriptorProto.verify|verify} messages.
+             * @param message EnumDescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IEnumDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes an EnumDescriptorProto message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns EnumDescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.EnumDescriptorProto;
+
+            /**
+             * Decodes an EnumDescriptorProto message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns EnumDescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.EnumDescriptorProto;
+
+            /**
+             * Verifies an EnumDescriptorProto message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates an EnumDescriptorProto message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns EnumDescriptorProto
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.EnumDescriptorProto;
+
+            /**
+             * Creates a plain object from an EnumDescriptorProto message. Also converts values to other types if specified.
+             * @param message EnumDescriptorProto
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.EnumDescriptorProto, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this EnumDescriptorProto to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for EnumDescriptorProto
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        namespace EnumDescriptorProto {
+
+            /** Properties of an EnumReservedRange. */
+            interface IEnumReservedRange {
+
+                /** EnumReservedRange start */
+                start?: (number|null);
+
+                /** EnumReservedRange end */
+                end?: (number|null);
+            }
+
+            /** Represents an EnumReservedRange. */
+            class EnumReservedRange implements IEnumReservedRange {
+
+                /**
+                 * Constructs a new EnumReservedRange.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.protobuf.EnumDescriptorProto.IEnumReservedRange);
+
+                /** EnumReservedRange start. */
+                public start: number;
+
+                /** EnumReservedRange end. */
+                public end: number;
+
+                /**
+                 * Creates a new EnumReservedRange instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns EnumReservedRange instance
+                 */
+                public static create(properties?: google.protobuf.EnumDescriptorProto.IEnumReservedRange): google.protobuf.EnumDescriptorProto.EnumReservedRange;
+
+                /**
+                 * Encodes the specified EnumReservedRange message. Does not implicitly {@link google.protobuf.EnumDescriptorProto.EnumReservedRange.verify|verify} messages.
+                 * @param message EnumReservedRange message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.protobuf.EnumDescriptorProto.IEnumReservedRange, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified EnumReservedRange message, length delimited. Does not implicitly {@link google.protobuf.EnumDescriptorProto.EnumReservedRange.verify|verify} messages.
+                 * @param message EnumReservedRange message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.protobuf.EnumDescriptorProto.IEnumReservedRange, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes an EnumReservedRange message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns EnumReservedRange
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.EnumDescriptorProto.EnumReservedRange;
+
+                /**
+                 * Decodes an EnumReservedRange message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns EnumReservedRange
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.EnumDescriptorProto.EnumReservedRange;
+
+                /**
+                 * Verifies an EnumReservedRange message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates an EnumReservedRange message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns EnumReservedRange
+                 */
+                public static fromObject(object: { [k: string]: any }): google.protobuf.EnumDescriptorProto.EnumReservedRange;
+
+                /**
+                 * Creates a plain object from an EnumReservedRange message. Also converts values to other types if specified.
+                 * @param message EnumReservedRange
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.protobuf.EnumDescriptorProto.EnumReservedRange, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this EnumReservedRange to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for EnumReservedRange
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+        }
+
+        /** Properties of an EnumValueDescriptorProto. */
+        interface IEnumValueDescriptorProto {
+
+            /** EnumValueDescriptorProto name */
+            name?: (string|null);
+
+            /** EnumValueDescriptorProto number */
+            number?: (number|null);
+
+            /** EnumValueDescriptorProto options */
+            options?: (google.protobuf.IEnumValueOptions|null);
+        }
+
+        /** Represents an EnumValueDescriptorProto. */
+        class EnumValueDescriptorProto implements IEnumValueDescriptorProto {
+
+            /**
+             * Constructs a new EnumValueDescriptorProto.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IEnumValueDescriptorProto);
+
+            /** EnumValueDescriptorProto name. */
+            public name: string;
+
+            /** EnumValueDescriptorProto number. */
+            public number: number;
+
+            /** EnumValueDescriptorProto options. */
+            public options?: (google.protobuf.IEnumValueOptions|null);
+
+            /**
+             * Creates a new EnumValueDescriptorProto instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns EnumValueDescriptorProto instance
+             */
+            public static create(properties?: google.protobuf.IEnumValueDescriptorProto): google.protobuf.EnumValueDescriptorProto;
+
+            /**
+             * Encodes the specified EnumValueDescriptorProto message. Does not implicitly {@link google.protobuf.EnumValueDescriptorProto.verify|verify} messages.
+             * @param message EnumValueDescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IEnumValueDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified EnumValueDescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.EnumValueDescriptorProto.verify|verify} messages.
+             * @param message EnumValueDescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IEnumValueDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes an EnumValueDescriptorProto message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns EnumValueDescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.EnumValueDescriptorProto;
+
+            /**
+             * Decodes an EnumValueDescriptorProto message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns EnumValueDescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.EnumValueDescriptorProto;
+
+            /**
+             * Verifies an EnumValueDescriptorProto message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates an EnumValueDescriptorProto message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns EnumValueDescriptorProto
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.EnumValueDescriptorProto;
+
+            /**
+             * Creates a plain object from an EnumValueDescriptorProto message. Also converts values to other types if specified.
+             * @param message EnumValueDescriptorProto
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.EnumValueDescriptorProto, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this EnumValueDescriptorProto to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for EnumValueDescriptorProto
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a ServiceDescriptorProto. */
+        interface IServiceDescriptorProto {
+
+            /** ServiceDescriptorProto name */
+            name?: (string|null);
+
+            /** ServiceDescriptorProto method */
+            method?: (google.protobuf.IMethodDescriptorProto[]|null);
+
+            /** ServiceDescriptorProto options */
+            options?: (google.protobuf.IServiceOptions|null);
+        }
+
+        /** Represents a ServiceDescriptorProto. */
+        class ServiceDescriptorProto implements IServiceDescriptorProto {
+
+            /**
+             * Constructs a new ServiceDescriptorProto.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IServiceDescriptorProto);
+
+            /** ServiceDescriptorProto name. */
+            public name: string;
+
+            /** ServiceDescriptorProto method. */
+            public method: google.protobuf.IMethodDescriptorProto[];
+
+            /** ServiceDescriptorProto options. */
+            public options?: (google.protobuf.IServiceOptions|null);
+
+            /**
+             * Creates a new ServiceDescriptorProto instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns ServiceDescriptorProto instance
+             */
+            public static create(properties?: google.protobuf.IServiceDescriptorProto): google.protobuf.ServiceDescriptorProto;
+
+            /**
+             * Encodes the specified ServiceDescriptorProto message. Does not implicitly {@link google.protobuf.ServiceDescriptorProto.verify|verify} messages.
+             * @param message ServiceDescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IServiceDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified ServiceDescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.ServiceDescriptorProto.verify|verify} messages.
+             * @param message ServiceDescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IServiceDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a ServiceDescriptorProto message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns ServiceDescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.ServiceDescriptorProto;
+
+            /**
+             * Decodes a ServiceDescriptorProto message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns ServiceDescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.ServiceDescriptorProto;
+
+            /**
+             * Verifies a ServiceDescriptorProto message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a ServiceDescriptorProto message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns ServiceDescriptorProto
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.ServiceDescriptorProto;
+
+            /**
+             * Creates a plain object from a ServiceDescriptorProto message. Also converts values to other types if specified.
+             * @param message ServiceDescriptorProto
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.ServiceDescriptorProto, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this ServiceDescriptorProto to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for ServiceDescriptorProto
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a MethodDescriptorProto. */
+        interface IMethodDescriptorProto {
+
+            /** MethodDescriptorProto name */
+            name?: (string|null);
+
+            /** MethodDescriptorProto inputType */
+            inputType?: (string|null);
+
+            /** MethodDescriptorProto outputType */
+            outputType?: (string|null);
+
+            /** MethodDescriptorProto options */
+            options?: (google.protobuf.IMethodOptions|null);
+
+            /** MethodDescriptorProto clientStreaming */
+            clientStreaming?: (boolean|null);
+
+            /** MethodDescriptorProto serverStreaming */
+            serverStreaming?: (boolean|null);
+        }
+
+        /** Represents a MethodDescriptorProto. */
+        class MethodDescriptorProto implements IMethodDescriptorProto {
+
+            /**
+             * Constructs a new MethodDescriptorProto.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IMethodDescriptorProto);
+
+            /** MethodDescriptorProto name. */
+            public name: string;
+
+            /** MethodDescriptorProto inputType. */
+            public inputType: string;
+
+            /** MethodDescriptorProto outputType. */
+            public outputType: string;
+
+            /** MethodDescriptorProto options. */
+            public options?: (google.protobuf.IMethodOptions|null);
+
+            /** MethodDescriptorProto clientStreaming. */
+            public clientStreaming: boolean;
+
+            /** MethodDescriptorProto serverStreaming. */
+            public serverStreaming: boolean;
+
+            /**
+             * Creates a new MethodDescriptorProto instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns MethodDescriptorProto instance
+             */
+            public static create(properties?: google.protobuf.IMethodDescriptorProto): google.protobuf.MethodDescriptorProto;
+
+            /**
+             * Encodes the specified MethodDescriptorProto message. Does not implicitly {@link google.protobuf.MethodDescriptorProto.verify|verify} messages.
+             * @param message MethodDescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IMethodDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified MethodDescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.MethodDescriptorProto.verify|verify} messages.
+             * @param message MethodDescriptorProto message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IMethodDescriptorProto, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a MethodDescriptorProto message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns MethodDescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.MethodDescriptorProto;
+
+            /**
+             * Decodes a MethodDescriptorProto message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns MethodDescriptorProto
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.MethodDescriptorProto;
+
+            /**
+             * Verifies a MethodDescriptorProto message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a MethodDescriptorProto message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns MethodDescriptorProto
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.MethodDescriptorProto;
+
+            /**
+             * Creates a plain object from a MethodDescriptorProto message. Also converts values to other types if specified.
+             * @param message MethodDescriptorProto
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.MethodDescriptorProto, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this MethodDescriptorProto to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for MethodDescriptorProto
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a FileOptions. */
+        interface IFileOptions {
+
+            /** FileOptions javaPackage */
+            javaPackage?: (string|null);
+
+            /** FileOptions javaOuterClassname */
+            javaOuterClassname?: (string|null);
+
+            /** FileOptions javaMultipleFiles */
+            javaMultipleFiles?: (boolean|null);
+
+            /** FileOptions javaGenerateEqualsAndHash */
+            javaGenerateEqualsAndHash?: (boolean|null);
+
+            /** FileOptions javaStringCheckUtf8 */
+            javaStringCheckUtf8?: (boolean|null);
+
+            /** FileOptions optimizeFor */
+            optimizeFor?: (google.protobuf.FileOptions.OptimizeMode|keyof typeof google.protobuf.FileOptions.OptimizeMode|null);
+
+            /** FileOptions goPackage */
+            goPackage?: (string|null);
+
+            /** FileOptions ccGenericServices */
+            ccGenericServices?: (boolean|null);
+
+            /** FileOptions javaGenericServices */
+            javaGenericServices?: (boolean|null);
+
+            /** FileOptions pyGenericServices */
+            pyGenericServices?: (boolean|null);
+
+            /** FileOptions phpGenericServices */
+            phpGenericServices?: (boolean|null);
+
+            /** FileOptions deprecated */
+            deprecated?: (boolean|null);
+
+            /** FileOptions ccEnableArenas */
+            ccEnableArenas?: (boolean|null);
+
+            /** FileOptions objcClassPrefix */
+            objcClassPrefix?: (string|null);
+
+            /** FileOptions csharpNamespace */
+            csharpNamespace?: (string|null);
+
+            /** FileOptions swiftPrefix */
+            swiftPrefix?: (string|null);
+
+            /** FileOptions phpClassPrefix */
+            phpClassPrefix?: (string|null);
+
+            /** FileOptions phpNamespace */
+            phpNamespace?: (string|null);
+
+            /** FileOptions phpMetadataNamespace */
+            phpMetadataNamespace?: (string|null);
+
+            /** FileOptions rubyPackage */
+            rubyPackage?: (string|null);
+
+            /** FileOptions uninterpretedOption */
+            uninterpretedOption?: (google.protobuf.IUninterpretedOption[]|null);
+
+            /** FileOptions .google.api.resourceDefinition */
+            ".google.api.resourceDefinition"?: (google.api.IResourceDescriptor[]|null);
+        }
+
+        /** Represents a FileOptions. */
+        class FileOptions implements IFileOptions {
+
+            /**
+             * Constructs a new FileOptions.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IFileOptions);
+
+            /** FileOptions javaPackage. */
+            public javaPackage: string;
+
+            /** FileOptions javaOuterClassname. */
+            public javaOuterClassname: string;
+
+            /** FileOptions javaMultipleFiles. */
+            public javaMultipleFiles: boolean;
+
+            /** FileOptions javaGenerateEqualsAndHash. */
+            public javaGenerateEqualsAndHash: boolean;
+
+            /** FileOptions javaStringCheckUtf8. */
+            public javaStringCheckUtf8: boolean;
+
+            /** FileOptions optimizeFor. */
+            public optimizeFor: (google.protobuf.FileOptions.OptimizeMode|keyof typeof google.protobuf.FileOptions.OptimizeMode);
+
+            /** FileOptions goPackage. */
+            public goPackage: string;
+
+            /** FileOptions ccGenericServices. */
+            public ccGenericServices: boolean;
+
+            /** FileOptions javaGenericServices. */
+            public javaGenericServices: boolean;
+
+            /** FileOptions pyGenericServices. */
+            public pyGenericServices: boolean;
+
+            /** FileOptions phpGenericServices. */
+            public phpGenericServices: boolean;
+
+            /** FileOptions deprecated. */
+            public deprecated: boolean;
+
+            /** FileOptions ccEnableArenas. */
+            public ccEnableArenas: boolean;
+
+            /** FileOptions objcClassPrefix. */
+            public objcClassPrefix: string;
+
+            /** FileOptions csharpNamespace. */
+            public csharpNamespace: string;
+
+            /** FileOptions swiftPrefix. */
+            public swiftPrefix: string;
+
+            /** FileOptions phpClassPrefix. */
+            public phpClassPrefix: string;
+
+            /** FileOptions phpNamespace. */
+            public phpNamespace: string;
+
+            /** FileOptions phpMetadataNamespace. */
+            public phpMetadataNamespace: string;
+
+            /** FileOptions rubyPackage. */
+            public rubyPackage: string;
+
+            /** FileOptions uninterpretedOption. */
+            public uninterpretedOption: google.protobuf.IUninterpretedOption[];
+
+            /**
+             * Creates a new FileOptions instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns FileOptions instance
+             */
+            public static create(properties?: google.protobuf.IFileOptions): google.protobuf.FileOptions;
+
+            /**
+             * Encodes the specified FileOptions message. Does not implicitly {@link google.protobuf.FileOptions.verify|verify} messages.
+             * @param message FileOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IFileOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified FileOptions message, length delimited. Does not implicitly {@link google.protobuf.FileOptions.verify|verify} messages.
+             * @param message FileOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IFileOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a FileOptions message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns FileOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.FileOptions;
+
+            /**
+             * Decodes a FileOptions message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns FileOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.FileOptions;
+
+            /**
+             * Verifies a FileOptions message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a FileOptions message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns FileOptions
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.FileOptions;
+
+            /**
+             * Creates a plain object from a FileOptions message. Also converts values to other types if specified.
+             * @param message FileOptions
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.FileOptions, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this FileOptions to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for FileOptions
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        namespace FileOptions {
+
+            /** OptimizeMode enum. */
+            enum OptimizeMode {
+                SPEED = 1,
+                CODE_SIZE = 2,
+                LITE_RUNTIME = 3
+            }
+        }
+
+        /** Properties of a MessageOptions. */
+        interface IMessageOptions {
+
+            /** MessageOptions messageSetWireFormat */
+            messageSetWireFormat?: (boolean|null);
+
+            /** MessageOptions noStandardDescriptorAccessor */
+            noStandardDescriptorAccessor?: (boolean|null);
+
+            /** MessageOptions deprecated */
+            deprecated?: (boolean|null);
+
+            /** MessageOptions mapEntry */
+            mapEntry?: (boolean|null);
+
+            /** MessageOptions uninterpretedOption */
+            uninterpretedOption?: (google.protobuf.IUninterpretedOption[]|null);
+
+            /** MessageOptions .google.api.resource */
+            ".google.api.resource"?: (google.api.IResourceDescriptor|null);
+        }
+
+        /** Represents a MessageOptions. */
+        class MessageOptions implements IMessageOptions {
+
+            /**
+             * Constructs a new MessageOptions.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IMessageOptions);
+
+            /** MessageOptions messageSetWireFormat. */
+            public messageSetWireFormat: boolean;
+
+            /** MessageOptions noStandardDescriptorAccessor. */
+            public noStandardDescriptorAccessor: boolean;
+
+            /** MessageOptions deprecated. */
+            public deprecated: boolean;
+
+            /** MessageOptions mapEntry. */
+            public mapEntry: boolean;
+
+            /** MessageOptions uninterpretedOption. */
+            public uninterpretedOption: google.protobuf.IUninterpretedOption[];
+
+            /**
+             * Creates a new MessageOptions instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns MessageOptions instance
+             */
+            public static create(properties?: google.protobuf.IMessageOptions): google.protobuf.MessageOptions;
+
+            /**
+             * Encodes the specified MessageOptions message. Does not implicitly {@link google.protobuf.MessageOptions.verify|verify} messages.
+             * @param message MessageOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IMessageOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified MessageOptions message, length delimited. Does not implicitly {@link google.protobuf.MessageOptions.verify|verify} messages.
+             * @param message MessageOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IMessageOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a MessageOptions message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns MessageOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.MessageOptions;
+
+            /**
+             * Decodes a MessageOptions message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns MessageOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.MessageOptions;
+
+            /**
+             * Verifies a MessageOptions message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a MessageOptions message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns MessageOptions
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.MessageOptions;
+
+            /**
+             * Creates a plain object from a MessageOptions message. Also converts values to other types if specified.
+             * @param message MessageOptions
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.MessageOptions, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this MessageOptions to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for MessageOptions
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a FieldOptions. */
+        interface IFieldOptions {
+
+            /** FieldOptions ctype */
+            ctype?: (google.protobuf.FieldOptions.CType|keyof typeof google.protobuf.FieldOptions.CType|null);
+
+            /** FieldOptions packed */
+            packed?: (boolean|null);
+
+            /** FieldOptions jstype */
+            jstype?: (google.protobuf.FieldOptions.JSType|keyof typeof google.protobuf.FieldOptions.JSType|null);
+
+            /** FieldOptions lazy */
+            lazy?: (boolean|null);
+
+            /** FieldOptions unverifiedLazy */
+            unverifiedLazy?: (boolean|null);
+
+            /** FieldOptions deprecated */
+            deprecated?: (boolean|null);
+
+            /** FieldOptions weak */
+            weak?: (boolean|null);
+
+            /** FieldOptions uninterpretedOption */
+            uninterpretedOption?: (google.protobuf.IUninterpretedOption[]|null);
+
+            /** FieldOptions .google.api.fieldBehavior */
+            ".google.api.fieldBehavior"?: (google.api.FieldBehavior[]|null);
+
+            /** FieldOptions .google.api.resourceReference */
+            ".google.api.resourceReference"?: (google.api.IResourceReference|null);
+        }
+
+        /** Represents a FieldOptions. */
+        class FieldOptions implements IFieldOptions {
+
+            /**
+             * Constructs a new FieldOptions.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IFieldOptions);
+
+            /** FieldOptions ctype. */
+            public ctype: (google.protobuf.FieldOptions.CType|keyof typeof google.protobuf.FieldOptions.CType);
+
+            /** FieldOptions packed. */
+            public packed: boolean;
+
+            /** FieldOptions jstype. */
+            public jstype: (google.protobuf.FieldOptions.JSType|keyof typeof google.protobuf.FieldOptions.JSType);
+
+            /** FieldOptions lazy. */
+            public lazy: boolean;
+
+            /** FieldOptions unverifiedLazy. */
+            public unverifiedLazy: boolean;
+
+            /** FieldOptions deprecated. */
+            public deprecated: boolean;
+
+            /** FieldOptions weak. */
+            public weak: boolean;
+
+            /** FieldOptions uninterpretedOption. */
+            public uninterpretedOption: google.protobuf.IUninterpretedOption[];
+
+            /**
+             * Creates a new FieldOptions instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns FieldOptions instance
+             */
+            public static create(properties?: google.protobuf.IFieldOptions): google.protobuf.FieldOptions;
+
+            /**
+             * Encodes the specified FieldOptions message. Does not implicitly {@link google.protobuf.FieldOptions.verify|verify} messages.
+             * @param message FieldOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IFieldOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified FieldOptions message, length delimited. Does not implicitly {@link google.protobuf.FieldOptions.verify|verify} messages.
+             * @param message FieldOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IFieldOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a FieldOptions message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns FieldOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.FieldOptions;
+
+            /**
+             * Decodes a FieldOptions message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns FieldOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.FieldOptions;
+
+            /**
+             * Verifies a FieldOptions message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a FieldOptions message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns FieldOptions
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.FieldOptions;
+
+            /**
+             * Creates a plain object from a FieldOptions message. Also converts values to other types if specified.
+             * @param message FieldOptions
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.FieldOptions, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this FieldOptions to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for FieldOptions
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        namespace FieldOptions {
+
+            /** CType enum. */
+            enum CType {
+                STRING = 0,
+                CORD = 1,
+                STRING_PIECE = 2
+            }
+
+            /** JSType enum. */
+            enum JSType {
+                JS_NORMAL = 0,
+                JS_STRING = 1,
+                JS_NUMBER = 2
+            }
+        }
+
+        /** Properties of an OneofOptions. */
+        interface IOneofOptions {
+
+            /** OneofOptions uninterpretedOption */
+            uninterpretedOption?: (google.protobuf.IUninterpretedOption[]|null);
+        }
+
+        /** Represents an OneofOptions. */
+        class OneofOptions implements IOneofOptions {
+
+            /**
+             * Constructs a new OneofOptions.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IOneofOptions);
+
+            /** OneofOptions uninterpretedOption. */
+            public uninterpretedOption: google.protobuf.IUninterpretedOption[];
+
+            /**
+             * Creates a new OneofOptions instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns OneofOptions instance
+             */
+            public static create(properties?: google.protobuf.IOneofOptions): google.protobuf.OneofOptions;
+
+            /**
+             * Encodes the specified OneofOptions message. Does not implicitly {@link google.protobuf.OneofOptions.verify|verify} messages.
+             * @param message OneofOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IOneofOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified OneofOptions message, length delimited. Does not implicitly {@link google.protobuf.OneofOptions.verify|verify} messages.
+             * @param message OneofOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IOneofOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes an OneofOptions message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns OneofOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.OneofOptions;
+
+            /**
+             * Decodes an OneofOptions message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns OneofOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.OneofOptions;
+
+            /**
+             * Verifies an OneofOptions message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates an OneofOptions message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns OneofOptions
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.OneofOptions;
+
+            /**
+             * Creates a plain object from an OneofOptions message. Also converts values to other types if specified.
+             * @param message OneofOptions
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.OneofOptions, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this OneofOptions to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for OneofOptions
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of an EnumOptions. */
+        interface IEnumOptions {
+
+            /** EnumOptions allowAlias */
+            allowAlias?: (boolean|null);
+
+            /** EnumOptions deprecated */
+            deprecated?: (boolean|null);
+
+            /** EnumOptions uninterpretedOption */
+            uninterpretedOption?: (google.protobuf.IUninterpretedOption[]|null);
+        }
+
+        /** Represents an EnumOptions. */
+        class EnumOptions implements IEnumOptions {
+
+            /**
+             * Constructs a new EnumOptions.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IEnumOptions);
+
+            /** EnumOptions allowAlias. */
+            public allowAlias: boolean;
+
+            /** EnumOptions deprecated. */
+            public deprecated: boolean;
+
+            /** EnumOptions uninterpretedOption. */
+            public uninterpretedOption: google.protobuf.IUninterpretedOption[];
+
+            /**
+             * Creates a new EnumOptions instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns EnumOptions instance
+             */
+            public static create(properties?: google.protobuf.IEnumOptions): google.protobuf.EnumOptions;
+
+            /**
+             * Encodes the specified EnumOptions message. Does not implicitly {@link google.protobuf.EnumOptions.verify|verify} messages.
+             * @param message EnumOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IEnumOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified EnumOptions message, length delimited. Does not implicitly {@link google.protobuf.EnumOptions.verify|verify} messages.
+             * @param message EnumOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IEnumOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes an EnumOptions message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns EnumOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.EnumOptions;
+
+            /**
+             * Decodes an EnumOptions message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns EnumOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.EnumOptions;
+
+            /**
+             * Verifies an EnumOptions message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates an EnumOptions message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns EnumOptions
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.EnumOptions;
+
+            /**
+             * Creates a plain object from an EnumOptions message. Also converts values to other types if specified.
+             * @param message EnumOptions
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.EnumOptions, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this EnumOptions to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for EnumOptions
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of an EnumValueOptions. */
+        interface IEnumValueOptions {
+
+            /** EnumValueOptions deprecated */
+            deprecated?: (boolean|null);
+
+            /** EnumValueOptions uninterpretedOption */
+            uninterpretedOption?: (google.protobuf.IUninterpretedOption[]|null);
+        }
+
+        /** Represents an EnumValueOptions. */
+        class EnumValueOptions implements IEnumValueOptions {
+
+            /**
+             * Constructs a new EnumValueOptions.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IEnumValueOptions);
+
+            /** EnumValueOptions deprecated. */
+            public deprecated: boolean;
+
+            /** EnumValueOptions uninterpretedOption. */
+            public uninterpretedOption: google.protobuf.IUninterpretedOption[];
+
+            /**
+             * Creates a new EnumValueOptions instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns EnumValueOptions instance
+             */
+            public static create(properties?: google.protobuf.IEnumValueOptions): google.protobuf.EnumValueOptions;
+
+            /**
+             * Encodes the specified EnumValueOptions message. Does not implicitly {@link google.protobuf.EnumValueOptions.verify|verify} messages.
+             * @param message EnumValueOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IEnumValueOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified EnumValueOptions message, length delimited. Does not implicitly {@link google.protobuf.EnumValueOptions.verify|verify} messages.
+             * @param message EnumValueOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IEnumValueOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes an EnumValueOptions message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns EnumValueOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.EnumValueOptions;
+
+            /**
+             * Decodes an EnumValueOptions message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns EnumValueOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.EnumValueOptions;
+
+            /**
+             * Verifies an EnumValueOptions message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates an EnumValueOptions message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns EnumValueOptions
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.EnumValueOptions;
+
+            /**
+             * Creates a plain object from an EnumValueOptions message. Also converts values to other types if specified.
+             * @param message EnumValueOptions
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.EnumValueOptions, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this EnumValueOptions to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for EnumValueOptions
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a ServiceOptions. */
+        interface IServiceOptions {
+
+            /** ServiceOptions deprecated */
+            deprecated?: (boolean|null);
+
+            /** ServiceOptions uninterpretedOption */
+            uninterpretedOption?: (google.protobuf.IUninterpretedOption[]|null);
+
+            /** ServiceOptions .google.api.defaultHost */
+            ".google.api.defaultHost"?: (string|null);
+
+            /** ServiceOptions .google.api.oauthScopes */
+            ".google.api.oauthScopes"?: (string|null);
+        }
+
+        /** Represents a ServiceOptions. */
+        class ServiceOptions implements IServiceOptions {
+
+            /**
+             * Constructs a new ServiceOptions.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IServiceOptions);
+
+            /** ServiceOptions deprecated. */
+            public deprecated: boolean;
+
+            /** ServiceOptions uninterpretedOption. */
+            public uninterpretedOption: google.protobuf.IUninterpretedOption[];
+
+            /**
+             * Creates a new ServiceOptions instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns ServiceOptions instance
+             */
+            public static create(properties?: google.protobuf.IServiceOptions): google.protobuf.ServiceOptions;
+
+            /**
+             * Encodes the specified ServiceOptions message. Does not implicitly {@link google.protobuf.ServiceOptions.verify|verify} messages.
+             * @param message ServiceOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IServiceOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified ServiceOptions message, length delimited. Does not implicitly {@link google.protobuf.ServiceOptions.verify|verify} messages.
+             * @param message ServiceOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IServiceOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a ServiceOptions message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns ServiceOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.ServiceOptions;
+
+            /**
+             * Decodes a ServiceOptions message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns ServiceOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.ServiceOptions;
+
+            /**
+             * Verifies a ServiceOptions message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a ServiceOptions message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns ServiceOptions
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.ServiceOptions;
+
+            /**
+             * Creates a plain object from a ServiceOptions message. Also converts values to other types if specified.
+             * @param message ServiceOptions
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.ServiceOptions, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this ServiceOptions to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for ServiceOptions
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a MethodOptions. */
+        interface IMethodOptions {
+
+            /** MethodOptions deprecated */
+            deprecated?: (boolean|null);
+
+            /** MethodOptions idempotencyLevel */
+            idempotencyLevel?: (google.protobuf.MethodOptions.IdempotencyLevel|keyof typeof google.protobuf.MethodOptions.IdempotencyLevel|null);
+
+            /** MethodOptions uninterpretedOption */
+            uninterpretedOption?: (google.protobuf.IUninterpretedOption[]|null);
+
+            /** MethodOptions .google.api.http */
+            ".google.api.http"?: (google.api.IHttpRule|null);
+
+            /** MethodOptions .google.api.methodSignature */
+            ".google.api.methodSignature"?: (string[]|null);
+
+            /** MethodOptions .google.longrunning.operationInfo */
+            ".google.longrunning.operationInfo"?: (google.longrunning.IOperationInfo|null);
+        }
+
+        /** Represents a MethodOptions. */
+        class MethodOptions implements IMethodOptions {
+
+            /**
+             * Constructs a new MethodOptions.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IMethodOptions);
+
+            /** MethodOptions deprecated. */
+            public deprecated: boolean;
+
+            /** MethodOptions idempotencyLevel. */
+            public idempotencyLevel: (google.protobuf.MethodOptions.IdempotencyLevel|keyof typeof google.protobuf.MethodOptions.IdempotencyLevel);
+
+            /** MethodOptions uninterpretedOption. */
+            public uninterpretedOption: google.protobuf.IUninterpretedOption[];
+
+            /**
+             * Creates a new MethodOptions instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns MethodOptions instance
+             */
+            public static create(properties?: google.protobuf.IMethodOptions): google.protobuf.MethodOptions;
+
+            /**
+             * Encodes the specified MethodOptions message. Does not implicitly {@link google.protobuf.MethodOptions.verify|verify} messages.
+             * @param message MethodOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IMethodOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified MethodOptions message, length delimited. Does not implicitly {@link google.protobuf.MethodOptions.verify|verify} messages.
+             * @param message MethodOptions message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IMethodOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a MethodOptions message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns MethodOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.MethodOptions;
+
+            /**
+             * Decodes a MethodOptions message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns MethodOptions
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.MethodOptions;
+
+            /**
+             * Verifies a MethodOptions message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a MethodOptions message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns MethodOptions
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.MethodOptions;
+
+            /**
+             * Creates a plain object from a MethodOptions message. Also converts values to other types if specified.
+             * @param message MethodOptions
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.MethodOptions, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this MethodOptions to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for MethodOptions
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        namespace MethodOptions {
+
+            /** IdempotencyLevel enum. */
+            enum IdempotencyLevel {
+                IDEMPOTENCY_UNKNOWN = 0,
+                NO_SIDE_EFFECTS = 1,
+                IDEMPOTENT = 2
+            }
+        }
+
+        /** Properties of an UninterpretedOption. */
+        interface IUninterpretedOption {
+
+            /** UninterpretedOption name */
+            name?: (google.protobuf.UninterpretedOption.INamePart[]|null);
+
+            /** UninterpretedOption identifierValue */
+            identifierValue?: (string|null);
+
+            /** UninterpretedOption positiveIntValue */
+            positiveIntValue?: (number|Long|string|null);
+
+            /** UninterpretedOption negativeIntValue */
+            negativeIntValue?: (number|Long|string|null);
+
+            /** UninterpretedOption doubleValue */
+            doubleValue?: (number|null);
+
+            /** UninterpretedOption stringValue */
+            stringValue?: (Uint8Array|string|null);
+
+            /** UninterpretedOption aggregateValue */
+            aggregateValue?: (string|null);
+        }
+
+        /** Represents an UninterpretedOption. */
+        class UninterpretedOption implements IUninterpretedOption {
+
+            /**
+             * Constructs a new UninterpretedOption.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IUninterpretedOption);
+
+            /** UninterpretedOption name. */
+            public name: google.protobuf.UninterpretedOption.INamePart[];
+
+            /** UninterpretedOption identifierValue. */
+            public identifierValue: string;
+
+            /** UninterpretedOption positiveIntValue. */
+            public positiveIntValue: (number|Long|string);
+
+            /** UninterpretedOption negativeIntValue. */
+            public negativeIntValue: (number|Long|string);
+
+            /** UninterpretedOption doubleValue. */
+            public doubleValue: number;
+
+            /** UninterpretedOption stringValue. */
+            public stringValue: (Uint8Array|string);
+
+            /** UninterpretedOption aggregateValue. */
+            public aggregateValue: string;
+
+            /**
+             * Creates a new UninterpretedOption instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns UninterpretedOption instance
+             */
+            public static create(properties?: google.protobuf.IUninterpretedOption): google.protobuf.UninterpretedOption;
+
+            /**
+             * Encodes the specified UninterpretedOption message. Does not implicitly {@link google.protobuf.UninterpretedOption.verify|verify} messages.
+             * @param message UninterpretedOption message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IUninterpretedOption, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified UninterpretedOption message, length delimited. Does not implicitly {@link google.protobuf.UninterpretedOption.verify|verify} messages.
+             * @param message UninterpretedOption message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IUninterpretedOption, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes an UninterpretedOption message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns UninterpretedOption
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.UninterpretedOption;
+
+            /**
+             * Decodes an UninterpretedOption message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns UninterpretedOption
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.UninterpretedOption;
+
+            /**
+             * Verifies an UninterpretedOption message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates an UninterpretedOption message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns UninterpretedOption
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.UninterpretedOption;
+
+            /**
+             * Creates a plain object from an UninterpretedOption message. Also converts values to other types if specified.
+             * @param message UninterpretedOption
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.UninterpretedOption, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this UninterpretedOption to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for UninterpretedOption
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        namespace UninterpretedOption {
+
+            /** Properties of a NamePart. */
+            interface INamePart {
+
+                /** NamePart namePart */
+                namePart: string;
+
+                /** NamePart isExtension */
+                isExtension: boolean;
+            }
+
+            /** Represents a NamePart. */
+            class NamePart implements INamePart {
+
+                /**
+                 * Constructs a new NamePart.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.protobuf.UninterpretedOption.INamePart);
+
+                /** NamePart namePart. */
+                public namePart: string;
+
+                /** NamePart isExtension. */
+                public isExtension: boolean;
+
+                /**
+                 * Creates a new NamePart instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns NamePart instance
+                 */
+                public static create(properties?: google.protobuf.UninterpretedOption.INamePart): google.protobuf.UninterpretedOption.NamePart;
+
+                /**
+                 * Encodes the specified NamePart message. Does not implicitly {@link google.protobuf.UninterpretedOption.NamePart.verify|verify} messages.
+                 * @param message NamePart message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.protobuf.UninterpretedOption.INamePart, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified NamePart message, length delimited. Does not implicitly {@link google.protobuf.UninterpretedOption.NamePart.verify|verify} messages.
+                 * @param message NamePart message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.protobuf.UninterpretedOption.INamePart, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes a NamePart message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns NamePart
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.UninterpretedOption.NamePart;
+
+                /**
+                 * Decodes a NamePart message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns NamePart
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.UninterpretedOption.NamePart;
+
+                /**
+                 * Verifies a NamePart message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates a NamePart message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns NamePart
+                 */
+                public static fromObject(object: { [k: string]: any }): google.protobuf.UninterpretedOption.NamePart;
+
+                /**
+                 * Creates a plain object from a NamePart message. Also converts values to other types if specified.
+                 * @param message NamePart
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.protobuf.UninterpretedOption.NamePart, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this NamePart to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for NamePart
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+        }
+
+        /** Properties of a SourceCodeInfo. */
+        interface ISourceCodeInfo {
+
+            /** SourceCodeInfo location */
+            location?: (google.protobuf.SourceCodeInfo.ILocation[]|null);
+        }
+
+        /** Represents a SourceCodeInfo. */
+        class SourceCodeInfo implements ISourceCodeInfo {
+
+            /**
+             * Constructs a new SourceCodeInfo.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.ISourceCodeInfo);
+
+            /** SourceCodeInfo location. */
+            public location: google.protobuf.SourceCodeInfo.ILocation[];
+
+            /**
+             * Creates a new SourceCodeInfo instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns SourceCodeInfo instance
+             */
+            public static create(properties?: google.protobuf.ISourceCodeInfo): google.protobuf.SourceCodeInfo;
+
+            /**
+             * Encodes the specified SourceCodeInfo message. Does not implicitly {@link google.protobuf.SourceCodeInfo.verify|verify} messages.
+             * @param message SourceCodeInfo message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.ISourceCodeInfo, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified SourceCodeInfo message, length delimited. Does not implicitly {@link google.protobuf.SourceCodeInfo.verify|verify} messages.
+             * @param message SourceCodeInfo message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.ISourceCodeInfo, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a SourceCodeInfo message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns SourceCodeInfo
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.SourceCodeInfo;
+
+            /**
+             * Decodes a SourceCodeInfo message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns SourceCodeInfo
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.SourceCodeInfo;
+
+            /**
+             * Verifies a SourceCodeInfo message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a SourceCodeInfo message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns SourceCodeInfo
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.SourceCodeInfo;
+
+            /**
+             * Creates a plain object from a SourceCodeInfo message. Also converts values to other types if specified.
+             * @param message SourceCodeInfo
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.SourceCodeInfo, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this SourceCodeInfo to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for SourceCodeInfo
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        namespace SourceCodeInfo {
+
+            /** Properties of a Location. */
+            interface ILocation {
+
+                /** Location path */
+                path?: (number[]|null);
+
+                /** Location span */
+                span?: (number[]|null);
+
+                /** Location leadingComments */
+                leadingComments?: (string|null);
+
+                /** Location trailingComments */
+                trailingComments?: (string|null);
+
+                /** Location leadingDetachedComments */
+                leadingDetachedComments?: (string[]|null);
+            }
+
+            /** Represents a Location. */
+            class Location implements ILocation {
+
+                /**
+                 * Constructs a new Location.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.protobuf.SourceCodeInfo.ILocation);
+
+                /** Location path. */
+                public path: number[];
+
+                /** Location span. */
+                public span: number[];
+
+                /** Location leadingComments. */
+                public leadingComments: string;
+
+                /** Location trailingComments. */
+                public trailingComments: string;
+
+                /** Location leadingDetachedComments. */
+                public leadingDetachedComments: string[];
+
+                /**
+                 * Creates a new Location instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns Location instance
+                 */
+                public static create(properties?: google.protobuf.SourceCodeInfo.ILocation): google.protobuf.SourceCodeInfo.Location;
+
+                /**
+                 * Encodes the specified Location message. Does not implicitly {@link google.protobuf.SourceCodeInfo.Location.verify|verify} messages.
+                 * @param message Location message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.protobuf.SourceCodeInfo.ILocation, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified Location message, length delimited. Does not implicitly {@link google.protobuf.SourceCodeInfo.Location.verify|verify} messages.
+                 * @param message Location message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.protobuf.SourceCodeInfo.ILocation, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes a Location message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns Location
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.SourceCodeInfo.Location;
+
+                /**
+                 * Decodes a Location message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns Location
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.SourceCodeInfo.Location;
+
+                /**
+                 * Verifies a Location message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates a Location message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns Location
+                 */
+                public static fromObject(object: { [k: string]: any }): google.protobuf.SourceCodeInfo.Location;
+
+                /**
+                 * Creates a plain object from a Location message. Also converts values to other types if specified.
+                 * @param message Location
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.protobuf.SourceCodeInfo.Location, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this Location to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for Location
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+        }
+
+        /** Properties of a GeneratedCodeInfo. */
+        interface IGeneratedCodeInfo {
+
+            /** GeneratedCodeInfo annotation */
+            annotation?: (google.protobuf.GeneratedCodeInfo.IAnnotation[]|null);
+        }
+
+        /** Represents a GeneratedCodeInfo. */
+        class GeneratedCodeInfo implements IGeneratedCodeInfo {
+
+            /**
+             * Constructs a new GeneratedCodeInfo.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IGeneratedCodeInfo);
+
+            /** GeneratedCodeInfo annotation. */
+            public annotation: google.protobuf.GeneratedCodeInfo.IAnnotation[];
+
+            /**
+             * Creates a new GeneratedCodeInfo instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns GeneratedCodeInfo instance
+             */
+            public static create(properties?: google.protobuf.IGeneratedCodeInfo): google.protobuf.GeneratedCodeInfo;
+
+            /**
+             * Encodes the specified GeneratedCodeInfo message. Does not implicitly {@link google.protobuf.GeneratedCodeInfo.verify|verify} messages.
+             * @param message GeneratedCodeInfo message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IGeneratedCodeInfo, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified GeneratedCodeInfo message, length delimited. Does not implicitly {@link google.protobuf.GeneratedCodeInfo.verify|verify} messages.
+             * @param message GeneratedCodeInfo message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IGeneratedCodeInfo, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a GeneratedCodeInfo message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns GeneratedCodeInfo
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.GeneratedCodeInfo;
+
+            /**
+             * Decodes a GeneratedCodeInfo message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns GeneratedCodeInfo
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.GeneratedCodeInfo;
+
+            /**
+             * Verifies a GeneratedCodeInfo message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a GeneratedCodeInfo message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns GeneratedCodeInfo
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.GeneratedCodeInfo;
+
+            /**
+             * Creates a plain object from a GeneratedCodeInfo message. Also converts values to other types if specified.
+             * @param message GeneratedCodeInfo
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.GeneratedCodeInfo, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this GeneratedCodeInfo to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for GeneratedCodeInfo
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        namespace GeneratedCodeInfo {
+
+            /** Properties of an Annotation. */
+            interface IAnnotation {
+
+                /** Annotation path */
+                path?: (number[]|null);
+
+                /** Annotation sourceFile */
+                sourceFile?: (string|null);
+
+                /** Annotation begin */
+                begin?: (number|null);
+
+                /** Annotation end */
+                end?: (number|null);
+
+                /** Annotation semantic */
+                semantic?: (google.protobuf.GeneratedCodeInfo.Annotation.Semantic|keyof typeof google.protobuf.GeneratedCodeInfo.Annotation.Semantic|null);
+            }
+
+            /** Represents an Annotation. */
+            class Annotation implements IAnnotation {
+
+                /**
+                 * Constructs a new Annotation.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.protobuf.GeneratedCodeInfo.IAnnotation);
+
+                /** Annotation path. */
+                public path: number[];
+
+                /** Annotation sourceFile. */
+                public sourceFile: string;
+
+                /** Annotation begin. */
+                public begin: number;
+
+                /** Annotation end. */
+                public end: number;
+
+                /** Annotation semantic. */
+                public semantic: (google.protobuf.GeneratedCodeInfo.Annotation.Semantic|keyof typeof google.protobuf.GeneratedCodeInfo.Annotation.Semantic);
+
+                /**
+                 * Creates a new Annotation instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns Annotation instance
+                 */
+                public static create(properties?: google.protobuf.GeneratedCodeInfo.IAnnotation): google.protobuf.GeneratedCodeInfo.Annotation;
+
+                /**
+                 * Encodes the specified Annotation message. Does not implicitly {@link google.protobuf.GeneratedCodeInfo.Annotation.verify|verify} messages.
+                 * @param message Annotation message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.protobuf.GeneratedCodeInfo.IAnnotation, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified Annotation message, length delimited. Does not implicitly {@link google.protobuf.GeneratedCodeInfo.Annotation.verify|verify} messages.
+                 * @param message Annotation message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.protobuf.GeneratedCodeInfo.IAnnotation, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes an Annotation message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns Annotation
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.GeneratedCodeInfo.Annotation;
+
+                /**
+                 * Decodes an Annotation message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns Annotation
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.GeneratedCodeInfo.Annotation;
+
+                /**
+                 * Verifies an Annotation message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates an Annotation message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns Annotation
+                 */
+                public static fromObject(object: { [k: string]: any }): google.protobuf.GeneratedCodeInfo.Annotation;
+
+                /**
+                 * Creates a plain object from an Annotation message. Also converts values to other types if specified.
+                 * @param message Annotation
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.protobuf.GeneratedCodeInfo.Annotation, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this Annotation to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for Annotation
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+
+            namespace Annotation {
+
+                /** Semantic enum. */
+                enum Semantic {
+                    NONE = 0,
+                    SET = 1,
+                    ALIAS = 2
+                }
+            }
+        }
+
+        /** Properties of a FieldMask. */
+        interface IFieldMask {
+
+            /** FieldMask paths */
+            paths?: (string[]|null);
+        }
+
+        /** Represents a FieldMask. */
+        class FieldMask implements IFieldMask {
+
+            /**
+             * Constructs a new FieldMask.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IFieldMask);
+
+            /** FieldMask paths. */
+            public paths: string[];
+
+            /**
+             * Creates a new FieldMask instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns FieldMask instance
+             */
+            public static create(properties?: google.protobuf.IFieldMask): google.protobuf.FieldMask;
+
+            /**
+             * Encodes the specified FieldMask message. Does not implicitly {@link google.protobuf.FieldMask.verify|verify} messages.
+             * @param message FieldMask message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IFieldMask, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified FieldMask message, length delimited. Does not implicitly {@link google.protobuf.FieldMask.verify|verify} messages.
+             * @param message FieldMask message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IFieldMask, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a FieldMask message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns FieldMask
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.FieldMask;
+
+            /**
+             * Decodes a FieldMask message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns FieldMask
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.FieldMask;
+
+            /**
+             * Verifies a FieldMask message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a FieldMask message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns FieldMask
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.FieldMask;
+
+            /**
+             * Creates a plain object from a FieldMask message. Also converts values to other types if specified.
+             * @param message FieldMask
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.FieldMask, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this FieldMask to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for FieldMask
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a Timestamp. */
+        interface ITimestamp {
+
+            /** Timestamp seconds */
+            seconds?: (number|Long|string|null);
+
+            /** Timestamp nanos */
+            nanos?: (number|null);
+        }
+
+        /** Represents a Timestamp. */
+        class Timestamp implements ITimestamp {
+
+            /**
+             * Constructs a new Timestamp.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.ITimestamp);
+
+            /** Timestamp seconds. */
+            public seconds: (number|Long|string);
+
+            /** Timestamp nanos. */
+            public nanos: number;
+
+            /**
+             * Creates a new Timestamp instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns Timestamp instance
+             */
+            public static create(properties?: google.protobuf.ITimestamp): google.protobuf.Timestamp;
+
+            /**
+             * Encodes the specified Timestamp message. Does not implicitly {@link google.protobuf.Timestamp.verify|verify} messages.
+             * @param message Timestamp message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.ITimestamp, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified Timestamp message, length delimited. Does not implicitly {@link google.protobuf.Timestamp.verify|verify} messages.
+             * @param message Timestamp message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.ITimestamp, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a Timestamp message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns Timestamp
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.Timestamp;
+
+            /**
+             * Decodes a Timestamp message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns Timestamp
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.Timestamp;
+
+            /**
+             * Verifies a Timestamp message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a Timestamp message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns Timestamp
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.Timestamp;
+
+            /**
+             * Creates a plain object from a Timestamp message. Also converts values to other types if specified.
+             * @param message Timestamp
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.Timestamp, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this Timestamp to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for Timestamp
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of an Any. */
+        interface IAny {
+
+            /** Any type_url */
+            type_url?: (string|null);
+
+            /** Any value */
+            value?: (Uint8Array|string|null);
+        }
+
+        /** Represents an Any. */
+        class Any implements IAny {
+
+            /**
+             * Constructs a new Any.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IAny);
+
+            /** Any type_url. */
+            public type_url: string;
+
+            /** Any value. */
+            public value: (Uint8Array|string);
+
+            /**
+             * Creates a new Any instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns Any instance
+             */
+            public static create(properties?: google.protobuf.IAny): google.protobuf.Any;
+
+            /**
+             * Encodes the specified Any message. Does not implicitly {@link google.protobuf.Any.verify|verify} messages.
+             * @param message Any message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IAny, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified Any message, length delimited. Does not implicitly {@link google.protobuf.Any.verify|verify} messages.
+             * @param message Any message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IAny, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes an Any message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns Any
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.Any;
+
+            /**
+             * Decodes an Any message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns Any
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.Any;
+
+            /**
+             * Verifies an Any message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates an Any message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns Any
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.Any;
+
+            /**
+             * Creates a plain object from an Any message. Also converts values to other types if specified.
+             * @param message Any
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.Any, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this Any to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for Any
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a Duration. */
+        interface IDuration {
+
+            /** Duration seconds */
+            seconds?: (number|Long|string|null);
+
+            /** Duration nanos */
+            nanos?: (number|null);
+        }
+
+        /** Represents a Duration. */
+        class Duration implements IDuration {
+
+            /**
+             * Constructs a new Duration.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IDuration);
+
+            /** Duration seconds. */
+            public seconds: (number|Long|string);
+
+            /** Duration nanos. */
+            public nanos: number;
+
+            /**
+             * Creates a new Duration instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns Duration instance
+             */
+            public static create(properties?: google.protobuf.IDuration): google.protobuf.Duration;
+
+            /**
+             * Encodes the specified Duration message. Does not implicitly {@link google.protobuf.Duration.verify|verify} messages.
+             * @param message Duration message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IDuration, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified Duration message, length delimited. Does not implicitly {@link google.protobuf.Duration.verify|verify} messages.
+             * @param message Duration message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IDuration, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a Duration message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns Duration
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.Duration;
+
+            /**
+             * Decodes a Duration message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns Duration
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.Duration;
+
+            /**
+             * Verifies a Duration message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a Duration message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns Duration
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.Duration;
+
+            /**
+             * Creates a plain object from a Duration message. Also converts values to other types if specified.
+             * @param message Duration
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.Duration, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this Duration to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for Duration
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of an Empty. */
+        interface IEmpty {
+        }
+
+        /** Represents an Empty. */
+        class Empty implements IEmpty {
+
+            /**
+             * Constructs a new Empty.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.protobuf.IEmpty);
+
+            /**
+             * Creates a new Empty instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns Empty instance
+             */
+            public static create(properties?: google.protobuf.IEmpty): google.protobuf.Empty;
+
+            /**
+             * Encodes the specified Empty message. Does not implicitly {@link google.protobuf.Empty.verify|verify} messages.
+             * @param message Empty message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.protobuf.IEmpty, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified Empty message, length delimited. Does not implicitly {@link google.protobuf.Empty.verify|verify} messages.
+             * @param message Empty message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.protobuf.IEmpty, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes an Empty message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns Empty
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.Empty;
+
+            /**
+             * Decodes an Empty message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns Empty
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.Empty;
+
+            /**
+             * Verifies an Empty message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates an Empty message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns Empty
+             */
+            public static fromObject(object: { [k: string]: any }): google.protobuf.Empty;
+
+            /**
+             * Creates a plain object from an Empty message. Also converts values to other types if specified.
+             * @param message Empty
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.protobuf.Empty, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this Empty to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for Empty
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+    }
+
+    /** Namespace iam. */
+    namespace iam {
+
+        /** Namespace v1. */
+        namespace v1 {
+
+            /** Represents a IAMPolicy */
+            class IAMPolicy extends $protobuf.rpc.Service {
+
+                /**
+                 * Constructs a new IAMPolicy service.
+                 * @param rpcImpl RPC implementation
+                 * @param [requestDelimited=false] Whether requests are length-delimited
+                 * @param [responseDelimited=false] Whether responses are length-delimited
+                 */
+                constructor(rpcImpl: $protobuf.RPCImpl, requestDelimited?: boolean, responseDelimited?: boolean);
+
+                /**
+                 * Creates new IAMPolicy service using the specified rpc implementation.
+                 * @param rpcImpl RPC implementation
+                 * @param [requestDelimited=false] Whether requests are length-delimited
+                 * @param [responseDelimited=false] Whether responses are length-delimited
+                 * @returns RPC service. Useful where requests and/or responses are streamed.
+                 */
+                public static create(rpcImpl: $protobuf.RPCImpl, requestDelimited?: boolean, responseDelimited?: boolean): IAMPolicy;
+
+                /**
+                 * Calls SetIamPolicy.
+                 * @param request SetIamPolicyRequest message or plain object
+                 * @param callback Node-style callback called with the error, if any, and Policy
+                 */
+                public setIamPolicy(request: google.iam.v1.ISetIamPolicyRequest, callback: google.iam.v1.IAMPolicy.SetIamPolicyCallback): void;
+
+                /**
+                 * Calls SetIamPolicy.
+                 * @param request SetIamPolicyRequest message or plain object
+                 * @returns Promise
+                 */
+                public setIamPolicy(request: google.iam.v1.ISetIamPolicyRequest): Promise<google.iam.v1.Policy>;
+
+                /**
+                 * Calls GetIamPolicy.
+                 * @param request GetIamPolicyRequest message or plain object
+                 * @param callback Node-style callback called with the error, if any, and Policy
+                 */
+                public getIamPolicy(request: google.iam.v1.IGetIamPolicyRequest, callback: google.iam.v1.IAMPolicy.GetIamPolicyCallback): void;
+
+                /**
+                 * Calls GetIamPolicy.
+                 * @param request GetIamPolicyRequest message or plain object
+                 * @returns Promise
+                 */
+                public getIamPolicy(request: google.iam.v1.IGetIamPolicyRequest): Promise<google.iam.v1.Policy>;
+
+                /**
+                 * Calls TestIamPermissions.
+                 * @param request TestIamPermissionsRequest message or plain object
+                 * @param callback Node-style callback called with the error, if any, and TestIamPermissionsResponse
+                 */
+                public testIamPermissions(request: google.iam.v1.ITestIamPermissionsRequest, callback: google.iam.v1.IAMPolicy.TestIamPermissionsCallback): void;
+
+                /**
+                 * Calls TestIamPermissions.
+                 * @param request TestIamPermissionsRequest message or plain object
+                 * @returns Promise
+                 */
+                public testIamPermissions(request: google.iam.v1.ITestIamPermissionsRequest): Promise<google.iam.v1.TestIamPermissionsResponse>;
+            }
+
+            namespace IAMPolicy {
+
+                /**
+                 * Callback as used by {@link google.iam.v1.IAMPolicy|setIamPolicy}.
+                 * @param error Error, if any
+                 * @param [response] Policy
+                 */
+                type SetIamPolicyCallback = (error: (Error|null), response?: google.iam.v1.Policy) => void;
+
+                /**
+                 * Callback as used by {@link google.iam.v1.IAMPolicy|getIamPolicy}.
+                 * @param error Error, if any
+                 * @param [response] Policy
+                 */
+                type GetIamPolicyCallback = (error: (Error|null), response?: google.iam.v1.Policy) => void;
+
+                /**
+                 * Callback as used by {@link google.iam.v1.IAMPolicy|testIamPermissions}.
+                 * @param error Error, if any
+                 * @param [response] TestIamPermissionsResponse
+                 */
+                type TestIamPermissionsCallback = (error: (Error|null), response?: google.iam.v1.TestIamPermissionsResponse) => void;
+            }
+
+            /** Properties of a SetIamPolicyRequest. */
+            interface ISetIamPolicyRequest {
+
+                /** SetIamPolicyRequest resource */
+                resource?: (string|null);
+
+                /** SetIamPolicyRequest policy */
+                policy?: (google.iam.v1.IPolicy|null);
+
+                /** SetIamPolicyRequest updateMask */
+                updateMask?: (google.protobuf.IFieldMask|null);
+            }
+
+            /** Represents a SetIamPolicyRequest. */
+            class SetIamPolicyRequest implements ISetIamPolicyRequest {
+
+                /**
+                 * Constructs a new SetIamPolicyRequest.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.iam.v1.ISetIamPolicyRequest);
+
+                /** SetIamPolicyRequest resource. */
+                public resource: string;
+
+                /** SetIamPolicyRequest policy. */
+                public policy?: (google.iam.v1.IPolicy|null);
+
+                /** SetIamPolicyRequest updateMask. */
+                public updateMask?: (google.protobuf.IFieldMask|null);
+
+                /**
+                 * Creates a new SetIamPolicyRequest instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns SetIamPolicyRequest instance
+                 */
+                public static create(properties?: google.iam.v1.ISetIamPolicyRequest): google.iam.v1.SetIamPolicyRequest;
+
+                /**
+                 * Encodes the specified SetIamPolicyRequest message. Does not implicitly {@link google.iam.v1.SetIamPolicyRequest.verify|verify} messages.
+                 * @param message SetIamPolicyRequest message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.iam.v1.ISetIamPolicyRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified SetIamPolicyRequest message, length delimited. Does not implicitly {@link google.iam.v1.SetIamPolicyRequest.verify|verify} messages.
+                 * @param message SetIamPolicyRequest message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.iam.v1.ISetIamPolicyRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes a SetIamPolicyRequest message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns SetIamPolicyRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.iam.v1.SetIamPolicyRequest;
+
+                /**
+                 * Decodes a SetIamPolicyRequest message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns SetIamPolicyRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.iam.v1.SetIamPolicyRequest;
+
+                /**
+                 * Verifies a SetIamPolicyRequest message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates a SetIamPolicyRequest message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns SetIamPolicyRequest
+                 */
+                public static fromObject(object: { [k: string]: any }): google.iam.v1.SetIamPolicyRequest;
+
+                /**
+                 * Creates a plain object from a SetIamPolicyRequest message. Also converts values to other types if specified.
+                 * @param message SetIamPolicyRequest
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.iam.v1.SetIamPolicyRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this SetIamPolicyRequest to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for SetIamPolicyRequest
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+
+            /** Properties of a GetIamPolicyRequest. */
+            interface IGetIamPolicyRequest {
+
+                /** GetIamPolicyRequest resource */
+                resource?: (string|null);
+
+                /** GetIamPolicyRequest options */
+                options?: (google.iam.v1.IGetPolicyOptions|null);
+            }
+
+            /** Represents a GetIamPolicyRequest. */
+            class GetIamPolicyRequest implements IGetIamPolicyRequest {
+
+                /**
+                 * Constructs a new GetIamPolicyRequest.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.iam.v1.IGetIamPolicyRequest);
+
+                /** GetIamPolicyRequest resource. */
+                public resource: string;
+
+                /** GetIamPolicyRequest options. */
+                public options?: (google.iam.v1.IGetPolicyOptions|null);
+
+                /**
+                 * Creates a new GetIamPolicyRequest instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns GetIamPolicyRequest instance
+                 */
+                public static create(properties?: google.iam.v1.IGetIamPolicyRequest): google.iam.v1.GetIamPolicyRequest;
+
+                /**
+                 * Encodes the specified GetIamPolicyRequest message. Does not implicitly {@link google.iam.v1.GetIamPolicyRequest.verify|verify} messages.
+                 * @param message GetIamPolicyRequest message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.iam.v1.IGetIamPolicyRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified GetIamPolicyRequest message, length delimited. Does not implicitly {@link google.iam.v1.GetIamPolicyRequest.verify|verify} messages.
+                 * @param message GetIamPolicyRequest message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.iam.v1.IGetIamPolicyRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes a GetIamPolicyRequest message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns GetIamPolicyRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.iam.v1.GetIamPolicyRequest;
+
+                /**
+                 * Decodes a GetIamPolicyRequest message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns GetIamPolicyRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.iam.v1.GetIamPolicyRequest;
+
+                /**
+                 * Verifies a GetIamPolicyRequest message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates a GetIamPolicyRequest message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns GetIamPolicyRequest
+                 */
+                public static fromObject(object: { [k: string]: any }): google.iam.v1.GetIamPolicyRequest;
+
+                /**
+                 * Creates a plain object from a GetIamPolicyRequest message. Also converts values to other types if specified.
+                 * @param message GetIamPolicyRequest
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.iam.v1.GetIamPolicyRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this GetIamPolicyRequest to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for GetIamPolicyRequest
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+
+            /** Properties of a TestIamPermissionsRequest. */
+            interface ITestIamPermissionsRequest {
+
+                /** TestIamPermissionsRequest resource */
+                resource?: (string|null);
+
+                /** TestIamPermissionsRequest permissions */
+                permissions?: (string[]|null);
+            }
+
+            /** Represents a TestIamPermissionsRequest. */
+            class TestIamPermissionsRequest implements ITestIamPermissionsRequest {
+
+                /**
+                 * Constructs a new TestIamPermissionsRequest.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.iam.v1.ITestIamPermissionsRequest);
+
+                /** TestIamPermissionsRequest resource. */
+                public resource: string;
+
+                /** TestIamPermissionsRequest permissions. */
+                public permissions: string[];
+
+                /**
+                 * Creates a new TestIamPermissionsRequest instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns TestIamPermissionsRequest instance
+                 */
+                public static create(properties?: google.iam.v1.ITestIamPermissionsRequest): google.iam.v1.TestIamPermissionsRequest;
+
+                /**
+                 * Encodes the specified TestIamPermissionsRequest message. Does not implicitly {@link google.iam.v1.TestIamPermissionsRequest.verify|verify} messages.
+                 * @param message TestIamPermissionsRequest message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.iam.v1.ITestIamPermissionsRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified TestIamPermissionsRequest message, length delimited. Does not implicitly {@link google.iam.v1.TestIamPermissionsRequest.verify|verify} messages.
+                 * @param message TestIamPermissionsRequest message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.iam.v1.ITestIamPermissionsRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes a TestIamPermissionsRequest message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns TestIamPermissionsRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.iam.v1.TestIamPermissionsRequest;
+
+                /**
+                 * Decodes a TestIamPermissionsRequest message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns TestIamPermissionsRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.iam.v1.TestIamPermissionsRequest;
+
+                /**
+                 * Verifies a TestIamPermissionsRequest message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates a TestIamPermissionsRequest message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns TestIamPermissionsRequest
+                 */
+                public static fromObject(object: { [k: string]: any }): google.iam.v1.TestIamPermissionsRequest;
+
+                /**
+                 * Creates a plain object from a TestIamPermissionsRequest message. Also converts values to other types if specified.
+                 * @param message TestIamPermissionsRequest
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.iam.v1.TestIamPermissionsRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this TestIamPermissionsRequest to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for TestIamPermissionsRequest
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+
+            /** Properties of a TestIamPermissionsResponse. */
+            interface ITestIamPermissionsResponse {
+
+                /** TestIamPermissionsResponse permissions */
+                permissions?: (string[]|null);
+            }
+
+            /** Represents a TestIamPermissionsResponse. */
+            class TestIamPermissionsResponse implements ITestIamPermissionsResponse {
+
+                /**
+                 * Constructs a new TestIamPermissionsResponse.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.iam.v1.ITestIamPermissionsResponse);
+
+                /** TestIamPermissionsResponse permissions. */
+                public permissions: string[];
+
+                /**
+                 * Creates a new TestIamPermissionsResponse instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns TestIamPermissionsResponse instance
+                 */
+                public static create(properties?: google.iam.v1.ITestIamPermissionsResponse): google.iam.v1.TestIamPermissionsResponse;
+
+                /**
+                 * Encodes the specified TestIamPermissionsResponse message. Does not implicitly {@link google.iam.v1.TestIamPermissionsResponse.verify|verify} messages.
+                 * @param message TestIamPermissionsResponse message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.iam.v1.ITestIamPermissionsResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified TestIamPermissionsResponse message, length delimited. Does not implicitly {@link google.iam.v1.TestIamPermissionsResponse.verify|verify} messages.
+                 * @param message TestIamPermissionsResponse message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.iam.v1.ITestIamPermissionsResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes a TestIamPermissionsResponse message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns TestIamPermissionsResponse
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.iam.v1.TestIamPermissionsResponse;
+
+                /**
+                 * Decodes a TestIamPermissionsResponse message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns TestIamPermissionsResponse
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.iam.v1.TestIamPermissionsResponse;
+
+                /**
+                 * Verifies a TestIamPermissionsResponse message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates a TestIamPermissionsResponse message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns TestIamPermissionsResponse
+                 */
+                public static fromObject(object: { [k: string]: any }): google.iam.v1.TestIamPermissionsResponse;
+
+                /**
+                 * Creates a plain object from a TestIamPermissionsResponse message. Also converts values to other types if specified.
+                 * @param message TestIamPermissionsResponse
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.iam.v1.TestIamPermissionsResponse, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this TestIamPermissionsResponse to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for TestIamPermissionsResponse
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+
+            /** Properties of a GetPolicyOptions. */
+            interface IGetPolicyOptions {
+
+                /** GetPolicyOptions requestedPolicyVersion */
+                requestedPolicyVersion?: (number|null);
+            }
+
+            /** Represents a GetPolicyOptions. */
+            class GetPolicyOptions implements IGetPolicyOptions {
+
+                /**
+                 * Constructs a new GetPolicyOptions.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.iam.v1.IGetPolicyOptions);
+
+                /** GetPolicyOptions requestedPolicyVersion. */
+                public requestedPolicyVersion: number;
+
+                /**
+                 * Creates a new GetPolicyOptions instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns GetPolicyOptions instance
+                 */
+                public static create(properties?: google.iam.v1.IGetPolicyOptions): google.iam.v1.GetPolicyOptions;
+
+                /**
+                 * Encodes the specified GetPolicyOptions message. Does not implicitly {@link google.iam.v1.GetPolicyOptions.verify|verify} messages.
+                 * @param message GetPolicyOptions message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.iam.v1.IGetPolicyOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified GetPolicyOptions message, length delimited. Does not implicitly {@link google.iam.v1.GetPolicyOptions.verify|verify} messages.
+                 * @param message GetPolicyOptions message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.iam.v1.IGetPolicyOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes a GetPolicyOptions message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns GetPolicyOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.iam.v1.GetPolicyOptions;
+
+                /**
+                 * Decodes a GetPolicyOptions message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns GetPolicyOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.iam.v1.GetPolicyOptions;
+
+                /**
+                 * Verifies a GetPolicyOptions message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates a GetPolicyOptions message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns GetPolicyOptions
+                 */
+                public static fromObject(object: { [k: string]: any }): google.iam.v1.GetPolicyOptions;
+
+                /**
+                 * Creates a plain object from a GetPolicyOptions message. Also converts values to other types if specified.
+                 * @param message GetPolicyOptions
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.iam.v1.GetPolicyOptions, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this GetPolicyOptions to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for GetPolicyOptions
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+
+            /** Properties of a Policy. */
+            interface IPolicy {
+
+                /** Policy version */
+                version?: (number|null);
+
+                /** Policy bindings */
+                bindings?: (google.iam.v1.IBinding[]|null);
+
+                /** Policy auditConfigs */
+                auditConfigs?: (google.iam.v1.IAuditConfig[]|null);
+
+                /** Policy etag */
+                etag?: (Uint8Array|string|null);
+            }
+
+            /** Represents a Policy. */
+            class Policy implements IPolicy {
+
+                /**
+                 * Constructs a new Policy.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.iam.v1.IPolicy);
+
+                /** Policy version. */
+                public version: number;
+
+                /** Policy bindings. */
+                public bindings: google.iam.v1.IBinding[];
+
+                /** Policy auditConfigs. */
+                public auditConfigs: google.iam.v1.IAuditConfig[];
+
+                /** Policy etag. */
+                public etag: (Uint8Array|string);
+
+                /**
+                 * Creates a new Policy instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns Policy instance
+                 */
+                public static create(properties?: google.iam.v1.IPolicy): google.iam.v1.Policy;
+
+                /**
+                 * Encodes the specified Policy message. Does not implicitly {@link google.iam.v1.Policy.verify|verify} messages.
+                 * @param message Policy message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.iam.v1.IPolicy, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified Policy message, length delimited. Does not implicitly {@link google.iam.v1.Policy.verify|verify} messages.
+                 * @param message Policy message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.iam.v1.IPolicy, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes a Policy message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns Policy
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.iam.v1.Policy;
+
+                /**
+                 * Decodes a Policy message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns Policy
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.iam.v1.Policy;
+
+                /**
+                 * Verifies a Policy message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates a Policy message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns Policy
+                 */
+                public static fromObject(object: { [k: string]: any }): google.iam.v1.Policy;
+
+                /**
+                 * Creates a plain object from a Policy message. Also converts values to other types if specified.
+                 * @param message Policy
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.iam.v1.Policy, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this Policy to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for Policy
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+
+            /** Properties of a Binding. */
+            interface IBinding {
+
+                /** Binding role */
+                role?: (string|null);
+
+                /** Binding members */
+                members?: (string[]|null);
+
+                /** Binding condition */
+                condition?: (google.type.IExpr|null);
+            }
+
+            /** Represents a Binding. */
+            class Binding implements IBinding {
+
+                /**
+                 * Constructs a new Binding.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.iam.v1.IBinding);
+
+                /** Binding role. */
+                public role: string;
+
+                /** Binding members. */
+                public members: string[];
+
+                /** Binding condition. */
+                public condition?: (google.type.IExpr|null);
+
+                /**
+                 * Creates a new Binding instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns Binding instance
+                 */
+                public static create(properties?: google.iam.v1.IBinding): google.iam.v1.Binding;
+
+                /**
+                 * Encodes the specified Binding message. Does not implicitly {@link google.iam.v1.Binding.verify|verify} messages.
+                 * @param message Binding message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.iam.v1.IBinding, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified Binding message, length delimited. Does not implicitly {@link google.iam.v1.Binding.verify|verify} messages.
+                 * @param message Binding message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.iam.v1.IBinding, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes a Binding message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns Binding
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.iam.v1.Binding;
+
+                /**
+                 * Decodes a Binding message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns Binding
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.iam.v1.Binding;
+
+                /**
+                 * Verifies a Binding message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates a Binding message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns Binding
+                 */
+                public static fromObject(object: { [k: string]: any }): google.iam.v1.Binding;
+
+                /**
+                 * Creates a plain object from a Binding message. Also converts values to other types if specified.
+                 * @param message Binding
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.iam.v1.Binding, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this Binding to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for Binding
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+
+            /** Properties of an AuditConfig. */
+            interface IAuditConfig {
+
+                /** AuditConfig service */
+                service?: (string|null);
+
+                /** AuditConfig auditLogConfigs */
+                auditLogConfigs?: (google.iam.v1.IAuditLogConfig[]|null);
+            }
+
+            /** Represents an AuditConfig. */
+            class AuditConfig implements IAuditConfig {
+
+                /**
+                 * Constructs a new AuditConfig.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.iam.v1.IAuditConfig);
+
+                /** AuditConfig service. */
+                public service: string;
+
+                /** AuditConfig auditLogConfigs. */
+                public auditLogConfigs: google.iam.v1.IAuditLogConfig[];
+
+                /**
+                 * Creates a new AuditConfig instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns AuditConfig instance
+                 */
+                public static create(properties?: google.iam.v1.IAuditConfig): google.iam.v1.AuditConfig;
+
+                /**
+                 * Encodes the specified AuditConfig message. Does not implicitly {@link google.iam.v1.AuditConfig.verify|verify} messages.
+                 * @param message AuditConfig message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.iam.v1.IAuditConfig, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified AuditConfig message, length delimited. Does not implicitly {@link google.iam.v1.AuditConfig.verify|verify} messages.
+                 * @param message AuditConfig message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.iam.v1.IAuditConfig, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes an AuditConfig message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns AuditConfig
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.iam.v1.AuditConfig;
+
+                /**
+                 * Decodes an AuditConfig message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns AuditConfig
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.iam.v1.AuditConfig;
+
+                /**
+                 * Verifies an AuditConfig message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates an AuditConfig message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns AuditConfig
+                 */
+                public static fromObject(object: { [k: string]: any }): google.iam.v1.AuditConfig;
+
+                /**
+                 * Creates a plain object from an AuditConfig message. Also converts values to other types if specified.
+                 * @param message AuditConfig
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.iam.v1.AuditConfig, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this AuditConfig to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for AuditConfig
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+
+            /** Properties of an AuditLogConfig. */
+            interface IAuditLogConfig {
+
+                /** AuditLogConfig logType */
+                logType?: (google.iam.v1.AuditLogConfig.LogType|keyof typeof google.iam.v1.AuditLogConfig.LogType|null);
+
+                /** AuditLogConfig exemptedMembers */
+                exemptedMembers?: (string[]|null);
+            }
+
+            /** Represents an AuditLogConfig. */
+            class AuditLogConfig implements IAuditLogConfig {
+
+                /**
+                 * Constructs a new AuditLogConfig.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.iam.v1.IAuditLogConfig);
+
+                /** AuditLogConfig logType. */
+                public logType: (google.iam.v1.AuditLogConfig.LogType|keyof typeof google.iam.v1.AuditLogConfig.LogType);
+
+                /** AuditLogConfig exemptedMembers. */
+                public exemptedMembers: string[];
+
+                /**
+                 * Creates a new AuditLogConfig instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns AuditLogConfig instance
+                 */
+                public static create(properties?: google.iam.v1.IAuditLogConfig): google.iam.v1.AuditLogConfig;
+
+                /**
+                 * Encodes the specified AuditLogConfig message. Does not implicitly {@link google.iam.v1.AuditLogConfig.verify|verify} messages.
+                 * @param message AuditLogConfig message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.iam.v1.IAuditLogConfig, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified AuditLogConfig message, length delimited. Does not implicitly {@link google.iam.v1.AuditLogConfig.verify|verify} messages.
+                 * @param message AuditLogConfig message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.iam.v1.IAuditLogConfig, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes an AuditLogConfig message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns AuditLogConfig
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.iam.v1.AuditLogConfig;
+
+                /**
+                 * Decodes an AuditLogConfig message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns AuditLogConfig
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.iam.v1.AuditLogConfig;
+
+                /**
+                 * Verifies an AuditLogConfig message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates an AuditLogConfig message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns AuditLogConfig
+                 */
+                public static fromObject(object: { [k: string]: any }): google.iam.v1.AuditLogConfig;
+
+                /**
+                 * Creates a plain object from an AuditLogConfig message. Also converts values to other types if specified.
+                 * @param message AuditLogConfig
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.iam.v1.AuditLogConfig, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this AuditLogConfig to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for AuditLogConfig
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+
+            namespace AuditLogConfig {
+
+                /** LogType enum. */
+                enum LogType {
+                    LOG_TYPE_UNSPECIFIED = 0,
+                    ADMIN_READ = 1,
+                    DATA_WRITE = 2,
+                    DATA_READ = 3
+                }
+            }
+
+            /** Properties of a PolicyDelta. */
+            interface IPolicyDelta {
+
+                /** PolicyDelta bindingDeltas */
+                bindingDeltas?: (google.iam.v1.IBindingDelta[]|null);
+
+                /** PolicyDelta auditConfigDeltas */
+                auditConfigDeltas?: (google.iam.v1.IAuditConfigDelta[]|null);
+            }
+
+            /** Represents a PolicyDelta. */
+            class PolicyDelta implements IPolicyDelta {
+
+                /**
+                 * Constructs a new PolicyDelta.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.iam.v1.IPolicyDelta);
+
+                /** PolicyDelta bindingDeltas. */
+                public bindingDeltas: google.iam.v1.IBindingDelta[];
+
+                /** PolicyDelta auditConfigDeltas. */
+                public auditConfigDeltas: google.iam.v1.IAuditConfigDelta[];
+
+                /**
+                 * Creates a new PolicyDelta instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns PolicyDelta instance
+                 */
+                public static create(properties?: google.iam.v1.IPolicyDelta): google.iam.v1.PolicyDelta;
+
+                /**
+                 * Encodes the specified PolicyDelta message. Does not implicitly {@link google.iam.v1.PolicyDelta.verify|verify} messages.
+                 * @param message PolicyDelta message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.iam.v1.IPolicyDelta, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified PolicyDelta message, length delimited. Does not implicitly {@link google.iam.v1.PolicyDelta.verify|verify} messages.
+                 * @param message PolicyDelta message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.iam.v1.IPolicyDelta, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes a PolicyDelta message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns PolicyDelta
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.iam.v1.PolicyDelta;
+
+                /**
+                 * Decodes a PolicyDelta message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns PolicyDelta
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.iam.v1.PolicyDelta;
+
+                /**
+                 * Verifies a PolicyDelta message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates a PolicyDelta message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns PolicyDelta
+                 */
+                public static fromObject(object: { [k: string]: any }): google.iam.v1.PolicyDelta;
+
+                /**
+                 * Creates a plain object from a PolicyDelta message. Also converts values to other types if specified.
+                 * @param message PolicyDelta
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.iam.v1.PolicyDelta, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this PolicyDelta to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for PolicyDelta
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+
+            /** Properties of a BindingDelta. */
+            interface IBindingDelta {
+
+                /** BindingDelta action */
+                action?: (google.iam.v1.BindingDelta.Action|keyof typeof google.iam.v1.BindingDelta.Action|null);
+
+                /** BindingDelta role */
+                role?: (string|null);
+
+                /** BindingDelta member */
+                member?: (string|null);
+
+                /** BindingDelta condition */
+                condition?: (google.type.IExpr|null);
+            }
+
+            /** Represents a BindingDelta. */
+            class BindingDelta implements IBindingDelta {
+
+                /**
+                 * Constructs a new BindingDelta.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.iam.v1.IBindingDelta);
+
+                /** BindingDelta action. */
+                public action: (google.iam.v1.BindingDelta.Action|keyof typeof google.iam.v1.BindingDelta.Action);
+
+                /** BindingDelta role. */
+                public role: string;
+
+                /** BindingDelta member. */
+                public member: string;
+
+                /** BindingDelta condition. */
+                public condition?: (google.type.IExpr|null);
+
+                /**
+                 * Creates a new BindingDelta instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns BindingDelta instance
+                 */
+                public static create(properties?: google.iam.v1.IBindingDelta): google.iam.v1.BindingDelta;
+
+                /**
+                 * Encodes the specified BindingDelta message. Does not implicitly {@link google.iam.v1.BindingDelta.verify|verify} messages.
+                 * @param message BindingDelta message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.iam.v1.IBindingDelta, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified BindingDelta message, length delimited. Does not implicitly {@link google.iam.v1.BindingDelta.verify|verify} messages.
+                 * @param message BindingDelta message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.iam.v1.IBindingDelta, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes a BindingDelta message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns BindingDelta
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.iam.v1.BindingDelta;
+
+                /**
+                 * Decodes a BindingDelta message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns BindingDelta
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.iam.v1.BindingDelta;
+
+                /**
+                 * Verifies a BindingDelta message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates a BindingDelta message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns BindingDelta
+                 */
+                public static fromObject(object: { [k: string]: any }): google.iam.v1.BindingDelta;
+
+                /**
+                 * Creates a plain object from a BindingDelta message. Also converts values to other types if specified.
+                 * @param message BindingDelta
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.iam.v1.BindingDelta, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this BindingDelta to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for BindingDelta
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+
+            namespace BindingDelta {
+
+                /** Action enum. */
+                enum Action {
+                    ACTION_UNSPECIFIED = 0,
+                    ADD = 1,
+                    REMOVE = 2
+                }
+            }
+
+            /** Properties of an AuditConfigDelta. */
+            interface IAuditConfigDelta {
+
+                /** AuditConfigDelta action */
+                action?: (google.iam.v1.AuditConfigDelta.Action|keyof typeof google.iam.v1.AuditConfigDelta.Action|null);
+
+                /** AuditConfigDelta service */
+                service?: (string|null);
+
+                /** AuditConfigDelta exemptedMember */
+                exemptedMember?: (string|null);
+
+                /** AuditConfigDelta logType */
+                logType?: (string|null);
+            }
+
+            /** Represents an AuditConfigDelta. */
+            class AuditConfigDelta implements IAuditConfigDelta {
+
+                /**
+                 * Constructs a new AuditConfigDelta.
+                 * @param [properties] Properties to set
+                 */
+                constructor(properties?: google.iam.v1.IAuditConfigDelta);
+
+                /** AuditConfigDelta action. */
+                public action: (google.iam.v1.AuditConfigDelta.Action|keyof typeof google.iam.v1.AuditConfigDelta.Action);
+
+                /** AuditConfigDelta service. */
+                public service: string;
+
+                /** AuditConfigDelta exemptedMember. */
+                public exemptedMember: string;
+
+                /** AuditConfigDelta logType. */
+                public logType: string;
+
+                /**
+                 * Creates a new AuditConfigDelta instance using the specified properties.
+                 * @param [properties] Properties to set
+                 * @returns AuditConfigDelta instance
+                 */
+                public static create(properties?: google.iam.v1.IAuditConfigDelta): google.iam.v1.AuditConfigDelta;
+
+                /**
+                 * Encodes the specified AuditConfigDelta message. Does not implicitly {@link google.iam.v1.AuditConfigDelta.verify|verify} messages.
+                 * @param message AuditConfigDelta message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encode(message: google.iam.v1.IAuditConfigDelta, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Encodes the specified AuditConfigDelta message, length delimited. Does not implicitly {@link google.iam.v1.AuditConfigDelta.verify|verify} messages.
+                 * @param message AuditConfigDelta message or plain object to encode
+                 * @param [writer] Writer to encode to
+                 * @returns Writer
+                 */
+                public static encodeDelimited(message: google.iam.v1.IAuditConfigDelta, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                /**
+                 * Decodes an AuditConfigDelta message from the specified reader or buffer.
+                 * @param reader Reader or buffer to decode from
+                 * @param [length] Message length if known beforehand
+                 * @returns AuditConfigDelta
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.iam.v1.AuditConfigDelta;
+
+                /**
+                 * Decodes an AuditConfigDelta message from the specified reader or buffer, length delimited.
+                 * @param reader Reader or buffer to decode from
+                 * @returns AuditConfigDelta
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.iam.v1.AuditConfigDelta;
+
+                /**
+                 * Verifies an AuditConfigDelta message.
+                 * @param message Plain object to verify
+                 * @returns `null` if valid, otherwise the reason why it is not
+                 */
+                public static verify(message: { [k: string]: any }): (string|null);
+
+                /**
+                 * Creates an AuditConfigDelta message from a plain object. Also converts values to their respective internal types.
+                 * @param object Plain object
+                 * @returns AuditConfigDelta
+                 */
+                public static fromObject(object: { [k: string]: any }): google.iam.v1.AuditConfigDelta;
+
+                /**
+                 * Creates a plain object from an AuditConfigDelta message. Also converts values to other types if specified.
+                 * @param message AuditConfigDelta
+                 * @param [options] Conversion options
+                 * @returns Plain object
+                 */
+                public static toObject(message: google.iam.v1.AuditConfigDelta, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                /**
+                 * Converts this AuditConfigDelta to JSON.
+                 * @returns JSON object
+                 */
+                public toJSON(): { [k: string]: any };
+
+                /**
+                 * Gets the default type url for AuditConfigDelta
+                 * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns The default type url
+                 */
+                public static getTypeUrl(typeUrlPrefix?: string): string;
+            }
+
+            namespace AuditConfigDelta {
+
+                /** Action enum. */
+                enum Action {
+                    ACTION_UNSPECIFIED = 0,
+                    ADD = 1,
+                    REMOVE = 2
+                }
+            }
+        }
+    }
+
+    /** Namespace type. */
+    namespace type {
+
+        /** Properties of an Expr. */
+        interface IExpr {
+
+            /** Expr expression */
+            expression?: (string|null);
+
+            /** Expr title */
+            title?: (string|null);
+
+            /** Expr description */
+            description?: (string|null);
+
+            /** Expr location */
+            location?: (string|null);
+        }
+
+        /** Represents an Expr. */
+        class Expr implements IExpr {
+
+            /**
+             * Constructs a new Expr.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.type.IExpr);
+
+            /** Expr expression. */
+            public expression: string;
+
+            /** Expr title. */
+            public title: string;
+
+            /** Expr description. */
+            public description: string;
+
+            /** Expr location. */
+            public location: string;
+
+            /**
+             * Creates a new Expr instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns Expr instance
+             */
+            public static create(properties?: google.type.IExpr): google.type.Expr;
+
+            /**
+             * Encodes the specified Expr message. Does not implicitly {@link google.type.Expr.verify|verify} messages.
+             * @param message Expr message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.type.IExpr, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified Expr message, length delimited. Does not implicitly {@link google.type.Expr.verify|verify} messages.
+             * @param message Expr message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.type.IExpr, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes an Expr message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns Expr
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.type.Expr;
+
+            /**
+             * Decodes an Expr message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns Expr
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.type.Expr;
+
+            /**
+             * Verifies an Expr message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates an Expr message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns Expr
+             */
+            public static fromObject(object: { [k: string]: any }): google.type.Expr;
+
+            /**
+             * Creates a plain object from an Expr message. Also converts values to other types if specified.
+             * @param message Expr
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.type.Expr, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this Expr to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for Expr
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+    }
+
+    /** Namespace longrunning. */
+    namespace longrunning {
+
+        /** Represents an Operations */
+        class Operations extends $protobuf.rpc.Service {
+
+            /**
+             * Constructs a new Operations service.
+             * @param rpcImpl RPC implementation
+             * @param [requestDelimited=false] Whether requests are length-delimited
+             * @param [responseDelimited=false] Whether responses are length-delimited
+             */
+            constructor(rpcImpl: $protobuf.RPCImpl, requestDelimited?: boolean, responseDelimited?: boolean);
+
+            /**
+             * Creates new Operations service using the specified rpc implementation.
+             * @param rpcImpl RPC implementation
+             * @param [requestDelimited=false] Whether requests are length-delimited
+             * @param [responseDelimited=false] Whether responses are length-delimited
+             * @returns RPC service. Useful where requests and/or responses are streamed.
+             */
+            public static create(rpcImpl: $protobuf.RPCImpl, requestDelimited?: boolean, responseDelimited?: boolean): Operations;
+
+            /**
+             * Calls ListOperations.
+             * @param request ListOperationsRequest message or plain object
+             * @param callback Node-style callback called with the error, if any, and ListOperationsResponse
+             */
+            public listOperations(request: google.longrunning.IListOperationsRequest, callback: google.longrunning.Operations.ListOperationsCallback): void;
+
+            /**
+             * Calls ListOperations.
+             * @param request ListOperationsRequest message or plain object
+             * @returns Promise
+             */
+            public listOperations(request: google.longrunning.IListOperationsRequest): Promise<google.longrunning.ListOperationsResponse>;
+
+            /**
+             * Calls GetOperation.
+             * @param request GetOperationRequest message or plain object
+             * @param callback Node-style callback called with the error, if any, and Operation
+             */
+            public getOperation(request: google.longrunning.IGetOperationRequest, callback: google.longrunning.Operations.GetOperationCallback): void;
+
+            /**
+             * Calls GetOperation.
+             * @param request GetOperationRequest message or plain object
+             * @returns Promise
+             */
+            public getOperation(request: google.longrunning.IGetOperationRequest): Promise<google.longrunning.Operation>;
+
+            /**
+             * Calls DeleteOperation.
+             * @param request DeleteOperationRequest message or plain object
+             * @param callback Node-style callback called with the error, if any, and Empty
+             */
+            public deleteOperation(request: google.longrunning.IDeleteOperationRequest, callback: google.longrunning.Operations.DeleteOperationCallback): void;
+
+            /**
+             * Calls DeleteOperation.
+             * @param request DeleteOperationRequest message or plain object
+             * @returns Promise
+             */
+            public deleteOperation(request: google.longrunning.IDeleteOperationRequest): Promise<google.protobuf.Empty>;
+
+            /**
+             * Calls CancelOperation.
+             * @param request CancelOperationRequest message or plain object
+             * @param callback Node-style callback called with the error, if any, and Empty
+             */
+            public cancelOperation(request: google.longrunning.ICancelOperationRequest, callback: google.longrunning.Operations.CancelOperationCallback): void;
+
+            /**
+             * Calls CancelOperation.
+             * @param request CancelOperationRequest message or plain object
+             * @returns Promise
+             */
+            public cancelOperation(request: google.longrunning.ICancelOperationRequest): Promise<google.protobuf.Empty>;
+
+            /**
+             * Calls WaitOperation.
+             * @param request WaitOperationRequest message or plain object
+             * @param callback Node-style callback called with the error, if any, and Operation
+             */
+            public waitOperation(request: google.longrunning.IWaitOperationRequest, callback: google.longrunning.Operations.WaitOperationCallback): void;
+
+            /**
+             * Calls WaitOperation.
+             * @param request WaitOperationRequest message or plain object
+             * @returns Promise
+             */
+            public waitOperation(request: google.longrunning.IWaitOperationRequest): Promise<google.longrunning.Operation>;
+        }
+
+        namespace Operations {
+
+            /**
+             * Callback as used by {@link google.longrunning.Operations|listOperations}.
+             * @param error Error, if any
+             * @param [response] ListOperationsResponse
+             */
+            type ListOperationsCallback = (error: (Error|null), response?: google.longrunning.ListOperationsResponse) => void;
+
+            /**
+             * Callback as used by {@link google.longrunning.Operations|getOperation}.
+             * @param error Error, if any
+             * @param [response] Operation
+             */
+            type GetOperationCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+
+            /**
+             * Callback as used by {@link google.longrunning.Operations|deleteOperation}.
+             * @param error Error, if any
+             * @param [response] Empty
+             */
+            type DeleteOperationCallback = (error: (Error|null), response?: google.protobuf.Empty) => void;
+
+            /**
+             * Callback as used by {@link google.longrunning.Operations|cancelOperation}.
+             * @param error Error, if any
+             * @param [response] Empty
+             */
+            type CancelOperationCallback = (error: (Error|null), response?: google.protobuf.Empty) => void;
+
+            /**
+             * Callback as used by {@link google.longrunning.Operations|waitOperation}.
+             * @param error Error, if any
+             * @param [response] Operation
+             */
+            type WaitOperationCallback = (error: (Error|null), response?: google.longrunning.Operation) => void;
+        }
+
+        /** Properties of an Operation. */
+        interface IOperation {
+
+            /** Operation name */
+            name?: (string|null);
+
+            /** Operation metadata */
+            metadata?: (google.protobuf.IAny|null);
+
+            /** Operation done */
+            done?: (boolean|null);
+
+            /** Operation error */
+            error?: (google.rpc.IStatus|null);
+
+            /** Operation response */
+            response?: (google.protobuf.IAny|null);
+        }
+
+        /** Represents an Operation. */
+        class Operation implements IOperation {
+
+            /**
+             * Constructs a new Operation.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.longrunning.IOperation);
+
+            /** Operation name. */
+            public name: string;
+
+            /** Operation metadata. */
+            public metadata?: (google.protobuf.IAny|null);
+
+            /** Operation done. */
+            public done: boolean;
+
+            /** Operation error. */
+            public error?: (google.rpc.IStatus|null);
+
+            /** Operation response. */
+            public response?: (google.protobuf.IAny|null);
+
+            /** Operation result. */
+            public result?: ("error"|"response");
+
+            /**
+             * Creates a new Operation instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns Operation instance
+             */
+            public static create(properties?: google.longrunning.IOperation): google.longrunning.Operation;
+
+            /**
+             * Encodes the specified Operation message. Does not implicitly {@link google.longrunning.Operation.verify|verify} messages.
+             * @param message Operation message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.longrunning.IOperation, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified Operation message, length delimited. Does not implicitly {@link google.longrunning.Operation.verify|verify} messages.
+             * @param message Operation message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.longrunning.IOperation, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes an Operation message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns Operation
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.longrunning.Operation;
+
+            /**
+             * Decodes an Operation message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns Operation
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.longrunning.Operation;
+
+            /**
+             * Verifies an Operation message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates an Operation message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns Operation
+             */
+            public static fromObject(object: { [k: string]: any }): google.longrunning.Operation;
+
+            /**
+             * Creates a plain object from an Operation message. Also converts values to other types if specified.
+             * @param message Operation
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.longrunning.Operation, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this Operation to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for Operation
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a GetOperationRequest. */
+        interface IGetOperationRequest {
+
+            /** GetOperationRequest name */
+            name?: (string|null);
+        }
+
+        /** Represents a GetOperationRequest. */
+        class GetOperationRequest implements IGetOperationRequest {
+
+            /**
+             * Constructs a new GetOperationRequest.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.longrunning.IGetOperationRequest);
+
+            /** GetOperationRequest name. */
+            public name: string;
+
+            /**
+             * Creates a new GetOperationRequest instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns GetOperationRequest instance
+             */
+            public static create(properties?: google.longrunning.IGetOperationRequest): google.longrunning.GetOperationRequest;
+
+            /**
+             * Encodes the specified GetOperationRequest message. Does not implicitly {@link google.longrunning.GetOperationRequest.verify|verify} messages.
+             * @param message GetOperationRequest message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.longrunning.IGetOperationRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified GetOperationRequest message, length delimited. Does not implicitly {@link google.longrunning.GetOperationRequest.verify|verify} messages.
+             * @param message GetOperationRequest message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.longrunning.IGetOperationRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a GetOperationRequest message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns GetOperationRequest
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.longrunning.GetOperationRequest;
+
+            /**
+             * Decodes a GetOperationRequest message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns GetOperationRequest
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.longrunning.GetOperationRequest;
+
+            /**
+             * Verifies a GetOperationRequest message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a GetOperationRequest message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns GetOperationRequest
+             */
+            public static fromObject(object: { [k: string]: any }): google.longrunning.GetOperationRequest;
+
+            /**
+             * Creates a plain object from a GetOperationRequest message. Also converts values to other types if specified.
+             * @param message GetOperationRequest
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.longrunning.GetOperationRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this GetOperationRequest to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for GetOperationRequest
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a ListOperationsRequest. */
+        interface IListOperationsRequest {
+
+            /** ListOperationsRequest name */
+            name?: (string|null);
+
+            /** ListOperationsRequest filter */
+            filter?: (string|null);
+
+            /** ListOperationsRequest pageSize */
+            pageSize?: (number|null);
+
+            /** ListOperationsRequest pageToken */
+            pageToken?: (string|null);
+        }
+
+        /** Represents a ListOperationsRequest. */
+        class ListOperationsRequest implements IListOperationsRequest {
+
+            /**
+             * Constructs a new ListOperationsRequest.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.longrunning.IListOperationsRequest);
+
+            /** ListOperationsRequest name. */
+            public name: string;
+
+            /** ListOperationsRequest filter. */
+            public filter: string;
+
+            /** ListOperationsRequest pageSize. */
+            public pageSize: number;
+
+            /** ListOperationsRequest pageToken. */
+            public pageToken: string;
+
+            /**
+             * Creates a new ListOperationsRequest instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns ListOperationsRequest instance
+             */
+            public static create(properties?: google.longrunning.IListOperationsRequest): google.longrunning.ListOperationsRequest;
+
+            /**
+             * Encodes the specified ListOperationsRequest message. Does not implicitly {@link google.longrunning.ListOperationsRequest.verify|verify} messages.
+             * @param message ListOperationsRequest message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.longrunning.IListOperationsRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified ListOperationsRequest message, length delimited. Does not implicitly {@link google.longrunning.ListOperationsRequest.verify|verify} messages.
+             * @param message ListOperationsRequest message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.longrunning.IListOperationsRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a ListOperationsRequest message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns ListOperationsRequest
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.longrunning.ListOperationsRequest;
+
+            /**
+             * Decodes a ListOperationsRequest message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns ListOperationsRequest
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.longrunning.ListOperationsRequest;
+
+            /**
+             * Verifies a ListOperationsRequest message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a ListOperationsRequest message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns ListOperationsRequest
+             */
+            public static fromObject(object: { [k: string]: any }): google.longrunning.ListOperationsRequest;
+
+            /**
+             * Creates a plain object from a ListOperationsRequest message. Also converts values to other types if specified.
+             * @param message ListOperationsRequest
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.longrunning.ListOperationsRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this ListOperationsRequest to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for ListOperationsRequest
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a ListOperationsResponse. */
+        interface IListOperationsResponse {
+
+            /** ListOperationsResponse operations */
+            operations?: (google.longrunning.IOperation[]|null);
+
+            /** ListOperationsResponse nextPageToken */
+            nextPageToken?: (string|null);
+        }
+
+        /** Represents a ListOperationsResponse. */
+        class ListOperationsResponse implements IListOperationsResponse {
+
+            /**
+             * Constructs a new ListOperationsResponse.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.longrunning.IListOperationsResponse);
+
+            /** ListOperationsResponse operations. */
+            public operations: google.longrunning.IOperation[];
+
+            /** ListOperationsResponse nextPageToken. */
+            public nextPageToken: string;
+
+            /**
+             * Creates a new ListOperationsResponse instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns ListOperationsResponse instance
+             */
+            public static create(properties?: google.longrunning.IListOperationsResponse): google.longrunning.ListOperationsResponse;
+
+            /**
+             * Encodes the specified ListOperationsResponse message. Does not implicitly {@link google.longrunning.ListOperationsResponse.verify|verify} messages.
+             * @param message ListOperationsResponse message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.longrunning.IListOperationsResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified ListOperationsResponse message, length delimited. Does not implicitly {@link google.longrunning.ListOperationsResponse.verify|verify} messages.
+             * @param message ListOperationsResponse message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.longrunning.IListOperationsResponse, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a ListOperationsResponse message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns ListOperationsResponse
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.longrunning.ListOperationsResponse;
+
+            /**
+             * Decodes a ListOperationsResponse message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns ListOperationsResponse
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.longrunning.ListOperationsResponse;
+
+            /**
+             * Verifies a ListOperationsResponse message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a ListOperationsResponse message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns ListOperationsResponse
+             */
+            public static fromObject(object: { [k: string]: any }): google.longrunning.ListOperationsResponse;
+
+            /**
+             * Creates a plain object from a ListOperationsResponse message. Also converts values to other types if specified.
+             * @param message ListOperationsResponse
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.longrunning.ListOperationsResponse, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this ListOperationsResponse to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for ListOperationsResponse
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a CancelOperationRequest. */
+        interface ICancelOperationRequest {
+
+            /** CancelOperationRequest name */
+            name?: (string|null);
+        }
+
+        /** Represents a CancelOperationRequest. */
+        class CancelOperationRequest implements ICancelOperationRequest {
+
+            /**
+             * Constructs a new CancelOperationRequest.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.longrunning.ICancelOperationRequest);
+
+            /** CancelOperationRequest name. */
+            public name: string;
+
+            /**
+             * Creates a new CancelOperationRequest instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns CancelOperationRequest instance
+             */
+            public static create(properties?: google.longrunning.ICancelOperationRequest): google.longrunning.CancelOperationRequest;
+
+            /**
+             * Encodes the specified CancelOperationRequest message. Does not implicitly {@link google.longrunning.CancelOperationRequest.verify|verify} messages.
+             * @param message CancelOperationRequest message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.longrunning.ICancelOperationRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified CancelOperationRequest message, length delimited. Does not implicitly {@link google.longrunning.CancelOperationRequest.verify|verify} messages.
+             * @param message CancelOperationRequest message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.longrunning.ICancelOperationRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a CancelOperationRequest message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns CancelOperationRequest
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.longrunning.CancelOperationRequest;
+
+            /**
+             * Decodes a CancelOperationRequest message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns CancelOperationRequest
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.longrunning.CancelOperationRequest;
+
+            /**
+             * Verifies a CancelOperationRequest message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a CancelOperationRequest message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns CancelOperationRequest
+             */
+            public static fromObject(object: { [k: string]: any }): google.longrunning.CancelOperationRequest;
+
+            /**
+             * Creates a plain object from a CancelOperationRequest message. Also converts values to other types if specified.
+             * @param message CancelOperationRequest
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.longrunning.CancelOperationRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this CancelOperationRequest to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for CancelOperationRequest
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a DeleteOperationRequest. */
+        interface IDeleteOperationRequest {
+
+            /** DeleteOperationRequest name */
+            name?: (string|null);
+        }
+
+        /** Represents a DeleteOperationRequest. */
+        class DeleteOperationRequest implements IDeleteOperationRequest {
+
+            /**
+             * Constructs a new DeleteOperationRequest.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.longrunning.IDeleteOperationRequest);
+
+            /** DeleteOperationRequest name. */
+            public name: string;
+
+            /**
+             * Creates a new DeleteOperationRequest instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns DeleteOperationRequest instance
+             */
+            public static create(properties?: google.longrunning.IDeleteOperationRequest): google.longrunning.DeleteOperationRequest;
+
+            /**
+             * Encodes the specified DeleteOperationRequest message. Does not implicitly {@link google.longrunning.DeleteOperationRequest.verify|verify} messages.
+             * @param message DeleteOperationRequest message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.longrunning.IDeleteOperationRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified DeleteOperationRequest message, length delimited. Does not implicitly {@link google.longrunning.DeleteOperationRequest.verify|verify} messages.
+             * @param message DeleteOperationRequest message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.longrunning.IDeleteOperationRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a DeleteOperationRequest message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns DeleteOperationRequest
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.longrunning.DeleteOperationRequest;
+
+            /**
+             * Decodes a DeleteOperationRequest message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns DeleteOperationRequest
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.longrunning.DeleteOperationRequest;
+
+            /**
+             * Verifies a DeleteOperationRequest message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a DeleteOperationRequest message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns DeleteOperationRequest
+             */
+            public static fromObject(object: { [k: string]: any }): google.longrunning.DeleteOperationRequest;
+
+            /**
+             * Creates a plain object from a DeleteOperationRequest message. Also converts values to other types if specified.
+             * @param message DeleteOperationRequest
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.longrunning.DeleteOperationRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this DeleteOperationRequest to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for DeleteOperationRequest
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of a WaitOperationRequest. */
+        interface IWaitOperationRequest {
+
+            /** WaitOperationRequest name */
+            name?: (string|null);
+
+            /** WaitOperationRequest timeout */
+            timeout?: (google.protobuf.IDuration|null);
+        }
+
+        /** Represents a WaitOperationRequest. */
+        class WaitOperationRequest implements IWaitOperationRequest {
+
+            /**
+             * Constructs a new WaitOperationRequest.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.longrunning.IWaitOperationRequest);
+
+            /** WaitOperationRequest name. */
+            public name: string;
+
+            /** WaitOperationRequest timeout. */
+            public timeout?: (google.protobuf.IDuration|null);
+
+            /**
+             * Creates a new WaitOperationRequest instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns WaitOperationRequest instance
+             */
+            public static create(properties?: google.longrunning.IWaitOperationRequest): google.longrunning.WaitOperationRequest;
+
+            /**
+             * Encodes the specified WaitOperationRequest message. Does not implicitly {@link google.longrunning.WaitOperationRequest.verify|verify} messages.
+             * @param message WaitOperationRequest message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.longrunning.IWaitOperationRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified WaitOperationRequest message, length delimited. Does not implicitly {@link google.longrunning.WaitOperationRequest.verify|verify} messages.
+             * @param message WaitOperationRequest message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.longrunning.IWaitOperationRequest, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a WaitOperationRequest message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns WaitOperationRequest
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.longrunning.WaitOperationRequest;
+
+            /**
+             * Decodes a WaitOperationRequest message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns WaitOperationRequest
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.longrunning.WaitOperationRequest;
+
+            /**
+             * Verifies a WaitOperationRequest message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a WaitOperationRequest message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns WaitOperationRequest
+             */
+            public static fromObject(object: { [k: string]: any }): google.longrunning.WaitOperationRequest;
+
+            /**
+             * Creates a plain object from a WaitOperationRequest message. Also converts values to other types if specified.
+             * @param message WaitOperationRequest
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.longrunning.WaitOperationRequest, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this WaitOperationRequest to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for WaitOperationRequest
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+
+        /** Properties of an OperationInfo. */
+        interface IOperationInfo {
+
+            /** OperationInfo responseType */
+            responseType?: (string|null);
+
+            /** OperationInfo metadataType */
+            metadataType?: (string|null);
+        }
+
+        /** Represents an OperationInfo. */
+        class OperationInfo implements IOperationInfo {
+
+            /**
+             * Constructs a new OperationInfo.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.longrunning.IOperationInfo);
+
+            /** OperationInfo responseType. */
+            public responseType: string;
+
+            /** OperationInfo metadataType. */
+            public metadataType: string;
+
+            /**
+             * Creates a new OperationInfo instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns OperationInfo instance
+             */
+            public static create(properties?: google.longrunning.IOperationInfo): google.longrunning.OperationInfo;
+
+            /**
+             * Encodes the specified OperationInfo message. Does not implicitly {@link google.longrunning.OperationInfo.verify|verify} messages.
+             * @param message OperationInfo message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.longrunning.IOperationInfo, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified OperationInfo message, length delimited. Does not implicitly {@link google.longrunning.OperationInfo.verify|verify} messages.
+             * @param message OperationInfo message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.longrunning.IOperationInfo, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes an OperationInfo message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns OperationInfo
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.longrunning.OperationInfo;
+
+            /**
+             * Decodes an OperationInfo message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns OperationInfo
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.longrunning.OperationInfo;
+
+            /**
+             * Verifies an OperationInfo message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates an OperationInfo message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns OperationInfo
+             */
+            public static fromObject(object: { [k: string]: any }): google.longrunning.OperationInfo;
+
+            /**
+             * Creates a plain object from an OperationInfo message. Also converts values to other types if specified.
+             * @param message OperationInfo
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.longrunning.OperationInfo, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this OperationInfo to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for OperationInfo
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+    }
+
+    /** Namespace rpc. */
+    namespace rpc {
+
+        /** Properties of a Status. */
+        interface IStatus {
+
+            /** Status code */
+            code?: (number|null);
+
+            /** Status message */
+            message?: (string|null);
+
+            /** Status details */
+            details?: (google.protobuf.IAny[]|null);
+        }
+
+        /** Represents a Status. */
+        class Status implements IStatus {
+
+            /**
+             * Constructs a new Status.
+             * @param [properties] Properties to set
+             */
+            constructor(properties?: google.rpc.IStatus);
+
+            /** Status code. */
+            public code: number;
+
+            /** Status message. */
+            public message: string;
+
+            /** Status details. */
+            public details: google.protobuf.IAny[];
+
+            /**
+             * Creates a new Status instance using the specified properties.
+             * @param [properties] Properties to set
+             * @returns Status instance
+             */
+            public static create(properties?: google.rpc.IStatus): google.rpc.Status;
+
+            /**
+             * Encodes the specified Status message. Does not implicitly {@link google.rpc.Status.verify|verify} messages.
+             * @param message Status message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encode(message: google.rpc.IStatus, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Encodes the specified Status message, length delimited. Does not implicitly {@link google.rpc.Status.verify|verify} messages.
+             * @param message Status message or plain object to encode
+             * @param [writer] Writer to encode to
+             * @returns Writer
+             */
+            public static encodeDelimited(message: google.rpc.IStatus, writer?: $protobuf.Writer): $protobuf.Writer;
+
+            /**
+             * Decodes a Status message from the specified reader or buffer.
+             * @param reader Reader or buffer to decode from
+             * @param [length] Message length if known beforehand
+             * @returns Status
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.rpc.Status;
+
+            /**
+             * Decodes a Status message from the specified reader or buffer, length delimited.
+             * @param reader Reader or buffer to decode from
+             * @returns Status
+             * @throws {Error} If the payload is not a reader or valid buffer
+             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+             */
+            public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.rpc.Status;
+
+            /**
+             * Verifies a Status message.
+             * @param message Plain object to verify
+             * @returns `null` if valid, otherwise the reason why it is not
+             */
+            public static verify(message: { [k: string]: any }): (string|null);
+
+            /**
+             * Creates a Status message from a plain object. Also converts values to their respective internal types.
+             * @param object Plain object
+             * @returns Status
+             */
+            public static fromObject(object: { [k: string]: any }): google.rpc.Status;
+
+            /**
+             * Creates a plain object from a Status message. Also converts values to other types if specified.
+             * @param message Status
+             * @param [options] Conversion options
+             * @returns Plain object
+             */
+            public static toObject(message: google.rpc.Status, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+            /**
+             * Converts this Status to JSON.
+             * @returns JSON object
+             */
+            public toJSON(): { [k: string]: any };
+
+            /**
+             * Gets the default type url for Status
+             * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+             * @returns The default type url
+             */
+            public static getTypeUrl(typeUrlPrefix?: string): string;
+        }
+    }
+}
diff --git a/packages/google-identity-accesscontextmanager/protos/protos.js b/packages/google-identity-accesscontextmanager/protos/protos.js
new file mode 100644
index 00000000000..148fd988624
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/protos/protos.js
@@ -0,0 +1,32620 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/*eslint-disable block-scoped-var, id-length, no-control-regex, no-magic-numbers, no-prototype-builtins, no-redeclare, no-shadow, no-var, sort-vars*/
+(function(global, factory) { /* global define, require, module */
+
+    /* AMD */ if (typeof define === 'function' && define.amd)
+        define(["protobufjs/minimal"], factory);
+
+    /* CommonJS */ else if (typeof require === 'function' && typeof module === 'object' && module && module.exports)
+        module.exports = factory(require("google-gax/build/src/protobuf").protobufMinimal);
+
+})(this, function($protobuf) {
+    "use strict";
+
+    // Common aliases
+    var $Reader = $protobuf.Reader, $Writer = $protobuf.Writer, $util = $protobuf.util;
+    
+    // Exported root namespace
+    var $root = $protobuf.roots._google_cloud_access_context_manager_protos || ($protobuf.roots._google_cloud_access_context_manager_protos = {});
+    
+    $root.google = (function() {
+    
+        /**
+         * Namespace google.
+         * @exports google
+         * @namespace
+         */
+        var google = {};
+    
+        google.identity = (function() {
+    
+            /**
+             * Namespace identity.
+             * @memberof google
+             * @namespace
+             */
+            var identity = {};
+    
+            identity.accesscontextmanager = (function() {
+    
+                /**
+                 * Namespace accesscontextmanager.
+                 * @memberof google.identity
+                 * @namespace
+                 */
+                var accesscontextmanager = {};
+    
+                accesscontextmanager.type = (function() {
+    
+                    /**
+                     * Namespace type.
+                     * @memberof google.identity.accesscontextmanager
+                     * @namespace
+                     */
+                    var type = {};
+    
+                    /**
+                     * DeviceEncryptionStatus enum.
+                     * @name google.identity.accesscontextmanager.type.DeviceEncryptionStatus
+                     * @enum {number}
+                     * @property {number} ENCRYPTION_UNSPECIFIED=0 ENCRYPTION_UNSPECIFIED value
+                     * @property {number} ENCRYPTION_UNSUPPORTED=1 ENCRYPTION_UNSUPPORTED value
+                     * @property {number} UNENCRYPTED=2 UNENCRYPTED value
+                     * @property {number} ENCRYPTED=3 ENCRYPTED value
+                     */
+                    type.DeviceEncryptionStatus = (function() {
+                        var valuesById = {}, values = Object.create(valuesById);
+                        values[valuesById[0] = "ENCRYPTION_UNSPECIFIED"] = 0;
+                        values[valuesById[1] = "ENCRYPTION_UNSUPPORTED"] = 1;
+                        values[valuesById[2] = "UNENCRYPTED"] = 2;
+                        values[valuesById[3] = "ENCRYPTED"] = 3;
+                        return values;
+                    })();
+    
+                    /**
+                     * OsType enum.
+                     * @name google.identity.accesscontextmanager.type.OsType
+                     * @enum {number}
+                     * @property {number} OS_UNSPECIFIED=0 OS_UNSPECIFIED value
+                     * @property {number} DESKTOP_MAC=1 DESKTOP_MAC value
+                     * @property {number} DESKTOP_WINDOWS=2 DESKTOP_WINDOWS value
+                     * @property {number} DESKTOP_LINUX=3 DESKTOP_LINUX value
+                     * @property {number} DESKTOP_CHROME_OS=6 DESKTOP_CHROME_OS value
+                     * @property {number} ANDROID=4 ANDROID value
+                     * @property {number} IOS=5 IOS value
+                     */
+                    type.OsType = (function() {
+                        var valuesById = {}, values = Object.create(valuesById);
+                        values[valuesById[0] = "OS_UNSPECIFIED"] = 0;
+                        values[valuesById[1] = "DESKTOP_MAC"] = 1;
+                        values[valuesById[2] = "DESKTOP_WINDOWS"] = 2;
+                        values[valuesById[3] = "DESKTOP_LINUX"] = 3;
+                        values[valuesById[6] = "DESKTOP_CHROME_OS"] = 6;
+                        values[valuesById[4] = "ANDROID"] = 4;
+                        values[valuesById[5] = "IOS"] = 5;
+                        return values;
+                    })();
+    
+                    /**
+                     * DeviceManagementLevel enum.
+                     * @name google.identity.accesscontextmanager.type.DeviceManagementLevel
+                     * @enum {number}
+                     * @property {number} MANAGEMENT_UNSPECIFIED=0 MANAGEMENT_UNSPECIFIED value
+                     * @property {number} NONE=1 NONE value
+                     * @property {number} BASIC=2 BASIC value
+                     * @property {number} COMPLETE=3 COMPLETE value
+                     */
+                    type.DeviceManagementLevel = (function() {
+                        var valuesById = {}, values = Object.create(valuesById);
+                        values[valuesById[0] = "MANAGEMENT_UNSPECIFIED"] = 0;
+                        values[valuesById[1] = "NONE"] = 1;
+                        values[valuesById[2] = "BASIC"] = 2;
+                        values[valuesById[3] = "COMPLETE"] = 3;
+                        return values;
+                    })();
+    
+                    return type;
+                })();
+    
+                accesscontextmanager.v1 = (function() {
+    
+                    /**
+                     * Namespace v1.
+                     * @memberof google.identity.accesscontextmanager
+                     * @namespace
+                     */
+                    var v1 = {};
+    
+                    v1.AccessContextManager = (function() {
+    
+                        /**
+                         * Constructs a new AccessContextManager service.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents an AccessContextManager
+                         * @extends $protobuf.rpc.Service
+                         * @constructor
+                         * @param {$protobuf.RPCImpl} rpcImpl RPC implementation
+                         * @param {boolean} [requestDelimited=false] Whether requests are length-delimited
+                         * @param {boolean} [responseDelimited=false] Whether responses are length-delimited
+                         */
+                        function AccessContextManager(rpcImpl, requestDelimited, responseDelimited) {
+                            $protobuf.rpc.Service.call(this, rpcImpl, requestDelimited, responseDelimited);
+                        }
+    
+                        (AccessContextManager.prototype = Object.create($protobuf.rpc.Service.prototype)).constructor = AccessContextManager;
+    
+                        /**
+                         * Creates new AccessContextManager service using the specified rpc implementation.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @static
+                         * @param {$protobuf.RPCImpl} rpcImpl RPC implementation
+                         * @param {boolean} [requestDelimited=false] Whether requests are length-delimited
+                         * @param {boolean} [responseDelimited=false] Whether responses are length-delimited
+                         * @returns {AccessContextManager} RPC service. Useful where requests and/or responses are streamed.
+                         */
+                        AccessContextManager.create = function create(rpcImpl, requestDelimited, responseDelimited) {
+                            return new this(rpcImpl, requestDelimited, responseDelimited);
+                        };
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|listAccessPolicies}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef ListAccessPoliciesCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse} [response] ListAccessPoliciesResponse
+                         */
+    
+                        /**
+                         * Calls ListAccessPolicies.
+                         * @function listAccessPolicies
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest} request ListAccessPoliciesRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.ListAccessPoliciesCallback} callback Node-style callback called with the error, if any, and ListAccessPoliciesResponse
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.listAccessPolicies = function listAccessPolicies(request, callback) {
+                            return this.rpcCall(listAccessPolicies, $root.google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest, $root.google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse, request, callback);
+                        }, "name", { value: "ListAccessPolicies" });
+    
+                        /**
+                         * Calls ListAccessPolicies.
+                         * @function listAccessPolicies
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest} request ListAccessPoliciesRequest message or plain object
+                         * @returns {Promise<google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|getAccessPolicy}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef GetAccessPolicyCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.identity.accesscontextmanager.v1.AccessPolicy} [response] AccessPolicy
+                         */
+    
+                        /**
+                         * Calls GetAccessPolicy.
+                         * @function getAccessPolicy
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest} request GetAccessPolicyRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.GetAccessPolicyCallback} callback Node-style callback called with the error, if any, and AccessPolicy
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.getAccessPolicy = function getAccessPolicy(request, callback) {
+                            return this.rpcCall(getAccessPolicy, $root.google.identity.accesscontextmanager.v1.GetAccessPolicyRequest, $root.google.identity.accesscontextmanager.v1.AccessPolicy, request, callback);
+                        }, "name", { value: "GetAccessPolicy" });
+    
+                        /**
+                         * Calls GetAccessPolicy.
+                         * @function getAccessPolicy
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest} request GetAccessPolicyRequest message or plain object
+                         * @returns {Promise<google.identity.accesscontextmanager.v1.AccessPolicy>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|createAccessPolicy}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef CreateAccessPolicyCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.longrunning.Operation} [response] Operation
+                         */
+    
+                        /**
+                         * Calls CreateAccessPolicy.
+                         * @function createAccessPolicy
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IAccessPolicy} request AccessPolicy message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.CreateAccessPolicyCallback} callback Node-style callback called with the error, if any, and Operation
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.createAccessPolicy = function createAccessPolicy(request, callback) {
+                            return this.rpcCall(createAccessPolicy, $root.google.identity.accesscontextmanager.v1.AccessPolicy, $root.google.longrunning.Operation, request, callback);
+                        }, "name", { value: "CreateAccessPolicy" });
+    
+                        /**
+                         * Calls CreateAccessPolicy.
+                         * @function createAccessPolicy
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IAccessPolicy} request AccessPolicy message or plain object
+                         * @returns {Promise<google.longrunning.Operation>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|updateAccessPolicy}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef UpdateAccessPolicyCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.longrunning.Operation} [response] Operation
+                         */
+    
+                        /**
+                         * Calls UpdateAccessPolicy.
+                         * @function updateAccessPolicy
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest} request UpdateAccessPolicyRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.UpdateAccessPolicyCallback} callback Node-style callback called with the error, if any, and Operation
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.updateAccessPolicy = function updateAccessPolicy(request, callback) {
+                            return this.rpcCall(updateAccessPolicy, $root.google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest, $root.google.longrunning.Operation, request, callback);
+                        }, "name", { value: "UpdateAccessPolicy" });
+    
+                        /**
+                         * Calls UpdateAccessPolicy.
+                         * @function updateAccessPolicy
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest} request UpdateAccessPolicyRequest message or plain object
+                         * @returns {Promise<google.longrunning.Operation>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|deleteAccessPolicy}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef DeleteAccessPolicyCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.longrunning.Operation} [response] Operation
+                         */
+    
+                        /**
+                         * Calls DeleteAccessPolicy.
+                         * @function deleteAccessPolicy
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest} request DeleteAccessPolicyRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.DeleteAccessPolicyCallback} callback Node-style callback called with the error, if any, and Operation
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.deleteAccessPolicy = function deleteAccessPolicy(request, callback) {
+                            return this.rpcCall(deleteAccessPolicy, $root.google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest, $root.google.longrunning.Operation, request, callback);
+                        }, "name", { value: "DeleteAccessPolicy" });
+    
+                        /**
+                         * Calls DeleteAccessPolicy.
+                         * @function deleteAccessPolicy
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest} request DeleteAccessPolicyRequest message or plain object
+                         * @returns {Promise<google.longrunning.Operation>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|listAccessLevels}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef ListAccessLevelsCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.identity.accesscontextmanager.v1.ListAccessLevelsResponse} [response] ListAccessLevelsResponse
+                         */
+    
+                        /**
+                         * Calls ListAccessLevels.
+                         * @function listAccessLevels
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessLevelsRequest} request ListAccessLevelsRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.ListAccessLevelsCallback} callback Node-style callback called with the error, if any, and ListAccessLevelsResponse
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.listAccessLevels = function listAccessLevels(request, callback) {
+                            return this.rpcCall(listAccessLevels, $root.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest, $root.google.identity.accesscontextmanager.v1.ListAccessLevelsResponse, request, callback);
+                        }, "name", { value: "ListAccessLevels" });
+    
+                        /**
+                         * Calls ListAccessLevels.
+                         * @function listAccessLevels
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessLevelsRequest} request ListAccessLevelsRequest message or plain object
+                         * @returns {Promise<google.identity.accesscontextmanager.v1.ListAccessLevelsResponse>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|getAccessLevel}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef GetAccessLevelCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.identity.accesscontextmanager.v1.AccessLevel} [response] AccessLevel
+                         */
+    
+                        /**
+                         * Calls GetAccessLevel.
+                         * @function getAccessLevel
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IGetAccessLevelRequest} request GetAccessLevelRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.GetAccessLevelCallback} callback Node-style callback called with the error, if any, and AccessLevel
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.getAccessLevel = function getAccessLevel(request, callback) {
+                            return this.rpcCall(getAccessLevel, $root.google.identity.accesscontextmanager.v1.GetAccessLevelRequest, $root.google.identity.accesscontextmanager.v1.AccessLevel, request, callback);
+                        }, "name", { value: "GetAccessLevel" });
+    
+                        /**
+                         * Calls GetAccessLevel.
+                         * @function getAccessLevel
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IGetAccessLevelRequest} request GetAccessLevelRequest message or plain object
+                         * @returns {Promise<google.identity.accesscontextmanager.v1.AccessLevel>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|createAccessLevel}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef CreateAccessLevelCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.longrunning.Operation} [response] Operation
+                         */
+    
+                        /**
+                         * Calls CreateAccessLevel.
+                         * @function createAccessLevel
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest} request CreateAccessLevelRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.CreateAccessLevelCallback} callback Node-style callback called with the error, if any, and Operation
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.createAccessLevel = function createAccessLevel(request, callback) {
+                            return this.rpcCall(createAccessLevel, $root.google.identity.accesscontextmanager.v1.CreateAccessLevelRequest, $root.google.longrunning.Operation, request, callback);
+                        }, "name", { value: "CreateAccessLevel" });
+    
+                        /**
+                         * Calls CreateAccessLevel.
+                         * @function createAccessLevel
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest} request CreateAccessLevelRequest message or plain object
+                         * @returns {Promise<google.longrunning.Operation>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|updateAccessLevel}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef UpdateAccessLevelCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.longrunning.Operation} [response] Operation
+                         */
+    
+                        /**
+                         * Calls UpdateAccessLevel.
+                         * @function updateAccessLevel
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest} request UpdateAccessLevelRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.UpdateAccessLevelCallback} callback Node-style callback called with the error, if any, and Operation
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.updateAccessLevel = function updateAccessLevel(request, callback) {
+                            return this.rpcCall(updateAccessLevel, $root.google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest, $root.google.longrunning.Operation, request, callback);
+                        }, "name", { value: "UpdateAccessLevel" });
+    
+                        /**
+                         * Calls UpdateAccessLevel.
+                         * @function updateAccessLevel
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest} request UpdateAccessLevelRequest message or plain object
+                         * @returns {Promise<google.longrunning.Operation>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|deleteAccessLevel}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef DeleteAccessLevelCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.longrunning.Operation} [response] Operation
+                         */
+    
+                        /**
+                         * Calls DeleteAccessLevel.
+                         * @function deleteAccessLevel
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest} request DeleteAccessLevelRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.DeleteAccessLevelCallback} callback Node-style callback called with the error, if any, and Operation
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.deleteAccessLevel = function deleteAccessLevel(request, callback) {
+                            return this.rpcCall(deleteAccessLevel, $root.google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest, $root.google.longrunning.Operation, request, callback);
+                        }, "name", { value: "DeleteAccessLevel" });
+    
+                        /**
+                         * Calls DeleteAccessLevel.
+                         * @function deleteAccessLevel
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest} request DeleteAccessLevelRequest message or plain object
+                         * @returns {Promise<google.longrunning.Operation>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|replaceAccessLevels}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef ReplaceAccessLevelsCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.longrunning.Operation} [response] Operation
+                         */
+    
+                        /**
+                         * Calls ReplaceAccessLevels.
+                         * @function replaceAccessLevels
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest} request ReplaceAccessLevelsRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.ReplaceAccessLevelsCallback} callback Node-style callback called with the error, if any, and Operation
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.replaceAccessLevels = function replaceAccessLevels(request, callback) {
+                            return this.rpcCall(replaceAccessLevels, $root.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest, $root.google.longrunning.Operation, request, callback);
+                        }, "name", { value: "ReplaceAccessLevels" });
+    
+                        /**
+                         * Calls ReplaceAccessLevels.
+                         * @function replaceAccessLevels
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest} request ReplaceAccessLevelsRequest message or plain object
+                         * @returns {Promise<google.longrunning.Operation>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|listServicePerimeters}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef ListServicePerimetersCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.identity.accesscontextmanager.v1.ListServicePerimetersResponse} [response] ListServicePerimetersResponse
+                         */
+    
+                        /**
+                         * Calls ListServicePerimeters.
+                         * @function listServicePerimeters
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IListServicePerimetersRequest} request ListServicePerimetersRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.ListServicePerimetersCallback} callback Node-style callback called with the error, if any, and ListServicePerimetersResponse
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.listServicePerimeters = function listServicePerimeters(request, callback) {
+                            return this.rpcCall(listServicePerimeters, $root.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest, $root.google.identity.accesscontextmanager.v1.ListServicePerimetersResponse, request, callback);
+                        }, "name", { value: "ListServicePerimeters" });
+    
+                        /**
+                         * Calls ListServicePerimeters.
+                         * @function listServicePerimeters
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IListServicePerimetersRequest} request ListServicePerimetersRequest message or plain object
+                         * @returns {Promise<google.identity.accesscontextmanager.v1.ListServicePerimetersResponse>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|getServicePerimeter}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef GetServicePerimeterCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.identity.accesscontextmanager.v1.ServicePerimeter} [response] ServicePerimeter
+                         */
+    
+                        /**
+                         * Calls GetServicePerimeter.
+                         * @function getServicePerimeter
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest} request GetServicePerimeterRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.GetServicePerimeterCallback} callback Node-style callback called with the error, if any, and ServicePerimeter
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.getServicePerimeter = function getServicePerimeter(request, callback) {
+                            return this.rpcCall(getServicePerimeter, $root.google.identity.accesscontextmanager.v1.GetServicePerimeterRequest, $root.google.identity.accesscontextmanager.v1.ServicePerimeter, request, callback);
+                        }, "name", { value: "GetServicePerimeter" });
+    
+                        /**
+                         * Calls GetServicePerimeter.
+                         * @function getServicePerimeter
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest} request GetServicePerimeterRequest message or plain object
+                         * @returns {Promise<google.identity.accesscontextmanager.v1.ServicePerimeter>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|createServicePerimeter}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef CreateServicePerimeterCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.longrunning.Operation} [response] Operation
+                         */
+    
+                        /**
+                         * Calls CreateServicePerimeter.
+                         * @function createServicePerimeter
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest} request CreateServicePerimeterRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.CreateServicePerimeterCallback} callback Node-style callback called with the error, if any, and Operation
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.createServicePerimeter = function createServicePerimeter(request, callback) {
+                            return this.rpcCall(createServicePerimeter, $root.google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest, $root.google.longrunning.Operation, request, callback);
+                        }, "name", { value: "CreateServicePerimeter" });
+    
+                        /**
+                         * Calls CreateServicePerimeter.
+                         * @function createServicePerimeter
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest} request CreateServicePerimeterRequest message or plain object
+                         * @returns {Promise<google.longrunning.Operation>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|updateServicePerimeter}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef UpdateServicePerimeterCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.longrunning.Operation} [response] Operation
+                         */
+    
+                        /**
+                         * Calls UpdateServicePerimeter.
+                         * @function updateServicePerimeter
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest} request UpdateServicePerimeterRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.UpdateServicePerimeterCallback} callback Node-style callback called with the error, if any, and Operation
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.updateServicePerimeter = function updateServicePerimeter(request, callback) {
+                            return this.rpcCall(updateServicePerimeter, $root.google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest, $root.google.longrunning.Operation, request, callback);
+                        }, "name", { value: "UpdateServicePerimeter" });
+    
+                        /**
+                         * Calls UpdateServicePerimeter.
+                         * @function updateServicePerimeter
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest} request UpdateServicePerimeterRequest message or plain object
+                         * @returns {Promise<google.longrunning.Operation>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|deleteServicePerimeter}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef DeleteServicePerimeterCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.longrunning.Operation} [response] Operation
+                         */
+    
+                        /**
+                         * Calls DeleteServicePerimeter.
+                         * @function deleteServicePerimeter
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest} request DeleteServicePerimeterRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.DeleteServicePerimeterCallback} callback Node-style callback called with the error, if any, and Operation
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.deleteServicePerimeter = function deleteServicePerimeter(request, callback) {
+                            return this.rpcCall(deleteServicePerimeter, $root.google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest, $root.google.longrunning.Operation, request, callback);
+                        }, "name", { value: "DeleteServicePerimeter" });
+    
+                        /**
+                         * Calls DeleteServicePerimeter.
+                         * @function deleteServicePerimeter
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest} request DeleteServicePerimeterRequest message or plain object
+                         * @returns {Promise<google.longrunning.Operation>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|replaceServicePerimeters}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef ReplaceServicePerimetersCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.longrunning.Operation} [response] Operation
+                         */
+    
+                        /**
+                         * Calls ReplaceServicePerimeters.
+                         * @function replaceServicePerimeters
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest} request ReplaceServicePerimetersRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.ReplaceServicePerimetersCallback} callback Node-style callback called with the error, if any, and Operation
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.replaceServicePerimeters = function replaceServicePerimeters(request, callback) {
+                            return this.rpcCall(replaceServicePerimeters, $root.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest, $root.google.longrunning.Operation, request, callback);
+                        }, "name", { value: "ReplaceServicePerimeters" });
+    
+                        /**
+                         * Calls ReplaceServicePerimeters.
+                         * @function replaceServicePerimeters
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest} request ReplaceServicePerimetersRequest message or plain object
+                         * @returns {Promise<google.longrunning.Operation>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|commitServicePerimeters}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef CommitServicePerimetersCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.longrunning.Operation} [response] Operation
+                         */
+    
+                        /**
+                         * Calls CommitServicePerimeters.
+                         * @function commitServicePerimeters
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest} request CommitServicePerimetersRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.CommitServicePerimetersCallback} callback Node-style callback called with the error, if any, and Operation
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.commitServicePerimeters = function commitServicePerimeters(request, callback) {
+                            return this.rpcCall(commitServicePerimeters, $root.google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest, $root.google.longrunning.Operation, request, callback);
+                        }, "name", { value: "CommitServicePerimeters" });
+    
+                        /**
+                         * Calls CommitServicePerimeters.
+                         * @function commitServicePerimeters
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest} request CommitServicePerimetersRequest message or plain object
+                         * @returns {Promise<google.longrunning.Operation>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|listGcpUserAccessBindings}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef ListGcpUserAccessBindingsCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse} [response] ListGcpUserAccessBindingsResponse
+                         */
+    
+                        /**
+                         * Calls ListGcpUserAccessBindings.
+                         * @function listGcpUserAccessBindings
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest} request ListGcpUserAccessBindingsRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindingsCallback} callback Node-style callback called with the error, if any, and ListGcpUserAccessBindingsResponse
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.listGcpUserAccessBindings = function listGcpUserAccessBindings(request, callback) {
+                            return this.rpcCall(listGcpUserAccessBindings, $root.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest, $root.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse, request, callback);
+                        }, "name", { value: "ListGcpUserAccessBindings" });
+    
+                        /**
+                         * Calls ListGcpUserAccessBindings.
+                         * @function listGcpUserAccessBindings
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest} request ListGcpUserAccessBindingsRequest message or plain object
+                         * @returns {Promise<google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|getGcpUserAccessBinding}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef GetGcpUserAccessBindingCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.identity.accesscontextmanager.v1.GcpUserAccessBinding} [response] GcpUserAccessBinding
+                         */
+    
+                        /**
+                         * Calls GetGcpUserAccessBinding.
+                         * @function getGcpUserAccessBinding
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest} request GetGcpUserAccessBindingRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.GetGcpUserAccessBindingCallback} callback Node-style callback called with the error, if any, and GcpUserAccessBinding
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.getGcpUserAccessBinding = function getGcpUserAccessBinding(request, callback) {
+                            return this.rpcCall(getGcpUserAccessBinding, $root.google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest, $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding, request, callback);
+                        }, "name", { value: "GetGcpUserAccessBinding" });
+    
+                        /**
+                         * Calls GetGcpUserAccessBinding.
+                         * @function getGcpUserAccessBinding
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest} request GetGcpUserAccessBindingRequest message or plain object
+                         * @returns {Promise<google.identity.accesscontextmanager.v1.GcpUserAccessBinding>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|createGcpUserAccessBinding}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef CreateGcpUserAccessBindingCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.longrunning.Operation} [response] Operation
+                         */
+    
+                        /**
+                         * Calls CreateGcpUserAccessBinding.
+                         * @function createGcpUserAccessBinding
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest} request CreateGcpUserAccessBindingRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.CreateGcpUserAccessBindingCallback} callback Node-style callback called with the error, if any, and Operation
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.createGcpUserAccessBinding = function createGcpUserAccessBinding(request, callback) {
+                            return this.rpcCall(createGcpUserAccessBinding, $root.google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest, $root.google.longrunning.Operation, request, callback);
+                        }, "name", { value: "CreateGcpUserAccessBinding" });
+    
+                        /**
+                         * Calls CreateGcpUserAccessBinding.
+                         * @function createGcpUserAccessBinding
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest} request CreateGcpUserAccessBindingRequest message or plain object
+                         * @returns {Promise<google.longrunning.Operation>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|updateGcpUserAccessBinding}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef UpdateGcpUserAccessBindingCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.longrunning.Operation} [response] Operation
+                         */
+    
+                        /**
+                         * Calls UpdateGcpUserAccessBinding.
+                         * @function updateGcpUserAccessBinding
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest} request UpdateGcpUserAccessBindingRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.UpdateGcpUserAccessBindingCallback} callback Node-style callback called with the error, if any, and Operation
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.updateGcpUserAccessBinding = function updateGcpUserAccessBinding(request, callback) {
+                            return this.rpcCall(updateGcpUserAccessBinding, $root.google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest, $root.google.longrunning.Operation, request, callback);
+                        }, "name", { value: "UpdateGcpUserAccessBinding" });
+    
+                        /**
+                         * Calls UpdateGcpUserAccessBinding.
+                         * @function updateGcpUserAccessBinding
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest} request UpdateGcpUserAccessBindingRequest message or plain object
+                         * @returns {Promise<google.longrunning.Operation>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|deleteGcpUserAccessBinding}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef DeleteGcpUserAccessBindingCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.longrunning.Operation} [response] Operation
+                         */
+    
+                        /**
+                         * Calls DeleteGcpUserAccessBinding.
+                         * @function deleteGcpUserAccessBinding
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest} request DeleteGcpUserAccessBindingRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.DeleteGcpUserAccessBindingCallback} callback Node-style callback called with the error, if any, and Operation
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.deleteGcpUserAccessBinding = function deleteGcpUserAccessBinding(request, callback) {
+                            return this.rpcCall(deleteGcpUserAccessBinding, $root.google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest, $root.google.longrunning.Operation, request, callback);
+                        }, "name", { value: "DeleteGcpUserAccessBinding" });
+    
+                        /**
+                         * Calls DeleteGcpUserAccessBinding.
+                         * @function deleteGcpUserAccessBinding
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest} request DeleteGcpUserAccessBindingRequest message or plain object
+                         * @returns {Promise<google.longrunning.Operation>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|setIamPolicy}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef SetIamPolicyCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.iam.v1.Policy} [response] Policy
+                         */
+    
+                        /**
+                         * Calls SetIamPolicy.
+                         * @function setIamPolicy
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.iam.v1.ISetIamPolicyRequest} request SetIamPolicyRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.SetIamPolicyCallback} callback Node-style callback called with the error, if any, and Policy
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.setIamPolicy = function setIamPolicy(request, callback) {
+                            return this.rpcCall(setIamPolicy, $root.google.iam.v1.SetIamPolicyRequest, $root.google.iam.v1.Policy, request, callback);
+                        }, "name", { value: "SetIamPolicy" });
+    
+                        /**
+                         * Calls SetIamPolicy.
+                         * @function setIamPolicy
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.iam.v1.ISetIamPolicyRequest} request SetIamPolicyRequest message or plain object
+                         * @returns {Promise<google.iam.v1.Policy>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|getIamPolicy}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef GetIamPolicyCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.iam.v1.Policy} [response] Policy
+                         */
+    
+                        /**
+                         * Calls GetIamPolicy.
+                         * @function getIamPolicy
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.iam.v1.IGetIamPolicyRequest} request GetIamPolicyRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.GetIamPolicyCallback} callback Node-style callback called with the error, if any, and Policy
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.getIamPolicy = function getIamPolicy(request, callback) {
+                            return this.rpcCall(getIamPolicy, $root.google.iam.v1.GetIamPolicyRequest, $root.google.iam.v1.Policy, request, callback);
+                        }, "name", { value: "GetIamPolicy" });
+    
+                        /**
+                         * Calls GetIamPolicy.
+                         * @function getIamPolicy
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.iam.v1.IGetIamPolicyRequest} request GetIamPolicyRequest message or plain object
+                         * @returns {Promise<google.iam.v1.Policy>} Promise
+                         * @variation 2
+                         */
+    
+                        /**
+                         * Callback as used by {@link google.identity.accesscontextmanager.v1.AccessContextManager|testIamPermissions}.
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @typedef TestIamPermissionsCallback
+                         * @type {function}
+                         * @param {Error|null} error Error, if any
+                         * @param {google.iam.v1.TestIamPermissionsResponse} [response] TestIamPermissionsResponse
+                         */
+    
+                        /**
+                         * Calls TestIamPermissions.
+                         * @function testIamPermissions
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.iam.v1.ITestIamPermissionsRequest} request TestIamPermissionsRequest message or plain object
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManager.TestIamPermissionsCallback} callback Node-style callback called with the error, if any, and TestIamPermissionsResponse
+                         * @returns {undefined}
+                         * @variation 1
+                         */
+                        Object.defineProperty(AccessContextManager.prototype.testIamPermissions = function testIamPermissions(request, callback) {
+                            return this.rpcCall(testIamPermissions, $root.google.iam.v1.TestIamPermissionsRequest, $root.google.iam.v1.TestIamPermissionsResponse, request, callback);
+                        }, "name", { value: "TestIamPermissions" });
+    
+                        /**
+                         * Calls TestIamPermissions.
+                         * @function testIamPermissions
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManager
+                         * @instance
+                         * @param {google.iam.v1.ITestIamPermissionsRequest} request TestIamPermissionsRequest message or plain object
+                         * @returns {Promise<google.iam.v1.TestIamPermissionsResponse>} Promise
+                         * @variation 2
+                         */
+    
+                        return AccessContextManager;
+                    })();
+    
+                    v1.ListAccessPoliciesRequest = (function() {
+    
+                        /**
+                         * Properties of a ListAccessPoliciesRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IListAccessPoliciesRequest
+                         * @property {string|null} [parent] ListAccessPoliciesRequest parent
+                         * @property {number|null} [pageSize] ListAccessPoliciesRequest pageSize
+                         * @property {string|null} [pageToken] ListAccessPoliciesRequest pageToken
+                         */
+    
+                        /**
+                         * Constructs a new ListAccessPoliciesRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a ListAccessPoliciesRequest.
+                         * @implements IListAccessPoliciesRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest=} [properties] Properties to set
+                         */
+                        function ListAccessPoliciesRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * ListAccessPoliciesRequest parent.
+                         * @member {string} parent
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest
+                         * @instance
+                         */
+                        ListAccessPoliciesRequest.prototype.parent = "";
+    
+                        /**
+                         * ListAccessPoliciesRequest pageSize.
+                         * @member {number} pageSize
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest
+                         * @instance
+                         */
+                        ListAccessPoliciesRequest.prototype.pageSize = 0;
+    
+                        /**
+                         * ListAccessPoliciesRequest pageToken.
+                         * @member {string} pageToken
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest
+                         * @instance
+                         */
+                        ListAccessPoliciesRequest.prototype.pageToken = "";
+    
+                        /**
+                         * Creates a new ListAccessPoliciesRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest} ListAccessPoliciesRequest instance
+                         */
+                        ListAccessPoliciesRequest.create = function create(properties) {
+                            return new ListAccessPoliciesRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified ListAccessPoliciesRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest} message ListAccessPoliciesRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListAccessPoliciesRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.parent != null && Object.hasOwnProperty.call(message, "parent"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.parent);
+                            if (message.pageSize != null && Object.hasOwnProperty.call(message, "pageSize"))
+                                writer.uint32(/* id 2, wireType 0 =*/16).int32(message.pageSize);
+                            if (message.pageToken != null && Object.hasOwnProperty.call(message, "pageToken"))
+                                writer.uint32(/* id 3, wireType 2 =*/26).string(message.pageToken);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified ListAccessPoliciesRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest} message ListAccessPoliciesRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListAccessPoliciesRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a ListAccessPoliciesRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest} ListAccessPoliciesRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListAccessPoliciesRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.parent = reader.string();
+                                        break;
+                                    }
+                                case 2: {
+                                        message.pageSize = reader.int32();
+                                        break;
+                                    }
+                                case 3: {
+                                        message.pageToken = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a ListAccessPoliciesRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest} ListAccessPoliciesRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListAccessPoliciesRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a ListAccessPoliciesRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        ListAccessPoliciesRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                if (!$util.isString(message.parent))
+                                    return "parent: string expected";
+                            if (message.pageSize != null && message.hasOwnProperty("pageSize"))
+                                if (!$util.isInteger(message.pageSize))
+                                    return "pageSize: integer expected";
+                            if (message.pageToken != null && message.hasOwnProperty("pageToken"))
+                                if (!$util.isString(message.pageToken))
+                                    return "pageToken: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a ListAccessPoliciesRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest} ListAccessPoliciesRequest
+                         */
+                        ListAccessPoliciesRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest();
+                            if (object.parent != null)
+                                message.parent = String(object.parent);
+                            if (object.pageSize != null)
+                                message.pageSize = object.pageSize | 0;
+                            if (object.pageToken != null)
+                                message.pageToken = String(object.pageToken);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a ListAccessPoliciesRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest} message ListAccessPoliciesRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        ListAccessPoliciesRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.parent = "";
+                                object.pageSize = 0;
+                                object.pageToken = "";
+                            }
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                object.parent = message.parent;
+                            if (message.pageSize != null && message.hasOwnProperty("pageSize"))
+                                object.pageSize = message.pageSize;
+                            if (message.pageToken != null && message.hasOwnProperty("pageToken"))
+                                object.pageToken = message.pageToken;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this ListAccessPoliciesRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        ListAccessPoliciesRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for ListAccessPoliciesRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        ListAccessPoliciesRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest";
+                        };
+    
+                        return ListAccessPoliciesRequest;
+                    })();
+    
+                    v1.ListAccessPoliciesResponse = (function() {
+    
+                        /**
+                         * Properties of a ListAccessPoliciesResponse.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IListAccessPoliciesResponse
+                         * @property {Array.<google.identity.accesscontextmanager.v1.IAccessPolicy>|null} [accessPolicies] ListAccessPoliciesResponse accessPolicies
+                         * @property {string|null} [nextPageToken] ListAccessPoliciesResponse nextPageToken
+                         */
+    
+                        /**
+                         * Constructs a new ListAccessPoliciesResponse.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a ListAccessPoliciesResponse.
+                         * @implements IListAccessPoliciesResponse
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessPoliciesResponse=} [properties] Properties to set
+                         */
+                        function ListAccessPoliciesResponse(properties) {
+                            this.accessPolicies = [];
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * ListAccessPoliciesResponse accessPolicies.
+                         * @member {Array.<google.identity.accesscontextmanager.v1.IAccessPolicy>} accessPolicies
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse
+                         * @instance
+                         */
+                        ListAccessPoliciesResponse.prototype.accessPolicies = $util.emptyArray;
+    
+                        /**
+                         * ListAccessPoliciesResponse nextPageToken.
+                         * @member {string} nextPageToken
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse
+                         * @instance
+                         */
+                        ListAccessPoliciesResponse.prototype.nextPageToken = "";
+    
+                        /**
+                         * Creates a new ListAccessPoliciesResponse instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessPoliciesResponse=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse} ListAccessPoliciesResponse instance
+                         */
+                        ListAccessPoliciesResponse.create = function create(properties) {
+                            return new ListAccessPoliciesResponse(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified ListAccessPoliciesResponse message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessPoliciesResponse} message ListAccessPoliciesResponse message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListAccessPoliciesResponse.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.accessPolicies != null && message.accessPolicies.length)
+                                for (var i = 0; i < message.accessPolicies.length; ++i)
+                                    $root.google.identity.accesscontextmanager.v1.AccessPolicy.encode(message.accessPolicies[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                            if (message.nextPageToken != null && Object.hasOwnProperty.call(message, "nextPageToken"))
+                                writer.uint32(/* id 2, wireType 2 =*/18).string(message.nextPageToken);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified ListAccessPoliciesResponse message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessPoliciesResponse} message ListAccessPoliciesResponse message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListAccessPoliciesResponse.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a ListAccessPoliciesResponse message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse} ListAccessPoliciesResponse
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListAccessPoliciesResponse.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        if (!(message.accessPolicies && message.accessPolicies.length))
+                                            message.accessPolicies = [];
+                                        message.accessPolicies.push($root.google.identity.accesscontextmanager.v1.AccessPolicy.decode(reader, reader.uint32()));
+                                        break;
+                                    }
+                                case 2: {
+                                        message.nextPageToken = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a ListAccessPoliciesResponse message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse} ListAccessPoliciesResponse
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListAccessPoliciesResponse.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a ListAccessPoliciesResponse message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        ListAccessPoliciesResponse.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.accessPolicies != null && message.hasOwnProperty("accessPolicies")) {
+                                if (!Array.isArray(message.accessPolicies))
+                                    return "accessPolicies: array expected";
+                                for (var i = 0; i < message.accessPolicies.length; ++i) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.AccessPolicy.verify(message.accessPolicies[i]);
+                                    if (error)
+                                        return "accessPolicies." + error;
+                                }
+                            }
+                            if (message.nextPageToken != null && message.hasOwnProperty("nextPageToken"))
+                                if (!$util.isString(message.nextPageToken))
+                                    return "nextPageToken: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a ListAccessPoliciesResponse message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse} ListAccessPoliciesResponse
+                         */
+                        ListAccessPoliciesResponse.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse();
+                            if (object.accessPolicies) {
+                                if (!Array.isArray(object.accessPolicies))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse.accessPolicies: array expected");
+                                message.accessPolicies = [];
+                                for (var i = 0; i < object.accessPolicies.length; ++i) {
+                                    if (typeof object.accessPolicies[i] !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse.accessPolicies: object expected");
+                                    message.accessPolicies[i] = $root.google.identity.accesscontextmanager.v1.AccessPolicy.fromObject(object.accessPolicies[i]);
+                                }
+                            }
+                            if (object.nextPageToken != null)
+                                message.nextPageToken = String(object.nextPageToken);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a ListAccessPoliciesResponse message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse} message ListAccessPoliciesResponse
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        ListAccessPoliciesResponse.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.arrays || options.defaults)
+                                object.accessPolicies = [];
+                            if (options.defaults)
+                                object.nextPageToken = "";
+                            if (message.accessPolicies && message.accessPolicies.length) {
+                                object.accessPolicies = [];
+                                for (var j = 0; j < message.accessPolicies.length; ++j)
+                                    object.accessPolicies[j] = $root.google.identity.accesscontextmanager.v1.AccessPolicy.toObject(message.accessPolicies[j], options);
+                            }
+                            if (message.nextPageToken != null && message.hasOwnProperty("nextPageToken"))
+                                object.nextPageToken = message.nextPageToken;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this ListAccessPoliciesResponse to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        ListAccessPoliciesResponse.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for ListAccessPoliciesResponse
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        ListAccessPoliciesResponse.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse";
+                        };
+    
+                        return ListAccessPoliciesResponse;
+                    })();
+    
+                    v1.GetAccessPolicyRequest = (function() {
+    
+                        /**
+                         * Properties of a GetAccessPolicyRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IGetAccessPolicyRequest
+                         * @property {string|null} [name] GetAccessPolicyRequest name
+                         */
+    
+                        /**
+                         * Constructs a new GetAccessPolicyRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a GetAccessPolicyRequest.
+                         * @implements IGetAccessPolicyRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest=} [properties] Properties to set
+                         */
+                        function GetAccessPolicyRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * GetAccessPolicyRequest name.
+                         * @member {string} name
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessPolicyRequest
+                         * @instance
+                         */
+                        GetAccessPolicyRequest.prototype.name = "";
+    
+                        /**
+                         * Creates a new GetAccessPolicyRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessPolicyRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.GetAccessPolicyRequest} GetAccessPolicyRequest instance
+                         */
+                        GetAccessPolicyRequest.create = function create(properties) {
+                            return new GetAccessPolicyRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified GetAccessPolicyRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetAccessPolicyRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessPolicyRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest} message GetAccessPolicyRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        GetAccessPolicyRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified GetAccessPolicyRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetAccessPolicyRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessPolicyRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest} message GetAccessPolicyRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        GetAccessPolicyRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a GetAccessPolicyRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessPolicyRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.GetAccessPolicyRequest} GetAccessPolicyRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        GetAccessPolicyRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.GetAccessPolicyRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.name = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a GetAccessPolicyRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessPolicyRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.GetAccessPolicyRequest} GetAccessPolicyRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        GetAccessPolicyRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a GetAccessPolicyRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessPolicyRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        GetAccessPolicyRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                if (!$util.isString(message.name))
+                                    return "name: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a GetAccessPolicyRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessPolicyRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.GetAccessPolicyRequest} GetAccessPolicyRequest
+                         */
+                        GetAccessPolicyRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.GetAccessPolicyRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.GetAccessPolicyRequest();
+                            if (object.name != null)
+                                message.name = String(object.name);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a GetAccessPolicyRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessPolicyRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.GetAccessPolicyRequest} message GetAccessPolicyRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        GetAccessPolicyRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults)
+                                object.name = "";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                object.name = message.name;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this GetAccessPolicyRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessPolicyRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        GetAccessPolicyRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for GetAccessPolicyRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessPolicyRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        GetAccessPolicyRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.GetAccessPolicyRequest";
+                        };
+    
+                        return GetAccessPolicyRequest;
+                    })();
+    
+                    v1.UpdateAccessPolicyRequest = (function() {
+    
+                        /**
+                         * Properties of an UpdateAccessPolicyRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IUpdateAccessPolicyRequest
+                         * @property {google.identity.accesscontextmanager.v1.IAccessPolicy|null} [policy] UpdateAccessPolicyRequest policy
+                         * @property {google.protobuf.IFieldMask|null} [updateMask] UpdateAccessPolicyRequest updateMask
+                         */
+    
+                        /**
+                         * Constructs a new UpdateAccessPolicyRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents an UpdateAccessPolicyRequest.
+                         * @implements IUpdateAccessPolicyRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest=} [properties] Properties to set
+                         */
+                        function UpdateAccessPolicyRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * UpdateAccessPolicyRequest policy.
+                         * @member {google.identity.accesscontextmanager.v1.IAccessPolicy|null|undefined} policy
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest
+                         * @instance
+                         */
+                        UpdateAccessPolicyRequest.prototype.policy = null;
+    
+                        /**
+                         * UpdateAccessPolicyRequest updateMask.
+                         * @member {google.protobuf.IFieldMask|null|undefined} updateMask
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest
+                         * @instance
+                         */
+                        UpdateAccessPolicyRequest.prototype.updateMask = null;
+    
+                        /**
+                         * Creates a new UpdateAccessPolicyRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest} UpdateAccessPolicyRequest instance
+                         */
+                        UpdateAccessPolicyRequest.create = function create(properties) {
+                            return new UpdateAccessPolicyRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified UpdateAccessPolicyRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest} message UpdateAccessPolicyRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        UpdateAccessPolicyRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.policy != null && Object.hasOwnProperty.call(message, "policy"))
+                                $root.google.identity.accesscontextmanager.v1.AccessPolicy.encode(message.policy, writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                            if (message.updateMask != null && Object.hasOwnProperty.call(message, "updateMask"))
+                                $root.google.protobuf.FieldMask.encode(message.updateMask, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified UpdateAccessPolicyRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest} message UpdateAccessPolicyRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        UpdateAccessPolicyRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes an UpdateAccessPolicyRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest} UpdateAccessPolicyRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        UpdateAccessPolicyRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.policy = $root.google.identity.accesscontextmanager.v1.AccessPolicy.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                case 2: {
+                                        message.updateMask = $root.google.protobuf.FieldMask.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes an UpdateAccessPolicyRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest} UpdateAccessPolicyRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        UpdateAccessPolicyRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies an UpdateAccessPolicyRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        UpdateAccessPolicyRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.policy != null && message.hasOwnProperty("policy")) {
+                                var error = $root.google.identity.accesscontextmanager.v1.AccessPolicy.verify(message.policy);
+                                if (error)
+                                    return "policy." + error;
+                            }
+                            if (message.updateMask != null && message.hasOwnProperty("updateMask")) {
+                                var error = $root.google.protobuf.FieldMask.verify(message.updateMask);
+                                if (error)
+                                    return "updateMask." + error;
+                            }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates an UpdateAccessPolicyRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest} UpdateAccessPolicyRequest
+                         */
+                        UpdateAccessPolicyRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest();
+                            if (object.policy != null) {
+                                if (typeof object.policy !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest.policy: object expected");
+                                message.policy = $root.google.identity.accesscontextmanager.v1.AccessPolicy.fromObject(object.policy);
+                            }
+                            if (object.updateMask != null) {
+                                if (typeof object.updateMask !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest.updateMask: object expected");
+                                message.updateMask = $root.google.protobuf.FieldMask.fromObject(object.updateMask);
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from an UpdateAccessPolicyRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest} message UpdateAccessPolicyRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        UpdateAccessPolicyRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.policy = null;
+                                object.updateMask = null;
+                            }
+                            if (message.policy != null && message.hasOwnProperty("policy"))
+                                object.policy = $root.google.identity.accesscontextmanager.v1.AccessPolicy.toObject(message.policy, options);
+                            if (message.updateMask != null && message.hasOwnProperty("updateMask"))
+                                object.updateMask = $root.google.protobuf.FieldMask.toObject(message.updateMask, options);
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this UpdateAccessPolicyRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        UpdateAccessPolicyRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for UpdateAccessPolicyRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        UpdateAccessPolicyRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest";
+                        };
+    
+                        return UpdateAccessPolicyRequest;
+                    })();
+    
+                    v1.DeleteAccessPolicyRequest = (function() {
+    
+                        /**
+                         * Properties of a DeleteAccessPolicyRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IDeleteAccessPolicyRequest
+                         * @property {string|null} [name] DeleteAccessPolicyRequest name
+                         */
+    
+                        /**
+                         * Constructs a new DeleteAccessPolicyRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a DeleteAccessPolicyRequest.
+                         * @implements IDeleteAccessPolicyRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest=} [properties] Properties to set
+                         */
+                        function DeleteAccessPolicyRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * DeleteAccessPolicyRequest name.
+                         * @member {string} name
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest
+                         * @instance
+                         */
+                        DeleteAccessPolicyRequest.prototype.name = "";
+    
+                        /**
+                         * Creates a new DeleteAccessPolicyRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest} DeleteAccessPolicyRequest instance
+                         */
+                        DeleteAccessPolicyRequest.create = function create(properties) {
+                            return new DeleteAccessPolicyRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified DeleteAccessPolicyRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest} message DeleteAccessPolicyRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        DeleteAccessPolicyRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified DeleteAccessPolicyRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest} message DeleteAccessPolicyRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        DeleteAccessPolicyRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a DeleteAccessPolicyRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest} DeleteAccessPolicyRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        DeleteAccessPolicyRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.name = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a DeleteAccessPolicyRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest} DeleteAccessPolicyRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        DeleteAccessPolicyRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a DeleteAccessPolicyRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        DeleteAccessPolicyRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                if (!$util.isString(message.name))
+                                    return "name: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a DeleteAccessPolicyRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest} DeleteAccessPolicyRequest
+                         */
+                        DeleteAccessPolicyRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest();
+                            if (object.name != null)
+                                message.name = String(object.name);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a DeleteAccessPolicyRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest} message DeleteAccessPolicyRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        DeleteAccessPolicyRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults)
+                                object.name = "";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                object.name = message.name;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this DeleteAccessPolicyRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        DeleteAccessPolicyRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for DeleteAccessPolicyRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        DeleteAccessPolicyRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest";
+                        };
+    
+                        return DeleteAccessPolicyRequest;
+                    })();
+    
+                    v1.ListAccessLevelsRequest = (function() {
+    
+                        /**
+                         * Properties of a ListAccessLevelsRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IListAccessLevelsRequest
+                         * @property {string|null} [parent] ListAccessLevelsRequest parent
+                         * @property {number|null} [pageSize] ListAccessLevelsRequest pageSize
+                         * @property {string|null} [pageToken] ListAccessLevelsRequest pageToken
+                         * @property {google.identity.accesscontextmanager.v1.LevelFormat|null} [accessLevelFormat] ListAccessLevelsRequest accessLevelFormat
+                         */
+    
+                        /**
+                         * Constructs a new ListAccessLevelsRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a ListAccessLevelsRequest.
+                         * @implements IListAccessLevelsRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessLevelsRequest=} [properties] Properties to set
+                         */
+                        function ListAccessLevelsRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * ListAccessLevelsRequest parent.
+                         * @member {string} parent
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
+                         * @instance
+                         */
+                        ListAccessLevelsRequest.prototype.parent = "";
+    
+                        /**
+                         * ListAccessLevelsRequest pageSize.
+                         * @member {number} pageSize
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
+                         * @instance
+                         */
+                        ListAccessLevelsRequest.prototype.pageSize = 0;
+    
+                        /**
+                         * ListAccessLevelsRequest pageToken.
+                         * @member {string} pageToken
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
+                         * @instance
+                         */
+                        ListAccessLevelsRequest.prototype.pageToken = "";
+    
+                        /**
+                         * ListAccessLevelsRequest accessLevelFormat.
+                         * @member {google.identity.accesscontextmanager.v1.LevelFormat} accessLevelFormat
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
+                         * @instance
+                         */
+                        ListAccessLevelsRequest.prototype.accessLevelFormat = 0;
+    
+                        /**
+                         * Creates a new ListAccessLevelsRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessLevelsRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessLevelsRequest} ListAccessLevelsRequest instance
+                         */
+                        ListAccessLevelsRequest.create = function create(properties) {
+                            return new ListAccessLevelsRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified ListAccessLevelsRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessLevelsRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessLevelsRequest} message ListAccessLevelsRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListAccessLevelsRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.parent != null && Object.hasOwnProperty.call(message, "parent"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.parent);
+                            if (message.pageSize != null && Object.hasOwnProperty.call(message, "pageSize"))
+                                writer.uint32(/* id 2, wireType 0 =*/16).int32(message.pageSize);
+                            if (message.pageToken != null && Object.hasOwnProperty.call(message, "pageToken"))
+                                writer.uint32(/* id 3, wireType 2 =*/26).string(message.pageToken);
+                            if (message.accessLevelFormat != null && Object.hasOwnProperty.call(message, "accessLevelFormat"))
+                                writer.uint32(/* id 4, wireType 0 =*/32).int32(message.accessLevelFormat);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified ListAccessLevelsRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessLevelsRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessLevelsRequest} message ListAccessLevelsRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListAccessLevelsRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a ListAccessLevelsRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessLevelsRequest} ListAccessLevelsRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListAccessLevelsRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.parent = reader.string();
+                                        break;
+                                    }
+                                case 2: {
+                                        message.pageSize = reader.int32();
+                                        break;
+                                    }
+                                case 3: {
+                                        message.pageToken = reader.string();
+                                        break;
+                                    }
+                                case 4: {
+                                        message.accessLevelFormat = reader.int32();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a ListAccessLevelsRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessLevelsRequest} ListAccessLevelsRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListAccessLevelsRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a ListAccessLevelsRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        ListAccessLevelsRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                if (!$util.isString(message.parent))
+                                    return "parent: string expected";
+                            if (message.pageSize != null && message.hasOwnProperty("pageSize"))
+                                if (!$util.isInteger(message.pageSize))
+                                    return "pageSize: integer expected";
+                            if (message.pageToken != null && message.hasOwnProperty("pageToken"))
+                                if (!$util.isString(message.pageToken))
+                                    return "pageToken: string expected";
+                            if (message.accessLevelFormat != null && message.hasOwnProperty("accessLevelFormat"))
+                                switch (message.accessLevelFormat) {
+                                default:
+                                    return "accessLevelFormat: enum value expected";
+                                case 0:
+                                case 1:
+                                case 2:
+                                    break;
+                                }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a ListAccessLevelsRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessLevelsRequest} ListAccessLevelsRequest
+                         */
+                        ListAccessLevelsRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest();
+                            if (object.parent != null)
+                                message.parent = String(object.parent);
+                            if (object.pageSize != null)
+                                message.pageSize = object.pageSize | 0;
+                            if (object.pageToken != null)
+                                message.pageToken = String(object.pageToken);
+                            switch (object.accessLevelFormat) {
+                            default:
+                                if (typeof object.accessLevelFormat === "number") {
+                                    message.accessLevelFormat = object.accessLevelFormat;
+                                    break;
+                                }
+                                break;
+                            case "LEVEL_FORMAT_UNSPECIFIED":
+                            case 0:
+                                message.accessLevelFormat = 0;
+                                break;
+                            case "AS_DEFINED":
+                            case 1:
+                                message.accessLevelFormat = 1;
+                                break;
+                            case "CEL":
+                            case 2:
+                                message.accessLevelFormat = 2;
+                                break;
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a ListAccessLevelsRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ListAccessLevelsRequest} message ListAccessLevelsRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        ListAccessLevelsRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.parent = "";
+                                object.pageSize = 0;
+                                object.pageToken = "";
+                                object.accessLevelFormat = options.enums === String ? "LEVEL_FORMAT_UNSPECIFIED" : 0;
+                            }
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                object.parent = message.parent;
+                            if (message.pageSize != null && message.hasOwnProperty("pageSize"))
+                                object.pageSize = message.pageSize;
+                            if (message.pageToken != null && message.hasOwnProperty("pageToken"))
+                                object.pageToken = message.pageToken;
+                            if (message.accessLevelFormat != null && message.hasOwnProperty("accessLevelFormat"))
+                                object.accessLevelFormat = options.enums === String ? $root.google.identity.accesscontextmanager.v1.LevelFormat[message.accessLevelFormat] === undefined ? message.accessLevelFormat : $root.google.identity.accesscontextmanager.v1.LevelFormat[message.accessLevelFormat] : message.accessLevelFormat;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this ListAccessLevelsRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        ListAccessLevelsRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for ListAccessLevelsRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        ListAccessLevelsRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ListAccessLevelsRequest";
+                        };
+    
+                        return ListAccessLevelsRequest;
+                    })();
+    
+                    v1.ListAccessLevelsResponse = (function() {
+    
+                        /**
+                         * Properties of a ListAccessLevelsResponse.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IListAccessLevelsResponse
+                         * @property {Array.<google.identity.accesscontextmanager.v1.IAccessLevel>|null} [accessLevels] ListAccessLevelsResponse accessLevels
+                         * @property {string|null} [nextPageToken] ListAccessLevelsResponse nextPageToken
+                         */
+    
+                        /**
+                         * Constructs a new ListAccessLevelsResponse.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a ListAccessLevelsResponse.
+                         * @implements IListAccessLevelsResponse
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessLevelsResponse=} [properties] Properties to set
+                         */
+                        function ListAccessLevelsResponse(properties) {
+                            this.accessLevels = [];
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * ListAccessLevelsResponse accessLevels.
+                         * @member {Array.<google.identity.accesscontextmanager.v1.IAccessLevel>} accessLevels
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsResponse
+                         * @instance
+                         */
+                        ListAccessLevelsResponse.prototype.accessLevels = $util.emptyArray;
+    
+                        /**
+                         * ListAccessLevelsResponse nextPageToken.
+                         * @member {string} nextPageToken
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsResponse
+                         * @instance
+                         */
+                        ListAccessLevelsResponse.prototype.nextPageToken = "";
+    
+                        /**
+                         * Creates a new ListAccessLevelsResponse instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessLevelsResponse=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessLevelsResponse} ListAccessLevelsResponse instance
+                         */
+                        ListAccessLevelsResponse.create = function create(properties) {
+                            return new ListAccessLevelsResponse(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified ListAccessLevelsResponse message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessLevelsResponse.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessLevelsResponse} message ListAccessLevelsResponse message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListAccessLevelsResponse.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.accessLevels != null && message.accessLevels.length)
+                                for (var i = 0; i < message.accessLevels.length; ++i)
+                                    $root.google.identity.accesscontextmanager.v1.AccessLevel.encode(message.accessLevels[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                            if (message.nextPageToken != null && Object.hasOwnProperty.call(message, "nextPageToken"))
+                                writer.uint32(/* id 2, wireType 2 =*/18).string(message.nextPageToken);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified ListAccessLevelsResponse message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListAccessLevelsResponse.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListAccessLevelsResponse} message ListAccessLevelsResponse message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListAccessLevelsResponse.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a ListAccessLevelsResponse message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsResponse
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessLevelsResponse} ListAccessLevelsResponse
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListAccessLevelsResponse.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ListAccessLevelsResponse();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        if (!(message.accessLevels && message.accessLevels.length))
+                                            message.accessLevels = [];
+                                        message.accessLevels.push($root.google.identity.accesscontextmanager.v1.AccessLevel.decode(reader, reader.uint32()));
+                                        break;
+                                    }
+                                case 2: {
+                                        message.nextPageToken = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a ListAccessLevelsResponse message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsResponse
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessLevelsResponse} ListAccessLevelsResponse
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListAccessLevelsResponse.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a ListAccessLevelsResponse message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsResponse
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        ListAccessLevelsResponse.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.accessLevels != null && message.hasOwnProperty("accessLevels")) {
+                                if (!Array.isArray(message.accessLevels))
+                                    return "accessLevels: array expected";
+                                for (var i = 0; i < message.accessLevels.length; ++i) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.AccessLevel.verify(message.accessLevels[i]);
+                                    if (error)
+                                        return "accessLevels." + error;
+                                }
+                            }
+                            if (message.nextPageToken != null && message.hasOwnProperty("nextPageToken"))
+                                if (!$util.isString(message.nextPageToken))
+                                    return "nextPageToken: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a ListAccessLevelsResponse message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsResponse
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.ListAccessLevelsResponse} ListAccessLevelsResponse
+                         */
+                        ListAccessLevelsResponse.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.ListAccessLevelsResponse)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.ListAccessLevelsResponse();
+                            if (object.accessLevels) {
+                                if (!Array.isArray(object.accessLevels))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ListAccessLevelsResponse.accessLevels: array expected");
+                                message.accessLevels = [];
+                                for (var i = 0; i < object.accessLevels.length; ++i) {
+                                    if (typeof object.accessLevels[i] !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ListAccessLevelsResponse.accessLevels: object expected");
+                                    message.accessLevels[i] = $root.google.identity.accesscontextmanager.v1.AccessLevel.fromObject(object.accessLevels[i]);
+                                }
+                            }
+                            if (object.nextPageToken != null)
+                                message.nextPageToken = String(object.nextPageToken);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a ListAccessLevelsResponse message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ListAccessLevelsResponse} message ListAccessLevelsResponse
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        ListAccessLevelsResponse.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.arrays || options.defaults)
+                                object.accessLevels = [];
+                            if (options.defaults)
+                                object.nextPageToken = "";
+                            if (message.accessLevels && message.accessLevels.length) {
+                                object.accessLevels = [];
+                                for (var j = 0; j < message.accessLevels.length; ++j)
+                                    object.accessLevels[j] = $root.google.identity.accesscontextmanager.v1.AccessLevel.toObject(message.accessLevels[j], options);
+                            }
+                            if (message.nextPageToken != null && message.hasOwnProperty("nextPageToken"))
+                                object.nextPageToken = message.nextPageToken;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this ListAccessLevelsResponse to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsResponse
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        ListAccessLevelsResponse.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for ListAccessLevelsResponse
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.ListAccessLevelsResponse
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        ListAccessLevelsResponse.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ListAccessLevelsResponse";
+                        };
+    
+                        return ListAccessLevelsResponse;
+                    })();
+    
+                    v1.GetAccessLevelRequest = (function() {
+    
+                        /**
+                         * Properties of a GetAccessLevelRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IGetAccessLevelRequest
+                         * @property {string|null} [name] GetAccessLevelRequest name
+                         * @property {google.identity.accesscontextmanager.v1.LevelFormat|null} [accessLevelFormat] GetAccessLevelRequest accessLevelFormat
+                         */
+    
+                        /**
+                         * Constructs a new GetAccessLevelRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a GetAccessLevelRequest.
+                         * @implements IGetAccessLevelRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IGetAccessLevelRequest=} [properties] Properties to set
+                         */
+                        function GetAccessLevelRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * GetAccessLevelRequest name.
+                         * @member {string} name
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessLevelRequest
+                         * @instance
+                         */
+                        GetAccessLevelRequest.prototype.name = "";
+    
+                        /**
+                         * GetAccessLevelRequest accessLevelFormat.
+                         * @member {google.identity.accesscontextmanager.v1.LevelFormat} accessLevelFormat
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessLevelRequest
+                         * @instance
+                         */
+                        GetAccessLevelRequest.prototype.accessLevelFormat = 0;
+    
+                        /**
+                         * Creates a new GetAccessLevelRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGetAccessLevelRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.GetAccessLevelRequest} GetAccessLevelRequest instance
+                         */
+                        GetAccessLevelRequest.create = function create(properties) {
+                            return new GetAccessLevelRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified GetAccessLevelRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetAccessLevelRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGetAccessLevelRequest} message GetAccessLevelRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        GetAccessLevelRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                            if (message.accessLevelFormat != null && Object.hasOwnProperty.call(message, "accessLevelFormat"))
+                                writer.uint32(/* id 2, wireType 0 =*/16).int32(message.accessLevelFormat);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified GetAccessLevelRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetAccessLevelRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGetAccessLevelRequest} message GetAccessLevelRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        GetAccessLevelRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a GetAccessLevelRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessLevelRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.GetAccessLevelRequest} GetAccessLevelRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        GetAccessLevelRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.GetAccessLevelRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.name = reader.string();
+                                        break;
+                                    }
+                                case 2: {
+                                        message.accessLevelFormat = reader.int32();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a GetAccessLevelRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessLevelRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.GetAccessLevelRequest} GetAccessLevelRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        GetAccessLevelRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a GetAccessLevelRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessLevelRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        GetAccessLevelRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                if (!$util.isString(message.name))
+                                    return "name: string expected";
+                            if (message.accessLevelFormat != null && message.hasOwnProperty("accessLevelFormat"))
+                                switch (message.accessLevelFormat) {
+                                default:
+                                    return "accessLevelFormat: enum value expected";
+                                case 0:
+                                case 1:
+                                case 2:
+                                    break;
+                                }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a GetAccessLevelRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessLevelRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.GetAccessLevelRequest} GetAccessLevelRequest
+                         */
+                        GetAccessLevelRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.GetAccessLevelRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.GetAccessLevelRequest();
+                            if (object.name != null)
+                                message.name = String(object.name);
+                            switch (object.accessLevelFormat) {
+                            default:
+                                if (typeof object.accessLevelFormat === "number") {
+                                    message.accessLevelFormat = object.accessLevelFormat;
+                                    break;
+                                }
+                                break;
+                            case "LEVEL_FORMAT_UNSPECIFIED":
+                            case 0:
+                                message.accessLevelFormat = 0;
+                                break;
+                            case "AS_DEFINED":
+                            case 1:
+                                message.accessLevelFormat = 1;
+                                break;
+                            case "CEL":
+                            case 2:
+                                message.accessLevelFormat = 2;
+                                break;
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a GetAccessLevelRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.GetAccessLevelRequest} message GetAccessLevelRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        GetAccessLevelRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.name = "";
+                                object.accessLevelFormat = options.enums === String ? "LEVEL_FORMAT_UNSPECIFIED" : 0;
+                            }
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                object.name = message.name;
+                            if (message.accessLevelFormat != null && message.hasOwnProperty("accessLevelFormat"))
+                                object.accessLevelFormat = options.enums === String ? $root.google.identity.accesscontextmanager.v1.LevelFormat[message.accessLevelFormat] === undefined ? message.accessLevelFormat : $root.google.identity.accesscontextmanager.v1.LevelFormat[message.accessLevelFormat] : message.accessLevelFormat;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this GetAccessLevelRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessLevelRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        GetAccessLevelRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for GetAccessLevelRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.GetAccessLevelRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        GetAccessLevelRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.GetAccessLevelRequest";
+                        };
+    
+                        return GetAccessLevelRequest;
+                    })();
+    
+                    v1.CreateAccessLevelRequest = (function() {
+    
+                        /**
+                         * Properties of a CreateAccessLevelRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface ICreateAccessLevelRequest
+                         * @property {string|null} [parent] CreateAccessLevelRequest parent
+                         * @property {google.identity.accesscontextmanager.v1.IAccessLevel|null} [accessLevel] CreateAccessLevelRequest accessLevel
+                         */
+    
+                        /**
+                         * Constructs a new CreateAccessLevelRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a CreateAccessLevelRequest.
+                         * @implements ICreateAccessLevelRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest=} [properties] Properties to set
+                         */
+                        function CreateAccessLevelRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * CreateAccessLevelRequest parent.
+                         * @member {string} parent
+                         * @memberof google.identity.accesscontextmanager.v1.CreateAccessLevelRequest
+                         * @instance
+                         */
+                        CreateAccessLevelRequest.prototype.parent = "";
+    
+                        /**
+                         * CreateAccessLevelRequest accessLevel.
+                         * @member {google.identity.accesscontextmanager.v1.IAccessLevel|null|undefined} accessLevel
+                         * @memberof google.identity.accesscontextmanager.v1.CreateAccessLevelRequest
+                         * @instance
+                         */
+                        CreateAccessLevelRequest.prototype.accessLevel = null;
+    
+                        /**
+                         * Creates a new CreateAccessLevelRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.CreateAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.CreateAccessLevelRequest} CreateAccessLevelRequest instance
+                         */
+                        CreateAccessLevelRequest.create = function create(properties) {
+                            return new CreateAccessLevelRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified CreateAccessLevelRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.CreateAccessLevelRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.CreateAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest} message CreateAccessLevelRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        CreateAccessLevelRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.parent != null && Object.hasOwnProperty.call(message, "parent"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.parent);
+                            if (message.accessLevel != null && Object.hasOwnProperty.call(message, "accessLevel"))
+                                $root.google.identity.accesscontextmanager.v1.AccessLevel.encode(message.accessLevel, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified CreateAccessLevelRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.CreateAccessLevelRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.CreateAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest} message CreateAccessLevelRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        CreateAccessLevelRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a CreateAccessLevelRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.CreateAccessLevelRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.CreateAccessLevelRequest} CreateAccessLevelRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        CreateAccessLevelRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.CreateAccessLevelRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.parent = reader.string();
+                                        break;
+                                    }
+                                case 2: {
+                                        message.accessLevel = $root.google.identity.accesscontextmanager.v1.AccessLevel.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a CreateAccessLevelRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.CreateAccessLevelRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.CreateAccessLevelRequest} CreateAccessLevelRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        CreateAccessLevelRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a CreateAccessLevelRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.CreateAccessLevelRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        CreateAccessLevelRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                if (!$util.isString(message.parent))
+                                    return "parent: string expected";
+                            if (message.accessLevel != null && message.hasOwnProperty("accessLevel")) {
+                                var error = $root.google.identity.accesscontextmanager.v1.AccessLevel.verify(message.accessLevel);
+                                if (error)
+                                    return "accessLevel." + error;
+                            }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a CreateAccessLevelRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.CreateAccessLevelRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.CreateAccessLevelRequest} CreateAccessLevelRequest
+                         */
+                        CreateAccessLevelRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.CreateAccessLevelRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.CreateAccessLevelRequest();
+                            if (object.parent != null)
+                                message.parent = String(object.parent);
+                            if (object.accessLevel != null) {
+                                if (typeof object.accessLevel !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.CreateAccessLevelRequest.accessLevel: object expected");
+                                message.accessLevel = $root.google.identity.accesscontextmanager.v1.AccessLevel.fromObject(object.accessLevel);
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a CreateAccessLevelRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.CreateAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.CreateAccessLevelRequest} message CreateAccessLevelRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        CreateAccessLevelRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.parent = "";
+                                object.accessLevel = null;
+                            }
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                object.parent = message.parent;
+                            if (message.accessLevel != null && message.hasOwnProperty("accessLevel"))
+                                object.accessLevel = $root.google.identity.accesscontextmanager.v1.AccessLevel.toObject(message.accessLevel, options);
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this CreateAccessLevelRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.CreateAccessLevelRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        CreateAccessLevelRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for CreateAccessLevelRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.CreateAccessLevelRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        CreateAccessLevelRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.CreateAccessLevelRequest";
+                        };
+    
+                        return CreateAccessLevelRequest;
+                    })();
+    
+                    v1.UpdateAccessLevelRequest = (function() {
+    
+                        /**
+                         * Properties of an UpdateAccessLevelRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IUpdateAccessLevelRequest
+                         * @property {google.identity.accesscontextmanager.v1.IAccessLevel|null} [accessLevel] UpdateAccessLevelRequest accessLevel
+                         * @property {google.protobuf.IFieldMask|null} [updateMask] UpdateAccessLevelRequest updateMask
+                         */
+    
+                        /**
+                         * Constructs a new UpdateAccessLevelRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents an UpdateAccessLevelRequest.
+                         * @implements IUpdateAccessLevelRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest=} [properties] Properties to set
+                         */
+                        function UpdateAccessLevelRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * UpdateAccessLevelRequest accessLevel.
+                         * @member {google.identity.accesscontextmanager.v1.IAccessLevel|null|undefined} accessLevel
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest
+                         * @instance
+                         */
+                        UpdateAccessLevelRequest.prototype.accessLevel = null;
+    
+                        /**
+                         * UpdateAccessLevelRequest updateMask.
+                         * @member {google.protobuf.IFieldMask|null|undefined} updateMask
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest
+                         * @instance
+                         */
+                        UpdateAccessLevelRequest.prototype.updateMask = null;
+    
+                        /**
+                         * Creates a new UpdateAccessLevelRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest} UpdateAccessLevelRequest instance
+                         */
+                        UpdateAccessLevelRequest.create = function create(properties) {
+                            return new UpdateAccessLevelRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified UpdateAccessLevelRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest} message UpdateAccessLevelRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        UpdateAccessLevelRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.accessLevel != null && Object.hasOwnProperty.call(message, "accessLevel"))
+                                $root.google.identity.accesscontextmanager.v1.AccessLevel.encode(message.accessLevel, writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                            if (message.updateMask != null && Object.hasOwnProperty.call(message, "updateMask"))
+                                $root.google.protobuf.FieldMask.encode(message.updateMask, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified UpdateAccessLevelRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest} message UpdateAccessLevelRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        UpdateAccessLevelRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes an UpdateAccessLevelRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest} UpdateAccessLevelRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        UpdateAccessLevelRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.accessLevel = $root.google.identity.accesscontextmanager.v1.AccessLevel.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                case 2: {
+                                        message.updateMask = $root.google.protobuf.FieldMask.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes an UpdateAccessLevelRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest} UpdateAccessLevelRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        UpdateAccessLevelRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies an UpdateAccessLevelRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        UpdateAccessLevelRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.accessLevel != null && message.hasOwnProperty("accessLevel")) {
+                                var error = $root.google.identity.accesscontextmanager.v1.AccessLevel.verify(message.accessLevel);
+                                if (error)
+                                    return "accessLevel." + error;
+                            }
+                            if (message.updateMask != null && message.hasOwnProperty("updateMask")) {
+                                var error = $root.google.protobuf.FieldMask.verify(message.updateMask);
+                                if (error)
+                                    return "updateMask." + error;
+                            }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates an UpdateAccessLevelRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest} UpdateAccessLevelRequest
+                         */
+                        UpdateAccessLevelRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest();
+                            if (object.accessLevel != null) {
+                                if (typeof object.accessLevel !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest.accessLevel: object expected");
+                                message.accessLevel = $root.google.identity.accesscontextmanager.v1.AccessLevel.fromObject(object.accessLevel);
+                            }
+                            if (object.updateMask != null) {
+                                if (typeof object.updateMask !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest.updateMask: object expected");
+                                message.updateMask = $root.google.protobuf.FieldMask.fromObject(object.updateMask);
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from an UpdateAccessLevelRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest} message UpdateAccessLevelRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        UpdateAccessLevelRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.accessLevel = null;
+                                object.updateMask = null;
+                            }
+                            if (message.accessLevel != null && message.hasOwnProperty("accessLevel"))
+                                object.accessLevel = $root.google.identity.accesscontextmanager.v1.AccessLevel.toObject(message.accessLevel, options);
+                            if (message.updateMask != null && message.hasOwnProperty("updateMask"))
+                                object.updateMask = $root.google.protobuf.FieldMask.toObject(message.updateMask, options);
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this UpdateAccessLevelRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        UpdateAccessLevelRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for UpdateAccessLevelRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        UpdateAccessLevelRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest";
+                        };
+    
+                        return UpdateAccessLevelRequest;
+                    })();
+    
+                    v1.DeleteAccessLevelRequest = (function() {
+    
+                        /**
+                         * Properties of a DeleteAccessLevelRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IDeleteAccessLevelRequest
+                         * @property {string|null} [name] DeleteAccessLevelRequest name
+                         */
+    
+                        /**
+                         * Constructs a new DeleteAccessLevelRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a DeleteAccessLevelRequest.
+                         * @implements IDeleteAccessLevelRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest=} [properties] Properties to set
+                         */
+                        function DeleteAccessLevelRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * DeleteAccessLevelRequest name.
+                         * @member {string} name
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest
+                         * @instance
+                         */
+                        DeleteAccessLevelRequest.prototype.name = "";
+    
+                        /**
+                         * Creates a new DeleteAccessLevelRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest} DeleteAccessLevelRequest instance
+                         */
+                        DeleteAccessLevelRequest.create = function create(properties) {
+                            return new DeleteAccessLevelRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified DeleteAccessLevelRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest} message DeleteAccessLevelRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        DeleteAccessLevelRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified DeleteAccessLevelRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest} message DeleteAccessLevelRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        DeleteAccessLevelRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a DeleteAccessLevelRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest} DeleteAccessLevelRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        DeleteAccessLevelRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.name = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a DeleteAccessLevelRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest} DeleteAccessLevelRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        DeleteAccessLevelRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a DeleteAccessLevelRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        DeleteAccessLevelRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                if (!$util.isString(message.name))
+                                    return "name: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a DeleteAccessLevelRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest} DeleteAccessLevelRequest
+                         */
+                        DeleteAccessLevelRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest();
+                            if (object.name != null)
+                                message.name = String(object.name);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a DeleteAccessLevelRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest} message DeleteAccessLevelRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        DeleteAccessLevelRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults)
+                                object.name = "";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                object.name = message.name;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this DeleteAccessLevelRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        DeleteAccessLevelRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for DeleteAccessLevelRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        DeleteAccessLevelRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest";
+                        };
+    
+                        return DeleteAccessLevelRequest;
+                    })();
+    
+                    v1.ReplaceAccessLevelsRequest = (function() {
+    
+                        /**
+                         * Properties of a ReplaceAccessLevelsRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IReplaceAccessLevelsRequest
+                         * @property {string|null} [parent] ReplaceAccessLevelsRequest parent
+                         * @property {Array.<google.identity.accesscontextmanager.v1.IAccessLevel>|null} [accessLevels] ReplaceAccessLevelsRequest accessLevels
+                         * @property {string|null} [etag] ReplaceAccessLevelsRequest etag
+                         */
+    
+                        /**
+                         * Constructs a new ReplaceAccessLevelsRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a ReplaceAccessLevelsRequest.
+                         * @implements IReplaceAccessLevelsRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest=} [properties] Properties to set
+                         */
+                        function ReplaceAccessLevelsRequest(properties) {
+                            this.accessLevels = [];
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * ReplaceAccessLevelsRequest parent.
+                         * @member {string} parent
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest
+                         * @instance
+                         */
+                        ReplaceAccessLevelsRequest.prototype.parent = "";
+    
+                        /**
+                         * ReplaceAccessLevelsRequest accessLevels.
+                         * @member {Array.<google.identity.accesscontextmanager.v1.IAccessLevel>} accessLevels
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest
+                         * @instance
+                         */
+                        ReplaceAccessLevelsRequest.prototype.accessLevels = $util.emptyArray;
+    
+                        /**
+                         * ReplaceAccessLevelsRequest etag.
+                         * @member {string} etag
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest
+                         * @instance
+                         */
+                        ReplaceAccessLevelsRequest.prototype.etag = "";
+    
+                        /**
+                         * Creates a new ReplaceAccessLevelsRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest} ReplaceAccessLevelsRequest instance
+                         */
+                        ReplaceAccessLevelsRequest.create = function create(properties) {
+                            return new ReplaceAccessLevelsRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified ReplaceAccessLevelsRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest} message ReplaceAccessLevelsRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ReplaceAccessLevelsRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.parent != null && Object.hasOwnProperty.call(message, "parent"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.parent);
+                            if (message.accessLevels != null && message.accessLevels.length)
+                                for (var i = 0; i < message.accessLevels.length; ++i)
+                                    $root.google.identity.accesscontextmanager.v1.AccessLevel.encode(message.accessLevels[i], writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                            if (message.etag != null && Object.hasOwnProperty.call(message, "etag"))
+                                writer.uint32(/* id 4, wireType 2 =*/34).string(message.etag);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified ReplaceAccessLevelsRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest} message ReplaceAccessLevelsRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ReplaceAccessLevelsRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a ReplaceAccessLevelsRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest} ReplaceAccessLevelsRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ReplaceAccessLevelsRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.parent = reader.string();
+                                        break;
+                                    }
+                                case 2: {
+                                        if (!(message.accessLevels && message.accessLevels.length))
+                                            message.accessLevels = [];
+                                        message.accessLevels.push($root.google.identity.accesscontextmanager.v1.AccessLevel.decode(reader, reader.uint32()));
+                                        break;
+                                    }
+                                case 4: {
+                                        message.etag = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a ReplaceAccessLevelsRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest} ReplaceAccessLevelsRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ReplaceAccessLevelsRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a ReplaceAccessLevelsRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        ReplaceAccessLevelsRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                if (!$util.isString(message.parent))
+                                    return "parent: string expected";
+                            if (message.accessLevels != null && message.hasOwnProperty("accessLevels")) {
+                                if (!Array.isArray(message.accessLevels))
+                                    return "accessLevels: array expected";
+                                for (var i = 0; i < message.accessLevels.length; ++i) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.AccessLevel.verify(message.accessLevels[i]);
+                                    if (error)
+                                        return "accessLevels." + error;
+                                }
+                            }
+                            if (message.etag != null && message.hasOwnProperty("etag"))
+                                if (!$util.isString(message.etag))
+                                    return "etag: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a ReplaceAccessLevelsRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest} ReplaceAccessLevelsRequest
+                         */
+                        ReplaceAccessLevelsRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest();
+                            if (object.parent != null)
+                                message.parent = String(object.parent);
+                            if (object.accessLevels) {
+                                if (!Array.isArray(object.accessLevels))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest.accessLevels: array expected");
+                                message.accessLevels = [];
+                                for (var i = 0; i < object.accessLevels.length; ++i) {
+                                    if (typeof object.accessLevels[i] !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest.accessLevels: object expected");
+                                    message.accessLevels[i] = $root.google.identity.accesscontextmanager.v1.AccessLevel.fromObject(object.accessLevels[i]);
+                                }
+                            }
+                            if (object.etag != null)
+                                message.etag = String(object.etag);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a ReplaceAccessLevelsRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest} message ReplaceAccessLevelsRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        ReplaceAccessLevelsRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.arrays || options.defaults)
+                                object.accessLevels = [];
+                            if (options.defaults) {
+                                object.parent = "";
+                                object.etag = "";
+                            }
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                object.parent = message.parent;
+                            if (message.accessLevels && message.accessLevels.length) {
+                                object.accessLevels = [];
+                                for (var j = 0; j < message.accessLevels.length; ++j)
+                                    object.accessLevels[j] = $root.google.identity.accesscontextmanager.v1.AccessLevel.toObject(message.accessLevels[j], options);
+                            }
+                            if (message.etag != null && message.hasOwnProperty("etag"))
+                                object.etag = message.etag;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this ReplaceAccessLevelsRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        ReplaceAccessLevelsRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for ReplaceAccessLevelsRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        ReplaceAccessLevelsRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest";
+                        };
+    
+                        return ReplaceAccessLevelsRequest;
+                    })();
+    
+                    v1.ReplaceAccessLevelsResponse = (function() {
+    
+                        /**
+                         * Properties of a ReplaceAccessLevelsResponse.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IReplaceAccessLevelsResponse
+                         * @property {Array.<google.identity.accesscontextmanager.v1.IAccessLevel>|null} [accessLevels] ReplaceAccessLevelsResponse accessLevels
+                         */
+    
+                        /**
+                         * Constructs a new ReplaceAccessLevelsResponse.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a ReplaceAccessLevelsResponse.
+                         * @implements IReplaceAccessLevelsResponse
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse=} [properties] Properties to set
+                         */
+                        function ReplaceAccessLevelsResponse(properties) {
+                            this.accessLevels = [];
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * ReplaceAccessLevelsResponse accessLevels.
+                         * @member {Array.<google.identity.accesscontextmanager.v1.IAccessLevel>} accessLevels
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse
+                         * @instance
+                         */
+                        ReplaceAccessLevelsResponse.prototype.accessLevels = $util.emptyArray;
+    
+                        /**
+                         * Creates a new ReplaceAccessLevelsResponse instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse} ReplaceAccessLevelsResponse instance
+                         */
+                        ReplaceAccessLevelsResponse.create = function create(properties) {
+                            return new ReplaceAccessLevelsResponse(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified ReplaceAccessLevelsResponse message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse} message ReplaceAccessLevelsResponse message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ReplaceAccessLevelsResponse.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.accessLevels != null && message.accessLevels.length)
+                                for (var i = 0; i < message.accessLevels.length; ++i)
+                                    $root.google.identity.accesscontextmanager.v1.AccessLevel.encode(message.accessLevels[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified ReplaceAccessLevelsResponse message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse} message ReplaceAccessLevelsResponse message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ReplaceAccessLevelsResponse.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a ReplaceAccessLevelsResponse message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse} ReplaceAccessLevelsResponse
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ReplaceAccessLevelsResponse.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        if (!(message.accessLevels && message.accessLevels.length))
+                                            message.accessLevels = [];
+                                        message.accessLevels.push($root.google.identity.accesscontextmanager.v1.AccessLevel.decode(reader, reader.uint32()));
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a ReplaceAccessLevelsResponse message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse} ReplaceAccessLevelsResponse
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ReplaceAccessLevelsResponse.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a ReplaceAccessLevelsResponse message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        ReplaceAccessLevelsResponse.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.accessLevels != null && message.hasOwnProperty("accessLevels")) {
+                                if (!Array.isArray(message.accessLevels))
+                                    return "accessLevels: array expected";
+                                for (var i = 0; i < message.accessLevels.length; ++i) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.AccessLevel.verify(message.accessLevels[i]);
+                                    if (error)
+                                        return "accessLevels." + error;
+                                }
+                            }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a ReplaceAccessLevelsResponse message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse} ReplaceAccessLevelsResponse
+                         */
+                        ReplaceAccessLevelsResponse.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse();
+                            if (object.accessLevels) {
+                                if (!Array.isArray(object.accessLevels))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse.accessLevels: array expected");
+                                message.accessLevels = [];
+                                for (var i = 0; i < object.accessLevels.length; ++i) {
+                                    if (typeof object.accessLevels[i] !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse.accessLevels: object expected");
+                                    message.accessLevels[i] = $root.google.identity.accesscontextmanager.v1.AccessLevel.fromObject(object.accessLevels[i]);
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a ReplaceAccessLevelsResponse message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse} message ReplaceAccessLevelsResponse
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        ReplaceAccessLevelsResponse.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.arrays || options.defaults)
+                                object.accessLevels = [];
+                            if (message.accessLevels && message.accessLevels.length) {
+                                object.accessLevels = [];
+                                for (var j = 0; j < message.accessLevels.length; ++j)
+                                    object.accessLevels[j] = $root.google.identity.accesscontextmanager.v1.AccessLevel.toObject(message.accessLevels[j], options);
+                            }
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this ReplaceAccessLevelsResponse to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        ReplaceAccessLevelsResponse.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for ReplaceAccessLevelsResponse
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        ReplaceAccessLevelsResponse.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse";
+                        };
+    
+                        return ReplaceAccessLevelsResponse;
+                    })();
+    
+                    v1.ListServicePerimetersRequest = (function() {
+    
+                        /**
+                         * Properties of a ListServicePerimetersRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IListServicePerimetersRequest
+                         * @property {string|null} [parent] ListServicePerimetersRequest parent
+                         * @property {number|null} [pageSize] ListServicePerimetersRequest pageSize
+                         * @property {string|null} [pageToken] ListServicePerimetersRequest pageToken
+                         */
+    
+                        /**
+                         * Constructs a new ListServicePerimetersRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a ListServicePerimetersRequest.
+                         * @implements IListServicePerimetersRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IListServicePerimetersRequest=} [properties] Properties to set
+                         */
+                        function ListServicePerimetersRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * ListServicePerimetersRequest parent.
+                         * @member {string} parent
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersRequest
+                         * @instance
+                         */
+                        ListServicePerimetersRequest.prototype.parent = "";
+    
+                        /**
+                         * ListServicePerimetersRequest pageSize.
+                         * @member {number} pageSize
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersRequest
+                         * @instance
+                         */
+                        ListServicePerimetersRequest.prototype.pageSize = 0;
+    
+                        /**
+                         * ListServicePerimetersRequest pageToken.
+                         * @member {string} pageToken
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersRequest
+                         * @instance
+                         */
+                        ListServicePerimetersRequest.prototype.pageToken = "";
+    
+                        /**
+                         * Creates a new ListServicePerimetersRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListServicePerimetersRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.ListServicePerimetersRequest} ListServicePerimetersRequest instance
+                         */
+                        ListServicePerimetersRequest.create = function create(properties) {
+                            return new ListServicePerimetersRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified ListServicePerimetersRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListServicePerimetersRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListServicePerimetersRequest} message ListServicePerimetersRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListServicePerimetersRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.parent != null && Object.hasOwnProperty.call(message, "parent"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.parent);
+                            if (message.pageSize != null && Object.hasOwnProperty.call(message, "pageSize"))
+                                writer.uint32(/* id 2, wireType 0 =*/16).int32(message.pageSize);
+                            if (message.pageToken != null && Object.hasOwnProperty.call(message, "pageToken"))
+                                writer.uint32(/* id 3, wireType 2 =*/26).string(message.pageToken);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified ListServicePerimetersRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListServicePerimetersRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListServicePerimetersRequest} message ListServicePerimetersRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListServicePerimetersRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a ListServicePerimetersRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.ListServicePerimetersRequest} ListServicePerimetersRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListServicePerimetersRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.parent = reader.string();
+                                        break;
+                                    }
+                                case 2: {
+                                        message.pageSize = reader.int32();
+                                        break;
+                                    }
+                                case 3: {
+                                        message.pageToken = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a ListServicePerimetersRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.ListServicePerimetersRequest} ListServicePerimetersRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListServicePerimetersRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a ListServicePerimetersRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        ListServicePerimetersRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                if (!$util.isString(message.parent))
+                                    return "parent: string expected";
+                            if (message.pageSize != null && message.hasOwnProperty("pageSize"))
+                                if (!$util.isInteger(message.pageSize))
+                                    return "pageSize: integer expected";
+                            if (message.pageToken != null && message.hasOwnProperty("pageToken"))
+                                if (!$util.isString(message.pageToken))
+                                    return "pageToken: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a ListServicePerimetersRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.ListServicePerimetersRequest} ListServicePerimetersRequest
+                         */
+                        ListServicePerimetersRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest();
+                            if (object.parent != null)
+                                message.parent = String(object.parent);
+                            if (object.pageSize != null)
+                                message.pageSize = object.pageSize | 0;
+                            if (object.pageToken != null)
+                                message.pageToken = String(object.pageToken);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a ListServicePerimetersRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ListServicePerimetersRequest} message ListServicePerimetersRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        ListServicePerimetersRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.parent = "";
+                                object.pageSize = 0;
+                                object.pageToken = "";
+                            }
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                object.parent = message.parent;
+                            if (message.pageSize != null && message.hasOwnProperty("pageSize"))
+                                object.pageSize = message.pageSize;
+                            if (message.pageToken != null && message.hasOwnProperty("pageToken"))
+                                object.pageToken = message.pageToken;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this ListServicePerimetersRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        ListServicePerimetersRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for ListServicePerimetersRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        ListServicePerimetersRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ListServicePerimetersRequest";
+                        };
+    
+                        return ListServicePerimetersRequest;
+                    })();
+    
+                    v1.ListServicePerimetersResponse = (function() {
+    
+                        /**
+                         * Properties of a ListServicePerimetersResponse.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IListServicePerimetersResponse
+                         * @property {Array.<google.identity.accesscontextmanager.v1.IServicePerimeter>|null} [servicePerimeters] ListServicePerimetersResponse servicePerimeters
+                         * @property {string|null} [nextPageToken] ListServicePerimetersResponse nextPageToken
+                         */
+    
+                        /**
+                         * Constructs a new ListServicePerimetersResponse.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a ListServicePerimetersResponse.
+                         * @implements IListServicePerimetersResponse
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IListServicePerimetersResponse=} [properties] Properties to set
+                         */
+                        function ListServicePerimetersResponse(properties) {
+                            this.servicePerimeters = [];
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * ListServicePerimetersResponse servicePerimeters.
+                         * @member {Array.<google.identity.accesscontextmanager.v1.IServicePerimeter>} servicePerimeters
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersResponse
+                         * @instance
+                         */
+                        ListServicePerimetersResponse.prototype.servicePerimeters = $util.emptyArray;
+    
+                        /**
+                         * ListServicePerimetersResponse nextPageToken.
+                         * @member {string} nextPageToken
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersResponse
+                         * @instance
+                         */
+                        ListServicePerimetersResponse.prototype.nextPageToken = "";
+    
+                        /**
+                         * Creates a new ListServicePerimetersResponse instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListServicePerimetersResponse=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.ListServicePerimetersResponse} ListServicePerimetersResponse instance
+                         */
+                        ListServicePerimetersResponse.create = function create(properties) {
+                            return new ListServicePerimetersResponse(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified ListServicePerimetersResponse message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListServicePerimetersResponse.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListServicePerimetersResponse} message ListServicePerimetersResponse message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListServicePerimetersResponse.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.servicePerimeters != null && message.servicePerimeters.length)
+                                for (var i = 0; i < message.servicePerimeters.length; ++i)
+                                    $root.google.identity.accesscontextmanager.v1.ServicePerimeter.encode(message.servicePerimeters[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                            if (message.nextPageToken != null && Object.hasOwnProperty.call(message, "nextPageToken"))
+                                writer.uint32(/* id 2, wireType 2 =*/18).string(message.nextPageToken);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified ListServicePerimetersResponse message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListServicePerimetersResponse.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListServicePerimetersResponse} message ListServicePerimetersResponse message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListServicePerimetersResponse.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a ListServicePerimetersResponse message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersResponse
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.ListServicePerimetersResponse} ListServicePerimetersResponse
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListServicePerimetersResponse.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ListServicePerimetersResponse();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        if (!(message.servicePerimeters && message.servicePerimeters.length))
+                                            message.servicePerimeters = [];
+                                        message.servicePerimeters.push($root.google.identity.accesscontextmanager.v1.ServicePerimeter.decode(reader, reader.uint32()));
+                                        break;
+                                    }
+                                case 2: {
+                                        message.nextPageToken = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a ListServicePerimetersResponse message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersResponse
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.ListServicePerimetersResponse} ListServicePerimetersResponse
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListServicePerimetersResponse.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a ListServicePerimetersResponse message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersResponse
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        ListServicePerimetersResponse.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.servicePerimeters != null && message.hasOwnProperty("servicePerimeters")) {
+                                if (!Array.isArray(message.servicePerimeters))
+                                    return "servicePerimeters: array expected";
+                                for (var i = 0; i < message.servicePerimeters.length; ++i) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.verify(message.servicePerimeters[i]);
+                                    if (error)
+                                        return "servicePerimeters." + error;
+                                }
+                            }
+                            if (message.nextPageToken != null && message.hasOwnProperty("nextPageToken"))
+                                if (!$util.isString(message.nextPageToken))
+                                    return "nextPageToken: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a ListServicePerimetersResponse message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersResponse
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.ListServicePerimetersResponse} ListServicePerimetersResponse
+                         */
+                        ListServicePerimetersResponse.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.ListServicePerimetersResponse)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.ListServicePerimetersResponse();
+                            if (object.servicePerimeters) {
+                                if (!Array.isArray(object.servicePerimeters))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ListServicePerimetersResponse.servicePerimeters: array expected");
+                                message.servicePerimeters = [];
+                                for (var i = 0; i < object.servicePerimeters.length; ++i) {
+                                    if (typeof object.servicePerimeters[i] !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ListServicePerimetersResponse.servicePerimeters: object expected");
+                                    message.servicePerimeters[i] = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.fromObject(object.servicePerimeters[i]);
+                                }
+                            }
+                            if (object.nextPageToken != null)
+                                message.nextPageToken = String(object.nextPageToken);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a ListServicePerimetersResponse message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ListServicePerimetersResponse} message ListServicePerimetersResponse
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        ListServicePerimetersResponse.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.arrays || options.defaults)
+                                object.servicePerimeters = [];
+                            if (options.defaults)
+                                object.nextPageToken = "";
+                            if (message.servicePerimeters && message.servicePerimeters.length) {
+                                object.servicePerimeters = [];
+                                for (var j = 0; j < message.servicePerimeters.length; ++j)
+                                    object.servicePerimeters[j] = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.toObject(message.servicePerimeters[j], options);
+                            }
+                            if (message.nextPageToken != null && message.hasOwnProperty("nextPageToken"))
+                                object.nextPageToken = message.nextPageToken;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this ListServicePerimetersResponse to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersResponse
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        ListServicePerimetersResponse.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for ListServicePerimetersResponse
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.ListServicePerimetersResponse
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        ListServicePerimetersResponse.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ListServicePerimetersResponse";
+                        };
+    
+                        return ListServicePerimetersResponse;
+                    })();
+    
+                    v1.GetServicePerimeterRequest = (function() {
+    
+                        /**
+                         * Properties of a GetServicePerimeterRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IGetServicePerimeterRequest
+                         * @property {string|null} [name] GetServicePerimeterRequest name
+                         */
+    
+                        /**
+                         * Constructs a new GetServicePerimeterRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a GetServicePerimeterRequest.
+                         * @implements IGetServicePerimeterRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest=} [properties] Properties to set
+                         */
+                        function GetServicePerimeterRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * GetServicePerimeterRequest name.
+                         * @member {string} name
+                         * @memberof google.identity.accesscontextmanager.v1.GetServicePerimeterRequest
+                         * @instance
+                         */
+                        GetServicePerimeterRequest.prototype.name = "";
+    
+                        /**
+                         * Creates a new GetServicePerimeterRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.GetServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.GetServicePerimeterRequest} GetServicePerimeterRequest instance
+                         */
+                        GetServicePerimeterRequest.create = function create(properties) {
+                            return new GetServicePerimeterRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified GetServicePerimeterRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetServicePerimeterRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.GetServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest} message GetServicePerimeterRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        GetServicePerimeterRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified GetServicePerimeterRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetServicePerimeterRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.GetServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest} message GetServicePerimeterRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        GetServicePerimeterRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a GetServicePerimeterRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.GetServicePerimeterRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.GetServicePerimeterRequest} GetServicePerimeterRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        GetServicePerimeterRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.GetServicePerimeterRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.name = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a GetServicePerimeterRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.GetServicePerimeterRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.GetServicePerimeterRequest} GetServicePerimeterRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        GetServicePerimeterRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a GetServicePerimeterRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.GetServicePerimeterRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        GetServicePerimeterRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                if (!$util.isString(message.name))
+                                    return "name: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a GetServicePerimeterRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.GetServicePerimeterRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.GetServicePerimeterRequest} GetServicePerimeterRequest
+                         */
+                        GetServicePerimeterRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.GetServicePerimeterRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.GetServicePerimeterRequest();
+                            if (object.name != null)
+                                message.name = String(object.name);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a GetServicePerimeterRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.GetServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.GetServicePerimeterRequest} message GetServicePerimeterRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        GetServicePerimeterRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults)
+                                object.name = "";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                object.name = message.name;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this GetServicePerimeterRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.GetServicePerimeterRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        GetServicePerimeterRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for GetServicePerimeterRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.GetServicePerimeterRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        GetServicePerimeterRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.GetServicePerimeterRequest";
+                        };
+    
+                        return GetServicePerimeterRequest;
+                    })();
+    
+                    v1.CreateServicePerimeterRequest = (function() {
+    
+                        /**
+                         * Properties of a CreateServicePerimeterRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface ICreateServicePerimeterRequest
+                         * @property {string|null} [parent] CreateServicePerimeterRequest parent
+                         * @property {google.identity.accesscontextmanager.v1.IServicePerimeter|null} [servicePerimeter] CreateServicePerimeterRequest servicePerimeter
+                         */
+    
+                        /**
+                         * Constructs a new CreateServicePerimeterRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a CreateServicePerimeterRequest.
+                         * @implements ICreateServicePerimeterRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest=} [properties] Properties to set
+                         */
+                        function CreateServicePerimeterRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * CreateServicePerimeterRequest parent.
+                         * @member {string} parent
+                         * @memberof google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest
+                         * @instance
+                         */
+                        CreateServicePerimeterRequest.prototype.parent = "";
+    
+                        /**
+                         * CreateServicePerimeterRequest servicePerimeter.
+                         * @member {google.identity.accesscontextmanager.v1.IServicePerimeter|null|undefined} servicePerimeter
+                         * @memberof google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest
+                         * @instance
+                         */
+                        CreateServicePerimeterRequest.prototype.servicePerimeter = null;
+    
+                        /**
+                         * Creates a new CreateServicePerimeterRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest} CreateServicePerimeterRequest instance
+                         */
+                        CreateServicePerimeterRequest.create = function create(properties) {
+                            return new CreateServicePerimeterRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified CreateServicePerimeterRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest} message CreateServicePerimeterRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        CreateServicePerimeterRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.parent != null && Object.hasOwnProperty.call(message, "parent"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.parent);
+                            if (message.servicePerimeter != null && Object.hasOwnProperty.call(message, "servicePerimeter"))
+                                $root.google.identity.accesscontextmanager.v1.ServicePerimeter.encode(message.servicePerimeter, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified CreateServicePerimeterRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest} message CreateServicePerimeterRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        CreateServicePerimeterRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a CreateServicePerimeterRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest} CreateServicePerimeterRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        CreateServicePerimeterRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.parent = reader.string();
+                                        break;
+                                    }
+                                case 2: {
+                                        message.servicePerimeter = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a CreateServicePerimeterRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest} CreateServicePerimeterRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        CreateServicePerimeterRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a CreateServicePerimeterRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        CreateServicePerimeterRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                if (!$util.isString(message.parent))
+                                    return "parent: string expected";
+                            if (message.servicePerimeter != null && message.hasOwnProperty("servicePerimeter")) {
+                                var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.verify(message.servicePerimeter);
+                                if (error)
+                                    return "servicePerimeter." + error;
+                            }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a CreateServicePerimeterRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest} CreateServicePerimeterRequest
+                         */
+                        CreateServicePerimeterRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest();
+                            if (object.parent != null)
+                                message.parent = String(object.parent);
+                            if (object.servicePerimeter != null) {
+                                if (typeof object.servicePerimeter !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest.servicePerimeter: object expected");
+                                message.servicePerimeter = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.fromObject(object.servicePerimeter);
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a CreateServicePerimeterRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest} message CreateServicePerimeterRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        CreateServicePerimeterRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.parent = "";
+                                object.servicePerimeter = null;
+                            }
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                object.parent = message.parent;
+                            if (message.servicePerimeter != null && message.hasOwnProperty("servicePerimeter"))
+                                object.servicePerimeter = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.toObject(message.servicePerimeter, options);
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this CreateServicePerimeterRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        CreateServicePerimeterRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for CreateServicePerimeterRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        CreateServicePerimeterRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest";
+                        };
+    
+                        return CreateServicePerimeterRequest;
+                    })();
+    
+                    v1.UpdateServicePerimeterRequest = (function() {
+    
+                        /**
+                         * Properties of an UpdateServicePerimeterRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IUpdateServicePerimeterRequest
+                         * @property {google.identity.accesscontextmanager.v1.IServicePerimeter|null} [servicePerimeter] UpdateServicePerimeterRequest servicePerimeter
+                         * @property {google.protobuf.IFieldMask|null} [updateMask] UpdateServicePerimeterRequest updateMask
+                         */
+    
+                        /**
+                         * Constructs a new UpdateServicePerimeterRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents an UpdateServicePerimeterRequest.
+                         * @implements IUpdateServicePerimeterRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest=} [properties] Properties to set
+                         */
+                        function UpdateServicePerimeterRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * UpdateServicePerimeterRequest servicePerimeter.
+                         * @member {google.identity.accesscontextmanager.v1.IServicePerimeter|null|undefined} servicePerimeter
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest
+                         * @instance
+                         */
+                        UpdateServicePerimeterRequest.prototype.servicePerimeter = null;
+    
+                        /**
+                         * UpdateServicePerimeterRequest updateMask.
+                         * @member {google.protobuf.IFieldMask|null|undefined} updateMask
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest
+                         * @instance
+                         */
+                        UpdateServicePerimeterRequest.prototype.updateMask = null;
+    
+                        /**
+                         * Creates a new UpdateServicePerimeterRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest} UpdateServicePerimeterRequest instance
+                         */
+                        UpdateServicePerimeterRequest.create = function create(properties) {
+                            return new UpdateServicePerimeterRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified UpdateServicePerimeterRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest} message UpdateServicePerimeterRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        UpdateServicePerimeterRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.servicePerimeter != null && Object.hasOwnProperty.call(message, "servicePerimeter"))
+                                $root.google.identity.accesscontextmanager.v1.ServicePerimeter.encode(message.servicePerimeter, writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                            if (message.updateMask != null && Object.hasOwnProperty.call(message, "updateMask"))
+                                $root.google.protobuf.FieldMask.encode(message.updateMask, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified UpdateServicePerimeterRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest} message UpdateServicePerimeterRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        UpdateServicePerimeterRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes an UpdateServicePerimeterRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest} UpdateServicePerimeterRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        UpdateServicePerimeterRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.servicePerimeter = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                case 2: {
+                                        message.updateMask = $root.google.protobuf.FieldMask.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes an UpdateServicePerimeterRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest} UpdateServicePerimeterRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        UpdateServicePerimeterRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies an UpdateServicePerimeterRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        UpdateServicePerimeterRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.servicePerimeter != null && message.hasOwnProperty("servicePerimeter")) {
+                                var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.verify(message.servicePerimeter);
+                                if (error)
+                                    return "servicePerimeter." + error;
+                            }
+                            if (message.updateMask != null && message.hasOwnProperty("updateMask")) {
+                                var error = $root.google.protobuf.FieldMask.verify(message.updateMask);
+                                if (error)
+                                    return "updateMask." + error;
+                            }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates an UpdateServicePerimeterRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest} UpdateServicePerimeterRequest
+                         */
+                        UpdateServicePerimeterRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest();
+                            if (object.servicePerimeter != null) {
+                                if (typeof object.servicePerimeter !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest.servicePerimeter: object expected");
+                                message.servicePerimeter = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.fromObject(object.servicePerimeter);
+                            }
+                            if (object.updateMask != null) {
+                                if (typeof object.updateMask !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest.updateMask: object expected");
+                                message.updateMask = $root.google.protobuf.FieldMask.fromObject(object.updateMask);
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from an UpdateServicePerimeterRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest} message UpdateServicePerimeterRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        UpdateServicePerimeterRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.servicePerimeter = null;
+                                object.updateMask = null;
+                            }
+                            if (message.servicePerimeter != null && message.hasOwnProperty("servicePerimeter"))
+                                object.servicePerimeter = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.toObject(message.servicePerimeter, options);
+                            if (message.updateMask != null && message.hasOwnProperty("updateMask"))
+                                object.updateMask = $root.google.protobuf.FieldMask.toObject(message.updateMask, options);
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this UpdateServicePerimeterRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        UpdateServicePerimeterRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for UpdateServicePerimeterRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        UpdateServicePerimeterRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest";
+                        };
+    
+                        return UpdateServicePerimeterRequest;
+                    })();
+    
+                    v1.DeleteServicePerimeterRequest = (function() {
+    
+                        /**
+                         * Properties of a DeleteServicePerimeterRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IDeleteServicePerimeterRequest
+                         * @property {string|null} [name] DeleteServicePerimeterRequest name
+                         */
+    
+                        /**
+                         * Constructs a new DeleteServicePerimeterRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a DeleteServicePerimeterRequest.
+                         * @implements IDeleteServicePerimeterRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest=} [properties] Properties to set
+                         */
+                        function DeleteServicePerimeterRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * DeleteServicePerimeterRequest name.
+                         * @member {string} name
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest
+                         * @instance
+                         */
+                        DeleteServicePerimeterRequest.prototype.name = "";
+    
+                        /**
+                         * Creates a new DeleteServicePerimeterRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest} DeleteServicePerimeterRequest instance
+                         */
+                        DeleteServicePerimeterRequest.create = function create(properties) {
+                            return new DeleteServicePerimeterRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified DeleteServicePerimeterRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest} message DeleteServicePerimeterRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        DeleteServicePerimeterRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified DeleteServicePerimeterRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest} message DeleteServicePerimeterRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        DeleteServicePerimeterRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a DeleteServicePerimeterRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest} DeleteServicePerimeterRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        DeleteServicePerimeterRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.name = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a DeleteServicePerimeterRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest} DeleteServicePerimeterRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        DeleteServicePerimeterRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a DeleteServicePerimeterRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        DeleteServicePerimeterRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                if (!$util.isString(message.name))
+                                    return "name: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a DeleteServicePerimeterRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest} DeleteServicePerimeterRequest
+                         */
+                        DeleteServicePerimeterRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest();
+                            if (object.name != null)
+                                message.name = String(object.name);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a DeleteServicePerimeterRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest} message DeleteServicePerimeterRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        DeleteServicePerimeterRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults)
+                                object.name = "";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                object.name = message.name;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this DeleteServicePerimeterRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        DeleteServicePerimeterRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for DeleteServicePerimeterRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        DeleteServicePerimeterRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest";
+                        };
+    
+                        return DeleteServicePerimeterRequest;
+                    })();
+    
+                    v1.ReplaceServicePerimetersRequest = (function() {
+    
+                        /**
+                         * Properties of a ReplaceServicePerimetersRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IReplaceServicePerimetersRequest
+                         * @property {string|null} [parent] ReplaceServicePerimetersRequest parent
+                         * @property {Array.<google.identity.accesscontextmanager.v1.IServicePerimeter>|null} [servicePerimeters] ReplaceServicePerimetersRequest servicePerimeters
+                         * @property {string|null} [etag] ReplaceServicePerimetersRequest etag
+                         */
+    
+                        /**
+                         * Constructs a new ReplaceServicePerimetersRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a ReplaceServicePerimetersRequest.
+                         * @implements IReplaceServicePerimetersRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest=} [properties] Properties to set
+                         */
+                        function ReplaceServicePerimetersRequest(properties) {
+                            this.servicePerimeters = [];
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * ReplaceServicePerimetersRequest parent.
+                         * @member {string} parent
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest
+                         * @instance
+                         */
+                        ReplaceServicePerimetersRequest.prototype.parent = "";
+    
+                        /**
+                         * ReplaceServicePerimetersRequest servicePerimeters.
+                         * @member {Array.<google.identity.accesscontextmanager.v1.IServicePerimeter>} servicePerimeters
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest
+                         * @instance
+                         */
+                        ReplaceServicePerimetersRequest.prototype.servicePerimeters = $util.emptyArray;
+    
+                        /**
+                         * ReplaceServicePerimetersRequest etag.
+                         * @member {string} etag
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest
+                         * @instance
+                         */
+                        ReplaceServicePerimetersRequest.prototype.etag = "";
+    
+                        /**
+                         * Creates a new ReplaceServicePerimetersRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest} ReplaceServicePerimetersRequest instance
+                         */
+                        ReplaceServicePerimetersRequest.create = function create(properties) {
+                            return new ReplaceServicePerimetersRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified ReplaceServicePerimetersRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest} message ReplaceServicePerimetersRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ReplaceServicePerimetersRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.parent != null && Object.hasOwnProperty.call(message, "parent"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.parent);
+                            if (message.servicePerimeters != null && message.servicePerimeters.length)
+                                for (var i = 0; i < message.servicePerimeters.length; ++i)
+                                    $root.google.identity.accesscontextmanager.v1.ServicePerimeter.encode(message.servicePerimeters[i], writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                            if (message.etag != null && Object.hasOwnProperty.call(message, "etag"))
+                                writer.uint32(/* id 3, wireType 2 =*/26).string(message.etag);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified ReplaceServicePerimetersRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest} message ReplaceServicePerimetersRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ReplaceServicePerimetersRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a ReplaceServicePerimetersRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest} ReplaceServicePerimetersRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ReplaceServicePerimetersRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.parent = reader.string();
+                                        break;
+                                    }
+                                case 2: {
+                                        if (!(message.servicePerimeters && message.servicePerimeters.length))
+                                            message.servicePerimeters = [];
+                                        message.servicePerimeters.push($root.google.identity.accesscontextmanager.v1.ServicePerimeter.decode(reader, reader.uint32()));
+                                        break;
+                                    }
+                                case 3: {
+                                        message.etag = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a ReplaceServicePerimetersRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest} ReplaceServicePerimetersRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ReplaceServicePerimetersRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a ReplaceServicePerimetersRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        ReplaceServicePerimetersRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                if (!$util.isString(message.parent))
+                                    return "parent: string expected";
+                            if (message.servicePerimeters != null && message.hasOwnProperty("servicePerimeters")) {
+                                if (!Array.isArray(message.servicePerimeters))
+                                    return "servicePerimeters: array expected";
+                                for (var i = 0; i < message.servicePerimeters.length; ++i) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.verify(message.servicePerimeters[i]);
+                                    if (error)
+                                        return "servicePerimeters." + error;
+                                }
+                            }
+                            if (message.etag != null && message.hasOwnProperty("etag"))
+                                if (!$util.isString(message.etag))
+                                    return "etag: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a ReplaceServicePerimetersRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest} ReplaceServicePerimetersRequest
+                         */
+                        ReplaceServicePerimetersRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest();
+                            if (object.parent != null)
+                                message.parent = String(object.parent);
+                            if (object.servicePerimeters) {
+                                if (!Array.isArray(object.servicePerimeters))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest.servicePerimeters: array expected");
+                                message.servicePerimeters = [];
+                                for (var i = 0; i < object.servicePerimeters.length; ++i) {
+                                    if (typeof object.servicePerimeters[i] !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest.servicePerimeters: object expected");
+                                    message.servicePerimeters[i] = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.fromObject(object.servicePerimeters[i]);
+                                }
+                            }
+                            if (object.etag != null)
+                                message.etag = String(object.etag);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a ReplaceServicePerimetersRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest} message ReplaceServicePerimetersRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        ReplaceServicePerimetersRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.arrays || options.defaults)
+                                object.servicePerimeters = [];
+                            if (options.defaults) {
+                                object.parent = "";
+                                object.etag = "";
+                            }
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                object.parent = message.parent;
+                            if (message.servicePerimeters && message.servicePerimeters.length) {
+                                object.servicePerimeters = [];
+                                for (var j = 0; j < message.servicePerimeters.length; ++j)
+                                    object.servicePerimeters[j] = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.toObject(message.servicePerimeters[j], options);
+                            }
+                            if (message.etag != null && message.hasOwnProperty("etag"))
+                                object.etag = message.etag;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this ReplaceServicePerimetersRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        ReplaceServicePerimetersRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for ReplaceServicePerimetersRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        ReplaceServicePerimetersRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest";
+                        };
+    
+                        return ReplaceServicePerimetersRequest;
+                    })();
+    
+                    v1.ReplaceServicePerimetersResponse = (function() {
+    
+                        /**
+                         * Properties of a ReplaceServicePerimetersResponse.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IReplaceServicePerimetersResponse
+                         * @property {Array.<google.identity.accesscontextmanager.v1.IServicePerimeter>|null} [servicePerimeters] ReplaceServicePerimetersResponse servicePerimeters
+                         */
+    
+                        /**
+                         * Constructs a new ReplaceServicePerimetersResponse.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a ReplaceServicePerimetersResponse.
+                         * @implements IReplaceServicePerimetersResponse
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse=} [properties] Properties to set
+                         */
+                        function ReplaceServicePerimetersResponse(properties) {
+                            this.servicePerimeters = [];
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * ReplaceServicePerimetersResponse servicePerimeters.
+                         * @member {Array.<google.identity.accesscontextmanager.v1.IServicePerimeter>} servicePerimeters
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse
+                         * @instance
+                         */
+                        ReplaceServicePerimetersResponse.prototype.servicePerimeters = $util.emptyArray;
+    
+                        /**
+                         * Creates a new ReplaceServicePerimetersResponse instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse} ReplaceServicePerimetersResponse instance
+                         */
+                        ReplaceServicePerimetersResponse.create = function create(properties) {
+                            return new ReplaceServicePerimetersResponse(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified ReplaceServicePerimetersResponse message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse} message ReplaceServicePerimetersResponse message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ReplaceServicePerimetersResponse.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.servicePerimeters != null && message.servicePerimeters.length)
+                                for (var i = 0; i < message.servicePerimeters.length; ++i)
+                                    $root.google.identity.accesscontextmanager.v1.ServicePerimeter.encode(message.servicePerimeters[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified ReplaceServicePerimetersResponse message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse} message ReplaceServicePerimetersResponse message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ReplaceServicePerimetersResponse.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a ReplaceServicePerimetersResponse message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse} ReplaceServicePerimetersResponse
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ReplaceServicePerimetersResponse.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        if (!(message.servicePerimeters && message.servicePerimeters.length))
+                                            message.servicePerimeters = [];
+                                        message.servicePerimeters.push($root.google.identity.accesscontextmanager.v1.ServicePerimeter.decode(reader, reader.uint32()));
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a ReplaceServicePerimetersResponse message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse} ReplaceServicePerimetersResponse
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ReplaceServicePerimetersResponse.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a ReplaceServicePerimetersResponse message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        ReplaceServicePerimetersResponse.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.servicePerimeters != null && message.hasOwnProperty("servicePerimeters")) {
+                                if (!Array.isArray(message.servicePerimeters))
+                                    return "servicePerimeters: array expected";
+                                for (var i = 0; i < message.servicePerimeters.length; ++i) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.verify(message.servicePerimeters[i]);
+                                    if (error)
+                                        return "servicePerimeters." + error;
+                                }
+                            }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a ReplaceServicePerimetersResponse message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse} ReplaceServicePerimetersResponse
+                         */
+                        ReplaceServicePerimetersResponse.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse();
+                            if (object.servicePerimeters) {
+                                if (!Array.isArray(object.servicePerimeters))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse.servicePerimeters: array expected");
+                                message.servicePerimeters = [];
+                                for (var i = 0; i < object.servicePerimeters.length; ++i) {
+                                    if (typeof object.servicePerimeters[i] !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse.servicePerimeters: object expected");
+                                    message.servicePerimeters[i] = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.fromObject(object.servicePerimeters[i]);
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a ReplaceServicePerimetersResponse message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse} message ReplaceServicePerimetersResponse
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        ReplaceServicePerimetersResponse.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.arrays || options.defaults)
+                                object.servicePerimeters = [];
+                            if (message.servicePerimeters && message.servicePerimeters.length) {
+                                object.servicePerimeters = [];
+                                for (var j = 0; j < message.servicePerimeters.length; ++j)
+                                    object.servicePerimeters[j] = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.toObject(message.servicePerimeters[j], options);
+                            }
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this ReplaceServicePerimetersResponse to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        ReplaceServicePerimetersResponse.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for ReplaceServicePerimetersResponse
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        ReplaceServicePerimetersResponse.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse";
+                        };
+    
+                        return ReplaceServicePerimetersResponse;
+                    })();
+    
+                    v1.CommitServicePerimetersRequest = (function() {
+    
+                        /**
+                         * Properties of a CommitServicePerimetersRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface ICommitServicePerimetersRequest
+                         * @property {string|null} [parent] CommitServicePerimetersRequest parent
+                         * @property {string|null} [etag] CommitServicePerimetersRequest etag
+                         */
+    
+                        /**
+                         * Constructs a new CommitServicePerimetersRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a CommitServicePerimetersRequest.
+                         * @implements ICommitServicePerimetersRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest=} [properties] Properties to set
+                         */
+                        function CommitServicePerimetersRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * CommitServicePerimetersRequest parent.
+                         * @member {string} parent
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest
+                         * @instance
+                         */
+                        CommitServicePerimetersRequest.prototype.parent = "";
+    
+                        /**
+                         * CommitServicePerimetersRequest etag.
+                         * @member {string} etag
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest
+                         * @instance
+                         */
+                        CommitServicePerimetersRequest.prototype.etag = "";
+    
+                        /**
+                         * Creates a new CommitServicePerimetersRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest} CommitServicePerimetersRequest instance
+                         */
+                        CommitServicePerimetersRequest.create = function create(properties) {
+                            return new CommitServicePerimetersRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified CommitServicePerimetersRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest} message CommitServicePerimetersRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        CommitServicePerimetersRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.parent != null && Object.hasOwnProperty.call(message, "parent"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.parent);
+                            if (message.etag != null && Object.hasOwnProperty.call(message, "etag"))
+                                writer.uint32(/* id 2, wireType 2 =*/18).string(message.etag);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified CommitServicePerimetersRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest} message CommitServicePerimetersRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        CommitServicePerimetersRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a CommitServicePerimetersRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest} CommitServicePerimetersRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        CommitServicePerimetersRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.parent = reader.string();
+                                        break;
+                                    }
+                                case 2: {
+                                        message.etag = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a CommitServicePerimetersRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest} CommitServicePerimetersRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        CommitServicePerimetersRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a CommitServicePerimetersRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        CommitServicePerimetersRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                if (!$util.isString(message.parent))
+                                    return "parent: string expected";
+                            if (message.etag != null && message.hasOwnProperty("etag"))
+                                if (!$util.isString(message.etag))
+                                    return "etag: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a CommitServicePerimetersRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest} CommitServicePerimetersRequest
+                         */
+                        CommitServicePerimetersRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest();
+                            if (object.parent != null)
+                                message.parent = String(object.parent);
+                            if (object.etag != null)
+                                message.etag = String(object.etag);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a CommitServicePerimetersRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest} message CommitServicePerimetersRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        CommitServicePerimetersRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.parent = "";
+                                object.etag = "";
+                            }
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                object.parent = message.parent;
+                            if (message.etag != null && message.hasOwnProperty("etag"))
+                                object.etag = message.etag;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this CommitServicePerimetersRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        CommitServicePerimetersRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for CommitServicePerimetersRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        CommitServicePerimetersRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest";
+                        };
+    
+                        return CommitServicePerimetersRequest;
+                    })();
+    
+                    v1.CommitServicePerimetersResponse = (function() {
+    
+                        /**
+                         * Properties of a CommitServicePerimetersResponse.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface ICommitServicePerimetersResponse
+                         * @property {Array.<google.identity.accesscontextmanager.v1.IServicePerimeter>|null} [servicePerimeters] CommitServicePerimetersResponse servicePerimeters
+                         */
+    
+                        /**
+                         * Constructs a new CommitServicePerimetersResponse.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a CommitServicePerimetersResponse.
+                         * @implements ICommitServicePerimetersResponse
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse=} [properties] Properties to set
+                         */
+                        function CommitServicePerimetersResponse(properties) {
+                            this.servicePerimeters = [];
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * CommitServicePerimetersResponse servicePerimeters.
+                         * @member {Array.<google.identity.accesscontextmanager.v1.IServicePerimeter>} servicePerimeters
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse
+                         * @instance
+                         */
+                        CommitServicePerimetersResponse.prototype.servicePerimeters = $util.emptyArray;
+    
+                        /**
+                         * Creates a new CommitServicePerimetersResponse instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse} CommitServicePerimetersResponse instance
+                         */
+                        CommitServicePerimetersResponse.create = function create(properties) {
+                            return new CommitServicePerimetersResponse(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified CommitServicePerimetersResponse message. Does not implicitly {@link google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse} message CommitServicePerimetersResponse message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        CommitServicePerimetersResponse.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.servicePerimeters != null && message.servicePerimeters.length)
+                                for (var i = 0; i < message.servicePerimeters.length; ++i)
+                                    $root.google.identity.accesscontextmanager.v1.ServicePerimeter.encode(message.servicePerimeters[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified CommitServicePerimetersResponse message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse} message CommitServicePerimetersResponse message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        CommitServicePerimetersResponse.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a CommitServicePerimetersResponse message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse} CommitServicePerimetersResponse
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        CommitServicePerimetersResponse.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        if (!(message.servicePerimeters && message.servicePerimeters.length))
+                                            message.servicePerimeters = [];
+                                        message.servicePerimeters.push($root.google.identity.accesscontextmanager.v1.ServicePerimeter.decode(reader, reader.uint32()));
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a CommitServicePerimetersResponse message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse} CommitServicePerimetersResponse
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        CommitServicePerimetersResponse.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a CommitServicePerimetersResponse message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        CommitServicePerimetersResponse.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.servicePerimeters != null && message.hasOwnProperty("servicePerimeters")) {
+                                if (!Array.isArray(message.servicePerimeters))
+                                    return "servicePerimeters: array expected";
+                                for (var i = 0; i < message.servicePerimeters.length; ++i) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.verify(message.servicePerimeters[i]);
+                                    if (error)
+                                        return "servicePerimeters." + error;
+                                }
+                            }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a CommitServicePerimetersResponse message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse} CommitServicePerimetersResponse
+                         */
+                        CommitServicePerimetersResponse.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse();
+                            if (object.servicePerimeters) {
+                                if (!Array.isArray(object.servicePerimeters))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse.servicePerimeters: array expected");
+                                message.servicePerimeters = [];
+                                for (var i = 0; i < object.servicePerimeters.length; ++i) {
+                                    if (typeof object.servicePerimeters[i] !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse.servicePerimeters: object expected");
+                                    message.servicePerimeters[i] = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.fromObject(object.servicePerimeters[i]);
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a CommitServicePerimetersResponse message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse} message CommitServicePerimetersResponse
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        CommitServicePerimetersResponse.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.arrays || options.defaults)
+                                object.servicePerimeters = [];
+                            if (message.servicePerimeters && message.servicePerimeters.length) {
+                                object.servicePerimeters = [];
+                                for (var j = 0; j < message.servicePerimeters.length; ++j)
+                                    object.servicePerimeters[j] = $root.google.identity.accesscontextmanager.v1.ServicePerimeter.toObject(message.servicePerimeters[j], options);
+                            }
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this CommitServicePerimetersResponse to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        CommitServicePerimetersResponse.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for CommitServicePerimetersResponse
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        CommitServicePerimetersResponse.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse";
+                        };
+    
+                        return CommitServicePerimetersResponse;
+                    })();
+    
+                    /**
+                     * LevelFormat enum.
+                     * @name google.identity.accesscontextmanager.v1.LevelFormat
+                     * @enum {number}
+                     * @property {number} LEVEL_FORMAT_UNSPECIFIED=0 LEVEL_FORMAT_UNSPECIFIED value
+                     * @property {number} AS_DEFINED=1 AS_DEFINED value
+                     * @property {number} CEL=2 CEL value
+                     */
+                    v1.LevelFormat = (function() {
+                        var valuesById = {}, values = Object.create(valuesById);
+                        values[valuesById[0] = "LEVEL_FORMAT_UNSPECIFIED"] = 0;
+                        values[valuesById[1] = "AS_DEFINED"] = 1;
+                        values[valuesById[2] = "CEL"] = 2;
+                        return values;
+                    })();
+    
+                    v1.ListGcpUserAccessBindingsRequest = (function() {
+    
+                        /**
+                         * Properties of a ListGcpUserAccessBindingsRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IListGcpUserAccessBindingsRequest
+                         * @property {string|null} [parent] ListGcpUserAccessBindingsRequest parent
+                         * @property {number|null} [pageSize] ListGcpUserAccessBindingsRequest pageSize
+                         * @property {string|null} [pageToken] ListGcpUserAccessBindingsRequest pageToken
+                         */
+    
+                        /**
+                         * Constructs a new ListGcpUserAccessBindingsRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a ListGcpUserAccessBindingsRequest.
+                         * @implements IListGcpUserAccessBindingsRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest=} [properties] Properties to set
+                         */
+                        function ListGcpUserAccessBindingsRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * ListGcpUserAccessBindingsRequest parent.
+                         * @member {string} parent
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest
+                         * @instance
+                         */
+                        ListGcpUserAccessBindingsRequest.prototype.parent = "";
+    
+                        /**
+                         * ListGcpUserAccessBindingsRequest pageSize.
+                         * @member {number} pageSize
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest
+                         * @instance
+                         */
+                        ListGcpUserAccessBindingsRequest.prototype.pageSize = 0;
+    
+                        /**
+                         * ListGcpUserAccessBindingsRequest pageToken.
+                         * @member {string} pageToken
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest
+                         * @instance
+                         */
+                        ListGcpUserAccessBindingsRequest.prototype.pageToken = "";
+    
+                        /**
+                         * Creates a new ListGcpUserAccessBindingsRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest} ListGcpUserAccessBindingsRequest instance
+                         */
+                        ListGcpUserAccessBindingsRequest.create = function create(properties) {
+                            return new ListGcpUserAccessBindingsRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified ListGcpUserAccessBindingsRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest} message ListGcpUserAccessBindingsRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListGcpUserAccessBindingsRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.parent != null && Object.hasOwnProperty.call(message, "parent"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.parent);
+                            if (message.pageSize != null && Object.hasOwnProperty.call(message, "pageSize"))
+                                writer.uint32(/* id 2, wireType 0 =*/16).int32(message.pageSize);
+                            if (message.pageToken != null && Object.hasOwnProperty.call(message, "pageToken"))
+                                writer.uint32(/* id 3, wireType 2 =*/26).string(message.pageToken);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified ListGcpUserAccessBindingsRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest} message ListGcpUserAccessBindingsRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListGcpUserAccessBindingsRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a ListGcpUserAccessBindingsRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest} ListGcpUserAccessBindingsRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListGcpUserAccessBindingsRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.parent = reader.string();
+                                        break;
+                                    }
+                                case 2: {
+                                        message.pageSize = reader.int32();
+                                        break;
+                                    }
+                                case 3: {
+                                        message.pageToken = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a ListGcpUserAccessBindingsRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest} ListGcpUserAccessBindingsRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListGcpUserAccessBindingsRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a ListGcpUserAccessBindingsRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        ListGcpUserAccessBindingsRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                if (!$util.isString(message.parent))
+                                    return "parent: string expected";
+                            if (message.pageSize != null && message.hasOwnProperty("pageSize"))
+                                if (!$util.isInteger(message.pageSize))
+                                    return "pageSize: integer expected";
+                            if (message.pageToken != null && message.hasOwnProperty("pageToken"))
+                                if (!$util.isString(message.pageToken))
+                                    return "pageToken: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a ListGcpUserAccessBindingsRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest} ListGcpUserAccessBindingsRequest
+                         */
+                        ListGcpUserAccessBindingsRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest();
+                            if (object.parent != null)
+                                message.parent = String(object.parent);
+                            if (object.pageSize != null)
+                                message.pageSize = object.pageSize | 0;
+                            if (object.pageToken != null)
+                                message.pageToken = String(object.pageToken);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a ListGcpUserAccessBindingsRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest} message ListGcpUserAccessBindingsRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        ListGcpUserAccessBindingsRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.parent = "";
+                                object.pageSize = 0;
+                                object.pageToken = "";
+                            }
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                object.parent = message.parent;
+                            if (message.pageSize != null && message.hasOwnProperty("pageSize"))
+                                object.pageSize = message.pageSize;
+                            if (message.pageToken != null && message.hasOwnProperty("pageToken"))
+                                object.pageToken = message.pageToken;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this ListGcpUserAccessBindingsRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        ListGcpUserAccessBindingsRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for ListGcpUserAccessBindingsRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        ListGcpUserAccessBindingsRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest";
+                        };
+    
+                        return ListGcpUserAccessBindingsRequest;
+                    })();
+    
+                    v1.ListGcpUserAccessBindingsResponse = (function() {
+    
+                        /**
+                         * Properties of a ListGcpUserAccessBindingsResponse.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IListGcpUserAccessBindingsResponse
+                         * @property {Array.<google.identity.accesscontextmanager.v1.IGcpUserAccessBinding>|null} [gcpUserAccessBindings] ListGcpUserAccessBindingsResponse gcpUserAccessBindings
+                         * @property {string|null} [nextPageToken] ListGcpUserAccessBindingsResponse nextPageToken
+                         */
+    
+                        /**
+                         * Constructs a new ListGcpUserAccessBindingsResponse.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a ListGcpUserAccessBindingsResponse.
+                         * @implements IListGcpUserAccessBindingsResponse
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsResponse=} [properties] Properties to set
+                         */
+                        function ListGcpUserAccessBindingsResponse(properties) {
+                            this.gcpUserAccessBindings = [];
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * ListGcpUserAccessBindingsResponse gcpUserAccessBindings.
+                         * @member {Array.<google.identity.accesscontextmanager.v1.IGcpUserAccessBinding>} gcpUserAccessBindings
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse
+                         * @instance
+                         */
+                        ListGcpUserAccessBindingsResponse.prototype.gcpUserAccessBindings = $util.emptyArray;
+    
+                        /**
+                         * ListGcpUserAccessBindingsResponse nextPageToken.
+                         * @member {string} nextPageToken
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse
+                         * @instance
+                         */
+                        ListGcpUserAccessBindingsResponse.prototype.nextPageToken = "";
+    
+                        /**
+                         * Creates a new ListGcpUserAccessBindingsResponse instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsResponse=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse} ListGcpUserAccessBindingsResponse instance
+                         */
+                        ListGcpUserAccessBindingsResponse.create = function create(properties) {
+                            return new ListGcpUserAccessBindingsResponse(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified ListGcpUserAccessBindingsResponse message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsResponse} message ListGcpUserAccessBindingsResponse message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListGcpUserAccessBindingsResponse.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.gcpUserAccessBindings != null && message.gcpUserAccessBindings.length)
+                                for (var i = 0; i < message.gcpUserAccessBindings.length; ++i)
+                                    $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding.encode(message.gcpUserAccessBindings[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                            if (message.nextPageToken != null && Object.hasOwnProperty.call(message, "nextPageToken"))
+                                writer.uint32(/* id 2, wireType 2 =*/18).string(message.nextPageToken);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified ListGcpUserAccessBindingsResponse message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsResponse} message ListGcpUserAccessBindingsResponse message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ListGcpUserAccessBindingsResponse.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a ListGcpUserAccessBindingsResponse message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse} ListGcpUserAccessBindingsResponse
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListGcpUserAccessBindingsResponse.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        if (!(message.gcpUserAccessBindings && message.gcpUserAccessBindings.length))
+                                            message.gcpUserAccessBindings = [];
+                                        message.gcpUserAccessBindings.push($root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding.decode(reader, reader.uint32()));
+                                        break;
+                                    }
+                                case 2: {
+                                        message.nextPageToken = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a ListGcpUserAccessBindingsResponse message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse} ListGcpUserAccessBindingsResponse
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ListGcpUserAccessBindingsResponse.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a ListGcpUserAccessBindingsResponse message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        ListGcpUserAccessBindingsResponse.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.gcpUserAccessBindings != null && message.hasOwnProperty("gcpUserAccessBindings")) {
+                                if (!Array.isArray(message.gcpUserAccessBindings))
+                                    return "gcpUserAccessBindings: array expected";
+                                for (var i = 0; i < message.gcpUserAccessBindings.length; ++i) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding.verify(message.gcpUserAccessBindings[i]);
+                                    if (error)
+                                        return "gcpUserAccessBindings." + error;
+                                }
+                            }
+                            if (message.nextPageToken != null && message.hasOwnProperty("nextPageToken"))
+                                if (!$util.isString(message.nextPageToken))
+                                    return "nextPageToken: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a ListGcpUserAccessBindingsResponse message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse} ListGcpUserAccessBindingsResponse
+                         */
+                        ListGcpUserAccessBindingsResponse.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse();
+                            if (object.gcpUserAccessBindings) {
+                                if (!Array.isArray(object.gcpUserAccessBindings))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse.gcpUserAccessBindings: array expected");
+                                message.gcpUserAccessBindings = [];
+                                for (var i = 0; i < object.gcpUserAccessBindings.length; ++i) {
+                                    if (typeof object.gcpUserAccessBindings[i] !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse.gcpUserAccessBindings: object expected");
+                                    message.gcpUserAccessBindings[i] = $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding.fromObject(object.gcpUserAccessBindings[i]);
+                                }
+                            }
+                            if (object.nextPageToken != null)
+                                message.nextPageToken = String(object.nextPageToken);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a ListGcpUserAccessBindingsResponse message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse} message ListGcpUserAccessBindingsResponse
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        ListGcpUserAccessBindingsResponse.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.arrays || options.defaults)
+                                object.gcpUserAccessBindings = [];
+                            if (options.defaults)
+                                object.nextPageToken = "";
+                            if (message.gcpUserAccessBindings && message.gcpUserAccessBindings.length) {
+                                object.gcpUserAccessBindings = [];
+                                for (var j = 0; j < message.gcpUserAccessBindings.length; ++j)
+                                    object.gcpUserAccessBindings[j] = $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding.toObject(message.gcpUserAccessBindings[j], options);
+                            }
+                            if (message.nextPageToken != null && message.hasOwnProperty("nextPageToken"))
+                                object.nextPageToken = message.nextPageToken;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this ListGcpUserAccessBindingsResponse to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        ListGcpUserAccessBindingsResponse.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for ListGcpUserAccessBindingsResponse
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        ListGcpUserAccessBindingsResponse.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse";
+                        };
+    
+                        return ListGcpUserAccessBindingsResponse;
+                    })();
+    
+                    v1.GetGcpUserAccessBindingRequest = (function() {
+    
+                        /**
+                         * Properties of a GetGcpUserAccessBindingRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IGetGcpUserAccessBindingRequest
+                         * @property {string|null} [name] GetGcpUserAccessBindingRequest name
+                         */
+    
+                        /**
+                         * Constructs a new GetGcpUserAccessBindingRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a GetGcpUserAccessBindingRequest.
+                         * @implements IGetGcpUserAccessBindingRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest=} [properties] Properties to set
+                         */
+                        function GetGcpUserAccessBindingRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * GetGcpUserAccessBindingRequest name.
+                         * @member {string} name
+                         * @memberof google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest
+                         * @instance
+                         */
+                        GetGcpUserAccessBindingRequest.prototype.name = "";
+    
+                        /**
+                         * Creates a new GetGcpUserAccessBindingRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest} GetGcpUserAccessBindingRequest instance
+                         */
+                        GetGcpUserAccessBindingRequest.create = function create(properties) {
+                            return new GetGcpUserAccessBindingRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified GetGcpUserAccessBindingRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest} message GetGcpUserAccessBindingRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        GetGcpUserAccessBindingRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified GetGcpUserAccessBindingRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest} message GetGcpUserAccessBindingRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        GetGcpUserAccessBindingRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a GetGcpUserAccessBindingRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest} GetGcpUserAccessBindingRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        GetGcpUserAccessBindingRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.name = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a GetGcpUserAccessBindingRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest} GetGcpUserAccessBindingRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        GetGcpUserAccessBindingRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a GetGcpUserAccessBindingRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        GetGcpUserAccessBindingRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                if (!$util.isString(message.name))
+                                    return "name: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a GetGcpUserAccessBindingRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest} GetGcpUserAccessBindingRequest
+                         */
+                        GetGcpUserAccessBindingRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest();
+                            if (object.name != null)
+                                message.name = String(object.name);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a GetGcpUserAccessBindingRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest} message GetGcpUserAccessBindingRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        GetGcpUserAccessBindingRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults)
+                                object.name = "";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                object.name = message.name;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this GetGcpUserAccessBindingRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        GetGcpUserAccessBindingRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for GetGcpUserAccessBindingRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        GetGcpUserAccessBindingRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest";
+                        };
+    
+                        return GetGcpUserAccessBindingRequest;
+                    })();
+    
+                    v1.CreateGcpUserAccessBindingRequest = (function() {
+    
+                        /**
+                         * Properties of a CreateGcpUserAccessBindingRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface ICreateGcpUserAccessBindingRequest
+                         * @property {string|null} [parent] CreateGcpUserAccessBindingRequest parent
+                         * @property {google.identity.accesscontextmanager.v1.IGcpUserAccessBinding|null} [gcpUserAccessBinding] CreateGcpUserAccessBindingRequest gcpUserAccessBinding
+                         */
+    
+                        /**
+                         * Constructs a new CreateGcpUserAccessBindingRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a CreateGcpUserAccessBindingRequest.
+                         * @implements ICreateGcpUserAccessBindingRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest=} [properties] Properties to set
+                         */
+                        function CreateGcpUserAccessBindingRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * CreateGcpUserAccessBindingRequest parent.
+                         * @member {string} parent
+                         * @memberof google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest
+                         * @instance
+                         */
+                        CreateGcpUserAccessBindingRequest.prototype.parent = "";
+    
+                        /**
+                         * CreateGcpUserAccessBindingRequest gcpUserAccessBinding.
+                         * @member {google.identity.accesscontextmanager.v1.IGcpUserAccessBinding|null|undefined} gcpUserAccessBinding
+                         * @memberof google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest
+                         * @instance
+                         */
+                        CreateGcpUserAccessBindingRequest.prototype.gcpUserAccessBinding = null;
+    
+                        /**
+                         * Creates a new CreateGcpUserAccessBindingRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest} CreateGcpUserAccessBindingRequest instance
+                         */
+                        CreateGcpUserAccessBindingRequest.create = function create(properties) {
+                            return new CreateGcpUserAccessBindingRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified CreateGcpUserAccessBindingRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest} message CreateGcpUserAccessBindingRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        CreateGcpUserAccessBindingRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.parent != null && Object.hasOwnProperty.call(message, "parent"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.parent);
+                            if (message.gcpUserAccessBinding != null && Object.hasOwnProperty.call(message, "gcpUserAccessBinding"))
+                                $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding.encode(message.gcpUserAccessBinding, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified CreateGcpUserAccessBindingRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest} message CreateGcpUserAccessBindingRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        CreateGcpUserAccessBindingRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a CreateGcpUserAccessBindingRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest} CreateGcpUserAccessBindingRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        CreateGcpUserAccessBindingRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.parent = reader.string();
+                                        break;
+                                    }
+                                case 2: {
+                                        message.gcpUserAccessBinding = $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a CreateGcpUserAccessBindingRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest} CreateGcpUserAccessBindingRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        CreateGcpUserAccessBindingRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a CreateGcpUserAccessBindingRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        CreateGcpUserAccessBindingRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                if (!$util.isString(message.parent))
+                                    return "parent: string expected";
+                            if (message.gcpUserAccessBinding != null && message.hasOwnProperty("gcpUserAccessBinding")) {
+                                var error = $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding.verify(message.gcpUserAccessBinding);
+                                if (error)
+                                    return "gcpUserAccessBinding." + error;
+                            }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a CreateGcpUserAccessBindingRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest} CreateGcpUserAccessBindingRequest
+                         */
+                        CreateGcpUserAccessBindingRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest();
+                            if (object.parent != null)
+                                message.parent = String(object.parent);
+                            if (object.gcpUserAccessBinding != null) {
+                                if (typeof object.gcpUserAccessBinding !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest.gcpUserAccessBinding: object expected");
+                                message.gcpUserAccessBinding = $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding.fromObject(object.gcpUserAccessBinding);
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a CreateGcpUserAccessBindingRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest} message CreateGcpUserAccessBindingRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        CreateGcpUserAccessBindingRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.parent = "";
+                                object.gcpUserAccessBinding = null;
+                            }
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                object.parent = message.parent;
+                            if (message.gcpUserAccessBinding != null && message.hasOwnProperty("gcpUserAccessBinding"))
+                                object.gcpUserAccessBinding = $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding.toObject(message.gcpUserAccessBinding, options);
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this CreateGcpUserAccessBindingRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        CreateGcpUserAccessBindingRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for CreateGcpUserAccessBindingRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        CreateGcpUserAccessBindingRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest";
+                        };
+    
+                        return CreateGcpUserAccessBindingRequest;
+                    })();
+    
+                    v1.UpdateGcpUserAccessBindingRequest = (function() {
+    
+                        /**
+                         * Properties of an UpdateGcpUserAccessBindingRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IUpdateGcpUserAccessBindingRequest
+                         * @property {google.identity.accesscontextmanager.v1.IGcpUserAccessBinding|null} [gcpUserAccessBinding] UpdateGcpUserAccessBindingRequest gcpUserAccessBinding
+                         * @property {google.protobuf.IFieldMask|null} [updateMask] UpdateGcpUserAccessBindingRequest updateMask
+                         */
+    
+                        /**
+                         * Constructs a new UpdateGcpUserAccessBindingRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents an UpdateGcpUserAccessBindingRequest.
+                         * @implements IUpdateGcpUserAccessBindingRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest=} [properties] Properties to set
+                         */
+                        function UpdateGcpUserAccessBindingRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * UpdateGcpUserAccessBindingRequest gcpUserAccessBinding.
+                         * @member {google.identity.accesscontextmanager.v1.IGcpUserAccessBinding|null|undefined} gcpUserAccessBinding
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest
+                         * @instance
+                         */
+                        UpdateGcpUserAccessBindingRequest.prototype.gcpUserAccessBinding = null;
+    
+                        /**
+                         * UpdateGcpUserAccessBindingRequest updateMask.
+                         * @member {google.protobuf.IFieldMask|null|undefined} updateMask
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest
+                         * @instance
+                         */
+                        UpdateGcpUserAccessBindingRequest.prototype.updateMask = null;
+    
+                        /**
+                         * Creates a new UpdateGcpUserAccessBindingRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest} UpdateGcpUserAccessBindingRequest instance
+                         */
+                        UpdateGcpUserAccessBindingRequest.create = function create(properties) {
+                            return new UpdateGcpUserAccessBindingRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified UpdateGcpUserAccessBindingRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest} message UpdateGcpUserAccessBindingRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        UpdateGcpUserAccessBindingRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.gcpUserAccessBinding != null && Object.hasOwnProperty.call(message, "gcpUserAccessBinding"))
+                                $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding.encode(message.gcpUserAccessBinding, writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                            if (message.updateMask != null && Object.hasOwnProperty.call(message, "updateMask"))
+                                $root.google.protobuf.FieldMask.encode(message.updateMask, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified UpdateGcpUserAccessBindingRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest} message UpdateGcpUserAccessBindingRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        UpdateGcpUserAccessBindingRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes an UpdateGcpUserAccessBindingRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest} UpdateGcpUserAccessBindingRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        UpdateGcpUserAccessBindingRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.gcpUserAccessBinding = $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                case 2: {
+                                        message.updateMask = $root.google.protobuf.FieldMask.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes an UpdateGcpUserAccessBindingRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest} UpdateGcpUserAccessBindingRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        UpdateGcpUserAccessBindingRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies an UpdateGcpUserAccessBindingRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        UpdateGcpUserAccessBindingRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.gcpUserAccessBinding != null && message.hasOwnProperty("gcpUserAccessBinding")) {
+                                var error = $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding.verify(message.gcpUserAccessBinding);
+                                if (error)
+                                    return "gcpUserAccessBinding." + error;
+                            }
+                            if (message.updateMask != null && message.hasOwnProperty("updateMask")) {
+                                var error = $root.google.protobuf.FieldMask.verify(message.updateMask);
+                                if (error)
+                                    return "updateMask." + error;
+                            }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates an UpdateGcpUserAccessBindingRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest} UpdateGcpUserAccessBindingRequest
+                         */
+                        UpdateGcpUserAccessBindingRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest();
+                            if (object.gcpUserAccessBinding != null) {
+                                if (typeof object.gcpUserAccessBinding !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest.gcpUserAccessBinding: object expected");
+                                message.gcpUserAccessBinding = $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding.fromObject(object.gcpUserAccessBinding);
+                            }
+                            if (object.updateMask != null) {
+                                if (typeof object.updateMask !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest.updateMask: object expected");
+                                message.updateMask = $root.google.protobuf.FieldMask.fromObject(object.updateMask);
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from an UpdateGcpUserAccessBindingRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest} message UpdateGcpUserAccessBindingRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        UpdateGcpUserAccessBindingRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.gcpUserAccessBinding = null;
+                                object.updateMask = null;
+                            }
+                            if (message.gcpUserAccessBinding != null && message.hasOwnProperty("gcpUserAccessBinding"))
+                                object.gcpUserAccessBinding = $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding.toObject(message.gcpUserAccessBinding, options);
+                            if (message.updateMask != null && message.hasOwnProperty("updateMask"))
+                                object.updateMask = $root.google.protobuf.FieldMask.toObject(message.updateMask, options);
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this UpdateGcpUserAccessBindingRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        UpdateGcpUserAccessBindingRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for UpdateGcpUserAccessBindingRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        UpdateGcpUserAccessBindingRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest";
+                        };
+    
+                        return UpdateGcpUserAccessBindingRequest;
+                    })();
+    
+                    v1.DeleteGcpUserAccessBindingRequest = (function() {
+    
+                        /**
+                         * Properties of a DeleteGcpUserAccessBindingRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IDeleteGcpUserAccessBindingRequest
+                         * @property {string|null} [name] DeleteGcpUserAccessBindingRequest name
+                         */
+    
+                        /**
+                         * Constructs a new DeleteGcpUserAccessBindingRequest.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a DeleteGcpUserAccessBindingRequest.
+                         * @implements IDeleteGcpUserAccessBindingRequest
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest=} [properties] Properties to set
+                         */
+                        function DeleteGcpUserAccessBindingRequest(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * DeleteGcpUserAccessBindingRequest name.
+                         * @member {string} name
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest
+                         * @instance
+                         */
+                        DeleteGcpUserAccessBindingRequest.prototype.name = "";
+    
+                        /**
+                         * Creates a new DeleteGcpUserAccessBindingRequest instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest} DeleteGcpUserAccessBindingRequest instance
+                         */
+                        DeleteGcpUserAccessBindingRequest.create = function create(properties) {
+                            return new DeleteGcpUserAccessBindingRequest(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified DeleteGcpUserAccessBindingRequest message. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest} message DeleteGcpUserAccessBindingRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        DeleteGcpUserAccessBindingRequest.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified DeleteGcpUserAccessBindingRequest message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest} message DeleteGcpUserAccessBindingRequest message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        DeleteGcpUserAccessBindingRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a DeleteGcpUserAccessBindingRequest message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest} DeleteGcpUserAccessBindingRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        DeleteGcpUserAccessBindingRequest.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.name = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a DeleteGcpUserAccessBindingRequest message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest} DeleteGcpUserAccessBindingRequest
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        DeleteGcpUserAccessBindingRequest.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a DeleteGcpUserAccessBindingRequest message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        DeleteGcpUserAccessBindingRequest.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                if (!$util.isString(message.name))
+                                    return "name: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a DeleteGcpUserAccessBindingRequest message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest} DeleteGcpUserAccessBindingRequest
+                         */
+                        DeleteGcpUserAccessBindingRequest.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest();
+                            if (object.name != null)
+                                message.name = String(object.name);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a DeleteGcpUserAccessBindingRequest message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest} message DeleteGcpUserAccessBindingRequest
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        DeleteGcpUserAccessBindingRequest.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults)
+                                object.name = "";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                object.name = message.name;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this DeleteGcpUserAccessBindingRequest to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        DeleteGcpUserAccessBindingRequest.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for DeleteGcpUserAccessBindingRequest
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        DeleteGcpUserAccessBindingRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest";
+                        };
+    
+                        return DeleteGcpUserAccessBindingRequest;
+                    })();
+    
+                    v1.GcpUserAccessBindingOperationMetadata = (function() {
+    
+                        /**
+                         * Properties of a GcpUserAccessBindingOperationMetadata.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IGcpUserAccessBindingOperationMetadata
+                         */
+    
+                        /**
+                         * Constructs a new GcpUserAccessBindingOperationMetadata.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a GcpUserAccessBindingOperationMetadata.
+                         * @implements IGcpUserAccessBindingOperationMetadata
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata=} [properties] Properties to set
+                         */
+                        function GcpUserAccessBindingOperationMetadata(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * Creates a new GcpUserAccessBindingOperationMetadata instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata} GcpUserAccessBindingOperationMetadata instance
+                         */
+                        GcpUserAccessBindingOperationMetadata.create = function create(properties) {
+                            return new GcpUserAccessBindingOperationMetadata(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified GcpUserAccessBindingOperationMetadata message. Does not implicitly {@link google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata} message GcpUserAccessBindingOperationMetadata message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        GcpUserAccessBindingOperationMetadata.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified GcpUserAccessBindingOperationMetadata message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata} message GcpUserAccessBindingOperationMetadata message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        GcpUserAccessBindingOperationMetadata.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a GcpUserAccessBindingOperationMetadata message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata} GcpUserAccessBindingOperationMetadata
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        GcpUserAccessBindingOperationMetadata.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a GcpUserAccessBindingOperationMetadata message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata} GcpUserAccessBindingOperationMetadata
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        GcpUserAccessBindingOperationMetadata.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a GcpUserAccessBindingOperationMetadata message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        GcpUserAccessBindingOperationMetadata.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a GcpUserAccessBindingOperationMetadata message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata} GcpUserAccessBindingOperationMetadata
+                         */
+                        GcpUserAccessBindingOperationMetadata.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata)
+                                return object;
+                            return new $root.google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata();
+                        };
+    
+                        /**
+                         * Creates a plain object from a GcpUserAccessBindingOperationMetadata message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata} message GcpUserAccessBindingOperationMetadata
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        GcpUserAccessBindingOperationMetadata.toObject = function toObject() {
+                            return {};
+                        };
+    
+                        /**
+                         * Converts this GcpUserAccessBindingOperationMetadata to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        GcpUserAccessBindingOperationMetadata.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for GcpUserAccessBindingOperationMetadata
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        GcpUserAccessBindingOperationMetadata.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata";
+                        };
+    
+                        return GcpUserAccessBindingOperationMetadata;
+                    })();
+    
+                    v1.AccessContextManagerOperationMetadata = (function() {
+    
+                        /**
+                         * Properties of an AccessContextManagerOperationMetadata.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IAccessContextManagerOperationMetadata
+                         */
+    
+                        /**
+                         * Constructs a new AccessContextManagerOperationMetadata.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents an AccessContextManagerOperationMetadata.
+                         * @implements IAccessContextManagerOperationMetadata
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata=} [properties] Properties to set
+                         */
+                        function AccessContextManagerOperationMetadata(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * Creates a new AccessContextManagerOperationMetadata instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata} AccessContextManagerOperationMetadata instance
+                         */
+                        AccessContextManagerOperationMetadata.create = function create(properties) {
+                            return new AccessContextManagerOperationMetadata(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified AccessContextManagerOperationMetadata message. Does not implicitly {@link google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata} message AccessContextManagerOperationMetadata message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        AccessContextManagerOperationMetadata.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified AccessContextManagerOperationMetadata message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata} message AccessContextManagerOperationMetadata message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        AccessContextManagerOperationMetadata.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes an AccessContextManagerOperationMetadata message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata} AccessContextManagerOperationMetadata
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        AccessContextManagerOperationMetadata.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes an AccessContextManagerOperationMetadata message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata} AccessContextManagerOperationMetadata
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        AccessContextManagerOperationMetadata.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies an AccessContextManagerOperationMetadata message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        AccessContextManagerOperationMetadata.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates an AccessContextManagerOperationMetadata message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata} AccessContextManagerOperationMetadata
+                         */
+                        AccessContextManagerOperationMetadata.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata)
+                                return object;
+                            return new $root.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata();
+                        };
+    
+                        /**
+                         * Creates a plain object from an AccessContextManagerOperationMetadata message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata} message AccessContextManagerOperationMetadata
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        AccessContextManagerOperationMetadata.toObject = function toObject() {
+                            return {};
+                        };
+    
+                        /**
+                         * Converts this AccessContextManagerOperationMetadata to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        AccessContextManagerOperationMetadata.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for AccessContextManagerOperationMetadata
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        AccessContextManagerOperationMetadata.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata";
+                        };
+    
+                        return AccessContextManagerOperationMetadata;
+                    })();
+    
+                    v1.AccessLevel = (function() {
+    
+                        /**
+                         * Properties of an AccessLevel.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IAccessLevel
+                         * @property {string|null} [name] AccessLevel name
+                         * @property {string|null} [title] AccessLevel title
+                         * @property {string|null} [description] AccessLevel description
+                         * @property {google.identity.accesscontextmanager.v1.IBasicLevel|null} [basic] AccessLevel basic
+                         * @property {google.identity.accesscontextmanager.v1.ICustomLevel|null} [custom] AccessLevel custom
+                         * @property {google.protobuf.ITimestamp|null} [createTime] AccessLevel createTime
+                         * @property {google.protobuf.ITimestamp|null} [updateTime] AccessLevel updateTime
+                         */
+    
+                        /**
+                         * Constructs a new AccessLevel.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents an AccessLevel.
+                         * @implements IAccessLevel
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IAccessLevel=} [properties] Properties to set
+                         */
+                        function AccessLevel(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * AccessLevel name.
+                         * @member {string} name
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @instance
+                         */
+                        AccessLevel.prototype.name = "";
+    
+                        /**
+                         * AccessLevel title.
+                         * @member {string} title
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @instance
+                         */
+                        AccessLevel.prototype.title = "";
+    
+                        /**
+                         * AccessLevel description.
+                         * @member {string} description
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @instance
+                         */
+                        AccessLevel.prototype.description = "";
+    
+                        /**
+                         * AccessLevel basic.
+                         * @member {google.identity.accesscontextmanager.v1.IBasicLevel|null|undefined} basic
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @instance
+                         */
+                        AccessLevel.prototype.basic = null;
+    
+                        /**
+                         * AccessLevel custom.
+                         * @member {google.identity.accesscontextmanager.v1.ICustomLevel|null|undefined} custom
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @instance
+                         */
+                        AccessLevel.prototype.custom = null;
+    
+                        /**
+                         * AccessLevel createTime.
+                         * @member {google.protobuf.ITimestamp|null|undefined} createTime
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @instance
+                         */
+                        AccessLevel.prototype.createTime = null;
+    
+                        /**
+                         * AccessLevel updateTime.
+                         * @member {google.protobuf.ITimestamp|null|undefined} updateTime
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @instance
+                         */
+                        AccessLevel.prototype.updateTime = null;
+    
+                        // OneOf field names bound to virtual getters and setters
+                        var $oneOfFields;
+    
+                        /**
+                         * AccessLevel level.
+                         * @member {"basic"|"custom"|undefined} level
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @instance
+                         */
+                        Object.defineProperty(AccessLevel.prototype, "level", {
+                            get: $util.oneOfGetter($oneOfFields = ["basic", "custom"]),
+                            set: $util.oneOfSetter($oneOfFields)
+                        });
+    
+                        /**
+                         * Creates a new AccessLevel instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IAccessLevel=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.AccessLevel} AccessLevel instance
+                         */
+                        AccessLevel.create = function create(properties) {
+                            return new AccessLevel(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified AccessLevel message. Does not implicitly {@link google.identity.accesscontextmanager.v1.AccessLevel.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IAccessLevel} message AccessLevel message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        AccessLevel.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                            if (message.title != null && Object.hasOwnProperty.call(message, "title"))
+                                writer.uint32(/* id 2, wireType 2 =*/18).string(message.title);
+                            if (message.description != null && Object.hasOwnProperty.call(message, "description"))
+                                writer.uint32(/* id 3, wireType 2 =*/26).string(message.description);
+                            if (message.basic != null && Object.hasOwnProperty.call(message, "basic"))
+                                $root.google.identity.accesscontextmanager.v1.BasicLevel.encode(message.basic, writer.uint32(/* id 4, wireType 2 =*/34).fork()).ldelim();
+                            if (message.custom != null && Object.hasOwnProperty.call(message, "custom"))
+                                $root.google.identity.accesscontextmanager.v1.CustomLevel.encode(message.custom, writer.uint32(/* id 5, wireType 2 =*/42).fork()).ldelim();
+                            if (message.createTime != null && Object.hasOwnProperty.call(message, "createTime"))
+                                $root.google.protobuf.Timestamp.encode(message.createTime, writer.uint32(/* id 6, wireType 2 =*/50).fork()).ldelim();
+                            if (message.updateTime != null && Object.hasOwnProperty.call(message, "updateTime"))
+                                $root.google.protobuf.Timestamp.encode(message.updateTime, writer.uint32(/* id 7, wireType 2 =*/58).fork()).ldelim();
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified AccessLevel message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.AccessLevel.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IAccessLevel} message AccessLevel message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        AccessLevel.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes an AccessLevel message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.AccessLevel} AccessLevel
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        AccessLevel.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.AccessLevel();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.name = reader.string();
+                                        break;
+                                    }
+                                case 2: {
+                                        message.title = reader.string();
+                                        break;
+                                    }
+                                case 3: {
+                                        message.description = reader.string();
+                                        break;
+                                    }
+                                case 4: {
+                                        message.basic = $root.google.identity.accesscontextmanager.v1.BasicLevel.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                case 5: {
+                                        message.custom = $root.google.identity.accesscontextmanager.v1.CustomLevel.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                case 6: {
+                                        message.createTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                case 7: {
+                                        message.updateTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes an AccessLevel message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.AccessLevel} AccessLevel
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        AccessLevel.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies an AccessLevel message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        AccessLevel.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            var properties = {};
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                if (!$util.isString(message.name))
+                                    return "name: string expected";
+                            if (message.title != null && message.hasOwnProperty("title"))
+                                if (!$util.isString(message.title))
+                                    return "title: string expected";
+                            if (message.description != null && message.hasOwnProperty("description"))
+                                if (!$util.isString(message.description))
+                                    return "description: string expected";
+                            if (message.basic != null && message.hasOwnProperty("basic")) {
+                                properties.level = 1;
+                                {
+                                    var error = $root.google.identity.accesscontextmanager.v1.BasicLevel.verify(message.basic);
+                                    if (error)
+                                        return "basic." + error;
+                                }
+                            }
+                            if (message.custom != null && message.hasOwnProperty("custom")) {
+                                if (properties.level === 1)
+                                    return "level: multiple values";
+                                properties.level = 1;
+                                {
+                                    var error = $root.google.identity.accesscontextmanager.v1.CustomLevel.verify(message.custom);
+                                    if (error)
+                                        return "custom." + error;
+                                }
+                            }
+                            if (message.createTime != null && message.hasOwnProperty("createTime")) {
+                                var error = $root.google.protobuf.Timestamp.verify(message.createTime);
+                                if (error)
+                                    return "createTime." + error;
+                            }
+                            if (message.updateTime != null && message.hasOwnProperty("updateTime")) {
+                                var error = $root.google.protobuf.Timestamp.verify(message.updateTime);
+                                if (error)
+                                    return "updateTime." + error;
+                            }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates an AccessLevel message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.AccessLevel} AccessLevel
+                         */
+                        AccessLevel.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.AccessLevel)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.AccessLevel();
+                            if (object.name != null)
+                                message.name = String(object.name);
+                            if (object.title != null)
+                                message.title = String(object.title);
+                            if (object.description != null)
+                                message.description = String(object.description);
+                            if (object.basic != null) {
+                                if (typeof object.basic !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.AccessLevel.basic: object expected");
+                                message.basic = $root.google.identity.accesscontextmanager.v1.BasicLevel.fromObject(object.basic);
+                            }
+                            if (object.custom != null) {
+                                if (typeof object.custom !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.AccessLevel.custom: object expected");
+                                message.custom = $root.google.identity.accesscontextmanager.v1.CustomLevel.fromObject(object.custom);
+                            }
+                            if (object.createTime != null) {
+                                if (typeof object.createTime !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.AccessLevel.createTime: object expected");
+                                message.createTime = $root.google.protobuf.Timestamp.fromObject(object.createTime);
+                            }
+                            if (object.updateTime != null) {
+                                if (typeof object.updateTime !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.AccessLevel.updateTime: object expected");
+                                message.updateTime = $root.google.protobuf.Timestamp.fromObject(object.updateTime);
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from an AccessLevel message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.AccessLevel} message AccessLevel
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        AccessLevel.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.name = "";
+                                object.title = "";
+                                object.description = "";
+                                object.createTime = null;
+                                object.updateTime = null;
+                            }
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                object.name = message.name;
+                            if (message.title != null && message.hasOwnProperty("title"))
+                                object.title = message.title;
+                            if (message.description != null && message.hasOwnProperty("description"))
+                                object.description = message.description;
+                            if (message.basic != null && message.hasOwnProperty("basic")) {
+                                object.basic = $root.google.identity.accesscontextmanager.v1.BasicLevel.toObject(message.basic, options);
+                                if (options.oneofs)
+                                    object.level = "basic";
+                            }
+                            if (message.custom != null && message.hasOwnProperty("custom")) {
+                                object.custom = $root.google.identity.accesscontextmanager.v1.CustomLevel.toObject(message.custom, options);
+                                if (options.oneofs)
+                                    object.level = "custom";
+                            }
+                            if (message.createTime != null && message.hasOwnProperty("createTime"))
+                                object.createTime = $root.google.protobuf.Timestamp.toObject(message.createTime, options);
+                            if (message.updateTime != null && message.hasOwnProperty("updateTime"))
+                                object.updateTime = $root.google.protobuf.Timestamp.toObject(message.updateTime, options);
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this AccessLevel to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        AccessLevel.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for AccessLevel
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.AccessLevel
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        AccessLevel.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.AccessLevel";
+                        };
+    
+                        return AccessLevel;
+                    })();
+    
+                    v1.BasicLevel = (function() {
+    
+                        /**
+                         * Properties of a BasicLevel.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IBasicLevel
+                         * @property {Array.<google.identity.accesscontextmanager.v1.ICondition>|null} [conditions] BasicLevel conditions
+                         * @property {google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction|null} [combiningFunction] BasicLevel combiningFunction
+                         */
+    
+                        /**
+                         * Constructs a new BasicLevel.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a BasicLevel.
+                         * @implements IBasicLevel
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IBasicLevel=} [properties] Properties to set
+                         */
+                        function BasicLevel(properties) {
+                            this.conditions = [];
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * BasicLevel conditions.
+                         * @member {Array.<google.identity.accesscontextmanager.v1.ICondition>} conditions
+                         * @memberof google.identity.accesscontextmanager.v1.BasicLevel
+                         * @instance
+                         */
+                        BasicLevel.prototype.conditions = $util.emptyArray;
+    
+                        /**
+                         * BasicLevel combiningFunction.
+                         * @member {google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction} combiningFunction
+                         * @memberof google.identity.accesscontextmanager.v1.BasicLevel
+                         * @instance
+                         */
+                        BasicLevel.prototype.combiningFunction = 0;
+    
+                        /**
+                         * Creates a new BasicLevel instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.BasicLevel
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IBasicLevel=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.BasicLevel} BasicLevel instance
+                         */
+                        BasicLevel.create = function create(properties) {
+                            return new BasicLevel(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified BasicLevel message. Does not implicitly {@link google.identity.accesscontextmanager.v1.BasicLevel.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.BasicLevel
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IBasicLevel} message BasicLevel message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        BasicLevel.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.conditions != null && message.conditions.length)
+                                for (var i = 0; i < message.conditions.length; ++i)
+                                    $root.google.identity.accesscontextmanager.v1.Condition.encode(message.conditions[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                            if (message.combiningFunction != null && Object.hasOwnProperty.call(message, "combiningFunction"))
+                                writer.uint32(/* id 2, wireType 0 =*/16).int32(message.combiningFunction);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified BasicLevel message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.BasicLevel.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.BasicLevel
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IBasicLevel} message BasicLevel message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        BasicLevel.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a BasicLevel message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.BasicLevel
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.BasicLevel} BasicLevel
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        BasicLevel.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.BasicLevel();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        if (!(message.conditions && message.conditions.length))
+                                            message.conditions = [];
+                                        message.conditions.push($root.google.identity.accesscontextmanager.v1.Condition.decode(reader, reader.uint32()));
+                                        break;
+                                    }
+                                case 2: {
+                                        message.combiningFunction = reader.int32();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a BasicLevel message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.BasicLevel
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.BasicLevel} BasicLevel
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        BasicLevel.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a BasicLevel message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.BasicLevel
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        BasicLevel.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.conditions != null && message.hasOwnProperty("conditions")) {
+                                if (!Array.isArray(message.conditions))
+                                    return "conditions: array expected";
+                                for (var i = 0; i < message.conditions.length; ++i) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.Condition.verify(message.conditions[i]);
+                                    if (error)
+                                        return "conditions." + error;
+                                }
+                            }
+                            if (message.combiningFunction != null && message.hasOwnProperty("combiningFunction"))
+                                switch (message.combiningFunction) {
+                                default:
+                                    return "combiningFunction: enum value expected";
+                                case 0:
+                                case 1:
+                                    break;
+                                }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a BasicLevel message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.BasicLevel
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.BasicLevel} BasicLevel
+                         */
+                        BasicLevel.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.BasicLevel)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.BasicLevel();
+                            if (object.conditions) {
+                                if (!Array.isArray(object.conditions))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.BasicLevel.conditions: array expected");
+                                message.conditions = [];
+                                for (var i = 0; i < object.conditions.length; ++i) {
+                                    if (typeof object.conditions[i] !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.BasicLevel.conditions: object expected");
+                                    message.conditions[i] = $root.google.identity.accesscontextmanager.v1.Condition.fromObject(object.conditions[i]);
+                                }
+                            }
+                            switch (object.combiningFunction) {
+                            default:
+                                if (typeof object.combiningFunction === "number") {
+                                    message.combiningFunction = object.combiningFunction;
+                                    break;
+                                }
+                                break;
+                            case "AND":
+                            case 0:
+                                message.combiningFunction = 0;
+                                break;
+                            case "OR":
+                            case 1:
+                                message.combiningFunction = 1;
+                                break;
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a BasicLevel message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.BasicLevel
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.BasicLevel} message BasicLevel
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        BasicLevel.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.arrays || options.defaults)
+                                object.conditions = [];
+                            if (options.defaults)
+                                object.combiningFunction = options.enums === String ? "AND" : 0;
+                            if (message.conditions && message.conditions.length) {
+                                object.conditions = [];
+                                for (var j = 0; j < message.conditions.length; ++j)
+                                    object.conditions[j] = $root.google.identity.accesscontextmanager.v1.Condition.toObject(message.conditions[j], options);
+                            }
+                            if (message.combiningFunction != null && message.hasOwnProperty("combiningFunction"))
+                                object.combiningFunction = options.enums === String ? $root.google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction[message.combiningFunction] === undefined ? message.combiningFunction : $root.google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction[message.combiningFunction] : message.combiningFunction;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this BasicLevel to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.BasicLevel
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        BasicLevel.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for BasicLevel
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.BasicLevel
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        BasicLevel.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.BasicLevel";
+                        };
+    
+                        /**
+                         * ConditionCombiningFunction enum.
+                         * @name google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction
+                         * @enum {number}
+                         * @property {number} AND=0 AND value
+                         * @property {number} OR=1 OR value
+                         */
+                        BasicLevel.ConditionCombiningFunction = (function() {
+                            var valuesById = {}, values = Object.create(valuesById);
+                            values[valuesById[0] = "AND"] = 0;
+                            values[valuesById[1] = "OR"] = 1;
+                            return values;
+                        })();
+    
+                        return BasicLevel;
+                    })();
+    
+                    v1.Condition = (function() {
+    
+                        /**
+                         * Properties of a Condition.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface ICondition
+                         * @property {Array.<string>|null} [ipSubnetworks] Condition ipSubnetworks
+                         * @property {google.identity.accesscontextmanager.v1.IDevicePolicy|null} [devicePolicy] Condition devicePolicy
+                         * @property {Array.<string>|null} [requiredAccessLevels] Condition requiredAccessLevels
+                         * @property {boolean|null} [negate] Condition negate
+                         * @property {Array.<string>|null} [members] Condition members
+                         * @property {Array.<string>|null} [regions] Condition regions
+                         */
+    
+                        /**
+                         * Constructs a new Condition.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a Condition.
+                         * @implements ICondition
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.ICondition=} [properties] Properties to set
+                         */
+                        function Condition(properties) {
+                            this.ipSubnetworks = [];
+                            this.requiredAccessLevels = [];
+                            this.members = [];
+                            this.regions = [];
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * Condition ipSubnetworks.
+                         * @member {Array.<string>} ipSubnetworks
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @instance
+                         */
+                        Condition.prototype.ipSubnetworks = $util.emptyArray;
+    
+                        /**
+                         * Condition devicePolicy.
+                         * @member {google.identity.accesscontextmanager.v1.IDevicePolicy|null|undefined} devicePolicy
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @instance
+                         */
+                        Condition.prototype.devicePolicy = null;
+    
+                        /**
+                         * Condition requiredAccessLevels.
+                         * @member {Array.<string>} requiredAccessLevels
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @instance
+                         */
+                        Condition.prototype.requiredAccessLevels = $util.emptyArray;
+    
+                        /**
+                         * Condition negate.
+                         * @member {boolean} negate
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @instance
+                         */
+                        Condition.prototype.negate = false;
+    
+                        /**
+                         * Condition members.
+                         * @member {Array.<string>} members
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @instance
+                         */
+                        Condition.prototype.members = $util.emptyArray;
+    
+                        /**
+                         * Condition regions.
+                         * @member {Array.<string>} regions
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @instance
+                         */
+                        Condition.prototype.regions = $util.emptyArray;
+    
+                        /**
+                         * Creates a new Condition instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICondition=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.Condition} Condition instance
+                         */
+                        Condition.create = function create(properties) {
+                            return new Condition(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified Condition message. Does not implicitly {@link google.identity.accesscontextmanager.v1.Condition.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICondition} message Condition message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        Condition.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.ipSubnetworks != null && message.ipSubnetworks.length)
+                                for (var i = 0; i < message.ipSubnetworks.length; ++i)
+                                    writer.uint32(/* id 1, wireType 2 =*/10).string(message.ipSubnetworks[i]);
+                            if (message.devicePolicy != null && Object.hasOwnProperty.call(message, "devicePolicy"))
+                                $root.google.identity.accesscontextmanager.v1.DevicePolicy.encode(message.devicePolicy, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                            if (message.requiredAccessLevels != null && message.requiredAccessLevels.length)
+                                for (var i = 0; i < message.requiredAccessLevels.length; ++i)
+                                    writer.uint32(/* id 3, wireType 2 =*/26).string(message.requiredAccessLevels[i]);
+                            if (message.negate != null && Object.hasOwnProperty.call(message, "negate"))
+                                writer.uint32(/* id 5, wireType 0 =*/40).bool(message.negate);
+                            if (message.members != null && message.members.length)
+                                for (var i = 0; i < message.members.length; ++i)
+                                    writer.uint32(/* id 6, wireType 2 =*/50).string(message.members[i]);
+                            if (message.regions != null && message.regions.length)
+                                for (var i = 0; i < message.regions.length; ++i)
+                                    writer.uint32(/* id 7, wireType 2 =*/58).string(message.regions[i]);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified Condition message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.Condition.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICondition} message Condition message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        Condition.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a Condition message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.Condition} Condition
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        Condition.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.Condition();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        if (!(message.ipSubnetworks && message.ipSubnetworks.length))
+                                            message.ipSubnetworks = [];
+                                        message.ipSubnetworks.push(reader.string());
+                                        break;
+                                    }
+                                case 2: {
+                                        message.devicePolicy = $root.google.identity.accesscontextmanager.v1.DevicePolicy.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                case 3: {
+                                        if (!(message.requiredAccessLevels && message.requiredAccessLevels.length))
+                                            message.requiredAccessLevels = [];
+                                        message.requiredAccessLevels.push(reader.string());
+                                        break;
+                                    }
+                                case 5: {
+                                        message.negate = reader.bool();
+                                        break;
+                                    }
+                                case 6: {
+                                        if (!(message.members && message.members.length))
+                                            message.members = [];
+                                        message.members.push(reader.string());
+                                        break;
+                                    }
+                                case 7: {
+                                        if (!(message.regions && message.regions.length))
+                                            message.regions = [];
+                                        message.regions.push(reader.string());
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a Condition message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.Condition} Condition
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        Condition.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a Condition message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        Condition.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.ipSubnetworks != null && message.hasOwnProperty("ipSubnetworks")) {
+                                if (!Array.isArray(message.ipSubnetworks))
+                                    return "ipSubnetworks: array expected";
+                                for (var i = 0; i < message.ipSubnetworks.length; ++i)
+                                    if (!$util.isString(message.ipSubnetworks[i]))
+                                        return "ipSubnetworks: string[] expected";
+                            }
+                            if (message.devicePolicy != null && message.hasOwnProperty("devicePolicy")) {
+                                var error = $root.google.identity.accesscontextmanager.v1.DevicePolicy.verify(message.devicePolicy);
+                                if (error)
+                                    return "devicePolicy." + error;
+                            }
+                            if (message.requiredAccessLevels != null && message.hasOwnProperty("requiredAccessLevels")) {
+                                if (!Array.isArray(message.requiredAccessLevels))
+                                    return "requiredAccessLevels: array expected";
+                                for (var i = 0; i < message.requiredAccessLevels.length; ++i)
+                                    if (!$util.isString(message.requiredAccessLevels[i]))
+                                        return "requiredAccessLevels: string[] expected";
+                            }
+                            if (message.negate != null && message.hasOwnProperty("negate"))
+                                if (typeof message.negate !== "boolean")
+                                    return "negate: boolean expected";
+                            if (message.members != null && message.hasOwnProperty("members")) {
+                                if (!Array.isArray(message.members))
+                                    return "members: array expected";
+                                for (var i = 0; i < message.members.length; ++i)
+                                    if (!$util.isString(message.members[i]))
+                                        return "members: string[] expected";
+                            }
+                            if (message.regions != null && message.hasOwnProperty("regions")) {
+                                if (!Array.isArray(message.regions))
+                                    return "regions: array expected";
+                                for (var i = 0; i < message.regions.length; ++i)
+                                    if (!$util.isString(message.regions[i]))
+                                        return "regions: string[] expected";
+                            }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a Condition message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.Condition} Condition
+                         */
+                        Condition.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.Condition)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.Condition();
+                            if (object.ipSubnetworks) {
+                                if (!Array.isArray(object.ipSubnetworks))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.Condition.ipSubnetworks: array expected");
+                                message.ipSubnetworks = [];
+                                for (var i = 0; i < object.ipSubnetworks.length; ++i)
+                                    message.ipSubnetworks[i] = String(object.ipSubnetworks[i]);
+                            }
+                            if (object.devicePolicy != null) {
+                                if (typeof object.devicePolicy !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.Condition.devicePolicy: object expected");
+                                message.devicePolicy = $root.google.identity.accesscontextmanager.v1.DevicePolicy.fromObject(object.devicePolicy);
+                            }
+                            if (object.requiredAccessLevels) {
+                                if (!Array.isArray(object.requiredAccessLevels))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.Condition.requiredAccessLevels: array expected");
+                                message.requiredAccessLevels = [];
+                                for (var i = 0; i < object.requiredAccessLevels.length; ++i)
+                                    message.requiredAccessLevels[i] = String(object.requiredAccessLevels[i]);
+                            }
+                            if (object.negate != null)
+                                message.negate = Boolean(object.negate);
+                            if (object.members) {
+                                if (!Array.isArray(object.members))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.Condition.members: array expected");
+                                message.members = [];
+                                for (var i = 0; i < object.members.length; ++i)
+                                    message.members[i] = String(object.members[i]);
+                            }
+                            if (object.regions) {
+                                if (!Array.isArray(object.regions))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.Condition.regions: array expected");
+                                message.regions = [];
+                                for (var i = 0; i < object.regions.length; ++i)
+                                    message.regions[i] = String(object.regions[i]);
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a Condition message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.Condition} message Condition
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        Condition.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.arrays || options.defaults) {
+                                object.ipSubnetworks = [];
+                                object.requiredAccessLevels = [];
+                                object.members = [];
+                                object.regions = [];
+                            }
+                            if (options.defaults) {
+                                object.devicePolicy = null;
+                                object.negate = false;
+                            }
+                            if (message.ipSubnetworks && message.ipSubnetworks.length) {
+                                object.ipSubnetworks = [];
+                                for (var j = 0; j < message.ipSubnetworks.length; ++j)
+                                    object.ipSubnetworks[j] = message.ipSubnetworks[j];
+                            }
+                            if (message.devicePolicy != null && message.hasOwnProperty("devicePolicy"))
+                                object.devicePolicy = $root.google.identity.accesscontextmanager.v1.DevicePolicy.toObject(message.devicePolicy, options);
+                            if (message.requiredAccessLevels && message.requiredAccessLevels.length) {
+                                object.requiredAccessLevels = [];
+                                for (var j = 0; j < message.requiredAccessLevels.length; ++j)
+                                    object.requiredAccessLevels[j] = message.requiredAccessLevels[j];
+                            }
+                            if (message.negate != null && message.hasOwnProperty("negate"))
+                                object.negate = message.negate;
+                            if (message.members && message.members.length) {
+                                object.members = [];
+                                for (var j = 0; j < message.members.length; ++j)
+                                    object.members[j] = message.members[j];
+                            }
+                            if (message.regions && message.regions.length) {
+                                object.regions = [];
+                                for (var j = 0; j < message.regions.length; ++j)
+                                    object.regions[j] = message.regions[j];
+                            }
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this Condition to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        Condition.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for Condition
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.Condition
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        Condition.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.Condition";
+                        };
+    
+                        return Condition;
+                    })();
+    
+                    v1.CustomLevel = (function() {
+    
+                        /**
+                         * Properties of a CustomLevel.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface ICustomLevel
+                         * @property {google.type.IExpr|null} [expr] CustomLevel expr
+                         */
+    
+                        /**
+                         * Constructs a new CustomLevel.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a CustomLevel.
+                         * @implements ICustomLevel
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.ICustomLevel=} [properties] Properties to set
+                         */
+                        function CustomLevel(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * CustomLevel expr.
+                         * @member {google.type.IExpr|null|undefined} expr
+                         * @memberof google.identity.accesscontextmanager.v1.CustomLevel
+                         * @instance
+                         */
+                        CustomLevel.prototype.expr = null;
+    
+                        /**
+                         * Creates a new CustomLevel instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.CustomLevel
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICustomLevel=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.CustomLevel} CustomLevel instance
+                         */
+                        CustomLevel.create = function create(properties) {
+                            return new CustomLevel(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified CustomLevel message. Does not implicitly {@link google.identity.accesscontextmanager.v1.CustomLevel.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.CustomLevel
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICustomLevel} message CustomLevel message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        CustomLevel.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.expr != null && Object.hasOwnProperty.call(message, "expr"))
+                                $root.google.type.Expr.encode(message.expr, writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified CustomLevel message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.CustomLevel.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.CustomLevel
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ICustomLevel} message CustomLevel message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        CustomLevel.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a CustomLevel message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.CustomLevel
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.CustomLevel} CustomLevel
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        CustomLevel.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.CustomLevel();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.expr = $root.google.type.Expr.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a CustomLevel message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.CustomLevel
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.CustomLevel} CustomLevel
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        CustomLevel.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a CustomLevel message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.CustomLevel
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        CustomLevel.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.expr != null && message.hasOwnProperty("expr")) {
+                                var error = $root.google.type.Expr.verify(message.expr);
+                                if (error)
+                                    return "expr." + error;
+                            }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a CustomLevel message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.CustomLevel
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.CustomLevel} CustomLevel
+                         */
+                        CustomLevel.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.CustomLevel)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.CustomLevel();
+                            if (object.expr != null) {
+                                if (typeof object.expr !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.CustomLevel.expr: object expected");
+                                message.expr = $root.google.type.Expr.fromObject(object.expr);
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a CustomLevel message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.CustomLevel
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.CustomLevel} message CustomLevel
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        CustomLevel.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults)
+                                object.expr = null;
+                            if (message.expr != null && message.hasOwnProperty("expr"))
+                                object.expr = $root.google.type.Expr.toObject(message.expr, options);
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this CustomLevel to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.CustomLevel
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        CustomLevel.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for CustomLevel
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.CustomLevel
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        CustomLevel.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.CustomLevel";
+                        };
+    
+                        return CustomLevel;
+                    })();
+    
+                    v1.DevicePolicy = (function() {
+    
+                        /**
+                         * Properties of a DevicePolicy.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IDevicePolicy
+                         * @property {boolean|null} [requireScreenlock] DevicePolicy requireScreenlock
+                         * @property {Array.<google.identity.accesscontextmanager.type.DeviceEncryptionStatus>|null} [allowedEncryptionStatuses] DevicePolicy allowedEncryptionStatuses
+                         * @property {Array.<google.identity.accesscontextmanager.v1.IOsConstraint>|null} [osConstraints] DevicePolicy osConstraints
+                         * @property {Array.<google.identity.accesscontextmanager.type.DeviceManagementLevel>|null} [allowedDeviceManagementLevels] DevicePolicy allowedDeviceManagementLevels
+                         * @property {boolean|null} [requireAdminApproval] DevicePolicy requireAdminApproval
+                         * @property {boolean|null} [requireCorpOwned] DevicePolicy requireCorpOwned
+                         */
+    
+                        /**
+                         * Constructs a new DevicePolicy.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a DevicePolicy.
+                         * @implements IDevicePolicy
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IDevicePolicy=} [properties] Properties to set
+                         */
+                        function DevicePolicy(properties) {
+                            this.allowedEncryptionStatuses = [];
+                            this.osConstraints = [];
+                            this.allowedDeviceManagementLevels = [];
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * DevicePolicy requireScreenlock.
+                         * @member {boolean} requireScreenlock
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @instance
+                         */
+                        DevicePolicy.prototype.requireScreenlock = false;
+    
+                        /**
+                         * DevicePolicy allowedEncryptionStatuses.
+                         * @member {Array.<google.identity.accesscontextmanager.type.DeviceEncryptionStatus>} allowedEncryptionStatuses
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @instance
+                         */
+                        DevicePolicy.prototype.allowedEncryptionStatuses = $util.emptyArray;
+    
+                        /**
+                         * DevicePolicy osConstraints.
+                         * @member {Array.<google.identity.accesscontextmanager.v1.IOsConstraint>} osConstraints
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @instance
+                         */
+                        DevicePolicy.prototype.osConstraints = $util.emptyArray;
+    
+                        /**
+                         * DevicePolicy allowedDeviceManagementLevels.
+                         * @member {Array.<google.identity.accesscontextmanager.type.DeviceManagementLevel>} allowedDeviceManagementLevels
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @instance
+                         */
+                        DevicePolicy.prototype.allowedDeviceManagementLevels = $util.emptyArray;
+    
+                        /**
+                         * DevicePolicy requireAdminApproval.
+                         * @member {boolean} requireAdminApproval
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @instance
+                         */
+                        DevicePolicy.prototype.requireAdminApproval = false;
+    
+                        /**
+                         * DevicePolicy requireCorpOwned.
+                         * @member {boolean} requireCorpOwned
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @instance
+                         */
+                        DevicePolicy.prototype.requireCorpOwned = false;
+    
+                        /**
+                         * Creates a new DevicePolicy instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IDevicePolicy=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.DevicePolicy} DevicePolicy instance
+                         */
+                        DevicePolicy.create = function create(properties) {
+                            return new DevicePolicy(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified DevicePolicy message. Does not implicitly {@link google.identity.accesscontextmanager.v1.DevicePolicy.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IDevicePolicy} message DevicePolicy message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        DevicePolicy.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.requireScreenlock != null && Object.hasOwnProperty.call(message, "requireScreenlock"))
+                                writer.uint32(/* id 1, wireType 0 =*/8).bool(message.requireScreenlock);
+                            if (message.allowedEncryptionStatuses != null && message.allowedEncryptionStatuses.length) {
+                                writer.uint32(/* id 2, wireType 2 =*/18).fork();
+                                for (var i = 0; i < message.allowedEncryptionStatuses.length; ++i)
+                                    writer.int32(message.allowedEncryptionStatuses[i]);
+                                writer.ldelim();
+                            }
+                            if (message.osConstraints != null && message.osConstraints.length)
+                                for (var i = 0; i < message.osConstraints.length; ++i)
+                                    $root.google.identity.accesscontextmanager.v1.OsConstraint.encode(message.osConstraints[i], writer.uint32(/* id 3, wireType 2 =*/26).fork()).ldelim();
+                            if (message.allowedDeviceManagementLevels != null && message.allowedDeviceManagementLevels.length) {
+                                writer.uint32(/* id 6, wireType 2 =*/50).fork();
+                                for (var i = 0; i < message.allowedDeviceManagementLevels.length; ++i)
+                                    writer.int32(message.allowedDeviceManagementLevels[i]);
+                                writer.ldelim();
+                            }
+                            if (message.requireAdminApproval != null && Object.hasOwnProperty.call(message, "requireAdminApproval"))
+                                writer.uint32(/* id 7, wireType 0 =*/56).bool(message.requireAdminApproval);
+                            if (message.requireCorpOwned != null && Object.hasOwnProperty.call(message, "requireCorpOwned"))
+                                writer.uint32(/* id 8, wireType 0 =*/64).bool(message.requireCorpOwned);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified DevicePolicy message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.DevicePolicy.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IDevicePolicy} message DevicePolicy message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        DevicePolicy.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a DevicePolicy message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.DevicePolicy} DevicePolicy
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        DevicePolicy.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.DevicePolicy();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.requireScreenlock = reader.bool();
+                                        break;
+                                    }
+                                case 2: {
+                                        if (!(message.allowedEncryptionStatuses && message.allowedEncryptionStatuses.length))
+                                            message.allowedEncryptionStatuses = [];
+                                        if ((tag & 7) === 2) {
+                                            var end2 = reader.uint32() + reader.pos;
+                                            while (reader.pos < end2)
+                                                message.allowedEncryptionStatuses.push(reader.int32());
+                                        } else
+                                            message.allowedEncryptionStatuses.push(reader.int32());
+                                        break;
+                                    }
+                                case 3: {
+                                        if (!(message.osConstraints && message.osConstraints.length))
+                                            message.osConstraints = [];
+                                        message.osConstraints.push($root.google.identity.accesscontextmanager.v1.OsConstraint.decode(reader, reader.uint32()));
+                                        break;
+                                    }
+                                case 6: {
+                                        if (!(message.allowedDeviceManagementLevels && message.allowedDeviceManagementLevels.length))
+                                            message.allowedDeviceManagementLevels = [];
+                                        if ((tag & 7) === 2) {
+                                            var end2 = reader.uint32() + reader.pos;
+                                            while (reader.pos < end2)
+                                                message.allowedDeviceManagementLevels.push(reader.int32());
+                                        } else
+                                            message.allowedDeviceManagementLevels.push(reader.int32());
+                                        break;
+                                    }
+                                case 7: {
+                                        message.requireAdminApproval = reader.bool();
+                                        break;
+                                    }
+                                case 8: {
+                                        message.requireCorpOwned = reader.bool();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a DevicePolicy message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.DevicePolicy} DevicePolicy
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        DevicePolicy.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a DevicePolicy message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        DevicePolicy.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.requireScreenlock != null && message.hasOwnProperty("requireScreenlock"))
+                                if (typeof message.requireScreenlock !== "boolean")
+                                    return "requireScreenlock: boolean expected";
+                            if (message.allowedEncryptionStatuses != null && message.hasOwnProperty("allowedEncryptionStatuses")) {
+                                if (!Array.isArray(message.allowedEncryptionStatuses))
+                                    return "allowedEncryptionStatuses: array expected";
+                                for (var i = 0; i < message.allowedEncryptionStatuses.length; ++i)
+                                    switch (message.allowedEncryptionStatuses[i]) {
+                                    default:
+                                        return "allowedEncryptionStatuses: enum value[] expected";
+                                    case 0:
+                                    case 1:
+                                    case 2:
+                                    case 3:
+                                        break;
+                                    }
+                            }
+                            if (message.osConstraints != null && message.hasOwnProperty("osConstraints")) {
+                                if (!Array.isArray(message.osConstraints))
+                                    return "osConstraints: array expected";
+                                for (var i = 0; i < message.osConstraints.length; ++i) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.OsConstraint.verify(message.osConstraints[i]);
+                                    if (error)
+                                        return "osConstraints." + error;
+                                }
+                            }
+                            if (message.allowedDeviceManagementLevels != null && message.hasOwnProperty("allowedDeviceManagementLevels")) {
+                                if (!Array.isArray(message.allowedDeviceManagementLevels))
+                                    return "allowedDeviceManagementLevels: array expected";
+                                for (var i = 0; i < message.allowedDeviceManagementLevels.length; ++i)
+                                    switch (message.allowedDeviceManagementLevels[i]) {
+                                    default:
+                                        return "allowedDeviceManagementLevels: enum value[] expected";
+                                    case 0:
+                                    case 1:
+                                    case 2:
+                                    case 3:
+                                        break;
+                                    }
+                            }
+                            if (message.requireAdminApproval != null && message.hasOwnProperty("requireAdminApproval"))
+                                if (typeof message.requireAdminApproval !== "boolean")
+                                    return "requireAdminApproval: boolean expected";
+                            if (message.requireCorpOwned != null && message.hasOwnProperty("requireCorpOwned"))
+                                if (typeof message.requireCorpOwned !== "boolean")
+                                    return "requireCorpOwned: boolean expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a DevicePolicy message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.DevicePolicy} DevicePolicy
+                         */
+                        DevicePolicy.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.DevicePolicy)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.DevicePolicy();
+                            if (object.requireScreenlock != null)
+                                message.requireScreenlock = Boolean(object.requireScreenlock);
+                            if (object.allowedEncryptionStatuses) {
+                                if (!Array.isArray(object.allowedEncryptionStatuses))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.DevicePolicy.allowedEncryptionStatuses: array expected");
+                                message.allowedEncryptionStatuses = [];
+                                for (var i = 0; i < object.allowedEncryptionStatuses.length; ++i)
+                                    switch (object.allowedEncryptionStatuses[i]) {
+                                    default:
+                                        if (typeof object.allowedEncryptionStatuses[i] === "number") {
+                                            message.allowedEncryptionStatuses[i] = object.allowedEncryptionStatuses[i];
+                                            break;
+                                        }
+                                    case "ENCRYPTION_UNSPECIFIED":
+                                    case 0:
+                                        message.allowedEncryptionStatuses[i] = 0;
+                                        break;
+                                    case "ENCRYPTION_UNSUPPORTED":
+                                    case 1:
+                                        message.allowedEncryptionStatuses[i] = 1;
+                                        break;
+                                    case "UNENCRYPTED":
+                                    case 2:
+                                        message.allowedEncryptionStatuses[i] = 2;
+                                        break;
+                                    case "ENCRYPTED":
+                                    case 3:
+                                        message.allowedEncryptionStatuses[i] = 3;
+                                        break;
+                                    }
+                            }
+                            if (object.osConstraints) {
+                                if (!Array.isArray(object.osConstraints))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.DevicePolicy.osConstraints: array expected");
+                                message.osConstraints = [];
+                                for (var i = 0; i < object.osConstraints.length; ++i) {
+                                    if (typeof object.osConstraints[i] !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.DevicePolicy.osConstraints: object expected");
+                                    message.osConstraints[i] = $root.google.identity.accesscontextmanager.v1.OsConstraint.fromObject(object.osConstraints[i]);
+                                }
+                            }
+                            if (object.allowedDeviceManagementLevels) {
+                                if (!Array.isArray(object.allowedDeviceManagementLevels))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.DevicePolicy.allowedDeviceManagementLevels: array expected");
+                                message.allowedDeviceManagementLevels = [];
+                                for (var i = 0; i < object.allowedDeviceManagementLevels.length; ++i)
+                                    switch (object.allowedDeviceManagementLevels[i]) {
+                                    default:
+                                        if (typeof object.allowedDeviceManagementLevels[i] === "number") {
+                                            message.allowedDeviceManagementLevels[i] = object.allowedDeviceManagementLevels[i];
+                                            break;
+                                        }
+                                    case "MANAGEMENT_UNSPECIFIED":
+                                    case 0:
+                                        message.allowedDeviceManagementLevels[i] = 0;
+                                        break;
+                                    case "NONE":
+                                    case 1:
+                                        message.allowedDeviceManagementLevels[i] = 1;
+                                        break;
+                                    case "BASIC":
+                                    case 2:
+                                        message.allowedDeviceManagementLevels[i] = 2;
+                                        break;
+                                    case "COMPLETE":
+                                    case 3:
+                                        message.allowedDeviceManagementLevels[i] = 3;
+                                        break;
+                                    }
+                            }
+                            if (object.requireAdminApproval != null)
+                                message.requireAdminApproval = Boolean(object.requireAdminApproval);
+                            if (object.requireCorpOwned != null)
+                                message.requireCorpOwned = Boolean(object.requireCorpOwned);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a DevicePolicy message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.DevicePolicy} message DevicePolicy
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        DevicePolicy.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.arrays || options.defaults) {
+                                object.allowedEncryptionStatuses = [];
+                                object.osConstraints = [];
+                                object.allowedDeviceManagementLevels = [];
+                            }
+                            if (options.defaults) {
+                                object.requireScreenlock = false;
+                                object.requireAdminApproval = false;
+                                object.requireCorpOwned = false;
+                            }
+                            if (message.requireScreenlock != null && message.hasOwnProperty("requireScreenlock"))
+                                object.requireScreenlock = message.requireScreenlock;
+                            if (message.allowedEncryptionStatuses && message.allowedEncryptionStatuses.length) {
+                                object.allowedEncryptionStatuses = [];
+                                for (var j = 0; j < message.allowedEncryptionStatuses.length; ++j)
+                                    object.allowedEncryptionStatuses[j] = options.enums === String ? $root.google.identity.accesscontextmanager.type.DeviceEncryptionStatus[message.allowedEncryptionStatuses[j]] === undefined ? message.allowedEncryptionStatuses[j] : $root.google.identity.accesscontextmanager.type.DeviceEncryptionStatus[message.allowedEncryptionStatuses[j]] : message.allowedEncryptionStatuses[j];
+                            }
+                            if (message.osConstraints && message.osConstraints.length) {
+                                object.osConstraints = [];
+                                for (var j = 0; j < message.osConstraints.length; ++j)
+                                    object.osConstraints[j] = $root.google.identity.accesscontextmanager.v1.OsConstraint.toObject(message.osConstraints[j], options);
+                            }
+                            if (message.allowedDeviceManagementLevels && message.allowedDeviceManagementLevels.length) {
+                                object.allowedDeviceManagementLevels = [];
+                                for (var j = 0; j < message.allowedDeviceManagementLevels.length; ++j)
+                                    object.allowedDeviceManagementLevels[j] = options.enums === String ? $root.google.identity.accesscontextmanager.type.DeviceManagementLevel[message.allowedDeviceManagementLevels[j]] === undefined ? message.allowedDeviceManagementLevels[j] : $root.google.identity.accesscontextmanager.type.DeviceManagementLevel[message.allowedDeviceManagementLevels[j]] : message.allowedDeviceManagementLevels[j];
+                            }
+                            if (message.requireAdminApproval != null && message.hasOwnProperty("requireAdminApproval"))
+                                object.requireAdminApproval = message.requireAdminApproval;
+                            if (message.requireCorpOwned != null && message.hasOwnProperty("requireCorpOwned"))
+                                object.requireCorpOwned = message.requireCorpOwned;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this DevicePolicy to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        DevicePolicy.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for DevicePolicy
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.DevicePolicy
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        DevicePolicy.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.DevicePolicy";
+                        };
+    
+                        return DevicePolicy;
+                    })();
+    
+                    v1.OsConstraint = (function() {
+    
+                        /**
+                         * Properties of an OsConstraint.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IOsConstraint
+                         * @property {google.identity.accesscontextmanager.type.OsType|null} [osType] OsConstraint osType
+                         * @property {string|null} [minimumVersion] OsConstraint minimumVersion
+                         * @property {boolean|null} [requireVerifiedChromeOs] OsConstraint requireVerifiedChromeOs
+                         */
+    
+                        /**
+                         * Constructs a new OsConstraint.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents an OsConstraint.
+                         * @implements IOsConstraint
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IOsConstraint=} [properties] Properties to set
+                         */
+                        function OsConstraint(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * OsConstraint osType.
+                         * @member {google.identity.accesscontextmanager.type.OsType} osType
+                         * @memberof google.identity.accesscontextmanager.v1.OsConstraint
+                         * @instance
+                         */
+                        OsConstraint.prototype.osType = 0;
+    
+                        /**
+                         * OsConstraint minimumVersion.
+                         * @member {string} minimumVersion
+                         * @memberof google.identity.accesscontextmanager.v1.OsConstraint
+                         * @instance
+                         */
+                        OsConstraint.prototype.minimumVersion = "";
+    
+                        /**
+                         * OsConstraint requireVerifiedChromeOs.
+                         * @member {boolean} requireVerifiedChromeOs
+                         * @memberof google.identity.accesscontextmanager.v1.OsConstraint
+                         * @instance
+                         */
+                        OsConstraint.prototype.requireVerifiedChromeOs = false;
+    
+                        /**
+                         * Creates a new OsConstraint instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.OsConstraint
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IOsConstraint=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.OsConstraint} OsConstraint instance
+                         */
+                        OsConstraint.create = function create(properties) {
+                            return new OsConstraint(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified OsConstraint message. Does not implicitly {@link google.identity.accesscontextmanager.v1.OsConstraint.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.OsConstraint
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IOsConstraint} message OsConstraint message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        OsConstraint.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.osType != null && Object.hasOwnProperty.call(message, "osType"))
+                                writer.uint32(/* id 1, wireType 0 =*/8).int32(message.osType);
+                            if (message.minimumVersion != null && Object.hasOwnProperty.call(message, "minimumVersion"))
+                                writer.uint32(/* id 2, wireType 2 =*/18).string(message.minimumVersion);
+                            if (message.requireVerifiedChromeOs != null && Object.hasOwnProperty.call(message, "requireVerifiedChromeOs"))
+                                writer.uint32(/* id 3, wireType 0 =*/24).bool(message.requireVerifiedChromeOs);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified OsConstraint message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.OsConstraint.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.OsConstraint
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IOsConstraint} message OsConstraint message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        OsConstraint.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes an OsConstraint message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.OsConstraint
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.OsConstraint} OsConstraint
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        OsConstraint.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.OsConstraint();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.osType = reader.int32();
+                                        break;
+                                    }
+                                case 2: {
+                                        message.minimumVersion = reader.string();
+                                        break;
+                                    }
+                                case 3: {
+                                        message.requireVerifiedChromeOs = reader.bool();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes an OsConstraint message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.OsConstraint
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.OsConstraint} OsConstraint
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        OsConstraint.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies an OsConstraint message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.OsConstraint
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        OsConstraint.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.osType != null && message.hasOwnProperty("osType"))
+                                switch (message.osType) {
+                                default:
+                                    return "osType: enum value expected";
+                                case 0:
+                                case 1:
+                                case 2:
+                                case 3:
+                                case 6:
+                                case 4:
+                                case 5:
+                                    break;
+                                }
+                            if (message.minimumVersion != null && message.hasOwnProperty("minimumVersion"))
+                                if (!$util.isString(message.minimumVersion))
+                                    return "minimumVersion: string expected";
+                            if (message.requireVerifiedChromeOs != null && message.hasOwnProperty("requireVerifiedChromeOs"))
+                                if (typeof message.requireVerifiedChromeOs !== "boolean")
+                                    return "requireVerifiedChromeOs: boolean expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates an OsConstraint message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.OsConstraint
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.OsConstraint} OsConstraint
+                         */
+                        OsConstraint.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.OsConstraint)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.OsConstraint();
+                            switch (object.osType) {
+                            default:
+                                if (typeof object.osType === "number") {
+                                    message.osType = object.osType;
+                                    break;
+                                }
+                                break;
+                            case "OS_UNSPECIFIED":
+                            case 0:
+                                message.osType = 0;
+                                break;
+                            case "DESKTOP_MAC":
+                            case 1:
+                                message.osType = 1;
+                                break;
+                            case "DESKTOP_WINDOWS":
+                            case 2:
+                                message.osType = 2;
+                                break;
+                            case "DESKTOP_LINUX":
+                            case 3:
+                                message.osType = 3;
+                                break;
+                            case "DESKTOP_CHROME_OS":
+                            case 6:
+                                message.osType = 6;
+                                break;
+                            case "ANDROID":
+                            case 4:
+                                message.osType = 4;
+                                break;
+                            case "IOS":
+                            case 5:
+                                message.osType = 5;
+                                break;
+                            }
+                            if (object.minimumVersion != null)
+                                message.minimumVersion = String(object.minimumVersion);
+                            if (object.requireVerifiedChromeOs != null)
+                                message.requireVerifiedChromeOs = Boolean(object.requireVerifiedChromeOs);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from an OsConstraint message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.OsConstraint
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.OsConstraint} message OsConstraint
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        OsConstraint.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.osType = options.enums === String ? "OS_UNSPECIFIED" : 0;
+                                object.minimumVersion = "";
+                                object.requireVerifiedChromeOs = false;
+                            }
+                            if (message.osType != null && message.hasOwnProperty("osType"))
+                                object.osType = options.enums === String ? $root.google.identity.accesscontextmanager.type.OsType[message.osType] === undefined ? message.osType : $root.google.identity.accesscontextmanager.type.OsType[message.osType] : message.osType;
+                            if (message.minimumVersion != null && message.hasOwnProperty("minimumVersion"))
+                                object.minimumVersion = message.minimumVersion;
+                            if (message.requireVerifiedChromeOs != null && message.hasOwnProperty("requireVerifiedChromeOs"))
+                                object.requireVerifiedChromeOs = message.requireVerifiedChromeOs;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this OsConstraint to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.OsConstraint
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        OsConstraint.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for OsConstraint
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.OsConstraint
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        OsConstraint.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.OsConstraint";
+                        };
+    
+                        return OsConstraint;
+                    })();
+    
+                    v1.AccessPolicy = (function() {
+    
+                        /**
+                         * Properties of an AccessPolicy.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IAccessPolicy
+                         * @property {string|null} [name] AccessPolicy name
+                         * @property {string|null} [parent] AccessPolicy parent
+                         * @property {string|null} [title] AccessPolicy title
+                         * @property {Array.<string>|null} [scopes] AccessPolicy scopes
+                         * @property {google.protobuf.ITimestamp|null} [createTime] AccessPolicy createTime
+                         * @property {google.protobuf.ITimestamp|null} [updateTime] AccessPolicy updateTime
+                         * @property {string|null} [etag] AccessPolicy etag
+                         */
+    
+                        /**
+                         * Constructs a new AccessPolicy.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents an AccessPolicy.
+                         * @implements IAccessPolicy
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IAccessPolicy=} [properties] Properties to set
+                         */
+                        function AccessPolicy(properties) {
+                            this.scopes = [];
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * AccessPolicy name.
+                         * @member {string} name
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @instance
+                         */
+                        AccessPolicy.prototype.name = "";
+    
+                        /**
+                         * AccessPolicy parent.
+                         * @member {string} parent
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @instance
+                         */
+                        AccessPolicy.prototype.parent = "";
+    
+                        /**
+                         * AccessPolicy title.
+                         * @member {string} title
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @instance
+                         */
+                        AccessPolicy.prototype.title = "";
+    
+                        /**
+                         * AccessPolicy scopes.
+                         * @member {Array.<string>} scopes
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @instance
+                         */
+                        AccessPolicy.prototype.scopes = $util.emptyArray;
+    
+                        /**
+                         * AccessPolicy createTime.
+                         * @member {google.protobuf.ITimestamp|null|undefined} createTime
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @instance
+                         */
+                        AccessPolicy.prototype.createTime = null;
+    
+                        /**
+                         * AccessPolicy updateTime.
+                         * @member {google.protobuf.ITimestamp|null|undefined} updateTime
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @instance
+                         */
+                        AccessPolicy.prototype.updateTime = null;
+    
+                        /**
+                         * AccessPolicy etag.
+                         * @member {string} etag
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @instance
+                         */
+                        AccessPolicy.prototype.etag = "";
+    
+                        /**
+                         * Creates a new AccessPolicy instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IAccessPolicy=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.AccessPolicy} AccessPolicy instance
+                         */
+                        AccessPolicy.create = function create(properties) {
+                            return new AccessPolicy(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified AccessPolicy message. Does not implicitly {@link google.identity.accesscontextmanager.v1.AccessPolicy.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IAccessPolicy} message AccessPolicy message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        AccessPolicy.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                            if (message.parent != null && Object.hasOwnProperty.call(message, "parent"))
+                                writer.uint32(/* id 2, wireType 2 =*/18).string(message.parent);
+                            if (message.title != null && Object.hasOwnProperty.call(message, "title"))
+                                writer.uint32(/* id 3, wireType 2 =*/26).string(message.title);
+                            if (message.createTime != null && Object.hasOwnProperty.call(message, "createTime"))
+                                $root.google.protobuf.Timestamp.encode(message.createTime, writer.uint32(/* id 4, wireType 2 =*/34).fork()).ldelim();
+                            if (message.updateTime != null && Object.hasOwnProperty.call(message, "updateTime"))
+                                $root.google.protobuf.Timestamp.encode(message.updateTime, writer.uint32(/* id 5, wireType 2 =*/42).fork()).ldelim();
+                            if (message.etag != null && Object.hasOwnProperty.call(message, "etag"))
+                                writer.uint32(/* id 6, wireType 2 =*/50).string(message.etag);
+                            if (message.scopes != null && message.scopes.length)
+                                for (var i = 0; i < message.scopes.length; ++i)
+                                    writer.uint32(/* id 7, wireType 2 =*/58).string(message.scopes[i]);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified AccessPolicy message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.AccessPolicy.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IAccessPolicy} message AccessPolicy message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        AccessPolicy.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes an AccessPolicy message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.AccessPolicy} AccessPolicy
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        AccessPolicy.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.AccessPolicy();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.name = reader.string();
+                                        break;
+                                    }
+                                case 2: {
+                                        message.parent = reader.string();
+                                        break;
+                                    }
+                                case 3: {
+                                        message.title = reader.string();
+                                        break;
+                                    }
+                                case 7: {
+                                        if (!(message.scopes && message.scopes.length))
+                                            message.scopes = [];
+                                        message.scopes.push(reader.string());
+                                        break;
+                                    }
+                                case 4: {
+                                        message.createTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                case 5: {
+                                        message.updateTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                case 6: {
+                                        message.etag = reader.string();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes an AccessPolicy message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.AccessPolicy} AccessPolicy
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        AccessPolicy.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies an AccessPolicy message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        AccessPolicy.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                if (!$util.isString(message.name))
+                                    return "name: string expected";
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                if (!$util.isString(message.parent))
+                                    return "parent: string expected";
+                            if (message.title != null && message.hasOwnProperty("title"))
+                                if (!$util.isString(message.title))
+                                    return "title: string expected";
+                            if (message.scopes != null && message.hasOwnProperty("scopes")) {
+                                if (!Array.isArray(message.scopes))
+                                    return "scopes: array expected";
+                                for (var i = 0; i < message.scopes.length; ++i)
+                                    if (!$util.isString(message.scopes[i]))
+                                        return "scopes: string[] expected";
+                            }
+                            if (message.createTime != null && message.hasOwnProperty("createTime")) {
+                                var error = $root.google.protobuf.Timestamp.verify(message.createTime);
+                                if (error)
+                                    return "createTime." + error;
+                            }
+                            if (message.updateTime != null && message.hasOwnProperty("updateTime")) {
+                                var error = $root.google.protobuf.Timestamp.verify(message.updateTime);
+                                if (error)
+                                    return "updateTime." + error;
+                            }
+                            if (message.etag != null && message.hasOwnProperty("etag"))
+                                if (!$util.isString(message.etag))
+                                    return "etag: string expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates an AccessPolicy message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.AccessPolicy} AccessPolicy
+                         */
+                        AccessPolicy.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.AccessPolicy)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.AccessPolicy();
+                            if (object.name != null)
+                                message.name = String(object.name);
+                            if (object.parent != null)
+                                message.parent = String(object.parent);
+                            if (object.title != null)
+                                message.title = String(object.title);
+                            if (object.scopes) {
+                                if (!Array.isArray(object.scopes))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.AccessPolicy.scopes: array expected");
+                                message.scopes = [];
+                                for (var i = 0; i < object.scopes.length; ++i)
+                                    message.scopes[i] = String(object.scopes[i]);
+                            }
+                            if (object.createTime != null) {
+                                if (typeof object.createTime !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.AccessPolicy.createTime: object expected");
+                                message.createTime = $root.google.protobuf.Timestamp.fromObject(object.createTime);
+                            }
+                            if (object.updateTime != null) {
+                                if (typeof object.updateTime !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.AccessPolicy.updateTime: object expected");
+                                message.updateTime = $root.google.protobuf.Timestamp.fromObject(object.updateTime);
+                            }
+                            if (object.etag != null)
+                                message.etag = String(object.etag);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from an AccessPolicy message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.AccessPolicy} message AccessPolicy
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        AccessPolicy.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.arrays || options.defaults)
+                                object.scopes = [];
+                            if (options.defaults) {
+                                object.name = "";
+                                object.parent = "";
+                                object.title = "";
+                                object.createTime = null;
+                                object.updateTime = null;
+                                object.etag = "";
+                            }
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                object.name = message.name;
+                            if (message.parent != null && message.hasOwnProperty("parent"))
+                                object.parent = message.parent;
+                            if (message.title != null && message.hasOwnProperty("title"))
+                                object.title = message.title;
+                            if (message.createTime != null && message.hasOwnProperty("createTime"))
+                                object.createTime = $root.google.protobuf.Timestamp.toObject(message.createTime, options);
+                            if (message.updateTime != null && message.hasOwnProperty("updateTime"))
+                                object.updateTime = $root.google.protobuf.Timestamp.toObject(message.updateTime, options);
+                            if (message.etag != null && message.hasOwnProperty("etag"))
+                                object.etag = message.etag;
+                            if (message.scopes && message.scopes.length) {
+                                object.scopes = [];
+                                for (var j = 0; j < message.scopes.length; ++j)
+                                    object.scopes[j] = message.scopes[j];
+                            }
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this AccessPolicy to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        AccessPolicy.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for AccessPolicy
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.AccessPolicy
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        AccessPolicy.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.AccessPolicy";
+                        };
+    
+                        return AccessPolicy;
+                    })();
+    
+                    v1.GcpUserAccessBinding = (function() {
+    
+                        /**
+                         * Properties of a GcpUserAccessBinding.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IGcpUserAccessBinding
+                         * @property {string|null} [name] GcpUserAccessBinding name
+                         * @property {string|null} [groupKey] GcpUserAccessBinding groupKey
+                         * @property {Array.<string>|null} [accessLevels] GcpUserAccessBinding accessLevels
+                         */
+    
+                        /**
+                         * Constructs a new GcpUserAccessBinding.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a GcpUserAccessBinding.
+                         * @implements IGcpUserAccessBinding
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IGcpUserAccessBinding=} [properties] Properties to set
+                         */
+                        function GcpUserAccessBinding(properties) {
+                            this.accessLevels = [];
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * GcpUserAccessBinding name.
+                         * @member {string} name
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBinding
+                         * @instance
+                         */
+                        GcpUserAccessBinding.prototype.name = "";
+    
+                        /**
+                         * GcpUserAccessBinding groupKey.
+                         * @member {string} groupKey
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBinding
+                         * @instance
+                         */
+                        GcpUserAccessBinding.prototype.groupKey = "";
+    
+                        /**
+                         * GcpUserAccessBinding accessLevels.
+                         * @member {Array.<string>} accessLevels
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBinding
+                         * @instance
+                         */
+                        GcpUserAccessBinding.prototype.accessLevels = $util.emptyArray;
+    
+                        /**
+                         * Creates a new GcpUserAccessBinding instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBinding
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGcpUserAccessBinding=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.GcpUserAccessBinding} GcpUserAccessBinding instance
+                         */
+                        GcpUserAccessBinding.create = function create(properties) {
+                            return new GcpUserAccessBinding(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified GcpUserAccessBinding message. Does not implicitly {@link google.identity.accesscontextmanager.v1.GcpUserAccessBinding.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBinding
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGcpUserAccessBinding} message GcpUserAccessBinding message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        GcpUserAccessBinding.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                            if (message.groupKey != null && Object.hasOwnProperty.call(message, "groupKey"))
+                                writer.uint32(/* id 2, wireType 2 =*/18).string(message.groupKey);
+                            if (message.accessLevels != null && message.accessLevels.length)
+                                for (var i = 0; i < message.accessLevels.length; ++i)
+                                    writer.uint32(/* id 3, wireType 2 =*/26).string(message.accessLevels[i]);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified GcpUserAccessBinding message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.GcpUserAccessBinding.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBinding
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IGcpUserAccessBinding} message GcpUserAccessBinding message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        GcpUserAccessBinding.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a GcpUserAccessBinding message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBinding
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.GcpUserAccessBinding} GcpUserAccessBinding
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        GcpUserAccessBinding.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.name = reader.string();
+                                        break;
+                                    }
+                                case 2: {
+                                        message.groupKey = reader.string();
+                                        break;
+                                    }
+                                case 3: {
+                                        if (!(message.accessLevels && message.accessLevels.length))
+                                            message.accessLevels = [];
+                                        message.accessLevels.push(reader.string());
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a GcpUserAccessBinding message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBinding
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.GcpUserAccessBinding} GcpUserAccessBinding
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        GcpUserAccessBinding.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a GcpUserAccessBinding message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBinding
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        GcpUserAccessBinding.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                if (!$util.isString(message.name))
+                                    return "name: string expected";
+                            if (message.groupKey != null && message.hasOwnProperty("groupKey"))
+                                if (!$util.isString(message.groupKey))
+                                    return "groupKey: string expected";
+                            if (message.accessLevels != null && message.hasOwnProperty("accessLevels")) {
+                                if (!Array.isArray(message.accessLevels))
+                                    return "accessLevels: array expected";
+                                for (var i = 0; i < message.accessLevels.length; ++i)
+                                    if (!$util.isString(message.accessLevels[i]))
+                                        return "accessLevels: string[] expected";
+                            }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a GcpUserAccessBinding message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBinding
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.GcpUserAccessBinding} GcpUserAccessBinding
+                         */
+                        GcpUserAccessBinding.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.GcpUserAccessBinding();
+                            if (object.name != null)
+                                message.name = String(object.name);
+                            if (object.groupKey != null)
+                                message.groupKey = String(object.groupKey);
+                            if (object.accessLevels) {
+                                if (!Array.isArray(object.accessLevels))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.GcpUserAccessBinding.accessLevels: array expected");
+                                message.accessLevels = [];
+                                for (var i = 0; i < object.accessLevels.length; ++i)
+                                    message.accessLevels[i] = String(object.accessLevels[i]);
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a GcpUserAccessBinding message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBinding
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.GcpUserAccessBinding} message GcpUserAccessBinding
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        GcpUserAccessBinding.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.arrays || options.defaults)
+                                object.accessLevels = [];
+                            if (options.defaults) {
+                                object.name = "";
+                                object.groupKey = "";
+                            }
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                object.name = message.name;
+                            if (message.groupKey != null && message.hasOwnProperty("groupKey"))
+                                object.groupKey = message.groupKey;
+                            if (message.accessLevels && message.accessLevels.length) {
+                                object.accessLevels = [];
+                                for (var j = 0; j < message.accessLevels.length; ++j)
+                                    object.accessLevels[j] = message.accessLevels[j];
+                            }
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this GcpUserAccessBinding to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBinding
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        GcpUserAccessBinding.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for GcpUserAccessBinding
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.GcpUserAccessBinding
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        GcpUserAccessBinding.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.GcpUserAccessBinding";
+                        };
+    
+                        return GcpUserAccessBinding;
+                    })();
+    
+                    v1.ServicePerimeter = (function() {
+    
+                        /**
+                         * Properties of a ServicePerimeter.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IServicePerimeter
+                         * @property {string|null} [name] ServicePerimeter name
+                         * @property {string|null} [title] ServicePerimeter title
+                         * @property {string|null} [description] ServicePerimeter description
+                         * @property {google.protobuf.ITimestamp|null} [createTime] ServicePerimeter createTime
+                         * @property {google.protobuf.ITimestamp|null} [updateTime] ServicePerimeter updateTime
+                         * @property {google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType|null} [perimeterType] ServicePerimeter perimeterType
+                         * @property {google.identity.accesscontextmanager.v1.IServicePerimeterConfig|null} [status] ServicePerimeter status
+                         * @property {google.identity.accesscontextmanager.v1.IServicePerimeterConfig|null} [spec] ServicePerimeter spec
+                         * @property {boolean|null} [useExplicitDryRunSpec] ServicePerimeter useExplicitDryRunSpec
+                         */
+    
+                        /**
+                         * Constructs a new ServicePerimeter.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a ServicePerimeter.
+                         * @implements IServicePerimeter
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IServicePerimeter=} [properties] Properties to set
+                         */
+                        function ServicePerimeter(properties) {
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * ServicePerimeter name.
+                         * @member {string} name
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @instance
+                         */
+                        ServicePerimeter.prototype.name = "";
+    
+                        /**
+                         * ServicePerimeter title.
+                         * @member {string} title
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @instance
+                         */
+                        ServicePerimeter.prototype.title = "";
+    
+                        /**
+                         * ServicePerimeter description.
+                         * @member {string} description
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @instance
+                         */
+                        ServicePerimeter.prototype.description = "";
+    
+                        /**
+                         * ServicePerimeter createTime.
+                         * @member {google.protobuf.ITimestamp|null|undefined} createTime
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @instance
+                         */
+                        ServicePerimeter.prototype.createTime = null;
+    
+                        /**
+                         * ServicePerimeter updateTime.
+                         * @member {google.protobuf.ITimestamp|null|undefined} updateTime
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @instance
+                         */
+                        ServicePerimeter.prototype.updateTime = null;
+    
+                        /**
+                         * ServicePerimeter perimeterType.
+                         * @member {google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType} perimeterType
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @instance
+                         */
+                        ServicePerimeter.prototype.perimeterType = 0;
+    
+                        /**
+                         * ServicePerimeter status.
+                         * @member {google.identity.accesscontextmanager.v1.IServicePerimeterConfig|null|undefined} status
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @instance
+                         */
+                        ServicePerimeter.prototype.status = null;
+    
+                        /**
+                         * ServicePerimeter spec.
+                         * @member {google.identity.accesscontextmanager.v1.IServicePerimeterConfig|null|undefined} spec
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @instance
+                         */
+                        ServicePerimeter.prototype.spec = null;
+    
+                        /**
+                         * ServicePerimeter useExplicitDryRunSpec.
+                         * @member {boolean} useExplicitDryRunSpec
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @instance
+                         */
+                        ServicePerimeter.prototype.useExplicitDryRunSpec = false;
+    
+                        /**
+                         * Creates a new ServicePerimeter instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IServicePerimeter=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.ServicePerimeter} ServicePerimeter instance
+                         */
+                        ServicePerimeter.create = function create(properties) {
+                            return new ServicePerimeter(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified ServicePerimeter message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeter.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IServicePerimeter} message ServicePerimeter message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ServicePerimeter.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                            if (message.title != null && Object.hasOwnProperty.call(message, "title"))
+                                writer.uint32(/* id 2, wireType 2 =*/18).string(message.title);
+                            if (message.description != null && Object.hasOwnProperty.call(message, "description"))
+                                writer.uint32(/* id 3, wireType 2 =*/26).string(message.description);
+                            if (message.createTime != null && Object.hasOwnProperty.call(message, "createTime"))
+                                $root.google.protobuf.Timestamp.encode(message.createTime, writer.uint32(/* id 4, wireType 2 =*/34).fork()).ldelim();
+                            if (message.updateTime != null && Object.hasOwnProperty.call(message, "updateTime"))
+                                $root.google.protobuf.Timestamp.encode(message.updateTime, writer.uint32(/* id 5, wireType 2 =*/42).fork()).ldelim();
+                            if (message.perimeterType != null && Object.hasOwnProperty.call(message, "perimeterType"))
+                                writer.uint32(/* id 6, wireType 0 =*/48).int32(message.perimeterType);
+                            if (message.status != null && Object.hasOwnProperty.call(message, "status"))
+                                $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.encode(message.status, writer.uint32(/* id 7, wireType 2 =*/58).fork()).ldelim();
+                            if (message.spec != null && Object.hasOwnProperty.call(message, "spec"))
+                                $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.encode(message.spec, writer.uint32(/* id 8, wireType 2 =*/66).fork()).ldelim();
+                            if (message.useExplicitDryRunSpec != null && Object.hasOwnProperty.call(message, "useExplicitDryRunSpec"))
+                                writer.uint32(/* id 9, wireType 0 =*/72).bool(message.useExplicitDryRunSpec);
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified ServicePerimeter message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeter.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IServicePerimeter} message ServicePerimeter message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ServicePerimeter.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a ServicePerimeter message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.ServicePerimeter} ServicePerimeter
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ServicePerimeter.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeter();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        message.name = reader.string();
+                                        break;
+                                    }
+                                case 2: {
+                                        message.title = reader.string();
+                                        break;
+                                    }
+                                case 3: {
+                                        message.description = reader.string();
+                                        break;
+                                    }
+                                case 4: {
+                                        message.createTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                case 5: {
+                                        message.updateTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                case 6: {
+                                        message.perimeterType = reader.int32();
+                                        break;
+                                    }
+                                case 7: {
+                                        message.status = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                case 8: {
+                                        message.spec = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                case 9: {
+                                        message.useExplicitDryRunSpec = reader.bool();
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a ServicePerimeter message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.ServicePerimeter} ServicePerimeter
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ServicePerimeter.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a ServicePerimeter message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        ServicePerimeter.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                if (!$util.isString(message.name))
+                                    return "name: string expected";
+                            if (message.title != null && message.hasOwnProperty("title"))
+                                if (!$util.isString(message.title))
+                                    return "title: string expected";
+                            if (message.description != null && message.hasOwnProperty("description"))
+                                if (!$util.isString(message.description))
+                                    return "description: string expected";
+                            if (message.createTime != null && message.hasOwnProperty("createTime")) {
+                                var error = $root.google.protobuf.Timestamp.verify(message.createTime);
+                                if (error)
+                                    return "createTime." + error;
+                            }
+                            if (message.updateTime != null && message.hasOwnProperty("updateTime")) {
+                                var error = $root.google.protobuf.Timestamp.verify(message.updateTime);
+                                if (error)
+                                    return "updateTime." + error;
+                            }
+                            if (message.perimeterType != null && message.hasOwnProperty("perimeterType"))
+                                switch (message.perimeterType) {
+                                default:
+                                    return "perimeterType: enum value expected";
+                                case 0:
+                                case 1:
+                                    break;
+                                }
+                            if (message.status != null && message.hasOwnProperty("status")) {
+                                var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.verify(message.status);
+                                if (error)
+                                    return "status." + error;
+                            }
+                            if (message.spec != null && message.hasOwnProperty("spec")) {
+                                var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.verify(message.spec);
+                                if (error)
+                                    return "spec." + error;
+                            }
+                            if (message.useExplicitDryRunSpec != null && message.hasOwnProperty("useExplicitDryRunSpec"))
+                                if (typeof message.useExplicitDryRunSpec !== "boolean")
+                                    return "useExplicitDryRunSpec: boolean expected";
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a ServicePerimeter message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.ServicePerimeter} ServicePerimeter
+                         */
+                        ServicePerimeter.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.ServicePerimeter)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeter();
+                            if (object.name != null)
+                                message.name = String(object.name);
+                            if (object.title != null)
+                                message.title = String(object.title);
+                            if (object.description != null)
+                                message.description = String(object.description);
+                            if (object.createTime != null) {
+                                if (typeof object.createTime !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeter.createTime: object expected");
+                                message.createTime = $root.google.protobuf.Timestamp.fromObject(object.createTime);
+                            }
+                            if (object.updateTime != null) {
+                                if (typeof object.updateTime !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeter.updateTime: object expected");
+                                message.updateTime = $root.google.protobuf.Timestamp.fromObject(object.updateTime);
+                            }
+                            switch (object.perimeterType) {
+                            default:
+                                if (typeof object.perimeterType === "number") {
+                                    message.perimeterType = object.perimeterType;
+                                    break;
+                                }
+                                break;
+                            case "PERIMETER_TYPE_REGULAR":
+                            case 0:
+                                message.perimeterType = 0;
+                                break;
+                            case "PERIMETER_TYPE_BRIDGE":
+                            case 1:
+                                message.perimeterType = 1;
+                                break;
+                            }
+                            if (object.status != null) {
+                                if (typeof object.status !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeter.status: object expected");
+                                message.status = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.fromObject(object.status);
+                            }
+                            if (object.spec != null) {
+                                if (typeof object.spec !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeter.spec: object expected");
+                                message.spec = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.fromObject(object.spec);
+                            }
+                            if (object.useExplicitDryRunSpec != null)
+                                message.useExplicitDryRunSpec = Boolean(object.useExplicitDryRunSpec);
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a ServicePerimeter message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ServicePerimeter} message ServicePerimeter
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        ServicePerimeter.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.defaults) {
+                                object.name = "";
+                                object.title = "";
+                                object.description = "";
+                                object.createTime = null;
+                                object.updateTime = null;
+                                object.perimeterType = options.enums === String ? "PERIMETER_TYPE_REGULAR" : 0;
+                                object.status = null;
+                                object.spec = null;
+                                object.useExplicitDryRunSpec = false;
+                            }
+                            if (message.name != null && message.hasOwnProperty("name"))
+                                object.name = message.name;
+                            if (message.title != null && message.hasOwnProperty("title"))
+                                object.title = message.title;
+                            if (message.description != null && message.hasOwnProperty("description"))
+                                object.description = message.description;
+                            if (message.createTime != null && message.hasOwnProperty("createTime"))
+                                object.createTime = $root.google.protobuf.Timestamp.toObject(message.createTime, options);
+                            if (message.updateTime != null && message.hasOwnProperty("updateTime"))
+                                object.updateTime = $root.google.protobuf.Timestamp.toObject(message.updateTime, options);
+                            if (message.perimeterType != null && message.hasOwnProperty("perimeterType"))
+                                object.perimeterType = options.enums === String ? $root.google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType[message.perimeterType] === undefined ? message.perimeterType : $root.google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType[message.perimeterType] : message.perimeterType;
+                            if (message.status != null && message.hasOwnProperty("status"))
+                                object.status = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.toObject(message.status, options);
+                            if (message.spec != null && message.hasOwnProperty("spec"))
+                                object.spec = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.toObject(message.spec, options);
+                            if (message.useExplicitDryRunSpec != null && message.hasOwnProperty("useExplicitDryRunSpec"))
+                                object.useExplicitDryRunSpec = message.useExplicitDryRunSpec;
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this ServicePerimeter to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        ServicePerimeter.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for ServicePerimeter
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeter
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        ServicePerimeter.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ServicePerimeter";
+                        };
+    
+                        /**
+                         * PerimeterType enum.
+                         * @name google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType
+                         * @enum {number}
+                         * @property {number} PERIMETER_TYPE_REGULAR=0 PERIMETER_TYPE_REGULAR value
+                         * @property {number} PERIMETER_TYPE_BRIDGE=1 PERIMETER_TYPE_BRIDGE value
+                         */
+                        ServicePerimeter.PerimeterType = (function() {
+                            var valuesById = {}, values = Object.create(valuesById);
+                            values[valuesById[0] = "PERIMETER_TYPE_REGULAR"] = 0;
+                            values[valuesById[1] = "PERIMETER_TYPE_BRIDGE"] = 1;
+                            return values;
+                        })();
+    
+                        return ServicePerimeter;
+                    })();
+    
+                    v1.ServicePerimeterConfig = (function() {
+    
+                        /**
+                         * Properties of a ServicePerimeterConfig.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @interface IServicePerimeterConfig
+                         * @property {Array.<string>|null} [resources] ServicePerimeterConfig resources
+                         * @property {Array.<string>|null} [accessLevels] ServicePerimeterConfig accessLevels
+                         * @property {Array.<string>|null} [restrictedServices] ServicePerimeterConfig restrictedServices
+                         * @property {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IVpcAccessibleServices|null} [vpcAccessibleServices] ServicePerimeterConfig vpcAccessibleServices
+                         * @property {Array.<google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressPolicy>|null} [ingressPolicies] ServicePerimeterConfig ingressPolicies
+                         * @property {Array.<google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressPolicy>|null} [egressPolicies] ServicePerimeterConfig egressPolicies
+                         */
+    
+                        /**
+                         * Constructs a new ServicePerimeterConfig.
+                         * @memberof google.identity.accesscontextmanager.v1
+                         * @classdesc Represents a ServicePerimeterConfig.
+                         * @implements IServicePerimeterConfig
+                         * @constructor
+                         * @param {google.identity.accesscontextmanager.v1.IServicePerimeterConfig=} [properties] Properties to set
+                         */
+                        function ServicePerimeterConfig(properties) {
+                            this.resources = [];
+                            this.accessLevels = [];
+                            this.restrictedServices = [];
+                            this.ingressPolicies = [];
+                            this.egressPolicies = [];
+                            if (properties)
+                                for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                    if (properties[keys[i]] != null)
+                                        this[keys[i]] = properties[keys[i]];
+                        }
+    
+                        /**
+                         * ServicePerimeterConfig resources.
+                         * @member {Array.<string>} resources
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @instance
+                         */
+                        ServicePerimeterConfig.prototype.resources = $util.emptyArray;
+    
+                        /**
+                         * ServicePerimeterConfig accessLevels.
+                         * @member {Array.<string>} accessLevels
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @instance
+                         */
+                        ServicePerimeterConfig.prototype.accessLevels = $util.emptyArray;
+    
+                        /**
+                         * ServicePerimeterConfig restrictedServices.
+                         * @member {Array.<string>} restrictedServices
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @instance
+                         */
+                        ServicePerimeterConfig.prototype.restrictedServices = $util.emptyArray;
+    
+                        /**
+                         * ServicePerimeterConfig vpcAccessibleServices.
+                         * @member {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IVpcAccessibleServices|null|undefined} vpcAccessibleServices
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @instance
+                         */
+                        ServicePerimeterConfig.prototype.vpcAccessibleServices = null;
+    
+                        /**
+                         * ServicePerimeterConfig ingressPolicies.
+                         * @member {Array.<google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressPolicy>} ingressPolicies
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @instance
+                         */
+                        ServicePerimeterConfig.prototype.ingressPolicies = $util.emptyArray;
+    
+                        /**
+                         * ServicePerimeterConfig egressPolicies.
+                         * @member {Array.<google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressPolicy>} egressPolicies
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @instance
+                         */
+                        ServicePerimeterConfig.prototype.egressPolicies = $util.emptyArray;
+    
+                        /**
+                         * Creates a new ServicePerimeterConfig instance using the specified properties.
+                         * @function create
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IServicePerimeterConfig=} [properties] Properties to set
+                         * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig} ServicePerimeterConfig instance
+                         */
+                        ServicePerimeterConfig.create = function create(properties) {
+                            return new ServicePerimeterConfig(properties);
+                        };
+    
+                        /**
+                         * Encodes the specified ServicePerimeterConfig message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.verify|verify} messages.
+                         * @function encode
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IServicePerimeterConfig} message ServicePerimeterConfig message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ServicePerimeterConfig.encode = function encode(message, writer) {
+                            if (!writer)
+                                writer = $Writer.create();
+                            if (message.resources != null && message.resources.length)
+                                for (var i = 0; i < message.resources.length; ++i)
+                                    writer.uint32(/* id 1, wireType 2 =*/10).string(message.resources[i]);
+                            if (message.accessLevels != null && message.accessLevels.length)
+                                for (var i = 0; i < message.accessLevels.length; ++i)
+                                    writer.uint32(/* id 2, wireType 2 =*/18).string(message.accessLevels[i]);
+                            if (message.restrictedServices != null && message.restrictedServices.length)
+                                for (var i = 0; i < message.restrictedServices.length; ++i)
+                                    writer.uint32(/* id 4, wireType 2 =*/34).string(message.restrictedServices[i]);
+                            if (message.ingressPolicies != null && message.ingressPolicies.length)
+                                for (var i = 0; i < message.ingressPolicies.length; ++i)
+                                    $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy.encode(message.ingressPolicies[i], writer.uint32(/* id 8, wireType 2 =*/66).fork()).ldelim();
+                            if (message.egressPolicies != null && message.egressPolicies.length)
+                                for (var i = 0; i < message.egressPolicies.length; ++i)
+                                    $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy.encode(message.egressPolicies[i], writer.uint32(/* id 9, wireType 2 =*/74).fork()).ldelim();
+                            if (message.vpcAccessibleServices != null && Object.hasOwnProperty.call(message, "vpcAccessibleServices"))
+                                $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices.encode(message.vpcAccessibleServices, writer.uint32(/* id 10, wireType 2 =*/82).fork()).ldelim();
+                            return writer;
+                        };
+    
+                        /**
+                         * Encodes the specified ServicePerimeterConfig message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.verify|verify} messages.
+                         * @function encodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.IServicePerimeterConfig} message ServicePerimeterConfig message or plain object to encode
+                         * @param {$protobuf.Writer} [writer] Writer to encode to
+                         * @returns {$protobuf.Writer} Writer
+                         */
+                        ServicePerimeterConfig.encodeDelimited = function encodeDelimited(message, writer) {
+                            return this.encode(message, writer).ldelim();
+                        };
+    
+                        /**
+                         * Decodes a ServicePerimeterConfig message from the specified reader or buffer.
+                         * @function decode
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @param {number} [length] Message length if known beforehand
+                         * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig} ServicePerimeterConfig
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ServicePerimeterConfig.decode = function decode(reader, length) {
+                            if (!(reader instanceof $Reader))
+                                reader = $Reader.create(reader);
+                            var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig();
+                            while (reader.pos < end) {
+                                var tag = reader.uint32();
+                                switch (tag >>> 3) {
+                                case 1: {
+                                        if (!(message.resources && message.resources.length))
+                                            message.resources = [];
+                                        message.resources.push(reader.string());
+                                        break;
+                                    }
+                                case 2: {
+                                        if (!(message.accessLevels && message.accessLevels.length))
+                                            message.accessLevels = [];
+                                        message.accessLevels.push(reader.string());
+                                        break;
+                                    }
+                                case 4: {
+                                        if (!(message.restrictedServices && message.restrictedServices.length))
+                                            message.restrictedServices = [];
+                                        message.restrictedServices.push(reader.string());
+                                        break;
+                                    }
+                                case 10: {
+                                        message.vpcAccessibleServices = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices.decode(reader, reader.uint32());
+                                        break;
+                                    }
+                                case 8: {
+                                        if (!(message.ingressPolicies && message.ingressPolicies.length))
+                                            message.ingressPolicies = [];
+                                        message.ingressPolicies.push($root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy.decode(reader, reader.uint32()));
+                                        break;
+                                    }
+                                case 9: {
+                                        if (!(message.egressPolicies && message.egressPolicies.length))
+                                            message.egressPolicies = [];
+                                        message.egressPolicies.push($root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy.decode(reader, reader.uint32()));
+                                        break;
+                                    }
+                                default:
+                                    reader.skipType(tag & 7);
+                                    break;
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Decodes a ServicePerimeterConfig message from the specified reader or buffer, length delimited.
+                         * @function decodeDelimited
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @static
+                         * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                         * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig} ServicePerimeterConfig
+                         * @throws {Error} If the payload is not a reader or valid buffer
+                         * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                         */
+                        ServicePerimeterConfig.decodeDelimited = function decodeDelimited(reader) {
+                            if (!(reader instanceof $Reader))
+                                reader = new $Reader(reader);
+                            return this.decode(reader, reader.uint32());
+                        };
+    
+                        /**
+                         * Verifies a ServicePerimeterConfig message.
+                         * @function verify
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @static
+                         * @param {Object.<string,*>} message Plain object to verify
+                         * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                         */
+                        ServicePerimeterConfig.verify = function verify(message) {
+                            if (typeof message !== "object" || message === null)
+                                return "object expected";
+                            if (message.resources != null && message.hasOwnProperty("resources")) {
+                                if (!Array.isArray(message.resources))
+                                    return "resources: array expected";
+                                for (var i = 0; i < message.resources.length; ++i)
+                                    if (!$util.isString(message.resources[i]))
+                                        return "resources: string[] expected";
+                            }
+                            if (message.accessLevels != null && message.hasOwnProperty("accessLevels")) {
+                                if (!Array.isArray(message.accessLevels))
+                                    return "accessLevels: array expected";
+                                for (var i = 0; i < message.accessLevels.length; ++i)
+                                    if (!$util.isString(message.accessLevels[i]))
+                                        return "accessLevels: string[] expected";
+                            }
+                            if (message.restrictedServices != null && message.hasOwnProperty("restrictedServices")) {
+                                if (!Array.isArray(message.restrictedServices))
+                                    return "restrictedServices: array expected";
+                                for (var i = 0; i < message.restrictedServices.length; ++i)
+                                    if (!$util.isString(message.restrictedServices[i]))
+                                        return "restrictedServices: string[] expected";
+                            }
+                            if (message.vpcAccessibleServices != null && message.hasOwnProperty("vpcAccessibleServices")) {
+                                var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices.verify(message.vpcAccessibleServices);
+                                if (error)
+                                    return "vpcAccessibleServices." + error;
+                            }
+                            if (message.ingressPolicies != null && message.hasOwnProperty("ingressPolicies")) {
+                                if (!Array.isArray(message.ingressPolicies))
+                                    return "ingressPolicies: array expected";
+                                for (var i = 0; i < message.ingressPolicies.length; ++i) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy.verify(message.ingressPolicies[i]);
+                                    if (error)
+                                        return "ingressPolicies." + error;
+                                }
+                            }
+                            if (message.egressPolicies != null && message.hasOwnProperty("egressPolicies")) {
+                                if (!Array.isArray(message.egressPolicies))
+                                    return "egressPolicies: array expected";
+                                for (var i = 0; i < message.egressPolicies.length; ++i) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy.verify(message.egressPolicies[i]);
+                                    if (error)
+                                        return "egressPolicies." + error;
+                                }
+                            }
+                            return null;
+                        };
+    
+                        /**
+                         * Creates a ServicePerimeterConfig message from a plain object. Also converts values to their respective internal types.
+                         * @function fromObject
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @static
+                         * @param {Object.<string,*>} object Plain object
+                         * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig} ServicePerimeterConfig
+                         */
+                        ServicePerimeterConfig.fromObject = function fromObject(object) {
+                            if (object instanceof $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig)
+                                return object;
+                            var message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig();
+                            if (object.resources) {
+                                if (!Array.isArray(object.resources))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.resources: array expected");
+                                message.resources = [];
+                                for (var i = 0; i < object.resources.length; ++i)
+                                    message.resources[i] = String(object.resources[i]);
+                            }
+                            if (object.accessLevels) {
+                                if (!Array.isArray(object.accessLevels))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.accessLevels: array expected");
+                                message.accessLevels = [];
+                                for (var i = 0; i < object.accessLevels.length; ++i)
+                                    message.accessLevels[i] = String(object.accessLevels[i]);
+                            }
+                            if (object.restrictedServices) {
+                                if (!Array.isArray(object.restrictedServices))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.restrictedServices: array expected");
+                                message.restrictedServices = [];
+                                for (var i = 0; i < object.restrictedServices.length; ++i)
+                                    message.restrictedServices[i] = String(object.restrictedServices[i]);
+                            }
+                            if (object.vpcAccessibleServices != null) {
+                                if (typeof object.vpcAccessibleServices !== "object")
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.vpcAccessibleServices: object expected");
+                                message.vpcAccessibleServices = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices.fromObject(object.vpcAccessibleServices);
+                            }
+                            if (object.ingressPolicies) {
+                                if (!Array.isArray(object.ingressPolicies))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ingressPolicies: array expected");
+                                message.ingressPolicies = [];
+                                for (var i = 0; i < object.ingressPolicies.length; ++i) {
+                                    if (typeof object.ingressPolicies[i] !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ingressPolicies: object expected");
+                                    message.ingressPolicies[i] = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy.fromObject(object.ingressPolicies[i]);
+                                }
+                            }
+                            if (object.egressPolicies) {
+                                if (!Array.isArray(object.egressPolicies))
+                                    throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.egressPolicies: array expected");
+                                message.egressPolicies = [];
+                                for (var i = 0; i < object.egressPolicies.length; ++i) {
+                                    if (typeof object.egressPolicies[i] !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.egressPolicies: object expected");
+                                    message.egressPolicies[i] = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy.fromObject(object.egressPolicies[i]);
+                                }
+                            }
+                            return message;
+                        };
+    
+                        /**
+                         * Creates a plain object from a ServicePerimeterConfig message. Also converts values to other types if specified.
+                         * @function toObject
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @static
+                         * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig} message ServicePerimeterConfig
+                         * @param {$protobuf.IConversionOptions} [options] Conversion options
+                         * @returns {Object.<string,*>} Plain object
+                         */
+                        ServicePerimeterConfig.toObject = function toObject(message, options) {
+                            if (!options)
+                                options = {};
+                            var object = {};
+                            if (options.arrays || options.defaults) {
+                                object.resources = [];
+                                object.accessLevels = [];
+                                object.restrictedServices = [];
+                                object.ingressPolicies = [];
+                                object.egressPolicies = [];
+                            }
+                            if (options.defaults)
+                                object.vpcAccessibleServices = null;
+                            if (message.resources && message.resources.length) {
+                                object.resources = [];
+                                for (var j = 0; j < message.resources.length; ++j)
+                                    object.resources[j] = message.resources[j];
+                            }
+                            if (message.accessLevels && message.accessLevels.length) {
+                                object.accessLevels = [];
+                                for (var j = 0; j < message.accessLevels.length; ++j)
+                                    object.accessLevels[j] = message.accessLevels[j];
+                            }
+                            if (message.restrictedServices && message.restrictedServices.length) {
+                                object.restrictedServices = [];
+                                for (var j = 0; j < message.restrictedServices.length; ++j)
+                                    object.restrictedServices[j] = message.restrictedServices[j];
+                            }
+                            if (message.ingressPolicies && message.ingressPolicies.length) {
+                                object.ingressPolicies = [];
+                                for (var j = 0; j < message.ingressPolicies.length; ++j)
+                                    object.ingressPolicies[j] = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy.toObject(message.ingressPolicies[j], options);
+                            }
+                            if (message.egressPolicies && message.egressPolicies.length) {
+                                object.egressPolicies = [];
+                                for (var j = 0; j < message.egressPolicies.length; ++j)
+                                    object.egressPolicies[j] = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy.toObject(message.egressPolicies[j], options);
+                            }
+                            if (message.vpcAccessibleServices != null && message.hasOwnProperty("vpcAccessibleServices"))
+                                object.vpcAccessibleServices = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices.toObject(message.vpcAccessibleServices, options);
+                            return object;
+                        };
+    
+                        /**
+                         * Converts this ServicePerimeterConfig to JSON.
+                         * @function toJSON
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @instance
+                         * @returns {Object.<string,*>} JSON object
+                         */
+                        ServicePerimeterConfig.prototype.toJSON = function toJSON() {
+                            return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                        };
+    
+                        /**
+                         * Gets the default type url for ServicePerimeterConfig
+                         * @function getTypeUrl
+                         * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                         * @static
+                         * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                         * @returns {string} The default type url
+                         */
+                        ServicePerimeterConfig.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                            if (typeUrlPrefix === undefined) {
+                                typeUrlPrefix = "type.googleapis.com";
+                            }
+                            return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ServicePerimeterConfig";
+                        };
+    
+                        ServicePerimeterConfig.VpcAccessibleServices = (function() {
+    
+                            /**
+                             * Properties of a VpcAccessibleServices.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @interface IVpcAccessibleServices
+                             * @property {boolean|null} [enableRestriction] VpcAccessibleServices enableRestriction
+                             * @property {Array.<string>|null} [allowedServices] VpcAccessibleServices allowedServices
+                             */
+    
+                            /**
+                             * Constructs a new VpcAccessibleServices.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @classdesc Represents a VpcAccessibleServices.
+                             * @implements IVpcAccessibleServices
+                             * @constructor
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IVpcAccessibleServices=} [properties] Properties to set
+                             */
+                            function VpcAccessibleServices(properties) {
+                                this.allowedServices = [];
+                                if (properties)
+                                    for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                        if (properties[keys[i]] != null)
+                                            this[keys[i]] = properties[keys[i]];
+                            }
+    
+                            /**
+                             * VpcAccessibleServices enableRestriction.
+                             * @member {boolean} enableRestriction
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices
+                             * @instance
+                             */
+                            VpcAccessibleServices.prototype.enableRestriction = false;
+    
+                            /**
+                             * VpcAccessibleServices allowedServices.
+                             * @member {Array.<string>} allowedServices
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices
+                             * @instance
+                             */
+                            VpcAccessibleServices.prototype.allowedServices = $util.emptyArray;
+    
+                            /**
+                             * Creates a new VpcAccessibleServices instance using the specified properties.
+                             * @function create
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IVpcAccessibleServices=} [properties] Properties to set
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices} VpcAccessibleServices instance
+                             */
+                            VpcAccessibleServices.create = function create(properties) {
+                                return new VpcAccessibleServices(properties);
+                            };
+    
+                            /**
+                             * Encodes the specified VpcAccessibleServices message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices.verify|verify} messages.
+                             * @function encode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IVpcAccessibleServices} message VpcAccessibleServices message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            VpcAccessibleServices.encode = function encode(message, writer) {
+                                if (!writer)
+                                    writer = $Writer.create();
+                                if (message.enableRestriction != null && Object.hasOwnProperty.call(message, "enableRestriction"))
+                                    writer.uint32(/* id 1, wireType 0 =*/8).bool(message.enableRestriction);
+                                if (message.allowedServices != null && message.allowedServices.length)
+                                    for (var i = 0; i < message.allowedServices.length; ++i)
+                                        writer.uint32(/* id 2, wireType 2 =*/18).string(message.allowedServices[i]);
+                                return writer;
+                            };
+    
+                            /**
+                             * Encodes the specified VpcAccessibleServices message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices.verify|verify} messages.
+                             * @function encodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IVpcAccessibleServices} message VpcAccessibleServices message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            VpcAccessibleServices.encodeDelimited = function encodeDelimited(message, writer) {
+                                return this.encode(message, writer).ldelim();
+                            };
+    
+                            /**
+                             * Decodes a VpcAccessibleServices message from the specified reader or buffer.
+                             * @function decode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @param {number} [length] Message length if known beforehand
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices} VpcAccessibleServices
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            VpcAccessibleServices.decode = function decode(reader, length) {
+                                if (!(reader instanceof $Reader))
+                                    reader = $Reader.create(reader);
+                                var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices();
+                                while (reader.pos < end) {
+                                    var tag = reader.uint32();
+                                    switch (tag >>> 3) {
+                                    case 1: {
+                                            message.enableRestriction = reader.bool();
+                                            break;
+                                        }
+                                    case 2: {
+                                            if (!(message.allowedServices && message.allowedServices.length))
+                                                message.allowedServices = [];
+                                            message.allowedServices.push(reader.string());
+                                            break;
+                                        }
+                                    default:
+                                        reader.skipType(tag & 7);
+                                        break;
+                                    }
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Decodes a VpcAccessibleServices message from the specified reader or buffer, length delimited.
+                             * @function decodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices} VpcAccessibleServices
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            VpcAccessibleServices.decodeDelimited = function decodeDelimited(reader) {
+                                if (!(reader instanceof $Reader))
+                                    reader = new $Reader(reader);
+                                return this.decode(reader, reader.uint32());
+                            };
+    
+                            /**
+                             * Verifies a VpcAccessibleServices message.
+                             * @function verify
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices
+                             * @static
+                             * @param {Object.<string,*>} message Plain object to verify
+                             * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                             */
+                            VpcAccessibleServices.verify = function verify(message) {
+                                if (typeof message !== "object" || message === null)
+                                    return "object expected";
+                                if (message.enableRestriction != null && message.hasOwnProperty("enableRestriction"))
+                                    if (typeof message.enableRestriction !== "boolean")
+                                        return "enableRestriction: boolean expected";
+                                if (message.allowedServices != null && message.hasOwnProperty("allowedServices")) {
+                                    if (!Array.isArray(message.allowedServices))
+                                        return "allowedServices: array expected";
+                                    for (var i = 0; i < message.allowedServices.length; ++i)
+                                        if (!$util.isString(message.allowedServices[i]))
+                                            return "allowedServices: string[] expected";
+                                }
+                                return null;
+                            };
+    
+                            /**
+                             * Creates a VpcAccessibleServices message from a plain object. Also converts values to their respective internal types.
+                             * @function fromObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices
+                             * @static
+                             * @param {Object.<string,*>} object Plain object
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices} VpcAccessibleServices
+                             */
+                            VpcAccessibleServices.fromObject = function fromObject(object) {
+                                if (object instanceof $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices)
+                                    return object;
+                                var message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices();
+                                if (object.enableRestriction != null)
+                                    message.enableRestriction = Boolean(object.enableRestriction);
+                                if (object.allowedServices) {
+                                    if (!Array.isArray(object.allowedServices))
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices.allowedServices: array expected");
+                                    message.allowedServices = [];
+                                    for (var i = 0; i < object.allowedServices.length; ++i)
+                                        message.allowedServices[i] = String(object.allowedServices[i]);
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Creates a plain object from a VpcAccessibleServices message. Also converts values to other types if specified.
+                             * @function toObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices} message VpcAccessibleServices
+                             * @param {$protobuf.IConversionOptions} [options] Conversion options
+                             * @returns {Object.<string,*>} Plain object
+                             */
+                            VpcAccessibleServices.toObject = function toObject(message, options) {
+                                if (!options)
+                                    options = {};
+                                var object = {};
+                                if (options.arrays || options.defaults)
+                                    object.allowedServices = [];
+                                if (options.defaults)
+                                    object.enableRestriction = false;
+                                if (message.enableRestriction != null && message.hasOwnProperty("enableRestriction"))
+                                    object.enableRestriction = message.enableRestriction;
+                                if (message.allowedServices && message.allowedServices.length) {
+                                    object.allowedServices = [];
+                                    for (var j = 0; j < message.allowedServices.length; ++j)
+                                        object.allowedServices[j] = message.allowedServices[j];
+                                }
+                                return object;
+                            };
+    
+                            /**
+                             * Converts this VpcAccessibleServices to JSON.
+                             * @function toJSON
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices
+                             * @instance
+                             * @returns {Object.<string,*>} JSON object
+                             */
+                            VpcAccessibleServices.prototype.toJSON = function toJSON() {
+                                return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                            };
+    
+                            /**
+                             * Gets the default type url for VpcAccessibleServices
+                             * @function getTypeUrl
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices
+                             * @static
+                             * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                             * @returns {string} The default type url
+                             */
+                            VpcAccessibleServices.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                                if (typeUrlPrefix === undefined) {
+                                    typeUrlPrefix = "type.googleapis.com";
+                                }
+                                return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices";
+                            };
+    
+                            return VpcAccessibleServices;
+                        })();
+    
+                        /**
+                         * IdentityType enum.
+                         * @name google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType
+                         * @enum {number}
+                         * @property {number} IDENTITY_TYPE_UNSPECIFIED=0 IDENTITY_TYPE_UNSPECIFIED value
+                         * @property {number} ANY_IDENTITY=1 ANY_IDENTITY value
+                         * @property {number} ANY_USER_ACCOUNT=2 ANY_USER_ACCOUNT value
+                         * @property {number} ANY_SERVICE_ACCOUNT=3 ANY_SERVICE_ACCOUNT value
+                         */
+                        ServicePerimeterConfig.IdentityType = (function() {
+                            var valuesById = {}, values = Object.create(valuesById);
+                            values[valuesById[0] = "IDENTITY_TYPE_UNSPECIFIED"] = 0;
+                            values[valuesById[1] = "ANY_IDENTITY"] = 1;
+                            values[valuesById[2] = "ANY_USER_ACCOUNT"] = 2;
+                            values[valuesById[3] = "ANY_SERVICE_ACCOUNT"] = 3;
+                            return values;
+                        })();
+    
+                        ServicePerimeterConfig.MethodSelector = (function() {
+    
+                            /**
+                             * Properties of a MethodSelector.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @interface IMethodSelector
+                             * @property {string|null} [method] MethodSelector method
+                             * @property {string|null} [permission] MethodSelector permission
+                             */
+    
+                            /**
+                             * Constructs a new MethodSelector.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @classdesc Represents a MethodSelector.
+                             * @implements IMethodSelector
+                             * @constructor
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IMethodSelector=} [properties] Properties to set
+                             */
+                            function MethodSelector(properties) {
+                                if (properties)
+                                    for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                        if (properties[keys[i]] != null)
+                                            this[keys[i]] = properties[keys[i]];
+                            }
+    
+                            /**
+                             * MethodSelector method.
+                             * @member {string|null|undefined} method
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector
+                             * @instance
+                             */
+                            MethodSelector.prototype.method = null;
+    
+                            /**
+                             * MethodSelector permission.
+                             * @member {string|null|undefined} permission
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector
+                             * @instance
+                             */
+                            MethodSelector.prototype.permission = null;
+    
+                            // OneOf field names bound to virtual getters and setters
+                            var $oneOfFields;
+    
+                            /**
+                             * MethodSelector kind.
+                             * @member {"method"|"permission"|undefined} kind
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector
+                             * @instance
+                             */
+                            Object.defineProperty(MethodSelector.prototype, "kind", {
+                                get: $util.oneOfGetter($oneOfFields = ["method", "permission"]),
+                                set: $util.oneOfSetter($oneOfFields)
+                            });
+    
+                            /**
+                             * Creates a new MethodSelector instance using the specified properties.
+                             * @function create
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IMethodSelector=} [properties] Properties to set
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector} MethodSelector instance
+                             */
+                            MethodSelector.create = function create(properties) {
+                                return new MethodSelector(properties);
+                            };
+    
+                            /**
+                             * Encodes the specified MethodSelector message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector.verify|verify} messages.
+                             * @function encode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IMethodSelector} message MethodSelector message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            MethodSelector.encode = function encode(message, writer) {
+                                if (!writer)
+                                    writer = $Writer.create();
+                                if (message.method != null && Object.hasOwnProperty.call(message, "method"))
+                                    writer.uint32(/* id 1, wireType 2 =*/10).string(message.method);
+                                if (message.permission != null && Object.hasOwnProperty.call(message, "permission"))
+                                    writer.uint32(/* id 2, wireType 2 =*/18).string(message.permission);
+                                return writer;
+                            };
+    
+                            /**
+                             * Encodes the specified MethodSelector message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector.verify|verify} messages.
+                             * @function encodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IMethodSelector} message MethodSelector message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            MethodSelector.encodeDelimited = function encodeDelimited(message, writer) {
+                                return this.encode(message, writer).ldelim();
+                            };
+    
+                            /**
+                             * Decodes a MethodSelector message from the specified reader or buffer.
+                             * @function decode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @param {number} [length] Message length if known beforehand
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector} MethodSelector
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            MethodSelector.decode = function decode(reader, length) {
+                                if (!(reader instanceof $Reader))
+                                    reader = $Reader.create(reader);
+                                var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector();
+                                while (reader.pos < end) {
+                                    var tag = reader.uint32();
+                                    switch (tag >>> 3) {
+                                    case 1: {
+                                            message.method = reader.string();
+                                            break;
+                                        }
+                                    case 2: {
+                                            message.permission = reader.string();
+                                            break;
+                                        }
+                                    default:
+                                        reader.skipType(tag & 7);
+                                        break;
+                                    }
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Decodes a MethodSelector message from the specified reader or buffer, length delimited.
+                             * @function decodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector} MethodSelector
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            MethodSelector.decodeDelimited = function decodeDelimited(reader) {
+                                if (!(reader instanceof $Reader))
+                                    reader = new $Reader(reader);
+                                return this.decode(reader, reader.uint32());
+                            };
+    
+                            /**
+                             * Verifies a MethodSelector message.
+                             * @function verify
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector
+                             * @static
+                             * @param {Object.<string,*>} message Plain object to verify
+                             * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                             */
+                            MethodSelector.verify = function verify(message) {
+                                if (typeof message !== "object" || message === null)
+                                    return "object expected";
+                                var properties = {};
+                                if (message.method != null && message.hasOwnProperty("method")) {
+                                    properties.kind = 1;
+                                    if (!$util.isString(message.method))
+                                        return "method: string expected";
+                                }
+                                if (message.permission != null && message.hasOwnProperty("permission")) {
+                                    if (properties.kind === 1)
+                                        return "kind: multiple values";
+                                    properties.kind = 1;
+                                    if (!$util.isString(message.permission))
+                                        return "permission: string expected";
+                                }
+                                return null;
+                            };
+    
+                            /**
+                             * Creates a MethodSelector message from a plain object. Also converts values to their respective internal types.
+                             * @function fromObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector
+                             * @static
+                             * @param {Object.<string,*>} object Plain object
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector} MethodSelector
+                             */
+                            MethodSelector.fromObject = function fromObject(object) {
+                                if (object instanceof $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector)
+                                    return object;
+                                var message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector();
+                                if (object.method != null)
+                                    message.method = String(object.method);
+                                if (object.permission != null)
+                                    message.permission = String(object.permission);
+                                return message;
+                            };
+    
+                            /**
+                             * Creates a plain object from a MethodSelector message. Also converts values to other types if specified.
+                             * @function toObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector} message MethodSelector
+                             * @param {$protobuf.IConversionOptions} [options] Conversion options
+                             * @returns {Object.<string,*>} Plain object
+                             */
+                            MethodSelector.toObject = function toObject(message, options) {
+                                if (!options)
+                                    options = {};
+                                var object = {};
+                                if (message.method != null && message.hasOwnProperty("method")) {
+                                    object.method = message.method;
+                                    if (options.oneofs)
+                                        object.kind = "method";
+                                }
+                                if (message.permission != null && message.hasOwnProperty("permission")) {
+                                    object.permission = message.permission;
+                                    if (options.oneofs)
+                                        object.kind = "permission";
+                                }
+                                return object;
+                            };
+    
+                            /**
+                             * Converts this MethodSelector to JSON.
+                             * @function toJSON
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector
+                             * @instance
+                             * @returns {Object.<string,*>} JSON object
+                             */
+                            MethodSelector.prototype.toJSON = function toJSON() {
+                                return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                            };
+    
+                            /**
+                             * Gets the default type url for MethodSelector
+                             * @function getTypeUrl
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector
+                             * @static
+                             * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                             * @returns {string} The default type url
+                             */
+                            MethodSelector.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                                if (typeUrlPrefix === undefined) {
+                                    typeUrlPrefix = "type.googleapis.com";
+                                }
+                                return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector";
+                            };
+    
+                            return MethodSelector;
+                        })();
+    
+                        ServicePerimeterConfig.ApiOperation = (function() {
+    
+                            /**
+                             * Properties of an ApiOperation.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @interface IApiOperation
+                             * @property {string|null} [serviceName] ApiOperation serviceName
+                             * @property {Array.<google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IMethodSelector>|null} [methodSelectors] ApiOperation methodSelectors
+                             */
+    
+                            /**
+                             * Constructs a new ApiOperation.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @classdesc Represents an ApiOperation.
+                             * @implements IApiOperation
+                             * @constructor
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation=} [properties] Properties to set
+                             */
+                            function ApiOperation(properties) {
+                                this.methodSelectors = [];
+                                if (properties)
+                                    for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                        if (properties[keys[i]] != null)
+                                            this[keys[i]] = properties[keys[i]];
+                            }
+    
+                            /**
+                             * ApiOperation serviceName.
+                             * @member {string} serviceName
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
+                             * @instance
+                             */
+                            ApiOperation.prototype.serviceName = "";
+    
+                            /**
+                             * ApiOperation methodSelectors.
+                             * @member {Array.<google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IMethodSelector>} methodSelectors
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
+                             * @instance
+                             */
+                            ApiOperation.prototype.methodSelectors = $util.emptyArray;
+    
+                            /**
+                             * Creates a new ApiOperation instance using the specified properties.
+                             * @function create
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation=} [properties] Properties to set
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation} ApiOperation instance
+                             */
+                            ApiOperation.create = function create(properties) {
+                                return new ApiOperation(properties);
+                            };
+    
+                            /**
+                             * Encodes the specified ApiOperation message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.verify|verify} messages.
+                             * @function encode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation} message ApiOperation message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            ApiOperation.encode = function encode(message, writer) {
+                                if (!writer)
+                                    writer = $Writer.create();
+                                if (message.serviceName != null && Object.hasOwnProperty.call(message, "serviceName"))
+                                    writer.uint32(/* id 1, wireType 2 =*/10).string(message.serviceName);
+                                if (message.methodSelectors != null && message.methodSelectors.length)
+                                    for (var i = 0; i < message.methodSelectors.length; ++i)
+                                        $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector.encode(message.methodSelectors[i], writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                                return writer;
+                            };
+    
+                            /**
+                             * Encodes the specified ApiOperation message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.verify|verify} messages.
+                             * @function encodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation} message ApiOperation message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            ApiOperation.encodeDelimited = function encodeDelimited(message, writer) {
+                                return this.encode(message, writer).ldelim();
+                            };
+    
+                            /**
+                             * Decodes an ApiOperation message from the specified reader or buffer.
+                             * @function decode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @param {number} [length] Message length if known beforehand
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation} ApiOperation
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            ApiOperation.decode = function decode(reader, length) {
+                                if (!(reader instanceof $Reader))
+                                    reader = $Reader.create(reader);
+                                var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation();
+                                while (reader.pos < end) {
+                                    var tag = reader.uint32();
+                                    switch (tag >>> 3) {
+                                    case 1: {
+                                            message.serviceName = reader.string();
+                                            break;
+                                        }
+                                    case 2: {
+                                            if (!(message.methodSelectors && message.methodSelectors.length))
+                                                message.methodSelectors = [];
+                                            message.methodSelectors.push($root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector.decode(reader, reader.uint32()));
+                                            break;
+                                        }
+                                    default:
+                                        reader.skipType(tag & 7);
+                                        break;
+                                    }
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Decodes an ApiOperation message from the specified reader or buffer, length delimited.
+                             * @function decodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation} ApiOperation
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            ApiOperation.decodeDelimited = function decodeDelimited(reader) {
+                                if (!(reader instanceof $Reader))
+                                    reader = new $Reader(reader);
+                                return this.decode(reader, reader.uint32());
+                            };
+    
+                            /**
+                             * Verifies an ApiOperation message.
+                             * @function verify
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
+                             * @static
+                             * @param {Object.<string,*>} message Plain object to verify
+                             * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                             */
+                            ApiOperation.verify = function verify(message) {
+                                if (typeof message !== "object" || message === null)
+                                    return "object expected";
+                                if (message.serviceName != null && message.hasOwnProperty("serviceName"))
+                                    if (!$util.isString(message.serviceName))
+                                        return "serviceName: string expected";
+                                if (message.methodSelectors != null && message.hasOwnProperty("methodSelectors")) {
+                                    if (!Array.isArray(message.methodSelectors))
+                                        return "methodSelectors: array expected";
+                                    for (var i = 0; i < message.methodSelectors.length; ++i) {
+                                        var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector.verify(message.methodSelectors[i]);
+                                        if (error)
+                                            return "methodSelectors." + error;
+                                    }
+                                }
+                                return null;
+                            };
+    
+                            /**
+                             * Creates an ApiOperation message from a plain object. Also converts values to their respective internal types.
+                             * @function fromObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
+                             * @static
+                             * @param {Object.<string,*>} object Plain object
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation} ApiOperation
+                             */
+                            ApiOperation.fromObject = function fromObject(object) {
+                                if (object instanceof $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation)
+                                    return object;
+                                var message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation();
+                                if (object.serviceName != null)
+                                    message.serviceName = String(object.serviceName);
+                                if (object.methodSelectors) {
+                                    if (!Array.isArray(object.methodSelectors))
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.methodSelectors: array expected");
+                                    message.methodSelectors = [];
+                                    for (var i = 0; i < object.methodSelectors.length; ++i) {
+                                        if (typeof object.methodSelectors[i] !== "object")
+                                            throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.methodSelectors: object expected");
+                                        message.methodSelectors[i] = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector.fromObject(object.methodSelectors[i]);
+                                    }
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Creates a plain object from an ApiOperation message. Also converts values to other types if specified.
+                             * @function toObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation} message ApiOperation
+                             * @param {$protobuf.IConversionOptions} [options] Conversion options
+                             * @returns {Object.<string,*>} Plain object
+                             */
+                            ApiOperation.toObject = function toObject(message, options) {
+                                if (!options)
+                                    options = {};
+                                var object = {};
+                                if (options.arrays || options.defaults)
+                                    object.methodSelectors = [];
+                                if (options.defaults)
+                                    object.serviceName = "";
+                                if (message.serviceName != null && message.hasOwnProperty("serviceName"))
+                                    object.serviceName = message.serviceName;
+                                if (message.methodSelectors && message.methodSelectors.length) {
+                                    object.methodSelectors = [];
+                                    for (var j = 0; j < message.methodSelectors.length; ++j)
+                                        object.methodSelectors[j] = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector.toObject(message.methodSelectors[j], options);
+                                }
+                                return object;
+                            };
+    
+                            /**
+                             * Converts this ApiOperation to JSON.
+                             * @function toJSON
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
+                             * @instance
+                             * @returns {Object.<string,*>} JSON object
+                             */
+                            ApiOperation.prototype.toJSON = function toJSON() {
+                                return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                            };
+    
+                            /**
+                             * Gets the default type url for ApiOperation
+                             * @function getTypeUrl
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
+                             * @static
+                             * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                             * @returns {string} The default type url
+                             */
+                            ApiOperation.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                                if (typeUrlPrefix === undefined) {
+                                    typeUrlPrefix = "type.googleapis.com";
+                                }
+                                return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation";
+                            };
+    
+                            return ApiOperation;
+                        })();
+    
+                        ServicePerimeterConfig.IngressSource = (function() {
+    
+                            /**
+                             * Properties of an IngressSource.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @interface IIngressSource
+                             * @property {string|null} [accessLevel] IngressSource accessLevel
+                             * @property {string|null} [resource] IngressSource resource
+                             */
+    
+                            /**
+                             * Constructs a new IngressSource.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @classdesc Represents an IngressSource.
+                             * @implements IIngressSource
+                             * @constructor
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressSource=} [properties] Properties to set
+                             */
+                            function IngressSource(properties) {
+                                if (properties)
+                                    for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                        if (properties[keys[i]] != null)
+                                            this[keys[i]] = properties[keys[i]];
+                            }
+    
+                            /**
+                             * IngressSource accessLevel.
+                             * @member {string|null|undefined} accessLevel
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+                             * @instance
+                             */
+                            IngressSource.prototype.accessLevel = null;
+    
+                            /**
+                             * IngressSource resource.
+                             * @member {string|null|undefined} resource
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+                             * @instance
+                             */
+                            IngressSource.prototype.resource = null;
+    
+                            // OneOf field names bound to virtual getters and setters
+                            var $oneOfFields;
+    
+                            /**
+                             * IngressSource source.
+                             * @member {"accessLevel"|"resource"|undefined} source
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+                             * @instance
+                             */
+                            Object.defineProperty(IngressSource.prototype, "source", {
+                                get: $util.oneOfGetter($oneOfFields = ["accessLevel", "resource"]),
+                                set: $util.oneOfSetter($oneOfFields)
+                            });
+    
+                            /**
+                             * Creates a new IngressSource instance using the specified properties.
+                             * @function create
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressSource=} [properties] Properties to set
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource} IngressSource instance
+                             */
+                            IngressSource.create = function create(properties) {
+                                return new IngressSource(properties);
+                            };
+    
+                            /**
+                             * Encodes the specified IngressSource message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource.verify|verify} messages.
+                             * @function encode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressSource} message IngressSource message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            IngressSource.encode = function encode(message, writer) {
+                                if (!writer)
+                                    writer = $Writer.create();
+                                if (message.accessLevel != null && Object.hasOwnProperty.call(message, "accessLevel"))
+                                    writer.uint32(/* id 1, wireType 2 =*/10).string(message.accessLevel);
+                                if (message.resource != null && Object.hasOwnProperty.call(message, "resource"))
+                                    writer.uint32(/* id 2, wireType 2 =*/18).string(message.resource);
+                                return writer;
+                            };
+    
+                            /**
+                             * Encodes the specified IngressSource message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource.verify|verify} messages.
+                             * @function encodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressSource} message IngressSource message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            IngressSource.encodeDelimited = function encodeDelimited(message, writer) {
+                                return this.encode(message, writer).ldelim();
+                            };
+    
+                            /**
+                             * Decodes an IngressSource message from the specified reader or buffer.
+                             * @function decode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @param {number} [length] Message length if known beforehand
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource} IngressSource
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            IngressSource.decode = function decode(reader, length) {
+                                if (!(reader instanceof $Reader))
+                                    reader = $Reader.create(reader);
+                                var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource();
+                                while (reader.pos < end) {
+                                    var tag = reader.uint32();
+                                    switch (tag >>> 3) {
+                                    case 1: {
+                                            message.accessLevel = reader.string();
+                                            break;
+                                        }
+                                    case 2: {
+                                            message.resource = reader.string();
+                                            break;
+                                        }
+                                    default:
+                                        reader.skipType(tag & 7);
+                                        break;
+                                    }
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Decodes an IngressSource message from the specified reader or buffer, length delimited.
+                             * @function decodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource} IngressSource
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            IngressSource.decodeDelimited = function decodeDelimited(reader) {
+                                if (!(reader instanceof $Reader))
+                                    reader = new $Reader(reader);
+                                return this.decode(reader, reader.uint32());
+                            };
+    
+                            /**
+                             * Verifies an IngressSource message.
+                             * @function verify
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+                             * @static
+                             * @param {Object.<string,*>} message Plain object to verify
+                             * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                             */
+                            IngressSource.verify = function verify(message) {
+                                if (typeof message !== "object" || message === null)
+                                    return "object expected";
+                                var properties = {};
+                                if (message.accessLevel != null && message.hasOwnProperty("accessLevel")) {
+                                    properties.source = 1;
+                                    if (!$util.isString(message.accessLevel))
+                                        return "accessLevel: string expected";
+                                }
+                                if (message.resource != null && message.hasOwnProperty("resource")) {
+                                    if (properties.source === 1)
+                                        return "source: multiple values";
+                                    properties.source = 1;
+                                    if (!$util.isString(message.resource))
+                                        return "resource: string expected";
+                                }
+                                return null;
+                            };
+    
+                            /**
+                             * Creates an IngressSource message from a plain object. Also converts values to their respective internal types.
+                             * @function fromObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+                             * @static
+                             * @param {Object.<string,*>} object Plain object
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource} IngressSource
+                             */
+                            IngressSource.fromObject = function fromObject(object) {
+                                if (object instanceof $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource)
+                                    return object;
+                                var message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource();
+                                if (object.accessLevel != null)
+                                    message.accessLevel = String(object.accessLevel);
+                                if (object.resource != null)
+                                    message.resource = String(object.resource);
+                                return message;
+                            };
+    
+                            /**
+                             * Creates a plain object from an IngressSource message. Also converts values to other types if specified.
+                             * @function toObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource} message IngressSource
+                             * @param {$protobuf.IConversionOptions} [options] Conversion options
+                             * @returns {Object.<string,*>} Plain object
+                             */
+                            IngressSource.toObject = function toObject(message, options) {
+                                if (!options)
+                                    options = {};
+                                var object = {};
+                                if (message.accessLevel != null && message.hasOwnProperty("accessLevel")) {
+                                    object.accessLevel = message.accessLevel;
+                                    if (options.oneofs)
+                                        object.source = "accessLevel";
+                                }
+                                if (message.resource != null && message.hasOwnProperty("resource")) {
+                                    object.resource = message.resource;
+                                    if (options.oneofs)
+                                        object.source = "resource";
+                                }
+                                return object;
+                            };
+    
+                            /**
+                             * Converts this IngressSource to JSON.
+                             * @function toJSON
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+                             * @instance
+                             * @returns {Object.<string,*>} JSON object
+                             */
+                            IngressSource.prototype.toJSON = function toJSON() {
+                                return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                            };
+    
+                            /**
+                             * Gets the default type url for IngressSource
+                             * @function getTypeUrl
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+                             * @static
+                             * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                             * @returns {string} The default type url
+                             */
+                            IngressSource.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                                if (typeUrlPrefix === undefined) {
+                                    typeUrlPrefix = "type.googleapis.com";
+                                }
+                                return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource";
+                            };
+    
+                            return IngressSource;
+                        })();
+    
+                        ServicePerimeterConfig.IngressFrom = (function() {
+    
+                            /**
+                             * Properties of an IngressFrom.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @interface IIngressFrom
+                             * @property {Array.<google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressSource>|null} [sources] IngressFrom sources
+                             * @property {Array.<string>|null} [identities] IngressFrom identities
+                             * @property {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType|null} [identityType] IngressFrom identityType
+                             */
+    
+                            /**
+                             * Constructs a new IngressFrom.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @classdesc Represents an IngressFrom.
+                             * @implements IIngressFrom
+                             * @constructor
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressFrom=} [properties] Properties to set
+                             */
+                            function IngressFrom(properties) {
+                                this.sources = [];
+                                this.identities = [];
+                                if (properties)
+                                    for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                        if (properties[keys[i]] != null)
+                                            this[keys[i]] = properties[keys[i]];
+                            }
+    
+                            /**
+                             * IngressFrom sources.
+                             * @member {Array.<google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressSource>} sources
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
+                             * @instance
+                             */
+                            IngressFrom.prototype.sources = $util.emptyArray;
+    
+                            /**
+                             * IngressFrom identities.
+                             * @member {Array.<string>} identities
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
+                             * @instance
+                             */
+                            IngressFrom.prototype.identities = $util.emptyArray;
+    
+                            /**
+                             * IngressFrom identityType.
+                             * @member {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType} identityType
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
+                             * @instance
+                             */
+                            IngressFrom.prototype.identityType = 0;
+    
+                            /**
+                             * Creates a new IngressFrom instance using the specified properties.
+                             * @function create
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressFrom=} [properties] Properties to set
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom} IngressFrom instance
+                             */
+                            IngressFrom.create = function create(properties) {
+                                return new IngressFrom(properties);
+                            };
+    
+                            /**
+                             * Encodes the specified IngressFrom message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom.verify|verify} messages.
+                             * @function encode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressFrom} message IngressFrom message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            IngressFrom.encode = function encode(message, writer) {
+                                if (!writer)
+                                    writer = $Writer.create();
+                                if (message.sources != null && message.sources.length)
+                                    for (var i = 0; i < message.sources.length; ++i)
+                                        $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource.encode(message.sources[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                                if (message.identities != null && message.identities.length)
+                                    for (var i = 0; i < message.identities.length; ++i)
+                                        writer.uint32(/* id 2, wireType 2 =*/18).string(message.identities[i]);
+                                if (message.identityType != null && Object.hasOwnProperty.call(message, "identityType"))
+                                    writer.uint32(/* id 3, wireType 0 =*/24).int32(message.identityType);
+                                return writer;
+                            };
+    
+                            /**
+                             * Encodes the specified IngressFrom message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom.verify|verify} messages.
+                             * @function encodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressFrom} message IngressFrom message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            IngressFrom.encodeDelimited = function encodeDelimited(message, writer) {
+                                return this.encode(message, writer).ldelim();
+                            };
+    
+                            /**
+                             * Decodes an IngressFrom message from the specified reader or buffer.
+                             * @function decode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @param {number} [length] Message length if known beforehand
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom} IngressFrom
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            IngressFrom.decode = function decode(reader, length) {
+                                if (!(reader instanceof $Reader))
+                                    reader = $Reader.create(reader);
+                                var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom();
+                                while (reader.pos < end) {
+                                    var tag = reader.uint32();
+                                    switch (tag >>> 3) {
+                                    case 1: {
+                                            if (!(message.sources && message.sources.length))
+                                                message.sources = [];
+                                            message.sources.push($root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource.decode(reader, reader.uint32()));
+                                            break;
+                                        }
+                                    case 2: {
+                                            if (!(message.identities && message.identities.length))
+                                                message.identities = [];
+                                            message.identities.push(reader.string());
+                                            break;
+                                        }
+                                    case 3: {
+                                            message.identityType = reader.int32();
+                                            break;
+                                        }
+                                    default:
+                                        reader.skipType(tag & 7);
+                                        break;
+                                    }
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Decodes an IngressFrom message from the specified reader or buffer, length delimited.
+                             * @function decodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom} IngressFrom
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            IngressFrom.decodeDelimited = function decodeDelimited(reader) {
+                                if (!(reader instanceof $Reader))
+                                    reader = new $Reader(reader);
+                                return this.decode(reader, reader.uint32());
+                            };
+    
+                            /**
+                             * Verifies an IngressFrom message.
+                             * @function verify
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
+                             * @static
+                             * @param {Object.<string,*>} message Plain object to verify
+                             * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                             */
+                            IngressFrom.verify = function verify(message) {
+                                if (typeof message !== "object" || message === null)
+                                    return "object expected";
+                                if (message.sources != null && message.hasOwnProperty("sources")) {
+                                    if (!Array.isArray(message.sources))
+                                        return "sources: array expected";
+                                    for (var i = 0; i < message.sources.length; ++i) {
+                                        var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource.verify(message.sources[i]);
+                                        if (error)
+                                            return "sources." + error;
+                                    }
+                                }
+                                if (message.identities != null && message.hasOwnProperty("identities")) {
+                                    if (!Array.isArray(message.identities))
+                                        return "identities: array expected";
+                                    for (var i = 0; i < message.identities.length; ++i)
+                                        if (!$util.isString(message.identities[i]))
+                                            return "identities: string[] expected";
+                                }
+                                if (message.identityType != null && message.hasOwnProperty("identityType"))
+                                    switch (message.identityType) {
+                                    default:
+                                        return "identityType: enum value expected";
+                                    case 0:
+                                    case 1:
+                                    case 2:
+                                    case 3:
+                                        break;
+                                    }
+                                return null;
+                            };
+    
+                            /**
+                             * Creates an IngressFrom message from a plain object. Also converts values to their respective internal types.
+                             * @function fromObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
+                             * @static
+                             * @param {Object.<string,*>} object Plain object
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom} IngressFrom
+                             */
+                            IngressFrom.fromObject = function fromObject(object) {
+                                if (object instanceof $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom)
+                                    return object;
+                                var message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom();
+                                if (object.sources) {
+                                    if (!Array.isArray(object.sources))
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom.sources: array expected");
+                                    message.sources = [];
+                                    for (var i = 0; i < object.sources.length; ++i) {
+                                        if (typeof object.sources[i] !== "object")
+                                            throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom.sources: object expected");
+                                        message.sources[i] = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource.fromObject(object.sources[i]);
+                                    }
+                                }
+                                if (object.identities) {
+                                    if (!Array.isArray(object.identities))
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom.identities: array expected");
+                                    message.identities = [];
+                                    for (var i = 0; i < object.identities.length; ++i)
+                                        message.identities[i] = String(object.identities[i]);
+                                }
+                                switch (object.identityType) {
+                                default:
+                                    if (typeof object.identityType === "number") {
+                                        message.identityType = object.identityType;
+                                        break;
+                                    }
+                                    break;
+                                case "IDENTITY_TYPE_UNSPECIFIED":
+                                case 0:
+                                    message.identityType = 0;
+                                    break;
+                                case "ANY_IDENTITY":
+                                case 1:
+                                    message.identityType = 1;
+                                    break;
+                                case "ANY_USER_ACCOUNT":
+                                case 2:
+                                    message.identityType = 2;
+                                    break;
+                                case "ANY_SERVICE_ACCOUNT":
+                                case 3:
+                                    message.identityType = 3;
+                                    break;
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Creates a plain object from an IngressFrom message. Also converts values to other types if specified.
+                             * @function toObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom} message IngressFrom
+                             * @param {$protobuf.IConversionOptions} [options] Conversion options
+                             * @returns {Object.<string,*>} Plain object
+                             */
+                            IngressFrom.toObject = function toObject(message, options) {
+                                if (!options)
+                                    options = {};
+                                var object = {};
+                                if (options.arrays || options.defaults) {
+                                    object.sources = [];
+                                    object.identities = [];
+                                }
+                                if (options.defaults)
+                                    object.identityType = options.enums === String ? "IDENTITY_TYPE_UNSPECIFIED" : 0;
+                                if (message.sources && message.sources.length) {
+                                    object.sources = [];
+                                    for (var j = 0; j < message.sources.length; ++j)
+                                        object.sources[j] = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource.toObject(message.sources[j], options);
+                                }
+                                if (message.identities && message.identities.length) {
+                                    object.identities = [];
+                                    for (var j = 0; j < message.identities.length; ++j)
+                                        object.identities[j] = message.identities[j];
+                                }
+                                if (message.identityType != null && message.hasOwnProperty("identityType"))
+                                    object.identityType = options.enums === String ? $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType[message.identityType] === undefined ? message.identityType : $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType[message.identityType] : message.identityType;
+                                return object;
+                            };
+    
+                            /**
+                             * Converts this IngressFrom to JSON.
+                             * @function toJSON
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
+                             * @instance
+                             * @returns {Object.<string,*>} JSON object
+                             */
+                            IngressFrom.prototype.toJSON = function toJSON() {
+                                return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                            };
+    
+                            /**
+                             * Gets the default type url for IngressFrom
+                             * @function getTypeUrl
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
+                             * @static
+                             * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                             * @returns {string} The default type url
+                             */
+                            IngressFrom.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                                if (typeUrlPrefix === undefined) {
+                                    typeUrlPrefix = "type.googleapis.com";
+                                }
+                                return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom";
+                            };
+    
+                            return IngressFrom;
+                        })();
+    
+                        ServicePerimeterConfig.IngressTo = (function() {
+    
+                            /**
+                             * Properties of an IngressTo.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @interface IIngressTo
+                             * @property {Array.<google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation>|null} [operations] IngressTo operations
+                             * @property {Array.<string>|null} [resources] IngressTo resources
+                             */
+    
+                            /**
+                             * Constructs a new IngressTo.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @classdesc Represents an IngressTo.
+                             * @implements IIngressTo
+                             * @constructor
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressTo=} [properties] Properties to set
+                             */
+                            function IngressTo(properties) {
+                                this.operations = [];
+                                this.resources = [];
+                                if (properties)
+                                    for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                        if (properties[keys[i]] != null)
+                                            this[keys[i]] = properties[keys[i]];
+                            }
+    
+                            /**
+                             * IngressTo operations.
+                             * @member {Array.<google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation>} operations
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo
+                             * @instance
+                             */
+                            IngressTo.prototype.operations = $util.emptyArray;
+    
+                            /**
+                             * IngressTo resources.
+                             * @member {Array.<string>} resources
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo
+                             * @instance
+                             */
+                            IngressTo.prototype.resources = $util.emptyArray;
+    
+                            /**
+                             * Creates a new IngressTo instance using the specified properties.
+                             * @function create
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressTo=} [properties] Properties to set
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo} IngressTo instance
+                             */
+                            IngressTo.create = function create(properties) {
+                                return new IngressTo(properties);
+                            };
+    
+                            /**
+                             * Encodes the specified IngressTo message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo.verify|verify} messages.
+                             * @function encode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressTo} message IngressTo message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            IngressTo.encode = function encode(message, writer) {
+                                if (!writer)
+                                    writer = $Writer.create();
+                                if (message.operations != null && message.operations.length)
+                                    for (var i = 0; i < message.operations.length; ++i)
+                                        $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.encode(message.operations[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                                if (message.resources != null && message.resources.length)
+                                    for (var i = 0; i < message.resources.length; ++i)
+                                        writer.uint32(/* id 2, wireType 2 =*/18).string(message.resources[i]);
+                                return writer;
+                            };
+    
+                            /**
+                             * Encodes the specified IngressTo message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo.verify|verify} messages.
+                             * @function encodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressTo} message IngressTo message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            IngressTo.encodeDelimited = function encodeDelimited(message, writer) {
+                                return this.encode(message, writer).ldelim();
+                            };
+    
+                            /**
+                             * Decodes an IngressTo message from the specified reader or buffer.
+                             * @function decode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @param {number} [length] Message length if known beforehand
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo} IngressTo
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            IngressTo.decode = function decode(reader, length) {
+                                if (!(reader instanceof $Reader))
+                                    reader = $Reader.create(reader);
+                                var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo();
+                                while (reader.pos < end) {
+                                    var tag = reader.uint32();
+                                    switch (tag >>> 3) {
+                                    case 1: {
+                                            if (!(message.operations && message.operations.length))
+                                                message.operations = [];
+                                            message.operations.push($root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.decode(reader, reader.uint32()));
+                                            break;
+                                        }
+                                    case 2: {
+                                            if (!(message.resources && message.resources.length))
+                                                message.resources = [];
+                                            message.resources.push(reader.string());
+                                            break;
+                                        }
+                                    default:
+                                        reader.skipType(tag & 7);
+                                        break;
+                                    }
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Decodes an IngressTo message from the specified reader or buffer, length delimited.
+                             * @function decodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo} IngressTo
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            IngressTo.decodeDelimited = function decodeDelimited(reader) {
+                                if (!(reader instanceof $Reader))
+                                    reader = new $Reader(reader);
+                                return this.decode(reader, reader.uint32());
+                            };
+    
+                            /**
+                             * Verifies an IngressTo message.
+                             * @function verify
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo
+                             * @static
+                             * @param {Object.<string,*>} message Plain object to verify
+                             * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                             */
+                            IngressTo.verify = function verify(message) {
+                                if (typeof message !== "object" || message === null)
+                                    return "object expected";
+                                if (message.operations != null && message.hasOwnProperty("operations")) {
+                                    if (!Array.isArray(message.operations))
+                                        return "operations: array expected";
+                                    for (var i = 0; i < message.operations.length; ++i) {
+                                        var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.verify(message.operations[i]);
+                                        if (error)
+                                            return "operations." + error;
+                                    }
+                                }
+                                if (message.resources != null && message.hasOwnProperty("resources")) {
+                                    if (!Array.isArray(message.resources))
+                                        return "resources: array expected";
+                                    for (var i = 0; i < message.resources.length; ++i)
+                                        if (!$util.isString(message.resources[i]))
+                                            return "resources: string[] expected";
+                                }
+                                return null;
+                            };
+    
+                            /**
+                             * Creates an IngressTo message from a plain object. Also converts values to their respective internal types.
+                             * @function fromObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo
+                             * @static
+                             * @param {Object.<string,*>} object Plain object
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo} IngressTo
+                             */
+                            IngressTo.fromObject = function fromObject(object) {
+                                if (object instanceof $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo)
+                                    return object;
+                                var message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo();
+                                if (object.operations) {
+                                    if (!Array.isArray(object.operations))
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo.operations: array expected");
+                                    message.operations = [];
+                                    for (var i = 0; i < object.operations.length; ++i) {
+                                        if (typeof object.operations[i] !== "object")
+                                            throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo.operations: object expected");
+                                        message.operations[i] = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.fromObject(object.operations[i]);
+                                    }
+                                }
+                                if (object.resources) {
+                                    if (!Array.isArray(object.resources))
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo.resources: array expected");
+                                    message.resources = [];
+                                    for (var i = 0; i < object.resources.length; ++i)
+                                        message.resources[i] = String(object.resources[i]);
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Creates a plain object from an IngressTo message. Also converts values to other types if specified.
+                             * @function toObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo} message IngressTo
+                             * @param {$protobuf.IConversionOptions} [options] Conversion options
+                             * @returns {Object.<string,*>} Plain object
+                             */
+                            IngressTo.toObject = function toObject(message, options) {
+                                if (!options)
+                                    options = {};
+                                var object = {};
+                                if (options.arrays || options.defaults) {
+                                    object.operations = [];
+                                    object.resources = [];
+                                }
+                                if (message.operations && message.operations.length) {
+                                    object.operations = [];
+                                    for (var j = 0; j < message.operations.length; ++j)
+                                        object.operations[j] = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.toObject(message.operations[j], options);
+                                }
+                                if (message.resources && message.resources.length) {
+                                    object.resources = [];
+                                    for (var j = 0; j < message.resources.length; ++j)
+                                        object.resources[j] = message.resources[j];
+                                }
+                                return object;
+                            };
+    
+                            /**
+                             * Converts this IngressTo to JSON.
+                             * @function toJSON
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo
+                             * @instance
+                             * @returns {Object.<string,*>} JSON object
+                             */
+                            IngressTo.prototype.toJSON = function toJSON() {
+                                return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                            };
+    
+                            /**
+                             * Gets the default type url for IngressTo
+                             * @function getTypeUrl
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo
+                             * @static
+                             * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                             * @returns {string} The default type url
+                             */
+                            IngressTo.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                                if (typeUrlPrefix === undefined) {
+                                    typeUrlPrefix = "type.googleapis.com";
+                                }
+                                return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo";
+                            };
+    
+                            return IngressTo;
+                        })();
+    
+                        ServicePerimeterConfig.IngressPolicy = (function() {
+    
+                            /**
+                             * Properties of an IngressPolicy.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @interface IIngressPolicy
+                             * @property {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressFrom|null} [ingressFrom] IngressPolicy ingressFrom
+                             * @property {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressTo|null} [ingressTo] IngressPolicy ingressTo
+                             */
+    
+                            /**
+                             * Constructs a new IngressPolicy.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @classdesc Represents an IngressPolicy.
+                             * @implements IIngressPolicy
+                             * @constructor
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressPolicy=} [properties] Properties to set
+                             */
+                            function IngressPolicy(properties) {
+                                if (properties)
+                                    for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                        if (properties[keys[i]] != null)
+                                            this[keys[i]] = properties[keys[i]];
+                            }
+    
+                            /**
+                             * IngressPolicy ingressFrom.
+                             * @member {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressFrom|null|undefined} ingressFrom
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy
+                             * @instance
+                             */
+                            IngressPolicy.prototype.ingressFrom = null;
+    
+                            /**
+                             * IngressPolicy ingressTo.
+                             * @member {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressTo|null|undefined} ingressTo
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy
+                             * @instance
+                             */
+                            IngressPolicy.prototype.ingressTo = null;
+    
+                            /**
+                             * Creates a new IngressPolicy instance using the specified properties.
+                             * @function create
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressPolicy=} [properties] Properties to set
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy} IngressPolicy instance
+                             */
+                            IngressPolicy.create = function create(properties) {
+                                return new IngressPolicy(properties);
+                            };
+    
+                            /**
+                             * Encodes the specified IngressPolicy message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy.verify|verify} messages.
+                             * @function encode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressPolicy} message IngressPolicy message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            IngressPolicy.encode = function encode(message, writer) {
+                                if (!writer)
+                                    writer = $Writer.create();
+                                if (message.ingressFrom != null && Object.hasOwnProperty.call(message, "ingressFrom"))
+                                    $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom.encode(message.ingressFrom, writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                                if (message.ingressTo != null && Object.hasOwnProperty.call(message, "ingressTo"))
+                                    $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo.encode(message.ingressTo, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                                return writer;
+                            };
+    
+                            /**
+                             * Encodes the specified IngressPolicy message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy.verify|verify} messages.
+                             * @function encodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IIngressPolicy} message IngressPolicy message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            IngressPolicy.encodeDelimited = function encodeDelimited(message, writer) {
+                                return this.encode(message, writer).ldelim();
+                            };
+    
+                            /**
+                             * Decodes an IngressPolicy message from the specified reader or buffer.
+                             * @function decode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @param {number} [length] Message length if known beforehand
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy} IngressPolicy
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            IngressPolicy.decode = function decode(reader, length) {
+                                if (!(reader instanceof $Reader))
+                                    reader = $Reader.create(reader);
+                                var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy();
+                                while (reader.pos < end) {
+                                    var tag = reader.uint32();
+                                    switch (tag >>> 3) {
+                                    case 1: {
+                                            message.ingressFrom = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom.decode(reader, reader.uint32());
+                                            break;
+                                        }
+                                    case 2: {
+                                            message.ingressTo = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo.decode(reader, reader.uint32());
+                                            break;
+                                        }
+                                    default:
+                                        reader.skipType(tag & 7);
+                                        break;
+                                    }
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Decodes an IngressPolicy message from the specified reader or buffer, length delimited.
+                             * @function decodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy} IngressPolicy
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            IngressPolicy.decodeDelimited = function decodeDelimited(reader) {
+                                if (!(reader instanceof $Reader))
+                                    reader = new $Reader(reader);
+                                return this.decode(reader, reader.uint32());
+                            };
+    
+                            /**
+                             * Verifies an IngressPolicy message.
+                             * @function verify
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy
+                             * @static
+                             * @param {Object.<string,*>} message Plain object to verify
+                             * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                             */
+                            IngressPolicy.verify = function verify(message) {
+                                if (typeof message !== "object" || message === null)
+                                    return "object expected";
+                                if (message.ingressFrom != null && message.hasOwnProperty("ingressFrom")) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom.verify(message.ingressFrom);
+                                    if (error)
+                                        return "ingressFrom." + error;
+                                }
+                                if (message.ingressTo != null && message.hasOwnProperty("ingressTo")) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo.verify(message.ingressTo);
+                                    if (error)
+                                        return "ingressTo." + error;
+                                }
+                                return null;
+                            };
+    
+                            /**
+                             * Creates an IngressPolicy message from a plain object. Also converts values to their respective internal types.
+                             * @function fromObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy
+                             * @static
+                             * @param {Object.<string,*>} object Plain object
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy} IngressPolicy
+                             */
+                            IngressPolicy.fromObject = function fromObject(object) {
+                                if (object instanceof $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy)
+                                    return object;
+                                var message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy();
+                                if (object.ingressFrom != null) {
+                                    if (typeof object.ingressFrom !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy.ingressFrom: object expected");
+                                    message.ingressFrom = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom.fromObject(object.ingressFrom);
+                                }
+                                if (object.ingressTo != null) {
+                                    if (typeof object.ingressTo !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy.ingressTo: object expected");
+                                    message.ingressTo = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo.fromObject(object.ingressTo);
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Creates a plain object from an IngressPolicy message. Also converts values to other types if specified.
+                             * @function toObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy} message IngressPolicy
+                             * @param {$protobuf.IConversionOptions} [options] Conversion options
+                             * @returns {Object.<string,*>} Plain object
+                             */
+                            IngressPolicy.toObject = function toObject(message, options) {
+                                if (!options)
+                                    options = {};
+                                var object = {};
+                                if (options.defaults) {
+                                    object.ingressFrom = null;
+                                    object.ingressTo = null;
+                                }
+                                if (message.ingressFrom != null && message.hasOwnProperty("ingressFrom"))
+                                    object.ingressFrom = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom.toObject(message.ingressFrom, options);
+                                if (message.ingressTo != null && message.hasOwnProperty("ingressTo"))
+                                    object.ingressTo = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo.toObject(message.ingressTo, options);
+                                return object;
+                            };
+    
+                            /**
+                             * Converts this IngressPolicy to JSON.
+                             * @function toJSON
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy
+                             * @instance
+                             * @returns {Object.<string,*>} JSON object
+                             */
+                            IngressPolicy.prototype.toJSON = function toJSON() {
+                                return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                            };
+    
+                            /**
+                             * Gets the default type url for IngressPolicy
+                             * @function getTypeUrl
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy
+                             * @static
+                             * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                             * @returns {string} The default type url
+                             */
+                            IngressPolicy.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                                if (typeUrlPrefix === undefined) {
+                                    typeUrlPrefix = "type.googleapis.com";
+                                }
+                                return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy";
+                            };
+    
+                            return IngressPolicy;
+                        })();
+    
+                        ServicePerimeterConfig.EgressFrom = (function() {
+    
+                            /**
+                             * Properties of an EgressFrom.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @interface IEgressFrom
+                             * @property {Array.<string>|null} [identities] EgressFrom identities
+                             * @property {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType|null} [identityType] EgressFrom identityType
+                             */
+    
+                            /**
+                             * Constructs a new EgressFrom.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @classdesc Represents an EgressFrom.
+                             * @implements IEgressFrom
+                             * @constructor
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressFrom=} [properties] Properties to set
+                             */
+                            function EgressFrom(properties) {
+                                this.identities = [];
+                                if (properties)
+                                    for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                        if (properties[keys[i]] != null)
+                                            this[keys[i]] = properties[keys[i]];
+                            }
+    
+                            /**
+                             * EgressFrom identities.
+                             * @member {Array.<string>} identities
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom
+                             * @instance
+                             */
+                            EgressFrom.prototype.identities = $util.emptyArray;
+    
+                            /**
+                             * EgressFrom identityType.
+                             * @member {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType} identityType
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom
+                             * @instance
+                             */
+                            EgressFrom.prototype.identityType = 0;
+    
+                            /**
+                             * Creates a new EgressFrom instance using the specified properties.
+                             * @function create
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressFrom=} [properties] Properties to set
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom} EgressFrom instance
+                             */
+                            EgressFrom.create = function create(properties) {
+                                return new EgressFrom(properties);
+                            };
+    
+                            /**
+                             * Encodes the specified EgressFrom message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom.verify|verify} messages.
+                             * @function encode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressFrom} message EgressFrom message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            EgressFrom.encode = function encode(message, writer) {
+                                if (!writer)
+                                    writer = $Writer.create();
+                                if (message.identities != null && message.identities.length)
+                                    for (var i = 0; i < message.identities.length; ++i)
+                                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.identities[i]);
+                                if (message.identityType != null && Object.hasOwnProperty.call(message, "identityType"))
+                                    writer.uint32(/* id 2, wireType 0 =*/16).int32(message.identityType);
+                                return writer;
+                            };
+    
+                            /**
+                             * Encodes the specified EgressFrom message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom.verify|verify} messages.
+                             * @function encodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressFrom} message EgressFrom message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            EgressFrom.encodeDelimited = function encodeDelimited(message, writer) {
+                                return this.encode(message, writer).ldelim();
+                            };
+    
+                            /**
+                             * Decodes an EgressFrom message from the specified reader or buffer.
+                             * @function decode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @param {number} [length] Message length if known beforehand
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom} EgressFrom
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            EgressFrom.decode = function decode(reader, length) {
+                                if (!(reader instanceof $Reader))
+                                    reader = $Reader.create(reader);
+                                var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom();
+                                while (reader.pos < end) {
+                                    var tag = reader.uint32();
+                                    switch (tag >>> 3) {
+                                    case 1: {
+                                            if (!(message.identities && message.identities.length))
+                                                message.identities = [];
+                                            message.identities.push(reader.string());
+                                            break;
+                                        }
+                                    case 2: {
+                                            message.identityType = reader.int32();
+                                            break;
+                                        }
+                                    default:
+                                        reader.skipType(tag & 7);
+                                        break;
+                                    }
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Decodes an EgressFrom message from the specified reader or buffer, length delimited.
+                             * @function decodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom} EgressFrom
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            EgressFrom.decodeDelimited = function decodeDelimited(reader) {
+                                if (!(reader instanceof $Reader))
+                                    reader = new $Reader(reader);
+                                return this.decode(reader, reader.uint32());
+                            };
+    
+                            /**
+                             * Verifies an EgressFrom message.
+                             * @function verify
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom
+                             * @static
+                             * @param {Object.<string,*>} message Plain object to verify
+                             * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                             */
+                            EgressFrom.verify = function verify(message) {
+                                if (typeof message !== "object" || message === null)
+                                    return "object expected";
+                                if (message.identities != null && message.hasOwnProperty("identities")) {
+                                    if (!Array.isArray(message.identities))
+                                        return "identities: array expected";
+                                    for (var i = 0; i < message.identities.length; ++i)
+                                        if (!$util.isString(message.identities[i]))
+                                            return "identities: string[] expected";
+                                }
+                                if (message.identityType != null && message.hasOwnProperty("identityType"))
+                                    switch (message.identityType) {
+                                    default:
+                                        return "identityType: enum value expected";
+                                    case 0:
+                                    case 1:
+                                    case 2:
+                                    case 3:
+                                        break;
+                                    }
+                                return null;
+                            };
+    
+                            /**
+                             * Creates an EgressFrom message from a plain object. Also converts values to their respective internal types.
+                             * @function fromObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom
+                             * @static
+                             * @param {Object.<string,*>} object Plain object
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom} EgressFrom
+                             */
+                            EgressFrom.fromObject = function fromObject(object) {
+                                if (object instanceof $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom)
+                                    return object;
+                                var message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom();
+                                if (object.identities) {
+                                    if (!Array.isArray(object.identities))
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom.identities: array expected");
+                                    message.identities = [];
+                                    for (var i = 0; i < object.identities.length; ++i)
+                                        message.identities[i] = String(object.identities[i]);
+                                }
+                                switch (object.identityType) {
+                                default:
+                                    if (typeof object.identityType === "number") {
+                                        message.identityType = object.identityType;
+                                        break;
+                                    }
+                                    break;
+                                case "IDENTITY_TYPE_UNSPECIFIED":
+                                case 0:
+                                    message.identityType = 0;
+                                    break;
+                                case "ANY_IDENTITY":
+                                case 1:
+                                    message.identityType = 1;
+                                    break;
+                                case "ANY_USER_ACCOUNT":
+                                case 2:
+                                    message.identityType = 2;
+                                    break;
+                                case "ANY_SERVICE_ACCOUNT":
+                                case 3:
+                                    message.identityType = 3;
+                                    break;
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Creates a plain object from an EgressFrom message. Also converts values to other types if specified.
+                             * @function toObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom} message EgressFrom
+                             * @param {$protobuf.IConversionOptions} [options] Conversion options
+                             * @returns {Object.<string,*>} Plain object
+                             */
+                            EgressFrom.toObject = function toObject(message, options) {
+                                if (!options)
+                                    options = {};
+                                var object = {};
+                                if (options.arrays || options.defaults)
+                                    object.identities = [];
+                                if (options.defaults)
+                                    object.identityType = options.enums === String ? "IDENTITY_TYPE_UNSPECIFIED" : 0;
+                                if (message.identities && message.identities.length) {
+                                    object.identities = [];
+                                    for (var j = 0; j < message.identities.length; ++j)
+                                        object.identities[j] = message.identities[j];
+                                }
+                                if (message.identityType != null && message.hasOwnProperty("identityType"))
+                                    object.identityType = options.enums === String ? $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType[message.identityType] === undefined ? message.identityType : $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType[message.identityType] : message.identityType;
+                                return object;
+                            };
+    
+                            /**
+                             * Converts this EgressFrom to JSON.
+                             * @function toJSON
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom
+                             * @instance
+                             * @returns {Object.<string,*>} JSON object
+                             */
+                            EgressFrom.prototype.toJSON = function toJSON() {
+                                return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                            };
+    
+                            /**
+                             * Gets the default type url for EgressFrom
+                             * @function getTypeUrl
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom
+                             * @static
+                             * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                             * @returns {string} The default type url
+                             */
+                            EgressFrom.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                                if (typeUrlPrefix === undefined) {
+                                    typeUrlPrefix = "type.googleapis.com";
+                                }
+                                return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom";
+                            };
+    
+                            return EgressFrom;
+                        })();
+    
+                        ServicePerimeterConfig.EgressTo = (function() {
+    
+                            /**
+                             * Properties of an EgressTo.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @interface IEgressTo
+                             * @property {Array.<string>|null} [resources] EgressTo resources
+                             * @property {Array.<google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation>|null} [operations] EgressTo operations
+                             * @property {Array.<string>|null} [externalResources] EgressTo externalResources
+                             */
+    
+                            /**
+                             * Constructs a new EgressTo.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @classdesc Represents an EgressTo.
+                             * @implements IEgressTo
+                             * @constructor
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressTo=} [properties] Properties to set
+                             */
+                            function EgressTo(properties) {
+                                this.resources = [];
+                                this.operations = [];
+                                this.externalResources = [];
+                                if (properties)
+                                    for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                        if (properties[keys[i]] != null)
+                                            this[keys[i]] = properties[keys[i]];
+                            }
+    
+                            /**
+                             * EgressTo resources.
+                             * @member {Array.<string>} resources
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+                             * @instance
+                             */
+                            EgressTo.prototype.resources = $util.emptyArray;
+    
+                            /**
+                             * EgressTo operations.
+                             * @member {Array.<google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IApiOperation>} operations
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+                             * @instance
+                             */
+                            EgressTo.prototype.operations = $util.emptyArray;
+    
+                            /**
+                             * EgressTo externalResources.
+                             * @member {Array.<string>} externalResources
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+                             * @instance
+                             */
+                            EgressTo.prototype.externalResources = $util.emptyArray;
+    
+                            /**
+                             * Creates a new EgressTo instance using the specified properties.
+                             * @function create
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressTo=} [properties] Properties to set
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo} EgressTo instance
+                             */
+                            EgressTo.create = function create(properties) {
+                                return new EgressTo(properties);
+                            };
+    
+                            /**
+                             * Encodes the specified EgressTo message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo.verify|verify} messages.
+                             * @function encode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressTo} message EgressTo message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            EgressTo.encode = function encode(message, writer) {
+                                if (!writer)
+                                    writer = $Writer.create();
+                                if (message.resources != null && message.resources.length)
+                                    for (var i = 0; i < message.resources.length; ++i)
+                                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.resources[i]);
+                                if (message.operations != null && message.operations.length)
+                                    for (var i = 0; i < message.operations.length; ++i)
+                                        $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.encode(message.operations[i], writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                                if (message.externalResources != null && message.externalResources.length)
+                                    for (var i = 0; i < message.externalResources.length; ++i)
+                                        writer.uint32(/* id 3, wireType 2 =*/26).string(message.externalResources[i]);
+                                return writer;
+                            };
+    
+                            /**
+                             * Encodes the specified EgressTo message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo.verify|verify} messages.
+                             * @function encodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressTo} message EgressTo message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            EgressTo.encodeDelimited = function encodeDelimited(message, writer) {
+                                return this.encode(message, writer).ldelim();
+                            };
+    
+                            /**
+                             * Decodes an EgressTo message from the specified reader or buffer.
+                             * @function decode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @param {number} [length] Message length if known beforehand
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo} EgressTo
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            EgressTo.decode = function decode(reader, length) {
+                                if (!(reader instanceof $Reader))
+                                    reader = $Reader.create(reader);
+                                var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo();
+                                while (reader.pos < end) {
+                                    var tag = reader.uint32();
+                                    switch (tag >>> 3) {
+                                    case 1: {
+                                            if (!(message.resources && message.resources.length))
+                                                message.resources = [];
+                                            message.resources.push(reader.string());
+                                            break;
+                                        }
+                                    case 2: {
+                                            if (!(message.operations && message.operations.length))
+                                                message.operations = [];
+                                            message.operations.push($root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.decode(reader, reader.uint32()));
+                                            break;
+                                        }
+                                    case 3: {
+                                            if (!(message.externalResources && message.externalResources.length))
+                                                message.externalResources = [];
+                                            message.externalResources.push(reader.string());
+                                            break;
+                                        }
+                                    default:
+                                        reader.skipType(tag & 7);
+                                        break;
+                                    }
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Decodes an EgressTo message from the specified reader or buffer, length delimited.
+                             * @function decodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo} EgressTo
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            EgressTo.decodeDelimited = function decodeDelimited(reader) {
+                                if (!(reader instanceof $Reader))
+                                    reader = new $Reader(reader);
+                                return this.decode(reader, reader.uint32());
+                            };
+    
+                            /**
+                             * Verifies an EgressTo message.
+                             * @function verify
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+                             * @static
+                             * @param {Object.<string,*>} message Plain object to verify
+                             * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                             */
+                            EgressTo.verify = function verify(message) {
+                                if (typeof message !== "object" || message === null)
+                                    return "object expected";
+                                if (message.resources != null && message.hasOwnProperty("resources")) {
+                                    if (!Array.isArray(message.resources))
+                                        return "resources: array expected";
+                                    for (var i = 0; i < message.resources.length; ++i)
+                                        if (!$util.isString(message.resources[i]))
+                                            return "resources: string[] expected";
+                                }
+                                if (message.operations != null && message.hasOwnProperty("operations")) {
+                                    if (!Array.isArray(message.operations))
+                                        return "operations: array expected";
+                                    for (var i = 0; i < message.operations.length; ++i) {
+                                        var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.verify(message.operations[i]);
+                                        if (error)
+                                            return "operations." + error;
+                                    }
+                                }
+                                if (message.externalResources != null && message.hasOwnProperty("externalResources")) {
+                                    if (!Array.isArray(message.externalResources))
+                                        return "externalResources: array expected";
+                                    for (var i = 0; i < message.externalResources.length; ++i)
+                                        if (!$util.isString(message.externalResources[i]))
+                                            return "externalResources: string[] expected";
+                                }
+                                return null;
+                            };
+    
+                            /**
+                             * Creates an EgressTo message from a plain object. Also converts values to their respective internal types.
+                             * @function fromObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+                             * @static
+                             * @param {Object.<string,*>} object Plain object
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo} EgressTo
+                             */
+                            EgressTo.fromObject = function fromObject(object) {
+                                if (object instanceof $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo)
+                                    return object;
+                                var message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo();
+                                if (object.resources) {
+                                    if (!Array.isArray(object.resources))
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo.resources: array expected");
+                                    message.resources = [];
+                                    for (var i = 0; i < object.resources.length; ++i)
+                                        message.resources[i] = String(object.resources[i]);
+                                }
+                                if (object.operations) {
+                                    if (!Array.isArray(object.operations))
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo.operations: array expected");
+                                    message.operations = [];
+                                    for (var i = 0; i < object.operations.length; ++i) {
+                                        if (typeof object.operations[i] !== "object")
+                                            throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo.operations: object expected");
+                                        message.operations[i] = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.fromObject(object.operations[i]);
+                                    }
+                                }
+                                if (object.externalResources) {
+                                    if (!Array.isArray(object.externalResources))
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo.externalResources: array expected");
+                                    message.externalResources = [];
+                                    for (var i = 0; i < object.externalResources.length; ++i)
+                                        message.externalResources[i] = String(object.externalResources[i]);
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Creates a plain object from an EgressTo message. Also converts values to other types if specified.
+                             * @function toObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo} message EgressTo
+                             * @param {$protobuf.IConversionOptions} [options] Conversion options
+                             * @returns {Object.<string,*>} Plain object
+                             */
+                            EgressTo.toObject = function toObject(message, options) {
+                                if (!options)
+                                    options = {};
+                                var object = {};
+                                if (options.arrays || options.defaults) {
+                                    object.resources = [];
+                                    object.operations = [];
+                                    object.externalResources = [];
+                                }
+                                if (message.resources && message.resources.length) {
+                                    object.resources = [];
+                                    for (var j = 0; j < message.resources.length; ++j)
+                                        object.resources[j] = message.resources[j];
+                                }
+                                if (message.operations && message.operations.length) {
+                                    object.operations = [];
+                                    for (var j = 0; j < message.operations.length; ++j)
+                                        object.operations[j] = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.toObject(message.operations[j], options);
+                                }
+                                if (message.externalResources && message.externalResources.length) {
+                                    object.externalResources = [];
+                                    for (var j = 0; j < message.externalResources.length; ++j)
+                                        object.externalResources[j] = message.externalResources[j];
+                                }
+                                return object;
+                            };
+    
+                            /**
+                             * Converts this EgressTo to JSON.
+                             * @function toJSON
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+                             * @instance
+                             * @returns {Object.<string,*>} JSON object
+                             */
+                            EgressTo.prototype.toJSON = function toJSON() {
+                                return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                            };
+    
+                            /**
+                             * Gets the default type url for EgressTo
+                             * @function getTypeUrl
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+                             * @static
+                             * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                             * @returns {string} The default type url
+                             */
+                            EgressTo.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                                if (typeUrlPrefix === undefined) {
+                                    typeUrlPrefix = "type.googleapis.com";
+                                }
+                                return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo";
+                            };
+    
+                            return EgressTo;
+                        })();
+    
+                        ServicePerimeterConfig.EgressPolicy = (function() {
+    
+                            /**
+                             * Properties of an EgressPolicy.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @interface IEgressPolicy
+                             * @property {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressFrom|null} [egressFrom] EgressPolicy egressFrom
+                             * @property {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressTo|null} [egressTo] EgressPolicy egressTo
+                             */
+    
+                            /**
+                             * Constructs a new EgressPolicy.
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+                             * @classdesc Represents an EgressPolicy.
+                             * @implements IEgressPolicy
+                             * @constructor
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressPolicy=} [properties] Properties to set
+                             */
+                            function EgressPolicy(properties) {
+                                if (properties)
+                                    for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                        if (properties[keys[i]] != null)
+                                            this[keys[i]] = properties[keys[i]];
+                            }
+    
+                            /**
+                             * EgressPolicy egressFrom.
+                             * @member {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressFrom|null|undefined} egressFrom
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy
+                             * @instance
+                             */
+                            EgressPolicy.prototype.egressFrom = null;
+    
+                            /**
+                             * EgressPolicy egressTo.
+                             * @member {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressTo|null|undefined} egressTo
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy
+                             * @instance
+                             */
+                            EgressPolicy.prototype.egressTo = null;
+    
+                            /**
+                             * Creates a new EgressPolicy instance using the specified properties.
+                             * @function create
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressPolicy=} [properties] Properties to set
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy} EgressPolicy instance
+                             */
+                            EgressPolicy.create = function create(properties) {
+                                return new EgressPolicy(properties);
+                            };
+    
+                            /**
+                             * Encodes the specified EgressPolicy message. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy.verify|verify} messages.
+                             * @function encode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressPolicy} message EgressPolicy message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            EgressPolicy.encode = function encode(message, writer) {
+                                if (!writer)
+                                    writer = $Writer.create();
+                                if (message.egressFrom != null && Object.hasOwnProperty.call(message, "egressFrom"))
+                                    $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom.encode(message.egressFrom, writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                                if (message.egressTo != null && Object.hasOwnProperty.call(message, "egressTo"))
+                                    $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo.encode(message.egressTo, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                                return writer;
+                            };
+    
+                            /**
+                             * Encodes the specified EgressPolicy message, length delimited. Does not implicitly {@link google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy.verify|verify} messages.
+                             * @function encodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IEgressPolicy} message EgressPolicy message or plain object to encode
+                             * @param {$protobuf.Writer} [writer] Writer to encode to
+                             * @returns {$protobuf.Writer} Writer
+                             */
+                            EgressPolicy.encodeDelimited = function encodeDelimited(message, writer) {
+                                return this.encode(message, writer).ldelim();
+                            };
+    
+                            /**
+                             * Decodes an EgressPolicy message from the specified reader or buffer.
+                             * @function decode
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @param {number} [length] Message length if known beforehand
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy} EgressPolicy
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            EgressPolicy.decode = function decode(reader, length) {
+                                if (!(reader instanceof $Reader))
+                                    reader = $Reader.create(reader);
+                                var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy();
+                                while (reader.pos < end) {
+                                    var tag = reader.uint32();
+                                    switch (tag >>> 3) {
+                                    case 1: {
+                                            message.egressFrom = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom.decode(reader, reader.uint32());
+                                            break;
+                                        }
+                                    case 2: {
+                                            message.egressTo = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo.decode(reader, reader.uint32());
+                                            break;
+                                        }
+                                    default:
+                                        reader.skipType(tag & 7);
+                                        break;
+                                    }
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Decodes an EgressPolicy message from the specified reader or buffer, length delimited.
+                             * @function decodeDelimited
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy
+                             * @static
+                             * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy} EgressPolicy
+                             * @throws {Error} If the payload is not a reader or valid buffer
+                             * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                             */
+                            EgressPolicy.decodeDelimited = function decodeDelimited(reader) {
+                                if (!(reader instanceof $Reader))
+                                    reader = new $Reader(reader);
+                                return this.decode(reader, reader.uint32());
+                            };
+    
+                            /**
+                             * Verifies an EgressPolicy message.
+                             * @function verify
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy
+                             * @static
+                             * @param {Object.<string,*>} message Plain object to verify
+                             * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                             */
+                            EgressPolicy.verify = function verify(message) {
+                                if (typeof message !== "object" || message === null)
+                                    return "object expected";
+                                if (message.egressFrom != null && message.hasOwnProperty("egressFrom")) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom.verify(message.egressFrom);
+                                    if (error)
+                                        return "egressFrom." + error;
+                                }
+                                if (message.egressTo != null && message.hasOwnProperty("egressTo")) {
+                                    var error = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo.verify(message.egressTo);
+                                    if (error)
+                                        return "egressTo." + error;
+                                }
+                                return null;
+                            };
+    
+                            /**
+                             * Creates an EgressPolicy message from a plain object. Also converts values to their respective internal types.
+                             * @function fromObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy
+                             * @static
+                             * @param {Object.<string,*>} object Plain object
+                             * @returns {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy} EgressPolicy
+                             */
+                            EgressPolicy.fromObject = function fromObject(object) {
+                                if (object instanceof $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy)
+                                    return object;
+                                var message = new $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy();
+                                if (object.egressFrom != null) {
+                                    if (typeof object.egressFrom !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy.egressFrom: object expected");
+                                    message.egressFrom = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom.fromObject(object.egressFrom);
+                                }
+                                if (object.egressTo != null) {
+                                    if (typeof object.egressTo !== "object")
+                                        throw TypeError(".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy.egressTo: object expected");
+                                    message.egressTo = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo.fromObject(object.egressTo);
+                                }
+                                return message;
+                            };
+    
+                            /**
+                             * Creates a plain object from an EgressPolicy message. Also converts values to other types if specified.
+                             * @function toObject
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy
+                             * @static
+                             * @param {google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy} message EgressPolicy
+                             * @param {$protobuf.IConversionOptions} [options] Conversion options
+                             * @returns {Object.<string,*>} Plain object
+                             */
+                            EgressPolicy.toObject = function toObject(message, options) {
+                                if (!options)
+                                    options = {};
+                                var object = {};
+                                if (options.defaults) {
+                                    object.egressFrom = null;
+                                    object.egressTo = null;
+                                }
+                                if (message.egressFrom != null && message.hasOwnProperty("egressFrom"))
+                                    object.egressFrom = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom.toObject(message.egressFrom, options);
+                                if (message.egressTo != null && message.hasOwnProperty("egressTo"))
+                                    object.egressTo = $root.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo.toObject(message.egressTo, options);
+                                return object;
+                            };
+    
+                            /**
+                             * Converts this EgressPolicy to JSON.
+                             * @function toJSON
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy
+                             * @instance
+                             * @returns {Object.<string,*>} JSON object
+                             */
+                            EgressPolicy.prototype.toJSON = function toJSON() {
+                                return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                            };
+    
+                            /**
+                             * Gets the default type url for EgressPolicy
+                             * @function getTypeUrl
+                             * @memberof google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy
+                             * @static
+                             * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                             * @returns {string} The default type url
+                             */
+                            EgressPolicy.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                                if (typeUrlPrefix === undefined) {
+                                    typeUrlPrefix = "type.googleapis.com";
+                                }
+                                return typeUrlPrefix + "/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy";
+                            };
+    
+                            return EgressPolicy;
+                        })();
+    
+                        return ServicePerimeterConfig;
+                    })();
+    
+                    return v1;
+                })();
+    
+                return accesscontextmanager;
+            })();
+    
+            return identity;
+        })();
+    
+        google.api = (function() {
+    
+            /**
+             * Namespace api.
+             * @memberof google
+             * @namespace
+             */
+            var api = {};
+    
+            api.Http = (function() {
+    
+                /**
+                 * Properties of a Http.
+                 * @memberof google.api
+                 * @interface IHttp
+                 * @property {Array.<google.api.IHttpRule>|null} [rules] Http rules
+                 * @property {boolean|null} [fullyDecodeReservedExpansion] Http fullyDecodeReservedExpansion
+                 */
+    
+                /**
+                 * Constructs a new Http.
+                 * @memberof google.api
+                 * @classdesc Represents a Http.
+                 * @implements IHttp
+                 * @constructor
+                 * @param {google.api.IHttp=} [properties] Properties to set
+                 */
+                function Http(properties) {
+                    this.rules = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * Http rules.
+                 * @member {Array.<google.api.IHttpRule>} rules
+                 * @memberof google.api.Http
+                 * @instance
+                 */
+                Http.prototype.rules = $util.emptyArray;
+    
+                /**
+                 * Http fullyDecodeReservedExpansion.
+                 * @member {boolean} fullyDecodeReservedExpansion
+                 * @memberof google.api.Http
+                 * @instance
+                 */
+                Http.prototype.fullyDecodeReservedExpansion = false;
+    
+                /**
+                 * Creates a new Http instance using the specified properties.
+                 * @function create
+                 * @memberof google.api.Http
+                 * @static
+                 * @param {google.api.IHttp=} [properties] Properties to set
+                 * @returns {google.api.Http} Http instance
+                 */
+                Http.create = function create(properties) {
+                    return new Http(properties);
+                };
+    
+                /**
+                 * Encodes the specified Http message. Does not implicitly {@link google.api.Http.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.api.Http
+                 * @static
+                 * @param {google.api.IHttp} message Http message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Http.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.rules != null && message.rules.length)
+                        for (var i = 0; i < message.rules.length; ++i)
+                            $root.google.api.HttpRule.encode(message.rules[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                    if (message.fullyDecodeReservedExpansion != null && Object.hasOwnProperty.call(message, "fullyDecodeReservedExpansion"))
+                        writer.uint32(/* id 2, wireType 0 =*/16).bool(message.fullyDecodeReservedExpansion);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified Http message, length delimited. Does not implicitly {@link google.api.Http.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.api.Http
+                 * @static
+                 * @param {google.api.IHttp} message Http message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Http.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a Http message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.api.Http
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.api.Http} Http
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Http.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.api.Http();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                if (!(message.rules && message.rules.length))
+                                    message.rules = [];
+                                message.rules.push($root.google.api.HttpRule.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 2: {
+                                message.fullyDecodeReservedExpansion = reader.bool();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a Http message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.api.Http
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.api.Http} Http
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Http.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a Http message.
+                 * @function verify
+                 * @memberof google.api.Http
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                Http.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.rules != null && message.hasOwnProperty("rules")) {
+                        if (!Array.isArray(message.rules))
+                            return "rules: array expected";
+                        for (var i = 0; i < message.rules.length; ++i) {
+                            var error = $root.google.api.HttpRule.verify(message.rules[i]);
+                            if (error)
+                                return "rules." + error;
+                        }
+                    }
+                    if (message.fullyDecodeReservedExpansion != null && message.hasOwnProperty("fullyDecodeReservedExpansion"))
+                        if (typeof message.fullyDecodeReservedExpansion !== "boolean")
+                            return "fullyDecodeReservedExpansion: boolean expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates a Http message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.api.Http
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.api.Http} Http
+                 */
+                Http.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.api.Http)
+                        return object;
+                    var message = new $root.google.api.Http();
+                    if (object.rules) {
+                        if (!Array.isArray(object.rules))
+                            throw TypeError(".google.api.Http.rules: array expected");
+                        message.rules = [];
+                        for (var i = 0; i < object.rules.length; ++i) {
+                            if (typeof object.rules[i] !== "object")
+                                throw TypeError(".google.api.Http.rules: object expected");
+                            message.rules[i] = $root.google.api.HttpRule.fromObject(object.rules[i]);
+                        }
+                    }
+                    if (object.fullyDecodeReservedExpansion != null)
+                        message.fullyDecodeReservedExpansion = Boolean(object.fullyDecodeReservedExpansion);
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a Http message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.api.Http
+                 * @static
+                 * @param {google.api.Http} message Http
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                Http.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.rules = [];
+                    if (options.defaults)
+                        object.fullyDecodeReservedExpansion = false;
+                    if (message.rules && message.rules.length) {
+                        object.rules = [];
+                        for (var j = 0; j < message.rules.length; ++j)
+                            object.rules[j] = $root.google.api.HttpRule.toObject(message.rules[j], options);
+                    }
+                    if (message.fullyDecodeReservedExpansion != null && message.hasOwnProperty("fullyDecodeReservedExpansion"))
+                        object.fullyDecodeReservedExpansion = message.fullyDecodeReservedExpansion;
+                    return object;
+                };
+    
+                /**
+                 * Converts this Http to JSON.
+                 * @function toJSON
+                 * @memberof google.api.Http
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                Http.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for Http
+                 * @function getTypeUrl
+                 * @memberof google.api.Http
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                Http.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.api.Http";
+                };
+    
+                return Http;
+            })();
+    
+            api.HttpRule = (function() {
+    
+                /**
+                 * Properties of a HttpRule.
+                 * @memberof google.api
+                 * @interface IHttpRule
+                 * @property {string|null} [selector] HttpRule selector
+                 * @property {string|null} [get] HttpRule get
+                 * @property {string|null} [put] HttpRule put
+                 * @property {string|null} [post] HttpRule post
+                 * @property {string|null} ["delete"] HttpRule delete
+                 * @property {string|null} [patch] HttpRule patch
+                 * @property {google.api.ICustomHttpPattern|null} [custom] HttpRule custom
+                 * @property {string|null} [body] HttpRule body
+                 * @property {string|null} [responseBody] HttpRule responseBody
+                 * @property {Array.<google.api.IHttpRule>|null} [additionalBindings] HttpRule additionalBindings
+                 */
+    
+                /**
+                 * Constructs a new HttpRule.
+                 * @memberof google.api
+                 * @classdesc Represents a HttpRule.
+                 * @implements IHttpRule
+                 * @constructor
+                 * @param {google.api.IHttpRule=} [properties] Properties to set
+                 */
+                function HttpRule(properties) {
+                    this.additionalBindings = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * HttpRule selector.
+                 * @member {string} selector
+                 * @memberof google.api.HttpRule
+                 * @instance
+                 */
+                HttpRule.prototype.selector = "";
+    
+                /**
+                 * HttpRule get.
+                 * @member {string|null|undefined} get
+                 * @memberof google.api.HttpRule
+                 * @instance
+                 */
+                HttpRule.prototype.get = null;
+    
+                /**
+                 * HttpRule put.
+                 * @member {string|null|undefined} put
+                 * @memberof google.api.HttpRule
+                 * @instance
+                 */
+                HttpRule.prototype.put = null;
+    
+                /**
+                 * HttpRule post.
+                 * @member {string|null|undefined} post
+                 * @memberof google.api.HttpRule
+                 * @instance
+                 */
+                HttpRule.prototype.post = null;
+    
+                /**
+                 * HttpRule delete.
+                 * @member {string|null|undefined} delete
+                 * @memberof google.api.HttpRule
+                 * @instance
+                 */
+                HttpRule.prototype["delete"] = null;
+    
+                /**
+                 * HttpRule patch.
+                 * @member {string|null|undefined} patch
+                 * @memberof google.api.HttpRule
+                 * @instance
+                 */
+                HttpRule.prototype.patch = null;
+    
+                /**
+                 * HttpRule custom.
+                 * @member {google.api.ICustomHttpPattern|null|undefined} custom
+                 * @memberof google.api.HttpRule
+                 * @instance
+                 */
+                HttpRule.prototype.custom = null;
+    
+                /**
+                 * HttpRule body.
+                 * @member {string} body
+                 * @memberof google.api.HttpRule
+                 * @instance
+                 */
+                HttpRule.prototype.body = "";
+    
+                /**
+                 * HttpRule responseBody.
+                 * @member {string} responseBody
+                 * @memberof google.api.HttpRule
+                 * @instance
+                 */
+                HttpRule.prototype.responseBody = "";
+    
+                /**
+                 * HttpRule additionalBindings.
+                 * @member {Array.<google.api.IHttpRule>} additionalBindings
+                 * @memberof google.api.HttpRule
+                 * @instance
+                 */
+                HttpRule.prototype.additionalBindings = $util.emptyArray;
+    
+                // OneOf field names bound to virtual getters and setters
+                var $oneOfFields;
+    
+                /**
+                 * HttpRule pattern.
+                 * @member {"get"|"put"|"post"|"delete"|"patch"|"custom"|undefined} pattern
+                 * @memberof google.api.HttpRule
+                 * @instance
+                 */
+                Object.defineProperty(HttpRule.prototype, "pattern", {
+                    get: $util.oneOfGetter($oneOfFields = ["get", "put", "post", "delete", "patch", "custom"]),
+                    set: $util.oneOfSetter($oneOfFields)
+                });
+    
+                /**
+                 * Creates a new HttpRule instance using the specified properties.
+                 * @function create
+                 * @memberof google.api.HttpRule
+                 * @static
+                 * @param {google.api.IHttpRule=} [properties] Properties to set
+                 * @returns {google.api.HttpRule} HttpRule instance
+                 */
+                HttpRule.create = function create(properties) {
+                    return new HttpRule(properties);
+                };
+    
+                /**
+                 * Encodes the specified HttpRule message. Does not implicitly {@link google.api.HttpRule.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.api.HttpRule
+                 * @static
+                 * @param {google.api.IHttpRule} message HttpRule message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                HttpRule.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.selector != null && Object.hasOwnProperty.call(message, "selector"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.selector);
+                    if (message.get != null && Object.hasOwnProperty.call(message, "get"))
+                        writer.uint32(/* id 2, wireType 2 =*/18).string(message.get);
+                    if (message.put != null && Object.hasOwnProperty.call(message, "put"))
+                        writer.uint32(/* id 3, wireType 2 =*/26).string(message.put);
+                    if (message.post != null && Object.hasOwnProperty.call(message, "post"))
+                        writer.uint32(/* id 4, wireType 2 =*/34).string(message.post);
+                    if (message["delete"] != null && Object.hasOwnProperty.call(message, "delete"))
+                        writer.uint32(/* id 5, wireType 2 =*/42).string(message["delete"]);
+                    if (message.patch != null && Object.hasOwnProperty.call(message, "patch"))
+                        writer.uint32(/* id 6, wireType 2 =*/50).string(message.patch);
+                    if (message.body != null && Object.hasOwnProperty.call(message, "body"))
+                        writer.uint32(/* id 7, wireType 2 =*/58).string(message.body);
+                    if (message.custom != null && Object.hasOwnProperty.call(message, "custom"))
+                        $root.google.api.CustomHttpPattern.encode(message.custom, writer.uint32(/* id 8, wireType 2 =*/66).fork()).ldelim();
+                    if (message.additionalBindings != null && message.additionalBindings.length)
+                        for (var i = 0; i < message.additionalBindings.length; ++i)
+                            $root.google.api.HttpRule.encode(message.additionalBindings[i], writer.uint32(/* id 11, wireType 2 =*/90).fork()).ldelim();
+                    if (message.responseBody != null && Object.hasOwnProperty.call(message, "responseBody"))
+                        writer.uint32(/* id 12, wireType 2 =*/98).string(message.responseBody);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified HttpRule message, length delimited. Does not implicitly {@link google.api.HttpRule.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.api.HttpRule
+                 * @static
+                 * @param {google.api.IHttpRule} message HttpRule message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                HttpRule.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a HttpRule message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.api.HttpRule
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.api.HttpRule} HttpRule
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                HttpRule.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.api.HttpRule();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.selector = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                message.get = reader.string();
+                                break;
+                            }
+                        case 3: {
+                                message.put = reader.string();
+                                break;
+                            }
+                        case 4: {
+                                message.post = reader.string();
+                                break;
+                            }
+                        case 5: {
+                                message["delete"] = reader.string();
+                                break;
+                            }
+                        case 6: {
+                                message.patch = reader.string();
+                                break;
+                            }
+                        case 8: {
+                                message.custom = $root.google.api.CustomHttpPattern.decode(reader, reader.uint32());
+                                break;
+                            }
+                        case 7: {
+                                message.body = reader.string();
+                                break;
+                            }
+                        case 12: {
+                                message.responseBody = reader.string();
+                                break;
+                            }
+                        case 11: {
+                                if (!(message.additionalBindings && message.additionalBindings.length))
+                                    message.additionalBindings = [];
+                                message.additionalBindings.push($root.google.api.HttpRule.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a HttpRule message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.api.HttpRule
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.api.HttpRule} HttpRule
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                HttpRule.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a HttpRule message.
+                 * @function verify
+                 * @memberof google.api.HttpRule
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                HttpRule.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    var properties = {};
+                    if (message.selector != null && message.hasOwnProperty("selector"))
+                        if (!$util.isString(message.selector))
+                            return "selector: string expected";
+                    if (message.get != null && message.hasOwnProperty("get")) {
+                        properties.pattern = 1;
+                        if (!$util.isString(message.get))
+                            return "get: string expected";
+                    }
+                    if (message.put != null && message.hasOwnProperty("put")) {
+                        if (properties.pattern === 1)
+                            return "pattern: multiple values";
+                        properties.pattern = 1;
+                        if (!$util.isString(message.put))
+                            return "put: string expected";
+                    }
+                    if (message.post != null && message.hasOwnProperty("post")) {
+                        if (properties.pattern === 1)
+                            return "pattern: multiple values";
+                        properties.pattern = 1;
+                        if (!$util.isString(message.post))
+                            return "post: string expected";
+                    }
+                    if (message["delete"] != null && message.hasOwnProperty("delete")) {
+                        if (properties.pattern === 1)
+                            return "pattern: multiple values";
+                        properties.pattern = 1;
+                        if (!$util.isString(message["delete"]))
+                            return "delete: string expected";
+                    }
+                    if (message.patch != null && message.hasOwnProperty("patch")) {
+                        if (properties.pattern === 1)
+                            return "pattern: multiple values";
+                        properties.pattern = 1;
+                        if (!$util.isString(message.patch))
+                            return "patch: string expected";
+                    }
+                    if (message.custom != null && message.hasOwnProperty("custom")) {
+                        if (properties.pattern === 1)
+                            return "pattern: multiple values";
+                        properties.pattern = 1;
+                        {
+                            var error = $root.google.api.CustomHttpPattern.verify(message.custom);
+                            if (error)
+                                return "custom." + error;
+                        }
+                    }
+                    if (message.body != null && message.hasOwnProperty("body"))
+                        if (!$util.isString(message.body))
+                            return "body: string expected";
+                    if (message.responseBody != null && message.hasOwnProperty("responseBody"))
+                        if (!$util.isString(message.responseBody))
+                            return "responseBody: string expected";
+                    if (message.additionalBindings != null && message.hasOwnProperty("additionalBindings")) {
+                        if (!Array.isArray(message.additionalBindings))
+                            return "additionalBindings: array expected";
+                        for (var i = 0; i < message.additionalBindings.length; ++i) {
+                            var error = $root.google.api.HttpRule.verify(message.additionalBindings[i]);
+                            if (error)
+                                return "additionalBindings." + error;
+                        }
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates a HttpRule message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.api.HttpRule
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.api.HttpRule} HttpRule
+                 */
+                HttpRule.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.api.HttpRule)
+                        return object;
+                    var message = new $root.google.api.HttpRule();
+                    if (object.selector != null)
+                        message.selector = String(object.selector);
+                    if (object.get != null)
+                        message.get = String(object.get);
+                    if (object.put != null)
+                        message.put = String(object.put);
+                    if (object.post != null)
+                        message.post = String(object.post);
+                    if (object["delete"] != null)
+                        message["delete"] = String(object["delete"]);
+                    if (object.patch != null)
+                        message.patch = String(object.patch);
+                    if (object.custom != null) {
+                        if (typeof object.custom !== "object")
+                            throw TypeError(".google.api.HttpRule.custom: object expected");
+                        message.custom = $root.google.api.CustomHttpPattern.fromObject(object.custom);
+                    }
+                    if (object.body != null)
+                        message.body = String(object.body);
+                    if (object.responseBody != null)
+                        message.responseBody = String(object.responseBody);
+                    if (object.additionalBindings) {
+                        if (!Array.isArray(object.additionalBindings))
+                            throw TypeError(".google.api.HttpRule.additionalBindings: array expected");
+                        message.additionalBindings = [];
+                        for (var i = 0; i < object.additionalBindings.length; ++i) {
+                            if (typeof object.additionalBindings[i] !== "object")
+                                throw TypeError(".google.api.HttpRule.additionalBindings: object expected");
+                            message.additionalBindings[i] = $root.google.api.HttpRule.fromObject(object.additionalBindings[i]);
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a HttpRule message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.api.HttpRule
+                 * @static
+                 * @param {google.api.HttpRule} message HttpRule
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                HttpRule.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.additionalBindings = [];
+                    if (options.defaults) {
+                        object.selector = "";
+                        object.body = "";
+                        object.responseBody = "";
+                    }
+                    if (message.selector != null && message.hasOwnProperty("selector"))
+                        object.selector = message.selector;
+                    if (message.get != null && message.hasOwnProperty("get")) {
+                        object.get = message.get;
+                        if (options.oneofs)
+                            object.pattern = "get";
+                    }
+                    if (message.put != null && message.hasOwnProperty("put")) {
+                        object.put = message.put;
+                        if (options.oneofs)
+                            object.pattern = "put";
+                    }
+                    if (message.post != null && message.hasOwnProperty("post")) {
+                        object.post = message.post;
+                        if (options.oneofs)
+                            object.pattern = "post";
+                    }
+                    if (message["delete"] != null && message.hasOwnProperty("delete")) {
+                        object["delete"] = message["delete"];
+                        if (options.oneofs)
+                            object.pattern = "delete";
+                    }
+                    if (message.patch != null && message.hasOwnProperty("patch")) {
+                        object.patch = message.patch;
+                        if (options.oneofs)
+                            object.pattern = "patch";
+                    }
+                    if (message.body != null && message.hasOwnProperty("body"))
+                        object.body = message.body;
+                    if (message.custom != null && message.hasOwnProperty("custom")) {
+                        object.custom = $root.google.api.CustomHttpPattern.toObject(message.custom, options);
+                        if (options.oneofs)
+                            object.pattern = "custom";
+                    }
+                    if (message.additionalBindings && message.additionalBindings.length) {
+                        object.additionalBindings = [];
+                        for (var j = 0; j < message.additionalBindings.length; ++j)
+                            object.additionalBindings[j] = $root.google.api.HttpRule.toObject(message.additionalBindings[j], options);
+                    }
+                    if (message.responseBody != null && message.hasOwnProperty("responseBody"))
+                        object.responseBody = message.responseBody;
+                    return object;
+                };
+    
+                /**
+                 * Converts this HttpRule to JSON.
+                 * @function toJSON
+                 * @memberof google.api.HttpRule
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                HttpRule.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for HttpRule
+                 * @function getTypeUrl
+                 * @memberof google.api.HttpRule
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                HttpRule.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.api.HttpRule";
+                };
+    
+                return HttpRule;
+            })();
+    
+            api.CustomHttpPattern = (function() {
+    
+                /**
+                 * Properties of a CustomHttpPattern.
+                 * @memberof google.api
+                 * @interface ICustomHttpPattern
+                 * @property {string|null} [kind] CustomHttpPattern kind
+                 * @property {string|null} [path] CustomHttpPattern path
+                 */
+    
+                /**
+                 * Constructs a new CustomHttpPattern.
+                 * @memberof google.api
+                 * @classdesc Represents a CustomHttpPattern.
+                 * @implements ICustomHttpPattern
+                 * @constructor
+                 * @param {google.api.ICustomHttpPattern=} [properties] Properties to set
+                 */
+                function CustomHttpPattern(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * CustomHttpPattern kind.
+                 * @member {string} kind
+                 * @memberof google.api.CustomHttpPattern
+                 * @instance
+                 */
+                CustomHttpPattern.prototype.kind = "";
+    
+                /**
+                 * CustomHttpPattern path.
+                 * @member {string} path
+                 * @memberof google.api.CustomHttpPattern
+                 * @instance
+                 */
+                CustomHttpPattern.prototype.path = "";
+    
+                /**
+                 * Creates a new CustomHttpPattern instance using the specified properties.
+                 * @function create
+                 * @memberof google.api.CustomHttpPattern
+                 * @static
+                 * @param {google.api.ICustomHttpPattern=} [properties] Properties to set
+                 * @returns {google.api.CustomHttpPattern} CustomHttpPattern instance
+                 */
+                CustomHttpPattern.create = function create(properties) {
+                    return new CustomHttpPattern(properties);
+                };
+    
+                /**
+                 * Encodes the specified CustomHttpPattern message. Does not implicitly {@link google.api.CustomHttpPattern.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.api.CustomHttpPattern
+                 * @static
+                 * @param {google.api.ICustomHttpPattern} message CustomHttpPattern message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                CustomHttpPattern.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.kind != null && Object.hasOwnProperty.call(message, "kind"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.kind);
+                    if (message.path != null && Object.hasOwnProperty.call(message, "path"))
+                        writer.uint32(/* id 2, wireType 2 =*/18).string(message.path);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified CustomHttpPattern message, length delimited. Does not implicitly {@link google.api.CustomHttpPattern.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.api.CustomHttpPattern
+                 * @static
+                 * @param {google.api.ICustomHttpPattern} message CustomHttpPattern message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                CustomHttpPattern.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a CustomHttpPattern message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.api.CustomHttpPattern
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.api.CustomHttpPattern} CustomHttpPattern
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                CustomHttpPattern.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.api.CustomHttpPattern();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.kind = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                message.path = reader.string();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a CustomHttpPattern message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.api.CustomHttpPattern
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.api.CustomHttpPattern} CustomHttpPattern
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                CustomHttpPattern.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a CustomHttpPattern message.
+                 * @function verify
+                 * @memberof google.api.CustomHttpPattern
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                CustomHttpPattern.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.kind != null && message.hasOwnProperty("kind"))
+                        if (!$util.isString(message.kind))
+                            return "kind: string expected";
+                    if (message.path != null && message.hasOwnProperty("path"))
+                        if (!$util.isString(message.path))
+                            return "path: string expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates a CustomHttpPattern message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.api.CustomHttpPattern
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.api.CustomHttpPattern} CustomHttpPattern
+                 */
+                CustomHttpPattern.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.api.CustomHttpPattern)
+                        return object;
+                    var message = new $root.google.api.CustomHttpPattern();
+                    if (object.kind != null)
+                        message.kind = String(object.kind);
+                    if (object.path != null)
+                        message.path = String(object.path);
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a CustomHttpPattern message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.api.CustomHttpPattern
+                 * @static
+                 * @param {google.api.CustomHttpPattern} message CustomHttpPattern
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                CustomHttpPattern.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults) {
+                        object.kind = "";
+                        object.path = "";
+                    }
+                    if (message.kind != null && message.hasOwnProperty("kind"))
+                        object.kind = message.kind;
+                    if (message.path != null && message.hasOwnProperty("path"))
+                        object.path = message.path;
+                    return object;
+                };
+    
+                /**
+                 * Converts this CustomHttpPattern to JSON.
+                 * @function toJSON
+                 * @memberof google.api.CustomHttpPattern
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                CustomHttpPattern.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for CustomHttpPattern
+                 * @function getTypeUrl
+                 * @memberof google.api.CustomHttpPattern
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                CustomHttpPattern.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.api.CustomHttpPattern";
+                };
+    
+                return CustomHttpPattern;
+            })();
+    
+            /**
+             * FieldBehavior enum.
+             * @name google.api.FieldBehavior
+             * @enum {number}
+             * @property {number} FIELD_BEHAVIOR_UNSPECIFIED=0 FIELD_BEHAVIOR_UNSPECIFIED value
+             * @property {number} OPTIONAL=1 OPTIONAL value
+             * @property {number} REQUIRED=2 REQUIRED value
+             * @property {number} OUTPUT_ONLY=3 OUTPUT_ONLY value
+             * @property {number} INPUT_ONLY=4 INPUT_ONLY value
+             * @property {number} IMMUTABLE=5 IMMUTABLE value
+             * @property {number} UNORDERED_LIST=6 UNORDERED_LIST value
+             * @property {number} NON_EMPTY_DEFAULT=7 NON_EMPTY_DEFAULT value
+             */
+            api.FieldBehavior = (function() {
+                var valuesById = {}, values = Object.create(valuesById);
+                values[valuesById[0] = "FIELD_BEHAVIOR_UNSPECIFIED"] = 0;
+                values[valuesById[1] = "OPTIONAL"] = 1;
+                values[valuesById[2] = "REQUIRED"] = 2;
+                values[valuesById[3] = "OUTPUT_ONLY"] = 3;
+                values[valuesById[4] = "INPUT_ONLY"] = 4;
+                values[valuesById[5] = "IMMUTABLE"] = 5;
+                values[valuesById[6] = "UNORDERED_LIST"] = 6;
+                values[valuesById[7] = "NON_EMPTY_DEFAULT"] = 7;
+                return values;
+            })();
+    
+            api.ResourceDescriptor = (function() {
+    
+                /**
+                 * Properties of a ResourceDescriptor.
+                 * @memberof google.api
+                 * @interface IResourceDescriptor
+                 * @property {string|null} [type] ResourceDescriptor type
+                 * @property {Array.<string>|null} [pattern] ResourceDescriptor pattern
+                 * @property {string|null} [nameField] ResourceDescriptor nameField
+                 * @property {google.api.ResourceDescriptor.History|null} [history] ResourceDescriptor history
+                 * @property {string|null} [plural] ResourceDescriptor plural
+                 * @property {string|null} [singular] ResourceDescriptor singular
+                 * @property {Array.<google.api.ResourceDescriptor.Style>|null} [style] ResourceDescriptor style
+                 */
+    
+                /**
+                 * Constructs a new ResourceDescriptor.
+                 * @memberof google.api
+                 * @classdesc Represents a ResourceDescriptor.
+                 * @implements IResourceDescriptor
+                 * @constructor
+                 * @param {google.api.IResourceDescriptor=} [properties] Properties to set
+                 */
+                function ResourceDescriptor(properties) {
+                    this.pattern = [];
+                    this.style = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * ResourceDescriptor type.
+                 * @member {string} type
+                 * @memberof google.api.ResourceDescriptor
+                 * @instance
+                 */
+                ResourceDescriptor.prototype.type = "";
+    
+                /**
+                 * ResourceDescriptor pattern.
+                 * @member {Array.<string>} pattern
+                 * @memberof google.api.ResourceDescriptor
+                 * @instance
+                 */
+                ResourceDescriptor.prototype.pattern = $util.emptyArray;
+    
+                /**
+                 * ResourceDescriptor nameField.
+                 * @member {string} nameField
+                 * @memberof google.api.ResourceDescriptor
+                 * @instance
+                 */
+                ResourceDescriptor.prototype.nameField = "";
+    
+                /**
+                 * ResourceDescriptor history.
+                 * @member {google.api.ResourceDescriptor.History} history
+                 * @memberof google.api.ResourceDescriptor
+                 * @instance
+                 */
+                ResourceDescriptor.prototype.history = 0;
+    
+                /**
+                 * ResourceDescriptor plural.
+                 * @member {string} plural
+                 * @memberof google.api.ResourceDescriptor
+                 * @instance
+                 */
+                ResourceDescriptor.prototype.plural = "";
+    
+                /**
+                 * ResourceDescriptor singular.
+                 * @member {string} singular
+                 * @memberof google.api.ResourceDescriptor
+                 * @instance
+                 */
+                ResourceDescriptor.prototype.singular = "";
+    
+                /**
+                 * ResourceDescriptor style.
+                 * @member {Array.<google.api.ResourceDescriptor.Style>} style
+                 * @memberof google.api.ResourceDescriptor
+                 * @instance
+                 */
+                ResourceDescriptor.prototype.style = $util.emptyArray;
+    
+                /**
+                 * Creates a new ResourceDescriptor instance using the specified properties.
+                 * @function create
+                 * @memberof google.api.ResourceDescriptor
+                 * @static
+                 * @param {google.api.IResourceDescriptor=} [properties] Properties to set
+                 * @returns {google.api.ResourceDescriptor} ResourceDescriptor instance
+                 */
+                ResourceDescriptor.create = function create(properties) {
+                    return new ResourceDescriptor(properties);
+                };
+    
+                /**
+                 * Encodes the specified ResourceDescriptor message. Does not implicitly {@link google.api.ResourceDescriptor.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.api.ResourceDescriptor
+                 * @static
+                 * @param {google.api.IResourceDescriptor} message ResourceDescriptor message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                ResourceDescriptor.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.type != null && Object.hasOwnProperty.call(message, "type"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.type);
+                    if (message.pattern != null && message.pattern.length)
+                        for (var i = 0; i < message.pattern.length; ++i)
+                            writer.uint32(/* id 2, wireType 2 =*/18).string(message.pattern[i]);
+                    if (message.nameField != null && Object.hasOwnProperty.call(message, "nameField"))
+                        writer.uint32(/* id 3, wireType 2 =*/26).string(message.nameField);
+                    if (message.history != null && Object.hasOwnProperty.call(message, "history"))
+                        writer.uint32(/* id 4, wireType 0 =*/32).int32(message.history);
+                    if (message.plural != null && Object.hasOwnProperty.call(message, "plural"))
+                        writer.uint32(/* id 5, wireType 2 =*/42).string(message.plural);
+                    if (message.singular != null && Object.hasOwnProperty.call(message, "singular"))
+                        writer.uint32(/* id 6, wireType 2 =*/50).string(message.singular);
+                    if (message.style != null && message.style.length) {
+                        writer.uint32(/* id 10, wireType 2 =*/82).fork();
+                        for (var i = 0; i < message.style.length; ++i)
+                            writer.int32(message.style[i]);
+                        writer.ldelim();
+                    }
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified ResourceDescriptor message, length delimited. Does not implicitly {@link google.api.ResourceDescriptor.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.api.ResourceDescriptor
+                 * @static
+                 * @param {google.api.IResourceDescriptor} message ResourceDescriptor message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                ResourceDescriptor.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a ResourceDescriptor message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.api.ResourceDescriptor
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.api.ResourceDescriptor} ResourceDescriptor
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                ResourceDescriptor.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.api.ResourceDescriptor();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.type = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                if (!(message.pattern && message.pattern.length))
+                                    message.pattern = [];
+                                message.pattern.push(reader.string());
+                                break;
+                            }
+                        case 3: {
+                                message.nameField = reader.string();
+                                break;
+                            }
+                        case 4: {
+                                message.history = reader.int32();
+                                break;
+                            }
+                        case 5: {
+                                message.plural = reader.string();
+                                break;
+                            }
+                        case 6: {
+                                message.singular = reader.string();
+                                break;
+                            }
+                        case 10: {
+                                if (!(message.style && message.style.length))
+                                    message.style = [];
+                                if ((tag & 7) === 2) {
+                                    var end2 = reader.uint32() + reader.pos;
+                                    while (reader.pos < end2)
+                                        message.style.push(reader.int32());
+                                } else
+                                    message.style.push(reader.int32());
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a ResourceDescriptor message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.api.ResourceDescriptor
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.api.ResourceDescriptor} ResourceDescriptor
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                ResourceDescriptor.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a ResourceDescriptor message.
+                 * @function verify
+                 * @memberof google.api.ResourceDescriptor
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                ResourceDescriptor.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.type != null && message.hasOwnProperty("type"))
+                        if (!$util.isString(message.type))
+                            return "type: string expected";
+                    if (message.pattern != null && message.hasOwnProperty("pattern")) {
+                        if (!Array.isArray(message.pattern))
+                            return "pattern: array expected";
+                        for (var i = 0; i < message.pattern.length; ++i)
+                            if (!$util.isString(message.pattern[i]))
+                                return "pattern: string[] expected";
+                    }
+                    if (message.nameField != null && message.hasOwnProperty("nameField"))
+                        if (!$util.isString(message.nameField))
+                            return "nameField: string expected";
+                    if (message.history != null && message.hasOwnProperty("history"))
+                        switch (message.history) {
+                        default:
+                            return "history: enum value expected";
+                        case 0:
+                        case 1:
+                        case 2:
+                            break;
+                        }
+                    if (message.plural != null && message.hasOwnProperty("plural"))
+                        if (!$util.isString(message.plural))
+                            return "plural: string expected";
+                    if (message.singular != null && message.hasOwnProperty("singular"))
+                        if (!$util.isString(message.singular))
+                            return "singular: string expected";
+                    if (message.style != null && message.hasOwnProperty("style")) {
+                        if (!Array.isArray(message.style))
+                            return "style: array expected";
+                        for (var i = 0; i < message.style.length; ++i)
+                            switch (message.style[i]) {
+                            default:
+                                return "style: enum value[] expected";
+                            case 0:
+                            case 1:
+                                break;
+                            }
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates a ResourceDescriptor message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.api.ResourceDescriptor
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.api.ResourceDescriptor} ResourceDescriptor
+                 */
+                ResourceDescriptor.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.api.ResourceDescriptor)
+                        return object;
+                    var message = new $root.google.api.ResourceDescriptor();
+                    if (object.type != null)
+                        message.type = String(object.type);
+                    if (object.pattern) {
+                        if (!Array.isArray(object.pattern))
+                            throw TypeError(".google.api.ResourceDescriptor.pattern: array expected");
+                        message.pattern = [];
+                        for (var i = 0; i < object.pattern.length; ++i)
+                            message.pattern[i] = String(object.pattern[i]);
+                    }
+                    if (object.nameField != null)
+                        message.nameField = String(object.nameField);
+                    switch (object.history) {
+                    default:
+                        if (typeof object.history === "number") {
+                            message.history = object.history;
+                            break;
+                        }
+                        break;
+                    case "HISTORY_UNSPECIFIED":
+                    case 0:
+                        message.history = 0;
+                        break;
+                    case "ORIGINALLY_SINGLE_PATTERN":
+                    case 1:
+                        message.history = 1;
+                        break;
+                    case "FUTURE_MULTI_PATTERN":
+                    case 2:
+                        message.history = 2;
+                        break;
+                    }
+                    if (object.plural != null)
+                        message.plural = String(object.plural);
+                    if (object.singular != null)
+                        message.singular = String(object.singular);
+                    if (object.style) {
+                        if (!Array.isArray(object.style))
+                            throw TypeError(".google.api.ResourceDescriptor.style: array expected");
+                        message.style = [];
+                        for (var i = 0; i < object.style.length; ++i)
+                            switch (object.style[i]) {
+                            default:
+                                if (typeof object.style[i] === "number") {
+                                    message.style[i] = object.style[i];
+                                    break;
+                                }
+                            case "STYLE_UNSPECIFIED":
+                            case 0:
+                                message.style[i] = 0;
+                                break;
+                            case "DECLARATIVE_FRIENDLY":
+                            case 1:
+                                message.style[i] = 1;
+                                break;
+                            }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a ResourceDescriptor message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.api.ResourceDescriptor
+                 * @static
+                 * @param {google.api.ResourceDescriptor} message ResourceDescriptor
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                ResourceDescriptor.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults) {
+                        object.pattern = [];
+                        object.style = [];
+                    }
+                    if (options.defaults) {
+                        object.type = "";
+                        object.nameField = "";
+                        object.history = options.enums === String ? "HISTORY_UNSPECIFIED" : 0;
+                        object.plural = "";
+                        object.singular = "";
+                    }
+                    if (message.type != null && message.hasOwnProperty("type"))
+                        object.type = message.type;
+                    if (message.pattern && message.pattern.length) {
+                        object.pattern = [];
+                        for (var j = 0; j < message.pattern.length; ++j)
+                            object.pattern[j] = message.pattern[j];
+                    }
+                    if (message.nameField != null && message.hasOwnProperty("nameField"))
+                        object.nameField = message.nameField;
+                    if (message.history != null && message.hasOwnProperty("history"))
+                        object.history = options.enums === String ? $root.google.api.ResourceDescriptor.History[message.history] === undefined ? message.history : $root.google.api.ResourceDescriptor.History[message.history] : message.history;
+                    if (message.plural != null && message.hasOwnProperty("plural"))
+                        object.plural = message.plural;
+                    if (message.singular != null && message.hasOwnProperty("singular"))
+                        object.singular = message.singular;
+                    if (message.style && message.style.length) {
+                        object.style = [];
+                        for (var j = 0; j < message.style.length; ++j)
+                            object.style[j] = options.enums === String ? $root.google.api.ResourceDescriptor.Style[message.style[j]] === undefined ? message.style[j] : $root.google.api.ResourceDescriptor.Style[message.style[j]] : message.style[j];
+                    }
+                    return object;
+                };
+    
+                /**
+                 * Converts this ResourceDescriptor to JSON.
+                 * @function toJSON
+                 * @memberof google.api.ResourceDescriptor
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                ResourceDescriptor.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for ResourceDescriptor
+                 * @function getTypeUrl
+                 * @memberof google.api.ResourceDescriptor
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                ResourceDescriptor.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.api.ResourceDescriptor";
+                };
+    
+                /**
+                 * History enum.
+                 * @name google.api.ResourceDescriptor.History
+                 * @enum {number}
+                 * @property {number} HISTORY_UNSPECIFIED=0 HISTORY_UNSPECIFIED value
+                 * @property {number} ORIGINALLY_SINGLE_PATTERN=1 ORIGINALLY_SINGLE_PATTERN value
+                 * @property {number} FUTURE_MULTI_PATTERN=2 FUTURE_MULTI_PATTERN value
+                 */
+                ResourceDescriptor.History = (function() {
+                    var valuesById = {}, values = Object.create(valuesById);
+                    values[valuesById[0] = "HISTORY_UNSPECIFIED"] = 0;
+                    values[valuesById[1] = "ORIGINALLY_SINGLE_PATTERN"] = 1;
+                    values[valuesById[2] = "FUTURE_MULTI_PATTERN"] = 2;
+                    return values;
+                })();
+    
+                /**
+                 * Style enum.
+                 * @name google.api.ResourceDescriptor.Style
+                 * @enum {number}
+                 * @property {number} STYLE_UNSPECIFIED=0 STYLE_UNSPECIFIED value
+                 * @property {number} DECLARATIVE_FRIENDLY=1 DECLARATIVE_FRIENDLY value
+                 */
+                ResourceDescriptor.Style = (function() {
+                    var valuesById = {}, values = Object.create(valuesById);
+                    values[valuesById[0] = "STYLE_UNSPECIFIED"] = 0;
+                    values[valuesById[1] = "DECLARATIVE_FRIENDLY"] = 1;
+                    return values;
+                })();
+    
+                return ResourceDescriptor;
+            })();
+    
+            api.ResourceReference = (function() {
+    
+                /**
+                 * Properties of a ResourceReference.
+                 * @memberof google.api
+                 * @interface IResourceReference
+                 * @property {string|null} [type] ResourceReference type
+                 * @property {string|null} [childType] ResourceReference childType
+                 */
+    
+                /**
+                 * Constructs a new ResourceReference.
+                 * @memberof google.api
+                 * @classdesc Represents a ResourceReference.
+                 * @implements IResourceReference
+                 * @constructor
+                 * @param {google.api.IResourceReference=} [properties] Properties to set
+                 */
+                function ResourceReference(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * ResourceReference type.
+                 * @member {string} type
+                 * @memberof google.api.ResourceReference
+                 * @instance
+                 */
+                ResourceReference.prototype.type = "";
+    
+                /**
+                 * ResourceReference childType.
+                 * @member {string} childType
+                 * @memberof google.api.ResourceReference
+                 * @instance
+                 */
+                ResourceReference.prototype.childType = "";
+    
+                /**
+                 * Creates a new ResourceReference instance using the specified properties.
+                 * @function create
+                 * @memberof google.api.ResourceReference
+                 * @static
+                 * @param {google.api.IResourceReference=} [properties] Properties to set
+                 * @returns {google.api.ResourceReference} ResourceReference instance
+                 */
+                ResourceReference.create = function create(properties) {
+                    return new ResourceReference(properties);
+                };
+    
+                /**
+                 * Encodes the specified ResourceReference message. Does not implicitly {@link google.api.ResourceReference.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.api.ResourceReference
+                 * @static
+                 * @param {google.api.IResourceReference} message ResourceReference message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                ResourceReference.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.type != null && Object.hasOwnProperty.call(message, "type"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.type);
+                    if (message.childType != null && Object.hasOwnProperty.call(message, "childType"))
+                        writer.uint32(/* id 2, wireType 2 =*/18).string(message.childType);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified ResourceReference message, length delimited. Does not implicitly {@link google.api.ResourceReference.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.api.ResourceReference
+                 * @static
+                 * @param {google.api.IResourceReference} message ResourceReference message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                ResourceReference.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a ResourceReference message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.api.ResourceReference
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.api.ResourceReference} ResourceReference
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                ResourceReference.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.api.ResourceReference();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.type = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                message.childType = reader.string();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a ResourceReference message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.api.ResourceReference
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.api.ResourceReference} ResourceReference
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                ResourceReference.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a ResourceReference message.
+                 * @function verify
+                 * @memberof google.api.ResourceReference
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                ResourceReference.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.type != null && message.hasOwnProperty("type"))
+                        if (!$util.isString(message.type))
+                            return "type: string expected";
+                    if (message.childType != null && message.hasOwnProperty("childType"))
+                        if (!$util.isString(message.childType))
+                            return "childType: string expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates a ResourceReference message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.api.ResourceReference
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.api.ResourceReference} ResourceReference
+                 */
+                ResourceReference.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.api.ResourceReference)
+                        return object;
+                    var message = new $root.google.api.ResourceReference();
+                    if (object.type != null)
+                        message.type = String(object.type);
+                    if (object.childType != null)
+                        message.childType = String(object.childType);
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a ResourceReference message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.api.ResourceReference
+                 * @static
+                 * @param {google.api.ResourceReference} message ResourceReference
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                ResourceReference.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults) {
+                        object.type = "";
+                        object.childType = "";
+                    }
+                    if (message.type != null && message.hasOwnProperty("type"))
+                        object.type = message.type;
+                    if (message.childType != null && message.hasOwnProperty("childType"))
+                        object.childType = message.childType;
+                    return object;
+                };
+    
+                /**
+                 * Converts this ResourceReference to JSON.
+                 * @function toJSON
+                 * @memberof google.api.ResourceReference
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                ResourceReference.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for ResourceReference
+                 * @function getTypeUrl
+                 * @memberof google.api.ResourceReference
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                ResourceReference.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.api.ResourceReference";
+                };
+    
+                return ResourceReference;
+            })();
+    
+            return api;
+        })();
+    
+        google.protobuf = (function() {
+    
+            /**
+             * Namespace protobuf.
+             * @memberof google
+             * @namespace
+             */
+            var protobuf = {};
+    
+            protobuf.FileDescriptorSet = (function() {
+    
+                /**
+                 * Properties of a FileDescriptorSet.
+                 * @memberof google.protobuf
+                 * @interface IFileDescriptorSet
+                 * @property {Array.<google.protobuf.IFileDescriptorProto>|null} [file] FileDescriptorSet file
+                 */
+    
+                /**
+                 * Constructs a new FileDescriptorSet.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a FileDescriptorSet.
+                 * @implements IFileDescriptorSet
+                 * @constructor
+                 * @param {google.protobuf.IFileDescriptorSet=} [properties] Properties to set
+                 */
+                function FileDescriptorSet(properties) {
+                    this.file = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * FileDescriptorSet file.
+                 * @member {Array.<google.protobuf.IFileDescriptorProto>} file
+                 * @memberof google.protobuf.FileDescriptorSet
+                 * @instance
+                 */
+                FileDescriptorSet.prototype.file = $util.emptyArray;
+    
+                /**
+                 * Creates a new FileDescriptorSet instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.FileDescriptorSet
+                 * @static
+                 * @param {google.protobuf.IFileDescriptorSet=} [properties] Properties to set
+                 * @returns {google.protobuf.FileDescriptorSet} FileDescriptorSet instance
+                 */
+                FileDescriptorSet.create = function create(properties) {
+                    return new FileDescriptorSet(properties);
+                };
+    
+                /**
+                 * Encodes the specified FileDescriptorSet message. Does not implicitly {@link google.protobuf.FileDescriptorSet.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.FileDescriptorSet
+                 * @static
+                 * @param {google.protobuf.IFileDescriptorSet} message FileDescriptorSet message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                FileDescriptorSet.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.file != null && message.file.length)
+                        for (var i = 0; i < message.file.length; ++i)
+                            $root.google.protobuf.FileDescriptorProto.encode(message.file[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified FileDescriptorSet message, length delimited. Does not implicitly {@link google.protobuf.FileDescriptorSet.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.FileDescriptorSet
+                 * @static
+                 * @param {google.protobuf.IFileDescriptorSet} message FileDescriptorSet message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                FileDescriptorSet.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a FileDescriptorSet message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.FileDescriptorSet
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.FileDescriptorSet} FileDescriptorSet
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                FileDescriptorSet.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.FileDescriptorSet();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                if (!(message.file && message.file.length))
+                                    message.file = [];
+                                message.file.push($root.google.protobuf.FileDescriptorProto.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a FileDescriptorSet message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.FileDescriptorSet
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.FileDescriptorSet} FileDescriptorSet
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                FileDescriptorSet.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a FileDescriptorSet message.
+                 * @function verify
+                 * @memberof google.protobuf.FileDescriptorSet
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                FileDescriptorSet.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.file != null && message.hasOwnProperty("file")) {
+                        if (!Array.isArray(message.file))
+                            return "file: array expected";
+                        for (var i = 0; i < message.file.length; ++i) {
+                            var error = $root.google.protobuf.FileDescriptorProto.verify(message.file[i]);
+                            if (error)
+                                return "file." + error;
+                        }
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates a FileDescriptorSet message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.FileDescriptorSet
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.FileDescriptorSet} FileDescriptorSet
+                 */
+                FileDescriptorSet.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.FileDescriptorSet)
+                        return object;
+                    var message = new $root.google.protobuf.FileDescriptorSet();
+                    if (object.file) {
+                        if (!Array.isArray(object.file))
+                            throw TypeError(".google.protobuf.FileDescriptorSet.file: array expected");
+                        message.file = [];
+                        for (var i = 0; i < object.file.length; ++i) {
+                            if (typeof object.file[i] !== "object")
+                                throw TypeError(".google.protobuf.FileDescriptorSet.file: object expected");
+                            message.file[i] = $root.google.protobuf.FileDescriptorProto.fromObject(object.file[i]);
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a FileDescriptorSet message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.FileDescriptorSet
+                 * @static
+                 * @param {google.protobuf.FileDescriptorSet} message FileDescriptorSet
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                FileDescriptorSet.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.file = [];
+                    if (message.file && message.file.length) {
+                        object.file = [];
+                        for (var j = 0; j < message.file.length; ++j)
+                            object.file[j] = $root.google.protobuf.FileDescriptorProto.toObject(message.file[j], options);
+                    }
+                    return object;
+                };
+    
+                /**
+                 * Converts this FileDescriptorSet to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.FileDescriptorSet
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                FileDescriptorSet.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for FileDescriptorSet
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.FileDescriptorSet
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                FileDescriptorSet.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.FileDescriptorSet";
+                };
+    
+                return FileDescriptorSet;
+            })();
+    
+            protobuf.FileDescriptorProto = (function() {
+    
+                /**
+                 * Properties of a FileDescriptorProto.
+                 * @memberof google.protobuf
+                 * @interface IFileDescriptorProto
+                 * @property {string|null} [name] FileDescriptorProto name
+                 * @property {string|null} ["package"] FileDescriptorProto package
+                 * @property {Array.<string>|null} [dependency] FileDescriptorProto dependency
+                 * @property {Array.<number>|null} [publicDependency] FileDescriptorProto publicDependency
+                 * @property {Array.<number>|null} [weakDependency] FileDescriptorProto weakDependency
+                 * @property {Array.<google.protobuf.IDescriptorProto>|null} [messageType] FileDescriptorProto messageType
+                 * @property {Array.<google.protobuf.IEnumDescriptorProto>|null} [enumType] FileDescriptorProto enumType
+                 * @property {Array.<google.protobuf.IServiceDescriptorProto>|null} [service] FileDescriptorProto service
+                 * @property {Array.<google.protobuf.IFieldDescriptorProto>|null} [extension] FileDescriptorProto extension
+                 * @property {google.protobuf.IFileOptions|null} [options] FileDescriptorProto options
+                 * @property {google.protobuf.ISourceCodeInfo|null} [sourceCodeInfo] FileDescriptorProto sourceCodeInfo
+                 * @property {string|null} [syntax] FileDescriptorProto syntax
+                 * @property {string|null} [edition] FileDescriptorProto edition
+                 */
+    
+                /**
+                 * Constructs a new FileDescriptorProto.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a FileDescriptorProto.
+                 * @implements IFileDescriptorProto
+                 * @constructor
+                 * @param {google.protobuf.IFileDescriptorProto=} [properties] Properties to set
+                 */
+                function FileDescriptorProto(properties) {
+                    this.dependency = [];
+                    this.publicDependency = [];
+                    this.weakDependency = [];
+                    this.messageType = [];
+                    this.enumType = [];
+                    this.service = [];
+                    this.extension = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * FileDescriptorProto name.
+                 * @member {string} name
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @instance
+                 */
+                FileDescriptorProto.prototype.name = "";
+    
+                /**
+                 * FileDescriptorProto package.
+                 * @member {string} package
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @instance
+                 */
+                FileDescriptorProto.prototype["package"] = "";
+    
+                /**
+                 * FileDescriptorProto dependency.
+                 * @member {Array.<string>} dependency
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @instance
+                 */
+                FileDescriptorProto.prototype.dependency = $util.emptyArray;
+    
+                /**
+                 * FileDescriptorProto publicDependency.
+                 * @member {Array.<number>} publicDependency
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @instance
+                 */
+                FileDescriptorProto.prototype.publicDependency = $util.emptyArray;
+    
+                /**
+                 * FileDescriptorProto weakDependency.
+                 * @member {Array.<number>} weakDependency
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @instance
+                 */
+                FileDescriptorProto.prototype.weakDependency = $util.emptyArray;
+    
+                /**
+                 * FileDescriptorProto messageType.
+                 * @member {Array.<google.protobuf.IDescriptorProto>} messageType
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @instance
+                 */
+                FileDescriptorProto.prototype.messageType = $util.emptyArray;
+    
+                /**
+                 * FileDescriptorProto enumType.
+                 * @member {Array.<google.protobuf.IEnumDescriptorProto>} enumType
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @instance
+                 */
+                FileDescriptorProto.prototype.enumType = $util.emptyArray;
+    
+                /**
+                 * FileDescriptorProto service.
+                 * @member {Array.<google.protobuf.IServiceDescriptorProto>} service
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @instance
+                 */
+                FileDescriptorProto.prototype.service = $util.emptyArray;
+    
+                /**
+                 * FileDescriptorProto extension.
+                 * @member {Array.<google.protobuf.IFieldDescriptorProto>} extension
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @instance
+                 */
+                FileDescriptorProto.prototype.extension = $util.emptyArray;
+    
+                /**
+                 * FileDescriptorProto options.
+                 * @member {google.protobuf.IFileOptions|null|undefined} options
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @instance
+                 */
+                FileDescriptorProto.prototype.options = null;
+    
+                /**
+                 * FileDescriptorProto sourceCodeInfo.
+                 * @member {google.protobuf.ISourceCodeInfo|null|undefined} sourceCodeInfo
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @instance
+                 */
+                FileDescriptorProto.prototype.sourceCodeInfo = null;
+    
+                /**
+                 * FileDescriptorProto syntax.
+                 * @member {string} syntax
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @instance
+                 */
+                FileDescriptorProto.prototype.syntax = "";
+    
+                /**
+                 * FileDescriptorProto edition.
+                 * @member {string} edition
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @instance
+                 */
+                FileDescriptorProto.prototype.edition = "";
+    
+                /**
+                 * Creates a new FileDescriptorProto instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IFileDescriptorProto=} [properties] Properties to set
+                 * @returns {google.protobuf.FileDescriptorProto} FileDescriptorProto instance
+                 */
+                FileDescriptorProto.create = function create(properties) {
+                    return new FileDescriptorProto(properties);
+                };
+    
+                /**
+                 * Encodes the specified FileDescriptorProto message. Does not implicitly {@link google.protobuf.FileDescriptorProto.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IFileDescriptorProto} message FileDescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                FileDescriptorProto.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                    if (message["package"] != null && Object.hasOwnProperty.call(message, "package"))
+                        writer.uint32(/* id 2, wireType 2 =*/18).string(message["package"]);
+                    if (message.dependency != null && message.dependency.length)
+                        for (var i = 0; i < message.dependency.length; ++i)
+                            writer.uint32(/* id 3, wireType 2 =*/26).string(message.dependency[i]);
+                    if (message.messageType != null && message.messageType.length)
+                        for (var i = 0; i < message.messageType.length; ++i)
+                            $root.google.protobuf.DescriptorProto.encode(message.messageType[i], writer.uint32(/* id 4, wireType 2 =*/34).fork()).ldelim();
+                    if (message.enumType != null && message.enumType.length)
+                        for (var i = 0; i < message.enumType.length; ++i)
+                            $root.google.protobuf.EnumDescriptorProto.encode(message.enumType[i], writer.uint32(/* id 5, wireType 2 =*/42).fork()).ldelim();
+                    if (message.service != null && message.service.length)
+                        for (var i = 0; i < message.service.length; ++i)
+                            $root.google.protobuf.ServiceDescriptorProto.encode(message.service[i], writer.uint32(/* id 6, wireType 2 =*/50).fork()).ldelim();
+                    if (message.extension != null && message.extension.length)
+                        for (var i = 0; i < message.extension.length; ++i)
+                            $root.google.protobuf.FieldDescriptorProto.encode(message.extension[i], writer.uint32(/* id 7, wireType 2 =*/58).fork()).ldelim();
+                    if (message.options != null && Object.hasOwnProperty.call(message, "options"))
+                        $root.google.protobuf.FileOptions.encode(message.options, writer.uint32(/* id 8, wireType 2 =*/66).fork()).ldelim();
+                    if (message.sourceCodeInfo != null && Object.hasOwnProperty.call(message, "sourceCodeInfo"))
+                        $root.google.protobuf.SourceCodeInfo.encode(message.sourceCodeInfo, writer.uint32(/* id 9, wireType 2 =*/74).fork()).ldelim();
+                    if (message.publicDependency != null && message.publicDependency.length)
+                        for (var i = 0; i < message.publicDependency.length; ++i)
+                            writer.uint32(/* id 10, wireType 0 =*/80).int32(message.publicDependency[i]);
+                    if (message.weakDependency != null && message.weakDependency.length)
+                        for (var i = 0; i < message.weakDependency.length; ++i)
+                            writer.uint32(/* id 11, wireType 0 =*/88).int32(message.weakDependency[i]);
+                    if (message.syntax != null && Object.hasOwnProperty.call(message, "syntax"))
+                        writer.uint32(/* id 12, wireType 2 =*/98).string(message.syntax);
+                    if (message.edition != null && Object.hasOwnProperty.call(message, "edition"))
+                        writer.uint32(/* id 13, wireType 2 =*/106).string(message.edition);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified FileDescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.FileDescriptorProto.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IFileDescriptorProto} message FileDescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                FileDescriptorProto.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a FileDescriptorProto message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.FileDescriptorProto} FileDescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                FileDescriptorProto.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.FileDescriptorProto();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.name = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                message["package"] = reader.string();
+                                break;
+                            }
+                        case 3: {
+                                if (!(message.dependency && message.dependency.length))
+                                    message.dependency = [];
+                                message.dependency.push(reader.string());
+                                break;
+                            }
+                        case 10: {
+                                if (!(message.publicDependency && message.publicDependency.length))
+                                    message.publicDependency = [];
+                                if ((tag & 7) === 2) {
+                                    var end2 = reader.uint32() + reader.pos;
+                                    while (reader.pos < end2)
+                                        message.publicDependency.push(reader.int32());
+                                } else
+                                    message.publicDependency.push(reader.int32());
+                                break;
+                            }
+                        case 11: {
+                                if (!(message.weakDependency && message.weakDependency.length))
+                                    message.weakDependency = [];
+                                if ((tag & 7) === 2) {
+                                    var end2 = reader.uint32() + reader.pos;
+                                    while (reader.pos < end2)
+                                        message.weakDependency.push(reader.int32());
+                                } else
+                                    message.weakDependency.push(reader.int32());
+                                break;
+                            }
+                        case 4: {
+                                if (!(message.messageType && message.messageType.length))
+                                    message.messageType = [];
+                                message.messageType.push($root.google.protobuf.DescriptorProto.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 5: {
+                                if (!(message.enumType && message.enumType.length))
+                                    message.enumType = [];
+                                message.enumType.push($root.google.protobuf.EnumDescriptorProto.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 6: {
+                                if (!(message.service && message.service.length))
+                                    message.service = [];
+                                message.service.push($root.google.protobuf.ServiceDescriptorProto.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 7: {
+                                if (!(message.extension && message.extension.length))
+                                    message.extension = [];
+                                message.extension.push($root.google.protobuf.FieldDescriptorProto.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 8: {
+                                message.options = $root.google.protobuf.FileOptions.decode(reader, reader.uint32());
+                                break;
+                            }
+                        case 9: {
+                                message.sourceCodeInfo = $root.google.protobuf.SourceCodeInfo.decode(reader, reader.uint32());
+                                break;
+                            }
+                        case 12: {
+                                message.syntax = reader.string();
+                                break;
+                            }
+                        case 13: {
+                                message.edition = reader.string();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a FileDescriptorProto message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.FileDescriptorProto} FileDescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                FileDescriptorProto.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a FileDescriptorProto message.
+                 * @function verify
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                FileDescriptorProto.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        if (!$util.isString(message.name))
+                            return "name: string expected";
+                    if (message["package"] != null && message.hasOwnProperty("package"))
+                        if (!$util.isString(message["package"]))
+                            return "package: string expected";
+                    if (message.dependency != null && message.hasOwnProperty("dependency")) {
+                        if (!Array.isArray(message.dependency))
+                            return "dependency: array expected";
+                        for (var i = 0; i < message.dependency.length; ++i)
+                            if (!$util.isString(message.dependency[i]))
+                                return "dependency: string[] expected";
+                    }
+                    if (message.publicDependency != null && message.hasOwnProperty("publicDependency")) {
+                        if (!Array.isArray(message.publicDependency))
+                            return "publicDependency: array expected";
+                        for (var i = 0; i < message.publicDependency.length; ++i)
+                            if (!$util.isInteger(message.publicDependency[i]))
+                                return "publicDependency: integer[] expected";
+                    }
+                    if (message.weakDependency != null && message.hasOwnProperty("weakDependency")) {
+                        if (!Array.isArray(message.weakDependency))
+                            return "weakDependency: array expected";
+                        for (var i = 0; i < message.weakDependency.length; ++i)
+                            if (!$util.isInteger(message.weakDependency[i]))
+                                return "weakDependency: integer[] expected";
+                    }
+                    if (message.messageType != null && message.hasOwnProperty("messageType")) {
+                        if (!Array.isArray(message.messageType))
+                            return "messageType: array expected";
+                        for (var i = 0; i < message.messageType.length; ++i) {
+                            var error = $root.google.protobuf.DescriptorProto.verify(message.messageType[i]);
+                            if (error)
+                                return "messageType." + error;
+                        }
+                    }
+                    if (message.enumType != null && message.hasOwnProperty("enumType")) {
+                        if (!Array.isArray(message.enumType))
+                            return "enumType: array expected";
+                        for (var i = 0; i < message.enumType.length; ++i) {
+                            var error = $root.google.protobuf.EnumDescriptorProto.verify(message.enumType[i]);
+                            if (error)
+                                return "enumType." + error;
+                        }
+                    }
+                    if (message.service != null && message.hasOwnProperty("service")) {
+                        if (!Array.isArray(message.service))
+                            return "service: array expected";
+                        for (var i = 0; i < message.service.length; ++i) {
+                            var error = $root.google.protobuf.ServiceDescriptorProto.verify(message.service[i]);
+                            if (error)
+                                return "service." + error;
+                        }
+                    }
+                    if (message.extension != null && message.hasOwnProperty("extension")) {
+                        if (!Array.isArray(message.extension))
+                            return "extension: array expected";
+                        for (var i = 0; i < message.extension.length; ++i) {
+                            var error = $root.google.protobuf.FieldDescriptorProto.verify(message.extension[i]);
+                            if (error)
+                                return "extension." + error;
+                        }
+                    }
+                    if (message.options != null && message.hasOwnProperty("options")) {
+                        var error = $root.google.protobuf.FileOptions.verify(message.options);
+                        if (error)
+                            return "options." + error;
+                    }
+                    if (message.sourceCodeInfo != null && message.hasOwnProperty("sourceCodeInfo")) {
+                        var error = $root.google.protobuf.SourceCodeInfo.verify(message.sourceCodeInfo);
+                        if (error)
+                            return "sourceCodeInfo." + error;
+                    }
+                    if (message.syntax != null && message.hasOwnProperty("syntax"))
+                        if (!$util.isString(message.syntax))
+                            return "syntax: string expected";
+                    if (message.edition != null && message.hasOwnProperty("edition"))
+                        if (!$util.isString(message.edition))
+                            return "edition: string expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates a FileDescriptorProto message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.FileDescriptorProto} FileDescriptorProto
+                 */
+                FileDescriptorProto.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.FileDescriptorProto)
+                        return object;
+                    var message = new $root.google.protobuf.FileDescriptorProto();
+                    if (object.name != null)
+                        message.name = String(object.name);
+                    if (object["package"] != null)
+                        message["package"] = String(object["package"]);
+                    if (object.dependency) {
+                        if (!Array.isArray(object.dependency))
+                            throw TypeError(".google.protobuf.FileDescriptorProto.dependency: array expected");
+                        message.dependency = [];
+                        for (var i = 0; i < object.dependency.length; ++i)
+                            message.dependency[i] = String(object.dependency[i]);
+                    }
+                    if (object.publicDependency) {
+                        if (!Array.isArray(object.publicDependency))
+                            throw TypeError(".google.protobuf.FileDescriptorProto.publicDependency: array expected");
+                        message.publicDependency = [];
+                        for (var i = 0; i < object.publicDependency.length; ++i)
+                            message.publicDependency[i] = object.publicDependency[i] | 0;
+                    }
+                    if (object.weakDependency) {
+                        if (!Array.isArray(object.weakDependency))
+                            throw TypeError(".google.protobuf.FileDescriptorProto.weakDependency: array expected");
+                        message.weakDependency = [];
+                        for (var i = 0; i < object.weakDependency.length; ++i)
+                            message.weakDependency[i] = object.weakDependency[i] | 0;
+                    }
+                    if (object.messageType) {
+                        if (!Array.isArray(object.messageType))
+                            throw TypeError(".google.protobuf.FileDescriptorProto.messageType: array expected");
+                        message.messageType = [];
+                        for (var i = 0; i < object.messageType.length; ++i) {
+                            if (typeof object.messageType[i] !== "object")
+                                throw TypeError(".google.protobuf.FileDescriptorProto.messageType: object expected");
+                            message.messageType[i] = $root.google.protobuf.DescriptorProto.fromObject(object.messageType[i]);
+                        }
+                    }
+                    if (object.enumType) {
+                        if (!Array.isArray(object.enumType))
+                            throw TypeError(".google.protobuf.FileDescriptorProto.enumType: array expected");
+                        message.enumType = [];
+                        for (var i = 0; i < object.enumType.length; ++i) {
+                            if (typeof object.enumType[i] !== "object")
+                                throw TypeError(".google.protobuf.FileDescriptorProto.enumType: object expected");
+                            message.enumType[i] = $root.google.protobuf.EnumDescriptorProto.fromObject(object.enumType[i]);
+                        }
+                    }
+                    if (object.service) {
+                        if (!Array.isArray(object.service))
+                            throw TypeError(".google.protobuf.FileDescriptorProto.service: array expected");
+                        message.service = [];
+                        for (var i = 0; i < object.service.length; ++i) {
+                            if (typeof object.service[i] !== "object")
+                                throw TypeError(".google.protobuf.FileDescriptorProto.service: object expected");
+                            message.service[i] = $root.google.protobuf.ServiceDescriptorProto.fromObject(object.service[i]);
+                        }
+                    }
+                    if (object.extension) {
+                        if (!Array.isArray(object.extension))
+                            throw TypeError(".google.protobuf.FileDescriptorProto.extension: array expected");
+                        message.extension = [];
+                        for (var i = 0; i < object.extension.length; ++i) {
+                            if (typeof object.extension[i] !== "object")
+                                throw TypeError(".google.protobuf.FileDescriptorProto.extension: object expected");
+                            message.extension[i] = $root.google.protobuf.FieldDescriptorProto.fromObject(object.extension[i]);
+                        }
+                    }
+                    if (object.options != null) {
+                        if (typeof object.options !== "object")
+                            throw TypeError(".google.protobuf.FileDescriptorProto.options: object expected");
+                        message.options = $root.google.protobuf.FileOptions.fromObject(object.options);
+                    }
+                    if (object.sourceCodeInfo != null) {
+                        if (typeof object.sourceCodeInfo !== "object")
+                            throw TypeError(".google.protobuf.FileDescriptorProto.sourceCodeInfo: object expected");
+                        message.sourceCodeInfo = $root.google.protobuf.SourceCodeInfo.fromObject(object.sourceCodeInfo);
+                    }
+                    if (object.syntax != null)
+                        message.syntax = String(object.syntax);
+                    if (object.edition != null)
+                        message.edition = String(object.edition);
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a FileDescriptorProto message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @static
+                 * @param {google.protobuf.FileDescriptorProto} message FileDescriptorProto
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                FileDescriptorProto.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults) {
+                        object.dependency = [];
+                        object.messageType = [];
+                        object.enumType = [];
+                        object.service = [];
+                        object.extension = [];
+                        object.publicDependency = [];
+                        object.weakDependency = [];
+                    }
+                    if (options.defaults) {
+                        object.name = "";
+                        object["package"] = "";
+                        object.options = null;
+                        object.sourceCodeInfo = null;
+                        object.syntax = "";
+                        object.edition = "";
+                    }
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        object.name = message.name;
+                    if (message["package"] != null && message.hasOwnProperty("package"))
+                        object["package"] = message["package"];
+                    if (message.dependency && message.dependency.length) {
+                        object.dependency = [];
+                        for (var j = 0; j < message.dependency.length; ++j)
+                            object.dependency[j] = message.dependency[j];
+                    }
+                    if (message.messageType && message.messageType.length) {
+                        object.messageType = [];
+                        for (var j = 0; j < message.messageType.length; ++j)
+                            object.messageType[j] = $root.google.protobuf.DescriptorProto.toObject(message.messageType[j], options);
+                    }
+                    if (message.enumType && message.enumType.length) {
+                        object.enumType = [];
+                        for (var j = 0; j < message.enumType.length; ++j)
+                            object.enumType[j] = $root.google.protobuf.EnumDescriptorProto.toObject(message.enumType[j], options);
+                    }
+                    if (message.service && message.service.length) {
+                        object.service = [];
+                        for (var j = 0; j < message.service.length; ++j)
+                            object.service[j] = $root.google.protobuf.ServiceDescriptorProto.toObject(message.service[j], options);
+                    }
+                    if (message.extension && message.extension.length) {
+                        object.extension = [];
+                        for (var j = 0; j < message.extension.length; ++j)
+                            object.extension[j] = $root.google.protobuf.FieldDescriptorProto.toObject(message.extension[j], options);
+                    }
+                    if (message.options != null && message.hasOwnProperty("options"))
+                        object.options = $root.google.protobuf.FileOptions.toObject(message.options, options);
+                    if (message.sourceCodeInfo != null && message.hasOwnProperty("sourceCodeInfo"))
+                        object.sourceCodeInfo = $root.google.protobuf.SourceCodeInfo.toObject(message.sourceCodeInfo, options);
+                    if (message.publicDependency && message.publicDependency.length) {
+                        object.publicDependency = [];
+                        for (var j = 0; j < message.publicDependency.length; ++j)
+                            object.publicDependency[j] = message.publicDependency[j];
+                    }
+                    if (message.weakDependency && message.weakDependency.length) {
+                        object.weakDependency = [];
+                        for (var j = 0; j < message.weakDependency.length; ++j)
+                            object.weakDependency[j] = message.weakDependency[j];
+                    }
+                    if (message.syntax != null && message.hasOwnProperty("syntax"))
+                        object.syntax = message.syntax;
+                    if (message.edition != null && message.hasOwnProperty("edition"))
+                        object.edition = message.edition;
+                    return object;
+                };
+    
+                /**
+                 * Converts this FileDescriptorProto to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                FileDescriptorProto.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for FileDescriptorProto
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.FileDescriptorProto
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                FileDescriptorProto.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.FileDescriptorProto";
+                };
+    
+                return FileDescriptorProto;
+            })();
+    
+            protobuf.DescriptorProto = (function() {
+    
+                /**
+                 * Properties of a DescriptorProto.
+                 * @memberof google.protobuf
+                 * @interface IDescriptorProto
+                 * @property {string|null} [name] DescriptorProto name
+                 * @property {Array.<google.protobuf.IFieldDescriptorProto>|null} [field] DescriptorProto field
+                 * @property {Array.<google.protobuf.IFieldDescriptorProto>|null} [extension] DescriptorProto extension
+                 * @property {Array.<google.protobuf.IDescriptorProto>|null} [nestedType] DescriptorProto nestedType
+                 * @property {Array.<google.protobuf.IEnumDescriptorProto>|null} [enumType] DescriptorProto enumType
+                 * @property {Array.<google.protobuf.DescriptorProto.IExtensionRange>|null} [extensionRange] DescriptorProto extensionRange
+                 * @property {Array.<google.protobuf.IOneofDescriptorProto>|null} [oneofDecl] DescriptorProto oneofDecl
+                 * @property {google.protobuf.IMessageOptions|null} [options] DescriptorProto options
+                 * @property {Array.<google.protobuf.DescriptorProto.IReservedRange>|null} [reservedRange] DescriptorProto reservedRange
+                 * @property {Array.<string>|null} [reservedName] DescriptorProto reservedName
+                 */
+    
+                /**
+                 * Constructs a new DescriptorProto.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a DescriptorProto.
+                 * @implements IDescriptorProto
+                 * @constructor
+                 * @param {google.protobuf.IDescriptorProto=} [properties] Properties to set
+                 */
+                function DescriptorProto(properties) {
+                    this.field = [];
+                    this.extension = [];
+                    this.nestedType = [];
+                    this.enumType = [];
+                    this.extensionRange = [];
+                    this.oneofDecl = [];
+                    this.reservedRange = [];
+                    this.reservedName = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * DescriptorProto name.
+                 * @member {string} name
+                 * @memberof google.protobuf.DescriptorProto
+                 * @instance
+                 */
+                DescriptorProto.prototype.name = "";
+    
+                /**
+                 * DescriptorProto field.
+                 * @member {Array.<google.protobuf.IFieldDescriptorProto>} field
+                 * @memberof google.protobuf.DescriptorProto
+                 * @instance
+                 */
+                DescriptorProto.prototype.field = $util.emptyArray;
+    
+                /**
+                 * DescriptorProto extension.
+                 * @member {Array.<google.protobuf.IFieldDescriptorProto>} extension
+                 * @memberof google.protobuf.DescriptorProto
+                 * @instance
+                 */
+                DescriptorProto.prototype.extension = $util.emptyArray;
+    
+                /**
+                 * DescriptorProto nestedType.
+                 * @member {Array.<google.protobuf.IDescriptorProto>} nestedType
+                 * @memberof google.protobuf.DescriptorProto
+                 * @instance
+                 */
+                DescriptorProto.prototype.nestedType = $util.emptyArray;
+    
+                /**
+                 * DescriptorProto enumType.
+                 * @member {Array.<google.protobuf.IEnumDescriptorProto>} enumType
+                 * @memberof google.protobuf.DescriptorProto
+                 * @instance
+                 */
+                DescriptorProto.prototype.enumType = $util.emptyArray;
+    
+                /**
+                 * DescriptorProto extensionRange.
+                 * @member {Array.<google.protobuf.DescriptorProto.IExtensionRange>} extensionRange
+                 * @memberof google.protobuf.DescriptorProto
+                 * @instance
+                 */
+                DescriptorProto.prototype.extensionRange = $util.emptyArray;
+    
+                /**
+                 * DescriptorProto oneofDecl.
+                 * @member {Array.<google.protobuf.IOneofDescriptorProto>} oneofDecl
+                 * @memberof google.protobuf.DescriptorProto
+                 * @instance
+                 */
+                DescriptorProto.prototype.oneofDecl = $util.emptyArray;
+    
+                /**
+                 * DescriptorProto options.
+                 * @member {google.protobuf.IMessageOptions|null|undefined} options
+                 * @memberof google.protobuf.DescriptorProto
+                 * @instance
+                 */
+                DescriptorProto.prototype.options = null;
+    
+                /**
+                 * DescriptorProto reservedRange.
+                 * @member {Array.<google.protobuf.DescriptorProto.IReservedRange>} reservedRange
+                 * @memberof google.protobuf.DescriptorProto
+                 * @instance
+                 */
+                DescriptorProto.prototype.reservedRange = $util.emptyArray;
+    
+                /**
+                 * DescriptorProto reservedName.
+                 * @member {Array.<string>} reservedName
+                 * @memberof google.protobuf.DescriptorProto
+                 * @instance
+                 */
+                DescriptorProto.prototype.reservedName = $util.emptyArray;
+    
+                /**
+                 * Creates a new DescriptorProto instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.DescriptorProto
+                 * @static
+                 * @param {google.protobuf.IDescriptorProto=} [properties] Properties to set
+                 * @returns {google.protobuf.DescriptorProto} DescriptorProto instance
+                 */
+                DescriptorProto.create = function create(properties) {
+                    return new DescriptorProto(properties);
+                };
+    
+                /**
+                 * Encodes the specified DescriptorProto message. Does not implicitly {@link google.protobuf.DescriptorProto.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.DescriptorProto
+                 * @static
+                 * @param {google.protobuf.IDescriptorProto} message DescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                DescriptorProto.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                    if (message.field != null && message.field.length)
+                        for (var i = 0; i < message.field.length; ++i)
+                            $root.google.protobuf.FieldDescriptorProto.encode(message.field[i], writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                    if (message.nestedType != null && message.nestedType.length)
+                        for (var i = 0; i < message.nestedType.length; ++i)
+                            $root.google.protobuf.DescriptorProto.encode(message.nestedType[i], writer.uint32(/* id 3, wireType 2 =*/26).fork()).ldelim();
+                    if (message.enumType != null && message.enumType.length)
+                        for (var i = 0; i < message.enumType.length; ++i)
+                            $root.google.protobuf.EnumDescriptorProto.encode(message.enumType[i], writer.uint32(/* id 4, wireType 2 =*/34).fork()).ldelim();
+                    if (message.extensionRange != null && message.extensionRange.length)
+                        for (var i = 0; i < message.extensionRange.length; ++i)
+                            $root.google.protobuf.DescriptorProto.ExtensionRange.encode(message.extensionRange[i], writer.uint32(/* id 5, wireType 2 =*/42).fork()).ldelim();
+                    if (message.extension != null && message.extension.length)
+                        for (var i = 0; i < message.extension.length; ++i)
+                            $root.google.protobuf.FieldDescriptorProto.encode(message.extension[i], writer.uint32(/* id 6, wireType 2 =*/50).fork()).ldelim();
+                    if (message.options != null && Object.hasOwnProperty.call(message, "options"))
+                        $root.google.protobuf.MessageOptions.encode(message.options, writer.uint32(/* id 7, wireType 2 =*/58).fork()).ldelim();
+                    if (message.oneofDecl != null && message.oneofDecl.length)
+                        for (var i = 0; i < message.oneofDecl.length; ++i)
+                            $root.google.protobuf.OneofDescriptorProto.encode(message.oneofDecl[i], writer.uint32(/* id 8, wireType 2 =*/66).fork()).ldelim();
+                    if (message.reservedRange != null && message.reservedRange.length)
+                        for (var i = 0; i < message.reservedRange.length; ++i)
+                            $root.google.protobuf.DescriptorProto.ReservedRange.encode(message.reservedRange[i], writer.uint32(/* id 9, wireType 2 =*/74).fork()).ldelim();
+                    if (message.reservedName != null && message.reservedName.length)
+                        for (var i = 0; i < message.reservedName.length; ++i)
+                            writer.uint32(/* id 10, wireType 2 =*/82).string(message.reservedName[i]);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified DescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.DescriptorProto.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.DescriptorProto
+                 * @static
+                 * @param {google.protobuf.IDescriptorProto} message DescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                DescriptorProto.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a DescriptorProto message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.DescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.DescriptorProto} DescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                DescriptorProto.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.DescriptorProto();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.name = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                if (!(message.field && message.field.length))
+                                    message.field = [];
+                                message.field.push($root.google.protobuf.FieldDescriptorProto.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 6: {
+                                if (!(message.extension && message.extension.length))
+                                    message.extension = [];
+                                message.extension.push($root.google.protobuf.FieldDescriptorProto.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 3: {
+                                if (!(message.nestedType && message.nestedType.length))
+                                    message.nestedType = [];
+                                message.nestedType.push($root.google.protobuf.DescriptorProto.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 4: {
+                                if (!(message.enumType && message.enumType.length))
+                                    message.enumType = [];
+                                message.enumType.push($root.google.protobuf.EnumDescriptorProto.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 5: {
+                                if (!(message.extensionRange && message.extensionRange.length))
+                                    message.extensionRange = [];
+                                message.extensionRange.push($root.google.protobuf.DescriptorProto.ExtensionRange.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 8: {
+                                if (!(message.oneofDecl && message.oneofDecl.length))
+                                    message.oneofDecl = [];
+                                message.oneofDecl.push($root.google.protobuf.OneofDescriptorProto.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 7: {
+                                message.options = $root.google.protobuf.MessageOptions.decode(reader, reader.uint32());
+                                break;
+                            }
+                        case 9: {
+                                if (!(message.reservedRange && message.reservedRange.length))
+                                    message.reservedRange = [];
+                                message.reservedRange.push($root.google.protobuf.DescriptorProto.ReservedRange.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 10: {
+                                if (!(message.reservedName && message.reservedName.length))
+                                    message.reservedName = [];
+                                message.reservedName.push(reader.string());
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a DescriptorProto message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.DescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.DescriptorProto} DescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                DescriptorProto.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a DescriptorProto message.
+                 * @function verify
+                 * @memberof google.protobuf.DescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                DescriptorProto.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        if (!$util.isString(message.name))
+                            return "name: string expected";
+                    if (message.field != null && message.hasOwnProperty("field")) {
+                        if (!Array.isArray(message.field))
+                            return "field: array expected";
+                        for (var i = 0; i < message.field.length; ++i) {
+                            var error = $root.google.protobuf.FieldDescriptorProto.verify(message.field[i]);
+                            if (error)
+                                return "field." + error;
+                        }
+                    }
+                    if (message.extension != null && message.hasOwnProperty("extension")) {
+                        if (!Array.isArray(message.extension))
+                            return "extension: array expected";
+                        for (var i = 0; i < message.extension.length; ++i) {
+                            var error = $root.google.protobuf.FieldDescriptorProto.verify(message.extension[i]);
+                            if (error)
+                                return "extension." + error;
+                        }
+                    }
+                    if (message.nestedType != null && message.hasOwnProperty("nestedType")) {
+                        if (!Array.isArray(message.nestedType))
+                            return "nestedType: array expected";
+                        for (var i = 0; i < message.nestedType.length; ++i) {
+                            var error = $root.google.protobuf.DescriptorProto.verify(message.nestedType[i]);
+                            if (error)
+                                return "nestedType." + error;
+                        }
+                    }
+                    if (message.enumType != null && message.hasOwnProperty("enumType")) {
+                        if (!Array.isArray(message.enumType))
+                            return "enumType: array expected";
+                        for (var i = 0; i < message.enumType.length; ++i) {
+                            var error = $root.google.protobuf.EnumDescriptorProto.verify(message.enumType[i]);
+                            if (error)
+                                return "enumType." + error;
+                        }
+                    }
+                    if (message.extensionRange != null && message.hasOwnProperty("extensionRange")) {
+                        if (!Array.isArray(message.extensionRange))
+                            return "extensionRange: array expected";
+                        for (var i = 0; i < message.extensionRange.length; ++i) {
+                            var error = $root.google.protobuf.DescriptorProto.ExtensionRange.verify(message.extensionRange[i]);
+                            if (error)
+                                return "extensionRange." + error;
+                        }
+                    }
+                    if (message.oneofDecl != null && message.hasOwnProperty("oneofDecl")) {
+                        if (!Array.isArray(message.oneofDecl))
+                            return "oneofDecl: array expected";
+                        for (var i = 0; i < message.oneofDecl.length; ++i) {
+                            var error = $root.google.protobuf.OneofDescriptorProto.verify(message.oneofDecl[i]);
+                            if (error)
+                                return "oneofDecl." + error;
+                        }
+                    }
+                    if (message.options != null && message.hasOwnProperty("options")) {
+                        var error = $root.google.protobuf.MessageOptions.verify(message.options);
+                        if (error)
+                            return "options." + error;
+                    }
+                    if (message.reservedRange != null && message.hasOwnProperty("reservedRange")) {
+                        if (!Array.isArray(message.reservedRange))
+                            return "reservedRange: array expected";
+                        for (var i = 0; i < message.reservedRange.length; ++i) {
+                            var error = $root.google.protobuf.DescriptorProto.ReservedRange.verify(message.reservedRange[i]);
+                            if (error)
+                                return "reservedRange." + error;
+                        }
+                    }
+                    if (message.reservedName != null && message.hasOwnProperty("reservedName")) {
+                        if (!Array.isArray(message.reservedName))
+                            return "reservedName: array expected";
+                        for (var i = 0; i < message.reservedName.length; ++i)
+                            if (!$util.isString(message.reservedName[i]))
+                                return "reservedName: string[] expected";
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates a DescriptorProto message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.DescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.DescriptorProto} DescriptorProto
+                 */
+                DescriptorProto.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.DescriptorProto)
+                        return object;
+                    var message = new $root.google.protobuf.DescriptorProto();
+                    if (object.name != null)
+                        message.name = String(object.name);
+                    if (object.field) {
+                        if (!Array.isArray(object.field))
+                            throw TypeError(".google.protobuf.DescriptorProto.field: array expected");
+                        message.field = [];
+                        for (var i = 0; i < object.field.length; ++i) {
+                            if (typeof object.field[i] !== "object")
+                                throw TypeError(".google.protobuf.DescriptorProto.field: object expected");
+                            message.field[i] = $root.google.protobuf.FieldDescriptorProto.fromObject(object.field[i]);
+                        }
+                    }
+                    if (object.extension) {
+                        if (!Array.isArray(object.extension))
+                            throw TypeError(".google.protobuf.DescriptorProto.extension: array expected");
+                        message.extension = [];
+                        for (var i = 0; i < object.extension.length; ++i) {
+                            if (typeof object.extension[i] !== "object")
+                                throw TypeError(".google.protobuf.DescriptorProto.extension: object expected");
+                            message.extension[i] = $root.google.protobuf.FieldDescriptorProto.fromObject(object.extension[i]);
+                        }
+                    }
+                    if (object.nestedType) {
+                        if (!Array.isArray(object.nestedType))
+                            throw TypeError(".google.protobuf.DescriptorProto.nestedType: array expected");
+                        message.nestedType = [];
+                        for (var i = 0; i < object.nestedType.length; ++i) {
+                            if (typeof object.nestedType[i] !== "object")
+                                throw TypeError(".google.protobuf.DescriptorProto.nestedType: object expected");
+                            message.nestedType[i] = $root.google.protobuf.DescriptorProto.fromObject(object.nestedType[i]);
+                        }
+                    }
+                    if (object.enumType) {
+                        if (!Array.isArray(object.enumType))
+                            throw TypeError(".google.protobuf.DescriptorProto.enumType: array expected");
+                        message.enumType = [];
+                        for (var i = 0; i < object.enumType.length; ++i) {
+                            if (typeof object.enumType[i] !== "object")
+                                throw TypeError(".google.protobuf.DescriptorProto.enumType: object expected");
+                            message.enumType[i] = $root.google.protobuf.EnumDescriptorProto.fromObject(object.enumType[i]);
+                        }
+                    }
+                    if (object.extensionRange) {
+                        if (!Array.isArray(object.extensionRange))
+                            throw TypeError(".google.protobuf.DescriptorProto.extensionRange: array expected");
+                        message.extensionRange = [];
+                        for (var i = 0; i < object.extensionRange.length; ++i) {
+                            if (typeof object.extensionRange[i] !== "object")
+                                throw TypeError(".google.protobuf.DescriptorProto.extensionRange: object expected");
+                            message.extensionRange[i] = $root.google.protobuf.DescriptorProto.ExtensionRange.fromObject(object.extensionRange[i]);
+                        }
+                    }
+                    if (object.oneofDecl) {
+                        if (!Array.isArray(object.oneofDecl))
+                            throw TypeError(".google.protobuf.DescriptorProto.oneofDecl: array expected");
+                        message.oneofDecl = [];
+                        for (var i = 0; i < object.oneofDecl.length; ++i) {
+                            if (typeof object.oneofDecl[i] !== "object")
+                                throw TypeError(".google.protobuf.DescriptorProto.oneofDecl: object expected");
+                            message.oneofDecl[i] = $root.google.protobuf.OneofDescriptorProto.fromObject(object.oneofDecl[i]);
+                        }
+                    }
+                    if (object.options != null) {
+                        if (typeof object.options !== "object")
+                            throw TypeError(".google.protobuf.DescriptorProto.options: object expected");
+                        message.options = $root.google.protobuf.MessageOptions.fromObject(object.options);
+                    }
+                    if (object.reservedRange) {
+                        if (!Array.isArray(object.reservedRange))
+                            throw TypeError(".google.protobuf.DescriptorProto.reservedRange: array expected");
+                        message.reservedRange = [];
+                        for (var i = 0; i < object.reservedRange.length; ++i) {
+                            if (typeof object.reservedRange[i] !== "object")
+                                throw TypeError(".google.protobuf.DescriptorProto.reservedRange: object expected");
+                            message.reservedRange[i] = $root.google.protobuf.DescriptorProto.ReservedRange.fromObject(object.reservedRange[i]);
+                        }
+                    }
+                    if (object.reservedName) {
+                        if (!Array.isArray(object.reservedName))
+                            throw TypeError(".google.protobuf.DescriptorProto.reservedName: array expected");
+                        message.reservedName = [];
+                        for (var i = 0; i < object.reservedName.length; ++i)
+                            message.reservedName[i] = String(object.reservedName[i]);
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a DescriptorProto message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.DescriptorProto
+                 * @static
+                 * @param {google.protobuf.DescriptorProto} message DescriptorProto
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                DescriptorProto.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults) {
+                        object.field = [];
+                        object.nestedType = [];
+                        object.enumType = [];
+                        object.extensionRange = [];
+                        object.extension = [];
+                        object.oneofDecl = [];
+                        object.reservedRange = [];
+                        object.reservedName = [];
+                    }
+                    if (options.defaults) {
+                        object.name = "";
+                        object.options = null;
+                    }
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        object.name = message.name;
+                    if (message.field && message.field.length) {
+                        object.field = [];
+                        for (var j = 0; j < message.field.length; ++j)
+                            object.field[j] = $root.google.protobuf.FieldDescriptorProto.toObject(message.field[j], options);
+                    }
+                    if (message.nestedType && message.nestedType.length) {
+                        object.nestedType = [];
+                        for (var j = 0; j < message.nestedType.length; ++j)
+                            object.nestedType[j] = $root.google.protobuf.DescriptorProto.toObject(message.nestedType[j], options);
+                    }
+                    if (message.enumType && message.enumType.length) {
+                        object.enumType = [];
+                        for (var j = 0; j < message.enumType.length; ++j)
+                            object.enumType[j] = $root.google.protobuf.EnumDescriptorProto.toObject(message.enumType[j], options);
+                    }
+                    if (message.extensionRange && message.extensionRange.length) {
+                        object.extensionRange = [];
+                        for (var j = 0; j < message.extensionRange.length; ++j)
+                            object.extensionRange[j] = $root.google.protobuf.DescriptorProto.ExtensionRange.toObject(message.extensionRange[j], options);
+                    }
+                    if (message.extension && message.extension.length) {
+                        object.extension = [];
+                        for (var j = 0; j < message.extension.length; ++j)
+                            object.extension[j] = $root.google.protobuf.FieldDescriptorProto.toObject(message.extension[j], options);
+                    }
+                    if (message.options != null && message.hasOwnProperty("options"))
+                        object.options = $root.google.protobuf.MessageOptions.toObject(message.options, options);
+                    if (message.oneofDecl && message.oneofDecl.length) {
+                        object.oneofDecl = [];
+                        for (var j = 0; j < message.oneofDecl.length; ++j)
+                            object.oneofDecl[j] = $root.google.protobuf.OneofDescriptorProto.toObject(message.oneofDecl[j], options);
+                    }
+                    if (message.reservedRange && message.reservedRange.length) {
+                        object.reservedRange = [];
+                        for (var j = 0; j < message.reservedRange.length; ++j)
+                            object.reservedRange[j] = $root.google.protobuf.DescriptorProto.ReservedRange.toObject(message.reservedRange[j], options);
+                    }
+                    if (message.reservedName && message.reservedName.length) {
+                        object.reservedName = [];
+                        for (var j = 0; j < message.reservedName.length; ++j)
+                            object.reservedName[j] = message.reservedName[j];
+                    }
+                    return object;
+                };
+    
+                /**
+                 * Converts this DescriptorProto to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.DescriptorProto
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                DescriptorProto.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for DescriptorProto
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.DescriptorProto
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                DescriptorProto.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.DescriptorProto";
+                };
+    
+                DescriptorProto.ExtensionRange = (function() {
+    
+                    /**
+                     * Properties of an ExtensionRange.
+                     * @memberof google.protobuf.DescriptorProto
+                     * @interface IExtensionRange
+                     * @property {number|null} [start] ExtensionRange start
+                     * @property {number|null} [end] ExtensionRange end
+                     * @property {google.protobuf.IExtensionRangeOptions|null} [options] ExtensionRange options
+                     */
+    
+                    /**
+                     * Constructs a new ExtensionRange.
+                     * @memberof google.protobuf.DescriptorProto
+                     * @classdesc Represents an ExtensionRange.
+                     * @implements IExtensionRange
+                     * @constructor
+                     * @param {google.protobuf.DescriptorProto.IExtensionRange=} [properties] Properties to set
+                     */
+                    function ExtensionRange(properties) {
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * ExtensionRange start.
+                     * @member {number} start
+                     * @memberof google.protobuf.DescriptorProto.ExtensionRange
+                     * @instance
+                     */
+                    ExtensionRange.prototype.start = 0;
+    
+                    /**
+                     * ExtensionRange end.
+                     * @member {number} end
+                     * @memberof google.protobuf.DescriptorProto.ExtensionRange
+                     * @instance
+                     */
+                    ExtensionRange.prototype.end = 0;
+    
+                    /**
+                     * ExtensionRange options.
+                     * @member {google.protobuf.IExtensionRangeOptions|null|undefined} options
+                     * @memberof google.protobuf.DescriptorProto.ExtensionRange
+                     * @instance
+                     */
+                    ExtensionRange.prototype.options = null;
+    
+                    /**
+                     * Creates a new ExtensionRange instance using the specified properties.
+                     * @function create
+                     * @memberof google.protobuf.DescriptorProto.ExtensionRange
+                     * @static
+                     * @param {google.protobuf.DescriptorProto.IExtensionRange=} [properties] Properties to set
+                     * @returns {google.protobuf.DescriptorProto.ExtensionRange} ExtensionRange instance
+                     */
+                    ExtensionRange.create = function create(properties) {
+                        return new ExtensionRange(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified ExtensionRange message. Does not implicitly {@link google.protobuf.DescriptorProto.ExtensionRange.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.protobuf.DescriptorProto.ExtensionRange
+                     * @static
+                     * @param {google.protobuf.DescriptorProto.IExtensionRange} message ExtensionRange message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    ExtensionRange.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.start != null && Object.hasOwnProperty.call(message, "start"))
+                            writer.uint32(/* id 1, wireType 0 =*/8).int32(message.start);
+                        if (message.end != null && Object.hasOwnProperty.call(message, "end"))
+                            writer.uint32(/* id 2, wireType 0 =*/16).int32(message.end);
+                        if (message.options != null && Object.hasOwnProperty.call(message, "options"))
+                            $root.google.protobuf.ExtensionRangeOptions.encode(message.options, writer.uint32(/* id 3, wireType 2 =*/26).fork()).ldelim();
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified ExtensionRange message, length delimited. Does not implicitly {@link google.protobuf.DescriptorProto.ExtensionRange.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.protobuf.DescriptorProto.ExtensionRange
+                     * @static
+                     * @param {google.protobuf.DescriptorProto.IExtensionRange} message ExtensionRange message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    ExtensionRange.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes an ExtensionRange message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.protobuf.DescriptorProto.ExtensionRange
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.protobuf.DescriptorProto.ExtensionRange} ExtensionRange
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    ExtensionRange.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.DescriptorProto.ExtensionRange();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    message.start = reader.int32();
+                                    break;
+                                }
+                            case 2: {
+                                    message.end = reader.int32();
+                                    break;
+                                }
+                            case 3: {
+                                    message.options = $root.google.protobuf.ExtensionRangeOptions.decode(reader, reader.uint32());
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes an ExtensionRange message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.protobuf.DescriptorProto.ExtensionRange
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.protobuf.DescriptorProto.ExtensionRange} ExtensionRange
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    ExtensionRange.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies an ExtensionRange message.
+                     * @function verify
+                     * @memberof google.protobuf.DescriptorProto.ExtensionRange
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    ExtensionRange.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.start != null && message.hasOwnProperty("start"))
+                            if (!$util.isInteger(message.start))
+                                return "start: integer expected";
+                        if (message.end != null && message.hasOwnProperty("end"))
+                            if (!$util.isInteger(message.end))
+                                return "end: integer expected";
+                        if (message.options != null && message.hasOwnProperty("options")) {
+                            var error = $root.google.protobuf.ExtensionRangeOptions.verify(message.options);
+                            if (error)
+                                return "options." + error;
+                        }
+                        return null;
+                    };
+    
+                    /**
+                     * Creates an ExtensionRange message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.protobuf.DescriptorProto.ExtensionRange
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.protobuf.DescriptorProto.ExtensionRange} ExtensionRange
+                     */
+                    ExtensionRange.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.protobuf.DescriptorProto.ExtensionRange)
+                            return object;
+                        var message = new $root.google.protobuf.DescriptorProto.ExtensionRange();
+                        if (object.start != null)
+                            message.start = object.start | 0;
+                        if (object.end != null)
+                            message.end = object.end | 0;
+                        if (object.options != null) {
+                            if (typeof object.options !== "object")
+                                throw TypeError(".google.protobuf.DescriptorProto.ExtensionRange.options: object expected");
+                            message.options = $root.google.protobuf.ExtensionRangeOptions.fromObject(object.options);
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from an ExtensionRange message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.protobuf.DescriptorProto.ExtensionRange
+                     * @static
+                     * @param {google.protobuf.DescriptorProto.ExtensionRange} message ExtensionRange
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    ExtensionRange.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.defaults) {
+                            object.start = 0;
+                            object.end = 0;
+                            object.options = null;
+                        }
+                        if (message.start != null && message.hasOwnProperty("start"))
+                            object.start = message.start;
+                        if (message.end != null && message.hasOwnProperty("end"))
+                            object.end = message.end;
+                        if (message.options != null && message.hasOwnProperty("options"))
+                            object.options = $root.google.protobuf.ExtensionRangeOptions.toObject(message.options, options);
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this ExtensionRange to JSON.
+                     * @function toJSON
+                     * @memberof google.protobuf.DescriptorProto.ExtensionRange
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    ExtensionRange.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for ExtensionRange
+                     * @function getTypeUrl
+                     * @memberof google.protobuf.DescriptorProto.ExtensionRange
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    ExtensionRange.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.protobuf.DescriptorProto.ExtensionRange";
+                    };
+    
+                    return ExtensionRange;
+                })();
+    
+                DescriptorProto.ReservedRange = (function() {
+    
+                    /**
+                     * Properties of a ReservedRange.
+                     * @memberof google.protobuf.DescriptorProto
+                     * @interface IReservedRange
+                     * @property {number|null} [start] ReservedRange start
+                     * @property {number|null} [end] ReservedRange end
+                     */
+    
+                    /**
+                     * Constructs a new ReservedRange.
+                     * @memberof google.protobuf.DescriptorProto
+                     * @classdesc Represents a ReservedRange.
+                     * @implements IReservedRange
+                     * @constructor
+                     * @param {google.protobuf.DescriptorProto.IReservedRange=} [properties] Properties to set
+                     */
+                    function ReservedRange(properties) {
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * ReservedRange start.
+                     * @member {number} start
+                     * @memberof google.protobuf.DescriptorProto.ReservedRange
+                     * @instance
+                     */
+                    ReservedRange.prototype.start = 0;
+    
+                    /**
+                     * ReservedRange end.
+                     * @member {number} end
+                     * @memberof google.protobuf.DescriptorProto.ReservedRange
+                     * @instance
+                     */
+                    ReservedRange.prototype.end = 0;
+    
+                    /**
+                     * Creates a new ReservedRange instance using the specified properties.
+                     * @function create
+                     * @memberof google.protobuf.DescriptorProto.ReservedRange
+                     * @static
+                     * @param {google.protobuf.DescriptorProto.IReservedRange=} [properties] Properties to set
+                     * @returns {google.protobuf.DescriptorProto.ReservedRange} ReservedRange instance
+                     */
+                    ReservedRange.create = function create(properties) {
+                        return new ReservedRange(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified ReservedRange message. Does not implicitly {@link google.protobuf.DescriptorProto.ReservedRange.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.protobuf.DescriptorProto.ReservedRange
+                     * @static
+                     * @param {google.protobuf.DescriptorProto.IReservedRange} message ReservedRange message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    ReservedRange.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.start != null && Object.hasOwnProperty.call(message, "start"))
+                            writer.uint32(/* id 1, wireType 0 =*/8).int32(message.start);
+                        if (message.end != null && Object.hasOwnProperty.call(message, "end"))
+                            writer.uint32(/* id 2, wireType 0 =*/16).int32(message.end);
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified ReservedRange message, length delimited. Does not implicitly {@link google.protobuf.DescriptorProto.ReservedRange.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.protobuf.DescriptorProto.ReservedRange
+                     * @static
+                     * @param {google.protobuf.DescriptorProto.IReservedRange} message ReservedRange message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    ReservedRange.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes a ReservedRange message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.protobuf.DescriptorProto.ReservedRange
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.protobuf.DescriptorProto.ReservedRange} ReservedRange
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    ReservedRange.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.DescriptorProto.ReservedRange();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    message.start = reader.int32();
+                                    break;
+                                }
+                            case 2: {
+                                    message.end = reader.int32();
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes a ReservedRange message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.protobuf.DescriptorProto.ReservedRange
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.protobuf.DescriptorProto.ReservedRange} ReservedRange
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    ReservedRange.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies a ReservedRange message.
+                     * @function verify
+                     * @memberof google.protobuf.DescriptorProto.ReservedRange
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    ReservedRange.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.start != null && message.hasOwnProperty("start"))
+                            if (!$util.isInteger(message.start))
+                                return "start: integer expected";
+                        if (message.end != null && message.hasOwnProperty("end"))
+                            if (!$util.isInteger(message.end))
+                                return "end: integer expected";
+                        return null;
+                    };
+    
+                    /**
+                     * Creates a ReservedRange message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.protobuf.DescriptorProto.ReservedRange
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.protobuf.DescriptorProto.ReservedRange} ReservedRange
+                     */
+                    ReservedRange.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.protobuf.DescriptorProto.ReservedRange)
+                            return object;
+                        var message = new $root.google.protobuf.DescriptorProto.ReservedRange();
+                        if (object.start != null)
+                            message.start = object.start | 0;
+                        if (object.end != null)
+                            message.end = object.end | 0;
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from a ReservedRange message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.protobuf.DescriptorProto.ReservedRange
+                     * @static
+                     * @param {google.protobuf.DescriptorProto.ReservedRange} message ReservedRange
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    ReservedRange.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.defaults) {
+                            object.start = 0;
+                            object.end = 0;
+                        }
+                        if (message.start != null && message.hasOwnProperty("start"))
+                            object.start = message.start;
+                        if (message.end != null && message.hasOwnProperty("end"))
+                            object.end = message.end;
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this ReservedRange to JSON.
+                     * @function toJSON
+                     * @memberof google.protobuf.DescriptorProto.ReservedRange
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    ReservedRange.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for ReservedRange
+                     * @function getTypeUrl
+                     * @memberof google.protobuf.DescriptorProto.ReservedRange
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    ReservedRange.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.protobuf.DescriptorProto.ReservedRange";
+                    };
+    
+                    return ReservedRange;
+                })();
+    
+                return DescriptorProto;
+            })();
+    
+            protobuf.ExtensionRangeOptions = (function() {
+    
+                /**
+                 * Properties of an ExtensionRangeOptions.
+                 * @memberof google.protobuf
+                 * @interface IExtensionRangeOptions
+                 * @property {Array.<google.protobuf.IUninterpretedOption>|null} [uninterpretedOption] ExtensionRangeOptions uninterpretedOption
+                 */
+    
+                /**
+                 * Constructs a new ExtensionRangeOptions.
+                 * @memberof google.protobuf
+                 * @classdesc Represents an ExtensionRangeOptions.
+                 * @implements IExtensionRangeOptions
+                 * @constructor
+                 * @param {google.protobuf.IExtensionRangeOptions=} [properties] Properties to set
+                 */
+                function ExtensionRangeOptions(properties) {
+                    this.uninterpretedOption = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * ExtensionRangeOptions uninterpretedOption.
+                 * @member {Array.<google.protobuf.IUninterpretedOption>} uninterpretedOption
+                 * @memberof google.protobuf.ExtensionRangeOptions
+                 * @instance
+                 */
+                ExtensionRangeOptions.prototype.uninterpretedOption = $util.emptyArray;
+    
+                /**
+                 * Creates a new ExtensionRangeOptions instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.ExtensionRangeOptions
+                 * @static
+                 * @param {google.protobuf.IExtensionRangeOptions=} [properties] Properties to set
+                 * @returns {google.protobuf.ExtensionRangeOptions} ExtensionRangeOptions instance
+                 */
+                ExtensionRangeOptions.create = function create(properties) {
+                    return new ExtensionRangeOptions(properties);
+                };
+    
+                /**
+                 * Encodes the specified ExtensionRangeOptions message. Does not implicitly {@link google.protobuf.ExtensionRangeOptions.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.ExtensionRangeOptions
+                 * @static
+                 * @param {google.protobuf.IExtensionRangeOptions} message ExtensionRangeOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                ExtensionRangeOptions.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.uninterpretedOption != null && message.uninterpretedOption.length)
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i)
+                            $root.google.protobuf.UninterpretedOption.encode(message.uninterpretedOption[i], writer.uint32(/* id 999, wireType 2 =*/7994).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified ExtensionRangeOptions message, length delimited. Does not implicitly {@link google.protobuf.ExtensionRangeOptions.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.ExtensionRangeOptions
+                 * @static
+                 * @param {google.protobuf.IExtensionRangeOptions} message ExtensionRangeOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                ExtensionRangeOptions.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes an ExtensionRangeOptions message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.ExtensionRangeOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.ExtensionRangeOptions} ExtensionRangeOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                ExtensionRangeOptions.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.ExtensionRangeOptions();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 999: {
+                                if (!(message.uninterpretedOption && message.uninterpretedOption.length))
+                                    message.uninterpretedOption = [];
+                                message.uninterpretedOption.push($root.google.protobuf.UninterpretedOption.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes an ExtensionRangeOptions message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.ExtensionRangeOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.ExtensionRangeOptions} ExtensionRangeOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                ExtensionRangeOptions.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies an ExtensionRangeOptions message.
+                 * @function verify
+                 * @memberof google.protobuf.ExtensionRangeOptions
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                ExtensionRangeOptions.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.uninterpretedOption != null && message.hasOwnProperty("uninterpretedOption")) {
+                        if (!Array.isArray(message.uninterpretedOption))
+                            return "uninterpretedOption: array expected";
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i) {
+                            var error = $root.google.protobuf.UninterpretedOption.verify(message.uninterpretedOption[i]);
+                            if (error)
+                                return "uninterpretedOption." + error;
+                        }
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates an ExtensionRangeOptions message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.ExtensionRangeOptions
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.ExtensionRangeOptions} ExtensionRangeOptions
+                 */
+                ExtensionRangeOptions.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.ExtensionRangeOptions)
+                        return object;
+                    var message = new $root.google.protobuf.ExtensionRangeOptions();
+                    if (object.uninterpretedOption) {
+                        if (!Array.isArray(object.uninterpretedOption))
+                            throw TypeError(".google.protobuf.ExtensionRangeOptions.uninterpretedOption: array expected");
+                        message.uninterpretedOption = [];
+                        for (var i = 0; i < object.uninterpretedOption.length; ++i) {
+                            if (typeof object.uninterpretedOption[i] !== "object")
+                                throw TypeError(".google.protobuf.ExtensionRangeOptions.uninterpretedOption: object expected");
+                            message.uninterpretedOption[i] = $root.google.protobuf.UninterpretedOption.fromObject(object.uninterpretedOption[i]);
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from an ExtensionRangeOptions message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.ExtensionRangeOptions
+                 * @static
+                 * @param {google.protobuf.ExtensionRangeOptions} message ExtensionRangeOptions
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                ExtensionRangeOptions.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.uninterpretedOption = [];
+                    if (message.uninterpretedOption && message.uninterpretedOption.length) {
+                        object.uninterpretedOption = [];
+                        for (var j = 0; j < message.uninterpretedOption.length; ++j)
+                            object.uninterpretedOption[j] = $root.google.protobuf.UninterpretedOption.toObject(message.uninterpretedOption[j], options);
+                    }
+                    return object;
+                };
+    
+                /**
+                 * Converts this ExtensionRangeOptions to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.ExtensionRangeOptions
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                ExtensionRangeOptions.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for ExtensionRangeOptions
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.ExtensionRangeOptions
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                ExtensionRangeOptions.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.ExtensionRangeOptions";
+                };
+    
+                return ExtensionRangeOptions;
+            })();
+    
+            protobuf.FieldDescriptorProto = (function() {
+    
+                /**
+                 * Properties of a FieldDescriptorProto.
+                 * @memberof google.protobuf
+                 * @interface IFieldDescriptorProto
+                 * @property {string|null} [name] FieldDescriptorProto name
+                 * @property {number|null} [number] FieldDescriptorProto number
+                 * @property {google.protobuf.FieldDescriptorProto.Label|null} [label] FieldDescriptorProto label
+                 * @property {google.protobuf.FieldDescriptorProto.Type|null} [type] FieldDescriptorProto type
+                 * @property {string|null} [typeName] FieldDescriptorProto typeName
+                 * @property {string|null} [extendee] FieldDescriptorProto extendee
+                 * @property {string|null} [defaultValue] FieldDescriptorProto defaultValue
+                 * @property {number|null} [oneofIndex] FieldDescriptorProto oneofIndex
+                 * @property {string|null} [jsonName] FieldDescriptorProto jsonName
+                 * @property {google.protobuf.IFieldOptions|null} [options] FieldDescriptorProto options
+                 * @property {boolean|null} [proto3Optional] FieldDescriptorProto proto3Optional
+                 */
+    
+                /**
+                 * Constructs a new FieldDescriptorProto.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a FieldDescriptorProto.
+                 * @implements IFieldDescriptorProto
+                 * @constructor
+                 * @param {google.protobuf.IFieldDescriptorProto=} [properties] Properties to set
+                 */
+                function FieldDescriptorProto(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * FieldDescriptorProto name.
+                 * @member {string} name
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @instance
+                 */
+                FieldDescriptorProto.prototype.name = "";
+    
+                /**
+                 * FieldDescriptorProto number.
+                 * @member {number} number
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @instance
+                 */
+                FieldDescriptorProto.prototype.number = 0;
+    
+                /**
+                 * FieldDescriptorProto label.
+                 * @member {google.protobuf.FieldDescriptorProto.Label} label
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @instance
+                 */
+                FieldDescriptorProto.prototype.label = 1;
+    
+                /**
+                 * FieldDescriptorProto type.
+                 * @member {google.protobuf.FieldDescriptorProto.Type} type
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @instance
+                 */
+                FieldDescriptorProto.prototype.type = 1;
+    
+                /**
+                 * FieldDescriptorProto typeName.
+                 * @member {string} typeName
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @instance
+                 */
+                FieldDescriptorProto.prototype.typeName = "";
+    
+                /**
+                 * FieldDescriptorProto extendee.
+                 * @member {string} extendee
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @instance
+                 */
+                FieldDescriptorProto.prototype.extendee = "";
+    
+                /**
+                 * FieldDescriptorProto defaultValue.
+                 * @member {string} defaultValue
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @instance
+                 */
+                FieldDescriptorProto.prototype.defaultValue = "";
+    
+                /**
+                 * FieldDescriptorProto oneofIndex.
+                 * @member {number} oneofIndex
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @instance
+                 */
+                FieldDescriptorProto.prototype.oneofIndex = 0;
+    
+                /**
+                 * FieldDescriptorProto jsonName.
+                 * @member {string} jsonName
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @instance
+                 */
+                FieldDescriptorProto.prototype.jsonName = "";
+    
+                /**
+                 * FieldDescriptorProto options.
+                 * @member {google.protobuf.IFieldOptions|null|undefined} options
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @instance
+                 */
+                FieldDescriptorProto.prototype.options = null;
+    
+                /**
+                 * FieldDescriptorProto proto3Optional.
+                 * @member {boolean} proto3Optional
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @instance
+                 */
+                FieldDescriptorProto.prototype.proto3Optional = false;
+    
+                /**
+                 * Creates a new FieldDescriptorProto instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IFieldDescriptorProto=} [properties] Properties to set
+                 * @returns {google.protobuf.FieldDescriptorProto} FieldDescriptorProto instance
+                 */
+                FieldDescriptorProto.create = function create(properties) {
+                    return new FieldDescriptorProto(properties);
+                };
+    
+                /**
+                 * Encodes the specified FieldDescriptorProto message. Does not implicitly {@link google.protobuf.FieldDescriptorProto.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IFieldDescriptorProto} message FieldDescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                FieldDescriptorProto.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                    if (message.extendee != null && Object.hasOwnProperty.call(message, "extendee"))
+                        writer.uint32(/* id 2, wireType 2 =*/18).string(message.extendee);
+                    if (message.number != null && Object.hasOwnProperty.call(message, "number"))
+                        writer.uint32(/* id 3, wireType 0 =*/24).int32(message.number);
+                    if (message.label != null && Object.hasOwnProperty.call(message, "label"))
+                        writer.uint32(/* id 4, wireType 0 =*/32).int32(message.label);
+                    if (message.type != null && Object.hasOwnProperty.call(message, "type"))
+                        writer.uint32(/* id 5, wireType 0 =*/40).int32(message.type);
+                    if (message.typeName != null && Object.hasOwnProperty.call(message, "typeName"))
+                        writer.uint32(/* id 6, wireType 2 =*/50).string(message.typeName);
+                    if (message.defaultValue != null && Object.hasOwnProperty.call(message, "defaultValue"))
+                        writer.uint32(/* id 7, wireType 2 =*/58).string(message.defaultValue);
+                    if (message.options != null && Object.hasOwnProperty.call(message, "options"))
+                        $root.google.protobuf.FieldOptions.encode(message.options, writer.uint32(/* id 8, wireType 2 =*/66).fork()).ldelim();
+                    if (message.oneofIndex != null && Object.hasOwnProperty.call(message, "oneofIndex"))
+                        writer.uint32(/* id 9, wireType 0 =*/72).int32(message.oneofIndex);
+                    if (message.jsonName != null && Object.hasOwnProperty.call(message, "jsonName"))
+                        writer.uint32(/* id 10, wireType 2 =*/82).string(message.jsonName);
+                    if (message.proto3Optional != null && Object.hasOwnProperty.call(message, "proto3Optional"))
+                        writer.uint32(/* id 17, wireType 0 =*/136).bool(message.proto3Optional);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified FieldDescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.FieldDescriptorProto.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IFieldDescriptorProto} message FieldDescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                FieldDescriptorProto.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a FieldDescriptorProto message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.FieldDescriptorProto} FieldDescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                FieldDescriptorProto.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.FieldDescriptorProto();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.name = reader.string();
+                                break;
+                            }
+                        case 3: {
+                                message.number = reader.int32();
+                                break;
+                            }
+                        case 4: {
+                                message.label = reader.int32();
+                                break;
+                            }
+                        case 5: {
+                                message.type = reader.int32();
+                                break;
+                            }
+                        case 6: {
+                                message.typeName = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                message.extendee = reader.string();
+                                break;
+                            }
+                        case 7: {
+                                message.defaultValue = reader.string();
+                                break;
+                            }
+                        case 9: {
+                                message.oneofIndex = reader.int32();
+                                break;
+                            }
+                        case 10: {
+                                message.jsonName = reader.string();
+                                break;
+                            }
+                        case 8: {
+                                message.options = $root.google.protobuf.FieldOptions.decode(reader, reader.uint32());
+                                break;
+                            }
+                        case 17: {
+                                message.proto3Optional = reader.bool();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a FieldDescriptorProto message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.FieldDescriptorProto} FieldDescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                FieldDescriptorProto.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a FieldDescriptorProto message.
+                 * @function verify
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                FieldDescriptorProto.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        if (!$util.isString(message.name))
+                            return "name: string expected";
+                    if (message.number != null && message.hasOwnProperty("number"))
+                        if (!$util.isInteger(message.number))
+                            return "number: integer expected";
+                    if (message.label != null && message.hasOwnProperty("label"))
+                        switch (message.label) {
+                        default:
+                            return "label: enum value expected";
+                        case 1:
+                        case 2:
+                        case 3:
+                            break;
+                        }
+                    if (message.type != null && message.hasOwnProperty("type"))
+                        switch (message.type) {
+                        default:
+                            return "type: enum value expected";
+                        case 1:
+                        case 2:
+                        case 3:
+                        case 4:
+                        case 5:
+                        case 6:
+                        case 7:
+                        case 8:
+                        case 9:
+                        case 10:
+                        case 11:
+                        case 12:
+                        case 13:
+                        case 14:
+                        case 15:
+                        case 16:
+                        case 17:
+                        case 18:
+                            break;
+                        }
+                    if (message.typeName != null && message.hasOwnProperty("typeName"))
+                        if (!$util.isString(message.typeName))
+                            return "typeName: string expected";
+                    if (message.extendee != null && message.hasOwnProperty("extendee"))
+                        if (!$util.isString(message.extendee))
+                            return "extendee: string expected";
+                    if (message.defaultValue != null && message.hasOwnProperty("defaultValue"))
+                        if (!$util.isString(message.defaultValue))
+                            return "defaultValue: string expected";
+                    if (message.oneofIndex != null && message.hasOwnProperty("oneofIndex"))
+                        if (!$util.isInteger(message.oneofIndex))
+                            return "oneofIndex: integer expected";
+                    if (message.jsonName != null && message.hasOwnProperty("jsonName"))
+                        if (!$util.isString(message.jsonName))
+                            return "jsonName: string expected";
+                    if (message.options != null && message.hasOwnProperty("options")) {
+                        var error = $root.google.protobuf.FieldOptions.verify(message.options);
+                        if (error)
+                            return "options." + error;
+                    }
+                    if (message.proto3Optional != null && message.hasOwnProperty("proto3Optional"))
+                        if (typeof message.proto3Optional !== "boolean")
+                            return "proto3Optional: boolean expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates a FieldDescriptorProto message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.FieldDescriptorProto} FieldDescriptorProto
+                 */
+                FieldDescriptorProto.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.FieldDescriptorProto)
+                        return object;
+                    var message = new $root.google.protobuf.FieldDescriptorProto();
+                    if (object.name != null)
+                        message.name = String(object.name);
+                    if (object.number != null)
+                        message.number = object.number | 0;
+                    switch (object.label) {
+                    default:
+                        if (typeof object.label === "number") {
+                            message.label = object.label;
+                            break;
+                        }
+                        break;
+                    case "LABEL_OPTIONAL":
+                    case 1:
+                        message.label = 1;
+                        break;
+                    case "LABEL_REQUIRED":
+                    case 2:
+                        message.label = 2;
+                        break;
+                    case "LABEL_REPEATED":
+                    case 3:
+                        message.label = 3;
+                        break;
+                    }
+                    switch (object.type) {
+                    default:
+                        if (typeof object.type === "number") {
+                            message.type = object.type;
+                            break;
+                        }
+                        break;
+                    case "TYPE_DOUBLE":
+                    case 1:
+                        message.type = 1;
+                        break;
+                    case "TYPE_FLOAT":
+                    case 2:
+                        message.type = 2;
+                        break;
+                    case "TYPE_INT64":
+                    case 3:
+                        message.type = 3;
+                        break;
+                    case "TYPE_UINT64":
+                    case 4:
+                        message.type = 4;
+                        break;
+                    case "TYPE_INT32":
+                    case 5:
+                        message.type = 5;
+                        break;
+                    case "TYPE_FIXED64":
+                    case 6:
+                        message.type = 6;
+                        break;
+                    case "TYPE_FIXED32":
+                    case 7:
+                        message.type = 7;
+                        break;
+                    case "TYPE_BOOL":
+                    case 8:
+                        message.type = 8;
+                        break;
+                    case "TYPE_STRING":
+                    case 9:
+                        message.type = 9;
+                        break;
+                    case "TYPE_GROUP":
+                    case 10:
+                        message.type = 10;
+                        break;
+                    case "TYPE_MESSAGE":
+                    case 11:
+                        message.type = 11;
+                        break;
+                    case "TYPE_BYTES":
+                    case 12:
+                        message.type = 12;
+                        break;
+                    case "TYPE_UINT32":
+                    case 13:
+                        message.type = 13;
+                        break;
+                    case "TYPE_ENUM":
+                    case 14:
+                        message.type = 14;
+                        break;
+                    case "TYPE_SFIXED32":
+                    case 15:
+                        message.type = 15;
+                        break;
+                    case "TYPE_SFIXED64":
+                    case 16:
+                        message.type = 16;
+                        break;
+                    case "TYPE_SINT32":
+                    case 17:
+                        message.type = 17;
+                        break;
+                    case "TYPE_SINT64":
+                    case 18:
+                        message.type = 18;
+                        break;
+                    }
+                    if (object.typeName != null)
+                        message.typeName = String(object.typeName);
+                    if (object.extendee != null)
+                        message.extendee = String(object.extendee);
+                    if (object.defaultValue != null)
+                        message.defaultValue = String(object.defaultValue);
+                    if (object.oneofIndex != null)
+                        message.oneofIndex = object.oneofIndex | 0;
+                    if (object.jsonName != null)
+                        message.jsonName = String(object.jsonName);
+                    if (object.options != null) {
+                        if (typeof object.options !== "object")
+                            throw TypeError(".google.protobuf.FieldDescriptorProto.options: object expected");
+                        message.options = $root.google.protobuf.FieldOptions.fromObject(object.options);
+                    }
+                    if (object.proto3Optional != null)
+                        message.proto3Optional = Boolean(object.proto3Optional);
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a FieldDescriptorProto message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @static
+                 * @param {google.protobuf.FieldDescriptorProto} message FieldDescriptorProto
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                FieldDescriptorProto.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults) {
+                        object.name = "";
+                        object.extendee = "";
+                        object.number = 0;
+                        object.label = options.enums === String ? "LABEL_OPTIONAL" : 1;
+                        object.type = options.enums === String ? "TYPE_DOUBLE" : 1;
+                        object.typeName = "";
+                        object.defaultValue = "";
+                        object.options = null;
+                        object.oneofIndex = 0;
+                        object.jsonName = "";
+                        object.proto3Optional = false;
+                    }
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        object.name = message.name;
+                    if (message.extendee != null && message.hasOwnProperty("extendee"))
+                        object.extendee = message.extendee;
+                    if (message.number != null && message.hasOwnProperty("number"))
+                        object.number = message.number;
+                    if (message.label != null && message.hasOwnProperty("label"))
+                        object.label = options.enums === String ? $root.google.protobuf.FieldDescriptorProto.Label[message.label] === undefined ? message.label : $root.google.protobuf.FieldDescriptorProto.Label[message.label] : message.label;
+                    if (message.type != null && message.hasOwnProperty("type"))
+                        object.type = options.enums === String ? $root.google.protobuf.FieldDescriptorProto.Type[message.type] === undefined ? message.type : $root.google.protobuf.FieldDescriptorProto.Type[message.type] : message.type;
+                    if (message.typeName != null && message.hasOwnProperty("typeName"))
+                        object.typeName = message.typeName;
+                    if (message.defaultValue != null && message.hasOwnProperty("defaultValue"))
+                        object.defaultValue = message.defaultValue;
+                    if (message.options != null && message.hasOwnProperty("options"))
+                        object.options = $root.google.protobuf.FieldOptions.toObject(message.options, options);
+                    if (message.oneofIndex != null && message.hasOwnProperty("oneofIndex"))
+                        object.oneofIndex = message.oneofIndex;
+                    if (message.jsonName != null && message.hasOwnProperty("jsonName"))
+                        object.jsonName = message.jsonName;
+                    if (message.proto3Optional != null && message.hasOwnProperty("proto3Optional"))
+                        object.proto3Optional = message.proto3Optional;
+                    return object;
+                };
+    
+                /**
+                 * Converts this FieldDescriptorProto to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                FieldDescriptorProto.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for FieldDescriptorProto
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.FieldDescriptorProto
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                FieldDescriptorProto.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.FieldDescriptorProto";
+                };
+    
+                /**
+                 * Type enum.
+                 * @name google.protobuf.FieldDescriptorProto.Type
+                 * @enum {number}
+                 * @property {number} TYPE_DOUBLE=1 TYPE_DOUBLE value
+                 * @property {number} TYPE_FLOAT=2 TYPE_FLOAT value
+                 * @property {number} TYPE_INT64=3 TYPE_INT64 value
+                 * @property {number} TYPE_UINT64=4 TYPE_UINT64 value
+                 * @property {number} TYPE_INT32=5 TYPE_INT32 value
+                 * @property {number} TYPE_FIXED64=6 TYPE_FIXED64 value
+                 * @property {number} TYPE_FIXED32=7 TYPE_FIXED32 value
+                 * @property {number} TYPE_BOOL=8 TYPE_BOOL value
+                 * @property {number} TYPE_STRING=9 TYPE_STRING value
+                 * @property {number} TYPE_GROUP=10 TYPE_GROUP value
+                 * @property {number} TYPE_MESSAGE=11 TYPE_MESSAGE value
+                 * @property {number} TYPE_BYTES=12 TYPE_BYTES value
+                 * @property {number} TYPE_UINT32=13 TYPE_UINT32 value
+                 * @property {number} TYPE_ENUM=14 TYPE_ENUM value
+                 * @property {number} TYPE_SFIXED32=15 TYPE_SFIXED32 value
+                 * @property {number} TYPE_SFIXED64=16 TYPE_SFIXED64 value
+                 * @property {number} TYPE_SINT32=17 TYPE_SINT32 value
+                 * @property {number} TYPE_SINT64=18 TYPE_SINT64 value
+                 */
+                FieldDescriptorProto.Type = (function() {
+                    var valuesById = {}, values = Object.create(valuesById);
+                    values[valuesById[1] = "TYPE_DOUBLE"] = 1;
+                    values[valuesById[2] = "TYPE_FLOAT"] = 2;
+                    values[valuesById[3] = "TYPE_INT64"] = 3;
+                    values[valuesById[4] = "TYPE_UINT64"] = 4;
+                    values[valuesById[5] = "TYPE_INT32"] = 5;
+                    values[valuesById[6] = "TYPE_FIXED64"] = 6;
+                    values[valuesById[7] = "TYPE_FIXED32"] = 7;
+                    values[valuesById[8] = "TYPE_BOOL"] = 8;
+                    values[valuesById[9] = "TYPE_STRING"] = 9;
+                    values[valuesById[10] = "TYPE_GROUP"] = 10;
+                    values[valuesById[11] = "TYPE_MESSAGE"] = 11;
+                    values[valuesById[12] = "TYPE_BYTES"] = 12;
+                    values[valuesById[13] = "TYPE_UINT32"] = 13;
+                    values[valuesById[14] = "TYPE_ENUM"] = 14;
+                    values[valuesById[15] = "TYPE_SFIXED32"] = 15;
+                    values[valuesById[16] = "TYPE_SFIXED64"] = 16;
+                    values[valuesById[17] = "TYPE_SINT32"] = 17;
+                    values[valuesById[18] = "TYPE_SINT64"] = 18;
+                    return values;
+                })();
+    
+                /**
+                 * Label enum.
+                 * @name google.protobuf.FieldDescriptorProto.Label
+                 * @enum {number}
+                 * @property {number} LABEL_OPTIONAL=1 LABEL_OPTIONAL value
+                 * @property {number} LABEL_REQUIRED=2 LABEL_REQUIRED value
+                 * @property {number} LABEL_REPEATED=3 LABEL_REPEATED value
+                 */
+                FieldDescriptorProto.Label = (function() {
+                    var valuesById = {}, values = Object.create(valuesById);
+                    values[valuesById[1] = "LABEL_OPTIONAL"] = 1;
+                    values[valuesById[2] = "LABEL_REQUIRED"] = 2;
+                    values[valuesById[3] = "LABEL_REPEATED"] = 3;
+                    return values;
+                })();
+    
+                return FieldDescriptorProto;
+            })();
+    
+            protobuf.OneofDescriptorProto = (function() {
+    
+                /**
+                 * Properties of an OneofDescriptorProto.
+                 * @memberof google.protobuf
+                 * @interface IOneofDescriptorProto
+                 * @property {string|null} [name] OneofDescriptorProto name
+                 * @property {google.protobuf.IOneofOptions|null} [options] OneofDescriptorProto options
+                 */
+    
+                /**
+                 * Constructs a new OneofDescriptorProto.
+                 * @memberof google.protobuf
+                 * @classdesc Represents an OneofDescriptorProto.
+                 * @implements IOneofDescriptorProto
+                 * @constructor
+                 * @param {google.protobuf.IOneofDescriptorProto=} [properties] Properties to set
+                 */
+                function OneofDescriptorProto(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * OneofDescriptorProto name.
+                 * @member {string} name
+                 * @memberof google.protobuf.OneofDescriptorProto
+                 * @instance
+                 */
+                OneofDescriptorProto.prototype.name = "";
+    
+                /**
+                 * OneofDescriptorProto options.
+                 * @member {google.protobuf.IOneofOptions|null|undefined} options
+                 * @memberof google.protobuf.OneofDescriptorProto
+                 * @instance
+                 */
+                OneofDescriptorProto.prototype.options = null;
+    
+                /**
+                 * Creates a new OneofDescriptorProto instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.OneofDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IOneofDescriptorProto=} [properties] Properties to set
+                 * @returns {google.protobuf.OneofDescriptorProto} OneofDescriptorProto instance
+                 */
+                OneofDescriptorProto.create = function create(properties) {
+                    return new OneofDescriptorProto(properties);
+                };
+    
+                /**
+                 * Encodes the specified OneofDescriptorProto message. Does not implicitly {@link google.protobuf.OneofDescriptorProto.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.OneofDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IOneofDescriptorProto} message OneofDescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                OneofDescriptorProto.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                    if (message.options != null && Object.hasOwnProperty.call(message, "options"))
+                        $root.google.protobuf.OneofOptions.encode(message.options, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified OneofDescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.OneofDescriptorProto.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.OneofDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IOneofDescriptorProto} message OneofDescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                OneofDescriptorProto.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes an OneofDescriptorProto message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.OneofDescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.OneofDescriptorProto} OneofDescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                OneofDescriptorProto.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.OneofDescriptorProto();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.name = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                message.options = $root.google.protobuf.OneofOptions.decode(reader, reader.uint32());
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes an OneofDescriptorProto message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.OneofDescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.OneofDescriptorProto} OneofDescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                OneofDescriptorProto.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies an OneofDescriptorProto message.
+                 * @function verify
+                 * @memberof google.protobuf.OneofDescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                OneofDescriptorProto.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        if (!$util.isString(message.name))
+                            return "name: string expected";
+                    if (message.options != null && message.hasOwnProperty("options")) {
+                        var error = $root.google.protobuf.OneofOptions.verify(message.options);
+                        if (error)
+                            return "options." + error;
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates an OneofDescriptorProto message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.OneofDescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.OneofDescriptorProto} OneofDescriptorProto
+                 */
+                OneofDescriptorProto.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.OneofDescriptorProto)
+                        return object;
+                    var message = new $root.google.protobuf.OneofDescriptorProto();
+                    if (object.name != null)
+                        message.name = String(object.name);
+                    if (object.options != null) {
+                        if (typeof object.options !== "object")
+                            throw TypeError(".google.protobuf.OneofDescriptorProto.options: object expected");
+                        message.options = $root.google.protobuf.OneofOptions.fromObject(object.options);
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from an OneofDescriptorProto message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.OneofDescriptorProto
+                 * @static
+                 * @param {google.protobuf.OneofDescriptorProto} message OneofDescriptorProto
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                OneofDescriptorProto.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults) {
+                        object.name = "";
+                        object.options = null;
+                    }
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        object.name = message.name;
+                    if (message.options != null && message.hasOwnProperty("options"))
+                        object.options = $root.google.protobuf.OneofOptions.toObject(message.options, options);
+                    return object;
+                };
+    
+                /**
+                 * Converts this OneofDescriptorProto to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.OneofDescriptorProto
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                OneofDescriptorProto.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for OneofDescriptorProto
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.OneofDescriptorProto
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                OneofDescriptorProto.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.OneofDescriptorProto";
+                };
+    
+                return OneofDescriptorProto;
+            })();
+    
+            protobuf.EnumDescriptorProto = (function() {
+    
+                /**
+                 * Properties of an EnumDescriptorProto.
+                 * @memberof google.protobuf
+                 * @interface IEnumDescriptorProto
+                 * @property {string|null} [name] EnumDescriptorProto name
+                 * @property {Array.<google.protobuf.IEnumValueDescriptorProto>|null} [value] EnumDescriptorProto value
+                 * @property {google.protobuf.IEnumOptions|null} [options] EnumDescriptorProto options
+                 * @property {Array.<google.protobuf.EnumDescriptorProto.IEnumReservedRange>|null} [reservedRange] EnumDescriptorProto reservedRange
+                 * @property {Array.<string>|null} [reservedName] EnumDescriptorProto reservedName
+                 */
+    
+                /**
+                 * Constructs a new EnumDescriptorProto.
+                 * @memberof google.protobuf
+                 * @classdesc Represents an EnumDescriptorProto.
+                 * @implements IEnumDescriptorProto
+                 * @constructor
+                 * @param {google.protobuf.IEnumDescriptorProto=} [properties] Properties to set
+                 */
+                function EnumDescriptorProto(properties) {
+                    this.value = [];
+                    this.reservedRange = [];
+                    this.reservedName = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * EnumDescriptorProto name.
+                 * @member {string} name
+                 * @memberof google.protobuf.EnumDescriptorProto
+                 * @instance
+                 */
+                EnumDescriptorProto.prototype.name = "";
+    
+                /**
+                 * EnumDescriptorProto value.
+                 * @member {Array.<google.protobuf.IEnumValueDescriptorProto>} value
+                 * @memberof google.protobuf.EnumDescriptorProto
+                 * @instance
+                 */
+                EnumDescriptorProto.prototype.value = $util.emptyArray;
+    
+                /**
+                 * EnumDescriptorProto options.
+                 * @member {google.protobuf.IEnumOptions|null|undefined} options
+                 * @memberof google.protobuf.EnumDescriptorProto
+                 * @instance
+                 */
+                EnumDescriptorProto.prototype.options = null;
+    
+                /**
+                 * EnumDescriptorProto reservedRange.
+                 * @member {Array.<google.protobuf.EnumDescriptorProto.IEnumReservedRange>} reservedRange
+                 * @memberof google.protobuf.EnumDescriptorProto
+                 * @instance
+                 */
+                EnumDescriptorProto.prototype.reservedRange = $util.emptyArray;
+    
+                /**
+                 * EnumDescriptorProto reservedName.
+                 * @member {Array.<string>} reservedName
+                 * @memberof google.protobuf.EnumDescriptorProto
+                 * @instance
+                 */
+                EnumDescriptorProto.prototype.reservedName = $util.emptyArray;
+    
+                /**
+                 * Creates a new EnumDescriptorProto instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.EnumDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IEnumDescriptorProto=} [properties] Properties to set
+                 * @returns {google.protobuf.EnumDescriptorProto} EnumDescriptorProto instance
+                 */
+                EnumDescriptorProto.create = function create(properties) {
+                    return new EnumDescriptorProto(properties);
+                };
+    
+                /**
+                 * Encodes the specified EnumDescriptorProto message. Does not implicitly {@link google.protobuf.EnumDescriptorProto.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.EnumDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IEnumDescriptorProto} message EnumDescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                EnumDescriptorProto.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                    if (message.value != null && message.value.length)
+                        for (var i = 0; i < message.value.length; ++i)
+                            $root.google.protobuf.EnumValueDescriptorProto.encode(message.value[i], writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                    if (message.options != null && Object.hasOwnProperty.call(message, "options"))
+                        $root.google.protobuf.EnumOptions.encode(message.options, writer.uint32(/* id 3, wireType 2 =*/26).fork()).ldelim();
+                    if (message.reservedRange != null && message.reservedRange.length)
+                        for (var i = 0; i < message.reservedRange.length; ++i)
+                            $root.google.protobuf.EnumDescriptorProto.EnumReservedRange.encode(message.reservedRange[i], writer.uint32(/* id 4, wireType 2 =*/34).fork()).ldelim();
+                    if (message.reservedName != null && message.reservedName.length)
+                        for (var i = 0; i < message.reservedName.length; ++i)
+                            writer.uint32(/* id 5, wireType 2 =*/42).string(message.reservedName[i]);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified EnumDescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.EnumDescriptorProto.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.EnumDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IEnumDescriptorProto} message EnumDescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                EnumDescriptorProto.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes an EnumDescriptorProto message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.EnumDescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.EnumDescriptorProto} EnumDescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                EnumDescriptorProto.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.EnumDescriptorProto();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.name = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                if (!(message.value && message.value.length))
+                                    message.value = [];
+                                message.value.push($root.google.protobuf.EnumValueDescriptorProto.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 3: {
+                                message.options = $root.google.protobuf.EnumOptions.decode(reader, reader.uint32());
+                                break;
+                            }
+                        case 4: {
+                                if (!(message.reservedRange && message.reservedRange.length))
+                                    message.reservedRange = [];
+                                message.reservedRange.push($root.google.protobuf.EnumDescriptorProto.EnumReservedRange.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 5: {
+                                if (!(message.reservedName && message.reservedName.length))
+                                    message.reservedName = [];
+                                message.reservedName.push(reader.string());
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes an EnumDescriptorProto message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.EnumDescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.EnumDescriptorProto} EnumDescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                EnumDescriptorProto.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies an EnumDescriptorProto message.
+                 * @function verify
+                 * @memberof google.protobuf.EnumDescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                EnumDescriptorProto.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        if (!$util.isString(message.name))
+                            return "name: string expected";
+                    if (message.value != null && message.hasOwnProperty("value")) {
+                        if (!Array.isArray(message.value))
+                            return "value: array expected";
+                        for (var i = 0; i < message.value.length; ++i) {
+                            var error = $root.google.protobuf.EnumValueDescriptorProto.verify(message.value[i]);
+                            if (error)
+                                return "value." + error;
+                        }
+                    }
+                    if (message.options != null && message.hasOwnProperty("options")) {
+                        var error = $root.google.protobuf.EnumOptions.verify(message.options);
+                        if (error)
+                            return "options." + error;
+                    }
+                    if (message.reservedRange != null && message.hasOwnProperty("reservedRange")) {
+                        if (!Array.isArray(message.reservedRange))
+                            return "reservedRange: array expected";
+                        for (var i = 0; i < message.reservedRange.length; ++i) {
+                            var error = $root.google.protobuf.EnumDescriptorProto.EnumReservedRange.verify(message.reservedRange[i]);
+                            if (error)
+                                return "reservedRange." + error;
+                        }
+                    }
+                    if (message.reservedName != null && message.hasOwnProperty("reservedName")) {
+                        if (!Array.isArray(message.reservedName))
+                            return "reservedName: array expected";
+                        for (var i = 0; i < message.reservedName.length; ++i)
+                            if (!$util.isString(message.reservedName[i]))
+                                return "reservedName: string[] expected";
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates an EnumDescriptorProto message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.EnumDescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.EnumDescriptorProto} EnumDescriptorProto
+                 */
+                EnumDescriptorProto.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.EnumDescriptorProto)
+                        return object;
+                    var message = new $root.google.protobuf.EnumDescriptorProto();
+                    if (object.name != null)
+                        message.name = String(object.name);
+                    if (object.value) {
+                        if (!Array.isArray(object.value))
+                            throw TypeError(".google.protobuf.EnumDescriptorProto.value: array expected");
+                        message.value = [];
+                        for (var i = 0; i < object.value.length; ++i) {
+                            if (typeof object.value[i] !== "object")
+                                throw TypeError(".google.protobuf.EnumDescriptorProto.value: object expected");
+                            message.value[i] = $root.google.protobuf.EnumValueDescriptorProto.fromObject(object.value[i]);
+                        }
+                    }
+                    if (object.options != null) {
+                        if (typeof object.options !== "object")
+                            throw TypeError(".google.protobuf.EnumDescriptorProto.options: object expected");
+                        message.options = $root.google.protobuf.EnumOptions.fromObject(object.options);
+                    }
+                    if (object.reservedRange) {
+                        if (!Array.isArray(object.reservedRange))
+                            throw TypeError(".google.protobuf.EnumDescriptorProto.reservedRange: array expected");
+                        message.reservedRange = [];
+                        for (var i = 0; i < object.reservedRange.length; ++i) {
+                            if (typeof object.reservedRange[i] !== "object")
+                                throw TypeError(".google.protobuf.EnumDescriptorProto.reservedRange: object expected");
+                            message.reservedRange[i] = $root.google.protobuf.EnumDescriptorProto.EnumReservedRange.fromObject(object.reservedRange[i]);
+                        }
+                    }
+                    if (object.reservedName) {
+                        if (!Array.isArray(object.reservedName))
+                            throw TypeError(".google.protobuf.EnumDescriptorProto.reservedName: array expected");
+                        message.reservedName = [];
+                        for (var i = 0; i < object.reservedName.length; ++i)
+                            message.reservedName[i] = String(object.reservedName[i]);
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from an EnumDescriptorProto message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.EnumDescriptorProto
+                 * @static
+                 * @param {google.protobuf.EnumDescriptorProto} message EnumDescriptorProto
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                EnumDescriptorProto.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults) {
+                        object.value = [];
+                        object.reservedRange = [];
+                        object.reservedName = [];
+                    }
+                    if (options.defaults) {
+                        object.name = "";
+                        object.options = null;
+                    }
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        object.name = message.name;
+                    if (message.value && message.value.length) {
+                        object.value = [];
+                        for (var j = 0; j < message.value.length; ++j)
+                            object.value[j] = $root.google.protobuf.EnumValueDescriptorProto.toObject(message.value[j], options);
+                    }
+                    if (message.options != null && message.hasOwnProperty("options"))
+                        object.options = $root.google.protobuf.EnumOptions.toObject(message.options, options);
+                    if (message.reservedRange && message.reservedRange.length) {
+                        object.reservedRange = [];
+                        for (var j = 0; j < message.reservedRange.length; ++j)
+                            object.reservedRange[j] = $root.google.protobuf.EnumDescriptorProto.EnumReservedRange.toObject(message.reservedRange[j], options);
+                    }
+                    if (message.reservedName && message.reservedName.length) {
+                        object.reservedName = [];
+                        for (var j = 0; j < message.reservedName.length; ++j)
+                            object.reservedName[j] = message.reservedName[j];
+                    }
+                    return object;
+                };
+    
+                /**
+                 * Converts this EnumDescriptorProto to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.EnumDescriptorProto
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                EnumDescriptorProto.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for EnumDescriptorProto
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.EnumDescriptorProto
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                EnumDescriptorProto.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.EnumDescriptorProto";
+                };
+    
+                EnumDescriptorProto.EnumReservedRange = (function() {
+    
+                    /**
+                     * Properties of an EnumReservedRange.
+                     * @memberof google.protobuf.EnumDescriptorProto
+                     * @interface IEnumReservedRange
+                     * @property {number|null} [start] EnumReservedRange start
+                     * @property {number|null} [end] EnumReservedRange end
+                     */
+    
+                    /**
+                     * Constructs a new EnumReservedRange.
+                     * @memberof google.protobuf.EnumDescriptorProto
+                     * @classdesc Represents an EnumReservedRange.
+                     * @implements IEnumReservedRange
+                     * @constructor
+                     * @param {google.protobuf.EnumDescriptorProto.IEnumReservedRange=} [properties] Properties to set
+                     */
+                    function EnumReservedRange(properties) {
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * EnumReservedRange start.
+                     * @member {number} start
+                     * @memberof google.protobuf.EnumDescriptorProto.EnumReservedRange
+                     * @instance
+                     */
+                    EnumReservedRange.prototype.start = 0;
+    
+                    /**
+                     * EnumReservedRange end.
+                     * @member {number} end
+                     * @memberof google.protobuf.EnumDescriptorProto.EnumReservedRange
+                     * @instance
+                     */
+                    EnumReservedRange.prototype.end = 0;
+    
+                    /**
+                     * Creates a new EnumReservedRange instance using the specified properties.
+                     * @function create
+                     * @memberof google.protobuf.EnumDescriptorProto.EnumReservedRange
+                     * @static
+                     * @param {google.protobuf.EnumDescriptorProto.IEnumReservedRange=} [properties] Properties to set
+                     * @returns {google.protobuf.EnumDescriptorProto.EnumReservedRange} EnumReservedRange instance
+                     */
+                    EnumReservedRange.create = function create(properties) {
+                        return new EnumReservedRange(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified EnumReservedRange message. Does not implicitly {@link google.protobuf.EnumDescriptorProto.EnumReservedRange.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.protobuf.EnumDescriptorProto.EnumReservedRange
+                     * @static
+                     * @param {google.protobuf.EnumDescriptorProto.IEnumReservedRange} message EnumReservedRange message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    EnumReservedRange.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.start != null && Object.hasOwnProperty.call(message, "start"))
+                            writer.uint32(/* id 1, wireType 0 =*/8).int32(message.start);
+                        if (message.end != null && Object.hasOwnProperty.call(message, "end"))
+                            writer.uint32(/* id 2, wireType 0 =*/16).int32(message.end);
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified EnumReservedRange message, length delimited. Does not implicitly {@link google.protobuf.EnumDescriptorProto.EnumReservedRange.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.protobuf.EnumDescriptorProto.EnumReservedRange
+                     * @static
+                     * @param {google.protobuf.EnumDescriptorProto.IEnumReservedRange} message EnumReservedRange message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    EnumReservedRange.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes an EnumReservedRange message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.protobuf.EnumDescriptorProto.EnumReservedRange
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.protobuf.EnumDescriptorProto.EnumReservedRange} EnumReservedRange
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    EnumReservedRange.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.EnumDescriptorProto.EnumReservedRange();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    message.start = reader.int32();
+                                    break;
+                                }
+                            case 2: {
+                                    message.end = reader.int32();
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes an EnumReservedRange message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.protobuf.EnumDescriptorProto.EnumReservedRange
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.protobuf.EnumDescriptorProto.EnumReservedRange} EnumReservedRange
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    EnumReservedRange.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies an EnumReservedRange message.
+                     * @function verify
+                     * @memberof google.protobuf.EnumDescriptorProto.EnumReservedRange
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    EnumReservedRange.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.start != null && message.hasOwnProperty("start"))
+                            if (!$util.isInteger(message.start))
+                                return "start: integer expected";
+                        if (message.end != null && message.hasOwnProperty("end"))
+                            if (!$util.isInteger(message.end))
+                                return "end: integer expected";
+                        return null;
+                    };
+    
+                    /**
+                     * Creates an EnumReservedRange message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.protobuf.EnumDescriptorProto.EnumReservedRange
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.protobuf.EnumDescriptorProto.EnumReservedRange} EnumReservedRange
+                     */
+                    EnumReservedRange.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.protobuf.EnumDescriptorProto.EnumReservedRange)
+                            return object;
+                        var message = new $root.google.protobuf.EnumDescriptorProto.EnumReservedRange();
+                        if (object.start != null)
+                            message.start = object.start | 0;
+                        if (object.end != null)
+                            message.end = object.end | 0;
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from an EnumReservedRange message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.protobuf.EnumDescriptorProto.EnumReservedRange
+                     * @static
+                     * @param {google.protobuf.EnumDescriptorProto.EnumReservedRange} message EnumReservedRange
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    EnumReservedRange.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.defaults) {
+                            object.start = 0;
+                            object.end = 0;
+                        }
+                        if (message.start != null && message.hasOwnProperty("start"))
+                            object.start = message.start;
+                        if (message.end != null && message.hasOwnProperty("end"))
+                            object.end = message.end;
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this EnumReservedRange to JSON.
+                     * @function toJSON
+                     * @memberof google.protobuf.EnumDescriptorProto.EnumReservedRange
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    EnumReservedRange.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for EnumReservedRange
+                     * @function getTypeUrl
+                     * @memberof google.protobuf.EnumDescriptorProto.EnumReservedRange
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    EnumReservedRange.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.protobuf.EnumDescriptorProto.EnumReservedRange";
+                    };
+    
+                    return EnumReservedRange;
+                })();
+    
+                return EnumDescriptorProto;
+            })();
+    
+            protobuf.EnumValueDescriptorProto = (function() {
+    
+                /**
+                 * Properties of an EnumValueDescriptorProto.
+                 * @memberof google.protobuf
+                 * @interface IEnumValueDescriptorProto
+                 * @property {string|null} [name] EnumValueDescriptorProto name
+                 * @property {number|null} [number] EnumValueDescriptorProto number
+                 * @property {google.protobuf.IEnumValueOptions|null} [options] EnumValueDescriptorProto options
+                 */
+    
+                /**
+                 * Constructs a new EnumValueDescriptorProto.
+                 * @memberof google.protobuf
+                 * @classdesc Represents an EnumValueDescriptorProto.
+                 * @implements IEnumValueDescriptorProto
+                 * @constructor
+                 * @param {google.protobuf.IEnumValueDescriptorProto=} [properties] Properties to set
+                 */
+                function EnumValueDescriptorProto(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * EnumValueDescriptorProto name.
+                 * @member {string} name
+                 * @memberof google.protobuf.EnumValueDescriptorProto
+                 * @instance
+                 */
+                EnumValueDescriptorProto.prototype.name = "";
+    
+                /**
+                 * EnumValueDescriptorProto number.
+                 * @member {number} number
+                 * @memberof google.protobuf.EnumValueDescriptorProto
+                 * @instance
+                 */
+                EnumValueDescriptorProto.prototype.number = 0;
+    
+                /**
+                 * EnumValueDescriptorProto options.
+                 * @member {google.protobuf.IEnumValueOptions|null|undefined} options
+                 * @memberof google.protobuf.EnumValueDescriptorProto
+                 * @instance
+                 */
+                EnumValueDescriptorProto.prototype.options = null;
+    
+                /**
+                 * Creates a new EnumValueDescriptorProto instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.EnumValueDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IEnumValueDescriptorProto=} [properties] Properties to set
+                 * @returns {google.protobuf.EnumValueDescriptorProto} EnumValueDescriptorProto instance
+                 */
+                EnumValueDescriptorProto.create = function create(properties) {
+                    return new EnumValueDescriptorProto(properties);
+                };
+    
+                /**
+                 * Encodes the specified EnumValueDescriptorProto message. Does not implicitly {@link google.protobuf.EnumValueDescriptorProto.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.EnumValueDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IEnumValueDescriptorProto} message EnumValueDescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                EnumValueDescriptorProto.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                    if (message.number != null && Object.hasOwnProperty.call(message, "number"))
+                        writer.uint32(/* id 2, wireType 0 =*/16).int32(message.number);
+                    if (message.options != null && Object.hasOwnProperty.call(message, "options"))
+                        $root.google.protobuf.EnumValueOptions.encode(message.options, writer.uint32(/* id 3, wireType 2 =*/26).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified EnumValueDescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.EnumValueDescriptorProto.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.EnumValueDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IEnumValueDescriptorProto} message EnumValueDescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                EnumValueDescriptorProto.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes an EnumValueDescriptorProto message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.EnumValueDescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.EnumValueDescriptorProto} EnumValueDescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                EnumValueDescriptorProto.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.EnumValueDescriptorProto();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.name = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                message.number = reader.int32();
+                                break;
+                            }
+                        case 3: {
+                                message.options = $root.google.protobuf.EnumValueOptions.decode(reader, reader.uint32());
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes an EnumValueDescriptorProto message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.EnumValueDescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.EnumValueDescriptorProto} EnumValueDescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                EnumValueDescriptorProto.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies an EnumValueDescriptorProto message.
+                 * @function verify
+                 * @memberof google.protobuf.EnumValueDescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                EnumValueDescriptorProto.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        if (!$util.isString(message.name))
+                            return "name: string expected";
+                    if (message.number != null && message.hasOwnProperty("number"))
+                        if (!$util.isInteger(message.number))
+                            return "number: integer expected";
+                    if (message.options != null && message.hasOwnProperty("options")) {
+                        var error = $root.google.protobuf.EnumValueOptions.verify(message.options);
+                        if (error)
+                            return "options." + error;
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates an EnumValueDescriptorProto message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.EnumValueDescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.EnumValueDescriptorProto} EnumValueDescriptorProto
+                 */
+                EnumValueDescriptorProto.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.EnumValueDescriptorProto)
+                        return object;
+                    var message = new $root.google.protobuf.EnumValueDescriptorProto();
+                    if (object.name != null)
+                        message.name = String(object.name);
+                    if (object.number != null)
+                        message.number = object.number | 0;
+                    if (object.options != null) {
+                        if (typeof object.options !== "object")
+                            throw TypeError(".google.protobuf.EnumValueDescriptorProto.options: object expected");
+                        message.options = $root.google.protobuf.EnumValueOptions.fromObject(object.options);
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from an EnumValueDescriptorProto message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.EnumValueDescriptorProto
+                 * @static
+                 * @param {google.protobuf.EnumValueDescriptorProto} message EnumValueDescriptorProto
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                EnumValueDescriptorProto.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults) {
+                        object.name = "";
+                        object.number = 0;
+                        object.options = null;
+                    }
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        object.name = message.name;
+                    if (message.number != null && message.hasOwnProperty("number"))
+                        object.number = message.number;
+                    if (message.options != null && message.hasOwnProperty("options"))
+                        object.options = $root.google.protobuf.EnumValueOptions.toObject(message.options, options);
+                    return object;
+                };
+    
+                /**
+                 * Converts this EnumValueDescriptorProto to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.EnumValueDescriptorProto
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                EnumValueDescriptorProto.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for EnumValueDescriptorProto
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.EnumValueDescriptorProto
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                EnumValueDescriptorProto.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.EnumValueDescriptorProto";
+                };
+    
+                return EnumValueDescriptorProto;
+            })();
+    
+            protobuf.ServiceDescriptorProto = (function() {
+    
+                /**
+                 * Properties of a ServiceDescriptorProto.
+                 * @memberof google.protobuf
+                 * @interface IServiceDescriptorProto
+                 * @property {string|null} [name] ServiceDescriptorProto name
+                 * @property {Array.<google.protobuf.IMethodDescriptorProto>|null} [method] ServiceDescriptorProto method
+                 * @property {google.protobuf.IServiceOptions|null} [options] ServiceDescriptorProto options
+                 */
+    
+                /**
+                 * Constructs a new ServiceDescriptorProto.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a ServiceDescriptorProto.
+                 * @implements IServiceDescriptorProto
+                 * @constructor
+                 * @param {google.protobuf.IServiceDescriptorProto=} [properties] Properties to set
+                 */
+                function ServiceDescriptorProto(properties) {
+                    this.method = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * ServiceDescriptorProto name.
+                 * @member {string} name
+                 * @memberof google.protobuf.ServiceDescriptorProto
+                 * @instance
+                 */
+                ServiceDescriptorProto.prototype.name = "";
+    
+                /**
+                 * ServiceDescriptorProto method.
+                 * @member {Array.<google.protobuf.IMethodDescriptorProto>} method
+                 * @memberof google.protobuf.ServiceDescriptorProto
+                 * @instance
+                 */
+                ServiceDescriptorProto.prototype.method = $util.emptyArray;
+    
+                /**
+                 * ServiceDescriptorProto options.
+                 * @member {google.protobuf.IServiceOptions|null|undefined} options
+                 * @memberof google.protobuf.ServiceDescriptorProto
+                 * @instance
+                 */
+                ServiceDescriptorProto.prototype.options = null;
+    
+                /**
+                 * Creates a new ServiceDescriptorProto instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.ServiceDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IServiceDescriptorProto=} [properties] Properties to set
+                 * @returns {google.protobuf.ServiceDescriptorProto} ServiceDescriptorProto instance
+                 */
+                ServiceDescriptorProto.create = function create(properties) {
+                    return new ServiceDescriptorProto(properties);
+                };
+    
+                /**
+                 * Encodes the specified ServiceDescriptorProto message. Does not implicitly {@link google.protobuf.ServiceDescriptorProto.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.ServiceDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IServiceDescriptorProto} message ServiceDescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                ServiceDescriptorProto.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                    if (message.method != null && message.method.length)
+                        for (var i = 0; i < message.method.length; ++i)
+                            $root.google.protobuf.MethodDescriptorProto.encode(message.method[i], writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                    if (message.options != null && Object.hasOwnProperty.call(message, "options"))
+                        $root.google.protobuf.ServiceOptions.encode(message.options, writer.uint32(/* id 3, wireType 2 =*/26).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified ServiceDescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.ServiceDescriptorProto.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.ServiceDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IServiceDescriptorProto} message ServiceDescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                ServiceDescriptorProto.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a ServiceDescriptorProto message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.ServiceDescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.ServiceDescriptorProto} ServiceDescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                ServiceDescriptorProto.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.ServiceDescriptorProto();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.name = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                if (!(message.method && message.method.length))
+                                    message.method = [];
+                                message.method.push($root.google.protobuf.MethodDescriptorProto.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 3: {
+                                message.options = $root.google.protobuf.ServiceOptions.decode(reader, reader.uint32());
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a ServiceDescriptorProto message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.ServiceDescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.ServiceDescriptorProto} ServiceDescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                ServiceDescriptorProto.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a ServiceDescriptorProto message.
+                 * @function verify
+                 * @memberof google.protobuf.ServiceDescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                ServiceDescriptorProto.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        if (!$util.isString(message.name))
+                            return "name: string expected";
+                    if (message.method != null && message.hasOwnProperty("method")) {
+                        if (!Array.isArray(message.method))
+                            return "method: array expected";
+                        for (var i = 0; i < message.method.length; ++i) {
+                            var error = $root.google.protobuf.MethodDescriptorProto.verify(message.method[i]);
+                            if (error)
+                                return "method." + error;
+                        }
+                    }
+                    if (message.options != null && message.hasOwnProperty("options")) {
+                        var error = $root.google.protobuf.ServiceOptions.verify(message.options);
+                        if (error)
+                            return "options." + error;
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates a ServiceDescriptorProto message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.ServiceDescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.ServiceDescriptorProto} ServiceDescriptorProto
+                 */
+                ServiceDescriptorProto.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.ServiceDescriptorProto)
+                        return object;
+                    var message = new $root.google.protobuf.ServiceDescriptorProto();
+                    if (object.name != null)
+                        message.name = String(object.name);
+                    if (object.method) {
+                        if (!Array.isArray(object.method))
+                            throw TypeError(".google.protobuf.ServiceDescriptorProto.method: array expected");
+                        message.method = [];
+                        for (var i = 0; i < object.method.length; ++i) {
+                            if (typeof object.method[i] !== "object")
+                                throw TypeError(".google.protobuf.ServiceDescriptorProto.method: object expected");
+                            message.method[i] = $root.google.protobuf.MethodDescriptorProto.fromObject(object.method[i]);
+                        }
+                    }
+                    if (object.options != null) {
+                        if (typeof object.options !== "object")
+                            throw TypeError(".google.protobuf.ServiceDescriptorProto.options: object expected");
+                        message.options = $root.google.protobuf.ServiceOptions.fromObject(object.options);
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a ServiceDescriptorProto message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.ServiceDescriptorProto
+                 * @static
+                 * @param {google.protobuf.ServiceDescriptorProto} message ServiceDescriptorProto
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                ServiceDescriptorProto.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.method = [];
+                    if (options.defaults) {
+                        object.name = "";
+                        object.options = null;
+                    }
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        object.name = message.name;
+                    if (message.method && message.method.length) {
+                        object.method = [];
+                        for (var j = 0; j < message.method.length; ++j)
+                            object.method[j] = $root.google.protobuf.MethodDescriptorProto.toObject(message.method[j], options);
+                    }
+                    if (message.options != null && message.hasOwnProperty("options"))
+                        object.options = $root.google.protobuf.ServiceOptions.toObject(message.options, options);
+                    return object;
+                };
+    
+                /**
+                 * Converts this ServiceDescriptorProto to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.ServiceDescriptorProto
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                ServiceDescriptorProto.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for ServiceDescriptorProto
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.ServiceDescriptorProto
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                ServiceDescriptorProto.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.ServiceDescriptorProto";
+                };
+    
+                return ServiceDescriptorProto;
+            })();
+    
+            protobuf.MethodDescriptorProto = (function() {
+    
+                /**
+                 * Properties of a MethodDescriptorProto.
+                 * @memberof google.protobuf
+                 * @interface IMethodDescriptorProto
+                 * @property {string|null} [name] MethodDescriptorProto name
+                 * @property {string|null} [inputType] MethodDescriptorProto inputType
+                 * @property {string|null} [outputType] MethodDescriptorProto outputType
+                 * @property {google.protobuf.IMethodOptions|null} [options] MethodDescriptorProto options
+                 * @property {boolean|null} [clientStreaming] MethodDescriptorProto clientStreaming
+                 * @property {boolean|null} [serverStreaming] MethodDescriptorProto serverStreaming
+                 */
+    
+                /**
+                 * Constructs a new MethodDescriptorProto.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a MethodDescriptorProto.
+                 * @implements IMethodDescriptorProto
+                 * @constructor
+                 * @param {google.protobuf.IMethodDescriptorProto=} [properties] Properties to set
+                 */
+                function MethodDescriptorProto(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * MethodDescriptorProto name.
+                 * @member {string} name
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @instance
+                 */
+                MethodDescriptorProto.prototype.name = "";
+    
+                /**
+                 * MethodDescriptorProto inputType.
+                 * @member {string} inputType
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @instance
+                 */
+                MethodDescriptorProto.prototype.inputType = "";
+    
+                /**
+                 * MethodDescriptorProto outputType.
+                 * @member {string} outputType
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @instance
+                 */
+                MethodDescriptorProto.prototype.outputType = "";
+    
+                /**
+                 * MethodDescriptorProto options.
+                 * @member {google.protobuf.IMethodOptions|null|undefined} options
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @instance
+                 */
+                MethodDescriptorProto.prototype.options = null;
+    
+                /**
+                 * MethodDescriptorProto clientStreaming.
+                 * @member {boolean} clientStreaming
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @instance
+                 */
+                MethodDescriptorProto.prototype.clientStreaming = false;
+    
+                /**
+                 * MethodDescriptorProto serverStreaming.
+                 * @member {boolean} serverStreaming
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @instance
+                 */
+                MethodDescriptorProto.prototype.serverStreaming = false;
+    
+                /**
+                 * Creates a new MethodDescriptorProto instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IMethodDescriptorProto=} [properties] Properties to set
+                 * @returns {google.protobuf.MethodDescriptorProto} MethodDescriptorProto instance
+                 */
+                MethodDescriptorProto.create = function create(properties) {
+                    return new MethodDescriptorProto(properties);
+                };
+    
+                /**
+                 * Encodes the specified MethodDescriptorProto message. Does not implicitly {@link google.protobuf.MethodDescriptorProto.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IMethodDescriptorProto} message MethodDescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                MethodDescriptorProto.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                    if (message.inputType != null && Object.hasOwnProperty.call(message, "inputType"))
+                        writer.uint32(/* id 2, wireType 2 =*/18).string(message.inputType);
+                    if (message.outputType != null && Object.hasOwnProperty.call(message, "outputType"))
+                        writer.uint32(/* id 3, wireType 2 =*/26).string(message.outputType);
+                    if (message.options != null && Object.hasOwnProperty.call(message, "options"))
+                        $root.google.protobuf.MethodOptions.encode(message.options, writer.uint32(/* id 4, wireType 2 =*/34).fork()).ldelim();
+                    if (message.clientStreaming != null && Object.hasOwnProperty.call(message, "clientStreaming"))
+                        writer.uint32(/* id 5, wireType 0 =*/40).bool(message.clientStreaming);
+                    if (message.serverStreaming != null && Object.hasOwnProperty.call(message, "serverStreaming"))
+                        writer.uint32(/* id 6, wireType 0 =*/48).bool(message.serverStreaming);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified MethodDescriptorProto message, length delimited. Does not implicitly {@link google.protobuf.MethodDescriptorProto.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @static
+                 * @param {google.protobuf.IMethodDescriptorProto} message MethodDescriptorProto message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                MethodDescriptorProto.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a MethodDescriptorProto message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.MethodDescriptorProto} MethodDescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                MethodDescriptorProto.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.MethodDescriptorProto();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.name = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                message.inputType = reader.string();
+                                break;
+                            }
+                        case 3: {
+                                message.outputType = reader.string();
+                                break;
+                            }
+                        case 4: {
+                                message.options = $root.google.protobuf.MethodOptions.decode(reader, reader.uint32());
+                                break;
+                            }
+                        case 5: {
+                                message.clientStreaming = reader.bool();
+                                break;
+                            }
+                        case 6: {
+                                message.serverStreaming = reader.bool();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a MethodDescriptorProto message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.MethodDescriptorProto} MethodDescriptorProto
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                MethodDescriptorProto.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a MethodDescriptorProto message.
+                 * @function verify
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                MethodDescriptorProto.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        if (!$util.isString(message.name))
+                            return "name: string expected";
+                    if (message.inputType != null && message.hasOwnProperty("inputType"))
+                        if (!$util.isString(message.inputType))
+                            return "inputType: string expected";
+                    if (message.outputType != null && message.hasOwnProperty("outputType"))
+                        if (!$util.isString(message.outputType))
+                            return "outputType: string expected";
+                    if (message.options != null && message.hasOwnProperty("options")) {
+                        var error = $root.google.protobuf.MethodOptions.verify(message.options);
+                        if (error)
+                            return "options." + error;
+                    }
+                    if (message.clientStreaming != null && message.hasOwnProperty("clientStreaming"))
+                        if (typeof message.clientStreaming !== "boolean")
+                            return "clientStreaming: boolean expected";
+                    if (message.serverStreaming != null && message.hasOwnProperty("serverStreaming"))
+                        if (typeof message.serverStreaming !== "boolean")
+                            return "serverStreaming: boolean expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates a MethodDescriptorProto message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.MethodDescriptorProto} MethodDescriptorProto
+                 */
+                MethodDescriptorProto.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.MethodDescriptorProto)
+                        return object;
+                    var message = new $root.google.protobuf.MethodDescriptorProto();
+                    if (object.name != null)
+                        message.name = String(object.name);
+                    if (object.inputType != null)
+                        message.inputType = String(object.inputType);
+                    if (object.outputType != null)
+                        message.outputType = String(object.outputType);
+                    if (object.options != null) {
+                        if (typeof object.options !== "object")
+                            throw TypeError(".google.protobuf.MethodDescriptorProto.options: object expected");
+                        message.options = $root.google.protobuf.MethodOptions.fromObject(object.options);
+                    }
+                    if (object.clientStreaming != null)
+                        message.clientStreaming = Boolean(object.clientStreaming);
+                    if (object.serverStreaming != null)
+                        message.serverStreaming = Boolean(object.serverStreaming);
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a MethodDescriptorProto message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @static
+                 * @param {google.protobuf.MethodDescriptorProto} message MethodDescriptorProto
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                MethodDescriptorProto.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults) {
+                        object.name = "";
+                        object.inputType = "";
+                        object.outputType = "";
+                        object.options = null;
+                        object.clientStreaming = false;
+                        object.serverStreaming = false;
+                    }
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        object.name = message.name;
+                    if (message.inputType != null && message.hasOwnProperty("inputType"))
+                        object.inputType = message.inputType;
+                    if (message.outputType != null && message.hasOwnProperty("outputType"))
+                        object.outputType = message.outputType;
+                    if (message.options != null && message.hasOwnProperty("options"))
+                        object.options = $root.google.protobuf.MethodOptions.toObject(message.options, options);
+                    if (message.clientStreaming != null && message.hasOwnProperty("clientStreaming"))
+                        object.clientStreaming = message.clientStreaming;
+                    if (message.serverStreaming != null && message.hasOwnProperty("serverStreaming"))
+                        object.serverStreaming = message.serverStreaming;
+                    return object;
+                };
+    
+                /**
+                 * Converts this MethodDescriptorProto to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                MethodDescriptorProto.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for MethodDescriptorProto
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.MethodDescriptorProto
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                MethodDescriptorProto.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.MethodDescriptorProto";
+                };
+    
+                return MethodDescriptorProto;
+            })();
+    
+            protobuf.FileOptions = (function() {
+    
+                /**
+                 * Properties of a FileOptions.
+                 * @memberof google.protobuf
+                 * @interface IFileOptions
+                 * @property {string|null} [javaPackage] FileOptions javaPackage
+                 * @property {string|null} [javaOuterClassname] FileOptions javaOuterClassname
+                 * @property {boolean|null} [javaMultipleFiles] FileOptions javaMultipleFiles
+                 * @property {boolean|null} [javaGenerateEqualsAndHash] FileOptions javaGenerateEqualsAndHash
+                 * @property {boolean|null} [javaStringCheckUtf8] FileOptions javaStringCheckUtf8
+                 * @property {google.protobuf.FileOptions.OptimizeMode|null} [optimizeFor] FileOptions optimizeFor
+                 * @property {string|null} [goPackage] FileOptions goPackage
+                 * @property {boolean|null} [ccGenericServices] FileOptions ccGenericServices
+                 * @property {boolean|null} [javaGenericServices] FileOptions javaGenericServices
+                 * @property {boolean|null} [pyGenericServices] FileOptions pyGenericServices
+                 * @property {boolean|null} [phpGenericServices] FileOptions phpGenericServices
+                 * @property {boolean|null} [deprecated] FileOptions deprecated
+                 * @property {boolean|null} [ccEnableArenas] FileOptions ccEnableArenas
+                 * @property {string|null} [objcClassPrefix] FileOptions objcClassPrefix
+                 * @property {string|null} [csharpNamespace] FileOptions csharpNamespace
+                 * @property {string|null} [swiftPrefix] FileOptions swiftPrefix
+                 * @property {string|null} [phpClassPrefix] FileOptions phpClassPrefix
+                 * @property {string|null} [phpNamespace] FileOptions phpNamespace
+                 * @property {string|null} [phpMetadataNamespace] FileOptions phpMetadataNamespace
+                 * @property {string|null} [rubyPackage] FileOptions rubyPackage
+                 * @property {Array.<google.protobuf.IUninterpretedOption>|null} [uninterpretedOption] FileOptions uninterpretedOption
+                 * @property {Array.<google.api.IResourceDescriptor>|null} [".google.api.resourceDefinition"] FileOptions .google.api.resourceDefinition
+                 */
+    
+                /**
+                 * Constructs a new FileOptions.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a FileOptions.
+                 * @implements IFileOptions
+                 * @constructor
+                 * @param {google.protobuf.IFileOptions=} [properties] Properties to set
+                 */
+                function FileOptions(properties) {
+                    this.uninterpretedOption = [];
+                    this[".google.api.resourceDefinition"] = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * FileOptions javaPackage.
+                 * @member {string} javaPackage
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.javaPackage = "";
+    
+                /**
+                 * FileOptions javaOuterClassname.
+                 * @member {string} javaOuterClassname
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.javaOuterClassname = "";
+    
+                /**
+                 * FileOptions javaMultipleFiles.
+                 * @member {boolean} javaMultipleFiles
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.javaMultipleFiles = false;
+    
+                /**
+                 * FileOptions javaGenerateEqualsAndHash.
+                 * @member {boolean} javaGenerateEqualsAndHash
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.javaGenerateEqualsAndHash = false;
+    
+                /**
+                 * FileOptions javaStringCheckUtf8.
+                 * @member {boolean} javaStringCheckUtf8
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.javaStringCheckUtf8 = false;
+    
+                /**
+                 * FileOptions optimizeFor.
+                 * @member {google.protobuf.FileOptions.OptimizeMode} optimizeFor
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.optimizeFor = 1;
+    
+                /**
+                 * FileOptions goPackage.
+                 * @member {string} goPackage
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.goPackage = "";
+    
+                /**
+                 * FileOptions ccGenericServices.
+                 * @member {boolean} ccGenericServices
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.ccGenericServices = false;
+    
+                /**
+                 * FileOptions javaGenericServices.
+                 * @member {boolean} javaGenericServices
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.javaGenericServices = false;
+    
+                /**
+                 * FileOptions pyGenericServices.
+                 * @member {boolean} pyGenericServices
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.pyGenericServices = false;
+    
+                /**
+                 * FileOptions phpGenericServices.
+                 * @member {boolean} phpGenericServices
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.phpGenericServices = false;
+    
+                /**
+                 * FileOptions deprecated.
+                 * @member {boolean} deprecated
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.deprecated = false;
+    
+                /**
+                 * FileOptions ccEnableArenas.
+                 * @member {boolean} ccEnableArenas
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.ccEnableArenas = true;
+    
+                /**
+                 * FileOptions objcClassPrefix.
+                 * @member {string} objcClassPrefix
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.objcClassPrefix = "";
+    
+                /**
+                 * FileOptions csharpNamespace.
+                 * @member {string} csharpNamespace
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.csharpNamespace = "";
+    
+                /**
+                 * FileOptions swiftPrefix.
+                 * @member {string} swiftPrefix
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.swiftPrefix = "";
+    
+                /**
+                 * FileOptions phpClassPrefix.
+                 * @member {string} phpClassPrefix
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.phpClassPrefix = "";
+    
+                /**
+                 * FileOptions phpNamespace.
+                 * @member {string} phpNamespace
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.phpNamespace = "";
+    
+                /**
+                 * FileOptions phpMetadataNamespace.
+                 * @member {string} phpMetadataNamespace
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.phpMetadataNamespace = "";
+    
+                /**
+                 * FileOptions rubyPackage.
+                 * @member {string} rubyPackage
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.rubyPackage = "";
+    
+                /**
+                 * FileOptions uninterpretedOption.
+                 * @member {Array.<google.protobuf.IUninterpretedOption>} uninterpretedOption
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype.uninterpretedOption = $util.emptyArray;
+    
+                /**
+                 * FileOptions .google.api.resourceDefinition.
+                 * @member {Array.<google.api.IResourceDescriptor>} .google.api.resourceDefinition
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 */
+                FileOptions.prototype[".google.api.resourceDefinition"] = $util.emptyArray;
+    
+                /**
+                 * Creates a new FileOptions instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.FileOptions
+                 * @static
+                 * @param {google.protobuf.IFileOptions=} [properties] Properties to set
+                 * @returns {google.protobuf.FileOptions} FileOptions instance
+                 */
+                FileOptions.create = function create(properties) {
+                    return new FileOptions(properties);
+                };
+    
+                /**
+                 * Encodes the specified FileOptions message. Does not implicitly {@link google.protobuf.FileOptions.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.FileOptions
+                 * @static
+                 * @param {google.protobuf.IFileOptions} message FileOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                FileOptions.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.javaPackage != null && Object.hasOwnProperty.call(message, "javaPackage"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.javaPackage);
+                    if (message.javaOuterClassname != null && Object.hasOwnProperty.call(message, "javaOuterClassname"))
+                        writer.uint32(/* id 8, wireType 2 =*/66).string(message.javaOuterClassname);
+                    if (message.optimizeFor != null && Object.hasOwnProperty.call(message, "optimizeFor"))
+                        writer.uint32(/* id 9, wireType 0 =*/72).int32(message.optimizeFor);
+                    if (message.javaMultipleFiles != null && Object.hasOwnProperty.call(message, "javaMultipleFiles"))
+                        writer.uint32(/* id 10, wireType 0 =*/80).bool(message.javaMultipleFiles);
+                    if (message.goPackage != null && Object.hasOwnProperty.call(message, "goPackage"))
+                        writer.uint32(/* id 11, wireType 2 =*/90).string(message.goPackage);
+                    if (message.ccGenericServices != null && Object.hasOwnProperty.call(message, "ccGenericServices"))
+                        writer.uint32(/* id 16, wireType 0 =*/128).bool(message.ccGenericServices);
+                    if (message.javaGenericServices != null && Object.hasOwnProperty.call(message, "javaGenericServices"))
+                        writer.uint32(/* id 17, wireType 0 =*/136).bool(message.javaGenericServices);
+                    if (message.pyGenericServices != null && Object.hasOwnProperty.call(message, "pyGenericServices"))
+                        writer.uint32(/* id 18, wireType 0 =*/144).bool(message.pyGenericServices);
+                    if (message.javaGenerateEqualsAndHash != null && Object.hasOwnProperty.call(message, "javaGenerateEqualsAndHash"))
+                        writer.uint32(/* id 20, wireType 0 =*/160).bool(message.javaGenerateEqualsAndHash);
+                    if (message.deprecated != null && Object.hasOwnProperty.call(message, "deprecated"))
+                        writer.uint32(/* id 23, wireType 0 =*/184).bool(message.deprecated);
+                    if (message.javaStringCheckUtf8 != null && Object.hasOwnProperty.call(message, "javaStringCheckUtf8"))
+                        writer.uint32(/* id 27, wireType 0 =*/216).bool(message.javaStringCheckUtf8);
+                    if (message.ccEnableArenas != null && Object.hasOwnProperty.call(message, "ccEnableArenas"))
+                        writer.uint32(/* id 31, wireType 0 =*/248).bool(message.ccEnableArenas);
+                    if (message.objcClassPrefix != null && Object.hasOwnProperty.call(message, "objcClassPrefix"))
+                        writer.uint32(/* id 36, wireType 2 =*/290).string(message.objcClassPrefix);
+                    if (message.csharpNamespace != null && Object.hasOwnProperty.call(message, "csharpNamespace"))
+                        writer.uint32(/* id 37, wireType 2 =*/298).string(message.csharpNamespace);
+                    if (message.swiftPrefix != null && Object.hasOwnProperty.call(message, "swiftPrefix"))
+                        writer.uint32(/* id 39, wireType 2 =*/314).string(message.swiftPrefix);
+                    if (message.phpClassPrefix != null && Object.hasOwnProperty.call(message, "phpClassPrefix"))
+                        writer.uint32(/* id 40, wireType 2 =*/322).string(message.phpClassPrefix);
+                    if (message.phpNamespace != null && Object.hasOwnProperty.call(message, "phpNamespace"))
+                        writer.uint32(/* id 41, wireType 2 =*/330).string(message.phpNamespace);
+                    if (message.phpGenericServices != null && Object.hasOwnProperty.call(message, "phpGenericServices"))
+                        writer.uint32(/* id 42, wireType 0 =*/336).bool(message.phpGenericServices);
+                    if (message.phpMetadataNamespace != null && Object.hasOwnProperty.call(message, "phpMetadataNamespace"))
+                        writer.uint32(/* id 44, wireType 2 =*/354).string(message.phpMetadataNamespace);
+                    if (message.rubyPackage != null && Object.hasOwnProperty.call(message, "rubyPackage"))
+                        writer.uint32(/* id 45, wireType 2 =*/362).string(message.rubyPackage);
+                    if (message.uninterpretedOption != null && message.uninterpretedOption.length)
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i)
+                            $root.google.protobuf.UninterpretedOption.encode(message.uninterpretedOption[i], writer.uint32(/* id 999, wireType 2 =*/7994).fork()).ldelim();
+                    if (message[".google.api.resourceDefinition"] != null && message[".google.api.resourceDefinition"].length)
+                        for (var i = 0; i < message[".google.api.resourceDefinition"].length; ++i)
+                            $root.google.api.ResourceDescriptor.encode(message[".google.api.resourceDefinition"][i], writer.uint32(/* id 1053, wireType 2 =*/8426).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified FileOptions message, length delimited. Does not implicitly {@link google.protobuf.FileOptions.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.FileOptions
+                 * @static
+                 * @param {google.protobuf.IFileOptions} message FileOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                FileOptions.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a FileOptions message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.FileOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.FileOptions} FileOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                FileOptions.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.FileOptions();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.javaPackage = reader.string();
+                                break;
+                            }
+                        case 8: {
+                                message.javaOuterClassname = reader.string();
+                                break;
+                            }
+                        case 10: {
+                                message.javaMultipleFiles = reader.bool();
+                                break;
+                            }
+                        case 20: {
+                                message.javaGenerateEqualsAndHash = reader.bool();
+                                break;
+                            }
+                        case 27: {
+                                message.javaStringCheckUtf8 = reader.bool();
+                                break;
+                            }
+                        case 9: {
+                                message.optimizeFor = reader.int32();
+                                break;
+                            }
+                        case 11: {
+                                message.goPackage = reader.string();
+                                break;
+                            }
+                        case 16: {
+                                message.ccGenericServices = reader.bool();
+                                break;
+                            }
+                        case 17: {
+                                message.javaGenericServices = reader.bool();
+                                break;
+                            }
+                        case 18: {
+                                message.pyGenericServices = reader.bool();
+                                break;
+                            }
+                        case 42: {
+                                message.phpGenericServices = reader.bool();
+                                break;
+                            }
+                        case 23: {
+                                message.deprecated = reader.bool();
+                                break;
+                            }
+                        case 31: {
+                                message.ccEnableArenas = reader.bool();
+                                break;
+                            }
+                        case 36: {
+                                message.objcClassPrefix = reader.string();
+                                break;
+                            }
+                        case 37: {
+                                message.csharpNamespace = reader.string();
+                                break;
+                            }
+                        case 39: {
+                                message.swiftPrefix = reader.string();
+                                break;
+                            }
+                        case 40: {
+                                message.phpClassPrefix = reader.string();
+                                break;
+                            }
+                        case 41: {
+                                message.phpNamespace = reader.string();
+                                break;
+                            }
+                        case 44: {
+                                message.phpMetadataNamespace = reader.string();
+                                break;
+                            }
+                        case 45: {
+                                message.rubyPackage = reader.string();
+                                break;
+                            }
+                        case 999: {
+                                if (!(message.uninterpretedOption && message.uninterpretedOption.length))
+                                    message.uninterpretedOption = [];
+                                message.uninterpretedOption.push($root.google.protobuf.UninterpretedOption.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 1053: {
+                                if (!(message[".google.api.resourceDefinition"] && message[".google.api.resourceDefinition"].length))
+                                    message[".google.api.resourceDefinition"] = [];
+                                message[".google.api.resourceDefinition"].push($root.google.api.ResourceDescriptor.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a FileOptions message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.FileOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.FileOptions} FileOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                FileOptions.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a FileOptions message.
+                 * @function verify
+                 * @memberof google.protobuf.FileOptions
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                FileOptions.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.javaPackage != null && message.hasOwnProperty("javaPackage"))
+                        if (!$util.isString(message.javaPackage))
+                            return "javaPackage: string expected";
+                    if (message.javaOuterClassname != null && message.hasOwnProperty("javaOuterClassname"))
+                        if (!$util.isString(message.javaOuterClassname))
+                            return "javaOuterClassname: string expected";
+                    if (message.javaMultipleFiles != null && message.hasOwnProperty("javaMultipleFiles"))
+                        if (typeof message.javaMultipleFiles !== "boolean")
+                            return "javaMultipleFiles: boolean expected";
+                    if (message.javaGenerateEqualsAndHash != null && message.hasOwnProperty("javaGenerateEqualsAndHash"))
+                        if (typeof message.javaGenerateEqualsAndHash !== "boolean")
+                            return "javaGenerateEqualsAndHash: boolean expected";
+                    if (message.javaStringCheckUtf8 != null && message.hasOwnProperty("javaStringCheckUtf8"))
+                        if (typeof message.javaStringCheckUtf8 !== "boolean")
+                            return "javaStringCheckUtf8: boolean expected";
+                    if (message.optimizeFor != null && message.hasOwnProperty("optimizeFor"))
+                        switch (message.optimizeFor) {
+                        default:
+                            return "optimizeFor: enum value expected";
+                        case 1:
+                        case 2:
+                        case 3:
+                            break;
+                        }
+                    if (message.goPackage != null && message.hasOwnProperty("goPackage"))
+                        if (!$util.isString(message.goPackage))
+                            return "goPackage: string expected";
+                    if (message.ccGenericServices != null && message.hasOwnProperty("ccGenericServices"))
+                        if (typeof message.ccGenericServices !== "boolean")
+                            return "ccGenericServices: boolean expected";
+                    if (message.javaGenericServices != null && message.hasOwnProperty("javaGenericServices"))
+                        if (typeof message.javaGenericServices !== "boolean")
+                            return "javaGenericServices: boolean expected";
+                    if (message.pyGenericServices != null && message.hasOwnProperty("pyGenericServices"))
+                        if (typeof message.pyGenericServices !== "boolean")
+                            return "pyGenericServices: boolean expected";
+                    if (message.phpGenericServices != null && message.hasOwnProperty("phpGenericServices"))
+                        if (typeof message.phpGenericServices !== "boolean")
+                            return "phpGenericServices: boolean expected";
+                    if (message.deprecated != null && message.hasOwnProperty("deprecated"))
+                        if (typeof message.deprecated !== "boolean")
+                            return "deprecated: boolean expected";
+                    if (message.ccEnableArenas != null && message.hasOwnProperty("ccEnableArenas"))
+                        if (typeof message.ccEnableArenas !== "boolean")
+                            return "ccEnableArenas: boolean expected";
+                    if (message.objcClassPrefix != null && message.hasOwnProperty("objcClassPrefix"))
+                        if (!$util.isString(message.objcClassPrefix))
+                            return "objcClassPrefix: string expected";
+                    if (message.csharpNamespace != null && message.hasOwnProperty("csharpNamespace"))
+                        if (!$util.isString(message.csharpNamespace))
+                            return "csharpNamespace: string expected";
+                    if (message.swiftPrefix != null && message.hasOwnProperty("swiftPrefix"))
+                        if (!$util.isString(message.swiftPrefix))
+                            return "swiftPrefix: string expected";
+                    if (message.phpClassPrefix != null && message.hasOwnProperty("phpClassPrefix"))
+                        if (!$util.isString(message.phpClassPrefix))
+                            return "phpClassPrefix: string expected";
+                    if (message.phpNamespace != null && message.hasOwnProperty("phpNamespace"))
+                        if (!$util.isString(message.phpNamespace))
+                            return "phpNamespace: string expected";
+                    if (message.phpMetadataNamespace != null && message.hasOwnProperty("phpMetadataNamespace"))
+                        if (!$util.isString(message.phpMetadataNamespace))
+                            return "phpMetadataNamespace: string expected";
+                    if (message.rubyPackage != null && message.hasOwnProperty("rubyPackage"))
+                        if (!$util.isString(message.rubyPackage))
+                            return "rubyPackage: string expected";
+                    if (message.uninterpretedOption != null && message.hasOwnProperty("uninterpretedOption")) {
+                        if (!Array.isArray(message.uninterpretedOption))
+                            return "uninterpretedOption: array expected";
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i) {
+                            var error = $root.google.protobuf.UninterpretedOption.verify(message.uninterpretedOption[i]);
+                            if (error)
+                                return "uninterpretedOption." + error;
+                        }
+                    }
+                    if (message[".google.api.resourceDefinition"] != null && message.hasOwnProperty(".google.api.resourceDefinition")) {
+                        if (!Array.isArray(message[".google.api.resourceDefinition"]))
+                            return ".google.api.resourceDefinition: array expected";
+                        for (var i = 0; i < message[".google.api.resourceDefinition"].length; ++i) {
+                            var error = $root.google.api.ResourceDescriptor.verify(message[".google.api.resourceDefinition"][i]);
+                            if (error)
+                                return ".google.api.resourceDefinition." + error;
+                        }
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates a FileOptions message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.FileOptions
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.FileOptions} FileOptions
+                 */
+                FileOptions.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.FileOptions)
+                        return object;
+                    var message = new $root.google.protobuf.FileOptions();
+                    if (object.javaPackage != null)
+                        message.javaPackage = String(object.javaPackage);
+                    if (object.javaOuterClassname != null)
+                        message.javaOuterClassname = String(object.javaOuterClassname);
+                    if (object.javaMultipleFiles != null)
+                        message.javaMultipleFiles = Boolean(object.javaMultipleFiles);
+                    if (object.javaGenerateEqualsAndHash != null)
+                        message.javaGenerateEqualsAndHash = Boolean(object.javaGenerateEqualsAndHash);
+                    if (object.javaStringCheckUtf8 != null)
+                        message.javaStringCheckUtf8 = Boolean(object.javaStringCheckUtf8);
+                    switch (object.optimizeFor) {
+                    default:
+                        if (typeof object.optimizeFor === "number") {
+                            message.optimizeFor = object.optimizeFor;
+                            break;
+                        }
+                        break;
+                    case "SPEED":
+                    case 1:
+                        message.optimizeFor = 1;
+                        break;
+                    case "CODE_SIZE":
+                    case 2:
+                        message.optimizeFor = 2;
+                        break;
+                    case "LITE_RUNTIME":
+                    case 3:
+                        message.optimizeFor = 3;
+                        break;
+                    }
+                    if (object.goPackage != null)
+                        message.goPackage = String(object.goPackage);
+                    if (object.ccGenericServices != null)
+                        message.ccGenericServices = Boolean(object.ccGenericServices);
+                    if (object.javaGenericServices != null)
+                        message.javaGenericServices = Boolean(object.javaGenericServices);
+                    if (object.pyGenericServices != null)
+                        message.pyGenericServices = Boolean(object.pyGenericServices);
+                    if (object.phpGenericServices != null)
+                        message.phpGenericServices = Boolean(object.phpGenericServices);
+                    if (object.deprecated != null)
+                        message.deprecated = Boolean(object.deprecated);
+                    if (object.ccEnableArenas != null)
+                        message.ccEnableArenas = Boolean(object.ccEnableArenas);
+                    if (object.objcClassPrefix != null)
+                        message.objcClassPrefix = String(object.objcClassPrefix);
+                    if (object.csharpNamespace != null)
+                        message.csharpNamespace = String(object.csharpNamespace);
+                    if (object.swiftPrefix != null)
+                        message.swiftPrefix = String(object.swiftPrefix);
+                    if (object.phpClassPrefix != null)
+                        message.phpClassPrefix = String(object.phpClassPrefix);
+                    if (object.phpNamespace != null)
+                        message.phpNamespace = String(object.phpNamespace);
+                    if (object.phpMetadataNamespace != null)
+                        message.phpMetadataNamespace = String(object.phpMetadataNamespace);
+                    if (object.rubyPackage != null)
+                        message.rubyPackage = String(object.rubyPackage);
+                    if (object.uninterpretedOption) {
+                        if (!Array.isArray(object.uninterpretedOption))
+                            throw TypeError(".google.protobuf.FileOptions.uninterpretedOption: array expected");
+                        message.uninterpretedOption = [];
+                        for (var i = 0; i < object.uninterpretedOption.length; ++i) {
+                            if (typeof object.uninterpretedOption[i] !== "object")
+                                throw TypeError(".google.protobuf.FileOptions.uninterpretedOption: object expected");
+                            message.uninterpretedOption[i] = $root.google.protobuf.UninterpretedOption.fromObject(object.uninterpretedOption[i]);
+                        }
+                    }
+                    if (object[".google.api.resourceDefinition"]) {
+                        if (!Array.isArray(object[".google.api.resourceDefinition"]))
+                            throw TypeError(".google.protobuf.FileOptions..google.api.resourceDefinition: array expected");
+                        message[".google.api.resourceDefinition"] = [];
+                        for (var i = 0; i < object[".google.api.resourceDefinition"].length; ++i) {
+                            if (typeof object[".google.api.resourceDefinition"][i] !== "object")
+                                throw TypeError(".google.protobuf.FileOptions..google.api.resourceDefinition: object expected");
+                            message[".google.api.resourceDefinition"][i] = $root.google.api.ResourceDescriptor.fromObject(object[".google.api.resourceDefinition"][i]);
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a FileOptions message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.FileOptions
+                 * @static
+                 * @param {google.protobuf.FileOptions} message FileOptions
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                FileOptions.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults) {
+                        object.uninterpretedOption = [];
+                        object[".google.api.resourceDefinition"] = [];
+                    }
+                    if (options.defaults) {
+                        object.javaPackage = "";
+                        object.javaOuterClassname = "";
+                        object.optimizeFor = options.enums === String ? "SPEED" : 1;
+                        object.javaMultipleFiles = false;
+                        object.goPackage = "";
+                        object.ccGenericServices = false;
+                        object.javaGenericServices = false;
+                        object.pyGenericServices = false;
+                        object.javaGenerateEqualsAndHash = false;
+                        object.deprecated = false;
+                        object.javaStringCheckUtf8 = false;
+                        object.ccEnableArenas = true;
+                        object.objcClassPrefix = "";
+                        object.csharpNamespace = "";
+                        object.swiftPrefix = "";
+                        object.phpClassPrefix = "";
+                        object.phpNamespace = "";
+                        object.phpGenericServices = false;
+                        object.phpMetadataNamespace = "";
+                        object.rubyPackage = "";
+                    }
+                    if (message.javaPackage != null && message.hasOwnProperty("javaPackage"))
+                        object.javaPackage = message.javaPackage;
+                    if (message.javaOuterClassname != null && message.hasOwnProperty("javaOuterClassname"))
+                        object.javaOuterClassname = message.javaOuterClassname;
+                    if (message.optimizeFor != null && message.hasOwnProperty("optimizeFor"))
+                        object.optimizeFor = options.enums === String ? $root.google.protobuf.FileOptions.OptimizeMode[message.optimizeFor] === undefined ? message.optimizeFor : $root.google.protobuf.FileOptions.OptimizeMode[message.optimizeFor] : message.optimizeFor;
+                    if (message.javaMultipleFiles != null && message.hasOwnProperty("javaMultipleFiles"))
+                        object.javaMultipleFiles = message.javaMultipleFiles;
+                    if (message.goPackage != null && message.hasOwnProperty("goPackage"))
+                        object.goPackage = message.goPackage;
+                    if (message.ccGenericServices != null && message.hasOwnProperty("ccGenericServices"))
+                        object.ccGenericServices = message.ccGenericServices;
+                    if (message.javaGenericServices != null && message.hasOwnProperty("javaGenericServices"))
+                        object.javaGenericServices = message.javaGenericServices;
+                    if (message.pyGenericServices != null && message.hasOwnProperty("pyGenericServices"))
+                        object.pyGenericServices = message.pyGenericServices;
+                    if (message.javaGenerateEqualsAndHash != null && message.hasOwnProperty("javaGenerateEqualsAndHash"))
+                        object.javaGenerateEqualsAndHash = message.javaGenerateEqualsAndHash;
+                    if (message.deprecated != null && message.hasOwnProperty("deprecated"))
+                        object.deprecated = message.deprecated;
+                    if (message.javaStringCheckUtf8 != null && message.hasOwnProperty("javaStringCheckUtf8"))
+                        object.javaStringCheckUtf8 = message.javaStringCheckUtf8;
+                    if (message.ccEnableArenas != null && message.hasOwnProperty("ccEnableArenas"))
+                        object.ccEnableArenas = message.ccEnableArenas;
+                    if (message.objcClassPrefix != null && message.hasOwnProperty("objcClassPrefix"))
+                        object.objcClassPrefix = message.objcClassPrefix;
+                    if (message.csharpNamespace != null && message.hasOwnProperty("csharpNamespace"))
+                        object.csharpNamespace = message.csharpNamespace;
+                    if (message.swiftPrefix != null && message.hasOwnProperty("swiftPrefix"))
+                        object.swiftPrefix = message.swiftPrefix;
+                    if (message.phpClassPrefix != null && message.hasOwnProperty("phpClassPrefix"))
+                        object.phpClassPrefix = message.phpClassPrefix;
+                    if (message.phpNamespace != null && message.hasOwnProperty("phpNamespace"))
+                        object.phpNamespace = message.phpNamespace;
+                    if (message.phpGenericServices != null && message.hasOwnProperty("phpGenericServices"))
+                        object.phpGenericServices = message.phpGenericServices;
+                    if (message.phpMetadataNamespace != null && message.hasOwnProperty("phpMetadataNamespace"))
+                        object.phpMetadataNamespace = message.phpMetadataNamespace;
+                    if (message.rubyPackage != null && message.hasOwnProperty("rubyPackage"))
+                        object.rubyPackage = message.rubyPackage;
+                    if (message.uninterpretedOption && message.uninterpretedOption.length) {
+                        object.uninterpretedOption = [];
+                        for (var j = 0; j < message.uninterpretedOption.length; ++j)
+                            object.uninterpretedOption[j] = $root.google.protobuf.UninterpretedOption.toObject(message.uninterpretedOption[j], options);
+                    }
+                    if (message[".google.api.resourceDefinition"] && message[".google.api.resourceDefinition"].length) {
+                        object[".google.api.resourceDefinition"] = [];
+                        for (var j = 0; j < message[".google.api.resourceDefinition"].length; ++j)
+                            object[".google.api.resourceDefinition"][j] = $root.google.api.ResourceDescriptor.toObject(message[".google.api.resourceDefinition"][j], options);
+                    }
+                    return object;
+                };
+    
+                /**
+                 * Converts this FileOptions to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.FileOptions
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                FileOptions.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for FileOptions
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.FileOptions
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                FileOptions.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.FileOptions";
+                };
+    
+                /**
+                 * OptimizeMode enum.
+                 * @name google.protobuf.FileOptions.OptimizeMode
+                 * @enum {number}
+                 * @property {number} SPEED=1 SPEED value
+                 * @property {number} CODE_SIZE=2 CODE_SIZE value
+                 * @property {number} LITE_RUNTIME=3 LITE_RUNTIME value
+                 */
+                FileOptions.OptimizeMode = (function() {
+                    var valuesById = {}, values = Object.create(valuesById);
+                    values[valuesById[1] = "SPEED"] = 1;
+                    values[valuesById[2] = "CODE_SIZE"] = 2;
+                    values[valuesById[3] = "LITE_RUNTIME"] = 3;
+                    return values;
+                })();
+    
+                return FileOptions;
+            })();
+    
+            protobuf.MessageOptions = (function() {
+    
+                /**
+                 * Properties of a MessageOptions.
+                 * @memberof google.protobuf
+                 * @interface IMessageOptions
+                 * @property {boolean|null} [messageSetWireFormat] MessageOptions messageSetWireFormat
+                 * @property {boolean|null} [noStandardDescriptorAccessor] MessageOptions noStandardDescriptorAccessor
+                 * @property {boolean|null} [deprecated] MessageOptions deprecated
+                 * @property {boolean|null} [mapEntry] MessageOptions mapEntry
+                 * @property {Array.<google.protobuf.IUninterpretedOption>|null} [uninterpretedOption] MessageOptions uninterpretedOption
+                 * @property {google.api.IResourceDescriptor|null} [".google.api.resource"] MessageOptions .google.api.resource
+                 */
+    
+                /**
+                 * Constructs a new MessageOptions.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a MessageOptions.
+                 * @implements IMessageOptions
+                 * @constructor
+                 * @param {google.protobuf.IMessageOptions=} [properties] Properties to set
+                 */
+                function MessageOptions(properties) {
+                    this.uninterpretedOption = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * MessageOptions messageSetWireFormat.
+                 * @member {boolean} messageSetWireFormat
+                 * @memberof google.protobuf.MessageOptions
+                 * @instance
+                 */
+                MessageOptions.prototype.messageSetWireFormat = false;
+    
+                /**
+                 * MessageOptions noStandardDescriptorAccessor.
+                 * @member {boolean} noStandardDescriptorAccessor
+                 * @memberof google.protobuf.MessageOptions
+                 * @instance
+                 */
+                MessageOptions.prototype.noStandardDescriptorAccessor = false;
+    
+                /**
+                 * MessageOptions deprecated.
+                 * @member {boolean} deprecated
+                 * @memberof google.protobuf.MessageOptions
+                 * @instance
+                 */
+                MessageOptions.prototype.deprecated = false;
+    
+                /**
+                 * MessageOptions mapEntry.
+                 * @member {boolean} mapEntry
+                 * @memberof google.protobuf.MessageOptions
+                 * @instance
+                 */
+                MessageOptions.prototype.mapEntry = false;
+    
+                /**
+                 * MessageOptions uninterpretedOption.
+                 * @member {Array.<google.protobuf.IUninterpretedOption>} uninterpretedOption
+                 * @memberof google.protobuf.MessageOptions
+                 * @instance
+                 */
+                MessageOptions.prototype.uninterpretedOption = $util.emptyArray;
+    
+                /**
+                 * MessageOptions .google.api.resource.
+                 * @member {google.api.IResourceDescriptor|null|undefined} .google.api.resource
+                 * @memberof google.protobuf.MessageOptions
+                 * @instance
+                 */
+                MessageOptions.prototype[".google.api.resource"] = null;
+    
+                /**
+                 * Creates a new MessageOptions instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.MessageOptions
+                 * @static
+                 * @param {google.protobuf.IMessageOptions=} [properties] Properties to set
+                 * @returns {google.protobuf.MessageOptions} MessageOptions instance
+                 */
+                MessageOptions.create = function create(properties) {
+                    return new MessageOptions(properties);
+                };
+    
+                /**
+                 * Encodes the specified MessageOptions message. Does not implicitly {@link google.protobuf.MessageOptions.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.MessageOptions
+                 * @static
+                 * @param {google.protobuf.IMessageOptions} message MessageOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                MessageOptions.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.messageSetWireFormat != null && Object.hasOwnProperty.call(message, "messageSetWireFormat"))
+                        writer.uint32(/* id 1, wireType 0 =*/8).bool(message.messageSetWireFormat);
+                    if (message.noStandardDescriptorAccessor != null && Object.hasOwnProperty.call(message, "noStandardDescriptorAccessor"))
+                        writer.uint32(/* id 2, wireType 0 =*/16).bool(message.noStandardDescriptorAccessor);
+                    if (message.deprecated != null && Object.hasOwnProperty.call(message, "deprecated"))
+                        writer.uint32(/* id 3, wireType 0 =*/24).bool(message.deprecated);
+                    if (message.mapEntry != null && Object.hasOwnProperty.call(message, "mapEntry"))
+                        writer.uint32(/* id 7, wireType 0 =*/56).bool(message.mapEntry);
+                    if (message.uninterpretedOption != null && message.uninterpretedOption.length)
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i)
+                            $root.google.protobuf.UninterpretedOption.encode(message.uninterpretedOption[i], writer.uint32(/* id 999, wireType 2 =*/7994).fork()).ldelim();
+                    if (message[".google.api.resource"] != null && Object.hasOwnProperty.call(message, ".google.api.resource"))
+                        $root.google.api.ResourceDescriptor.encode(message[".google.api.resource"], writer.uint32(/* id 1053, wireType 2 =*/8426).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified MessageOptions message, length delimited. Does not implicitly {@link google.protobuf.MessageOptions.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.MessageOptions
+                 * @static
+                 * @param {google.protobuf.IMessageOptions} message MessageOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                MessageOptions.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a MessageOptions message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.MessageOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.MessageOptions} MessageOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                MessageOptions.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.MessageOptions();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.messageSetWireFormat = reader.bool();
+                                break;
+                            }
+                        case 2: {
+                                message.noStandardDescriptorAccessor = reader.bool();
+                                break;
+                            }
+                        case 3: {
+                                message.deprecated = reader.bool();
+                                break;
+                            }
+                        case 7: {
+                                message.mapEntry = reader.bool();
+                                break;
+                            }
+                        case 999: {
+                                if (!(message.uninterpretedOption && message.uninterpretedOption.length))
+                                    message.uninterpretedOption = [];
+                                message.uninterpretedOption.push($root.google.protobuf.UninterpretedOption.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 1053: {
+                                message[".google.api.resource"] = $root.google.api.ResourceDescriptor.decode(reader, reader.uint32());
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a MessageOptions message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.MessageOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.MessageOptions} MessageOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                MessageOptions.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a MessageOptions message.
+                 * @function verify
+                 * @memberof google.protobuf.MessageOptions
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                MessageOptions.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.messageSetWireFormat != null && message.hasOwnProperty("messageSetWireFormat"))
+                        if (typeof message.messageSetWireFormat !== "boolean")
+                            return "messageSetWireFormat: boolean expected";
+                    if (message.noStandardDescriptorAccessor != null && message.hasOwnProperty("noStandardDescriptorAccessor"))
+                        if (typeof message.noStandardDescriptorAccessor !== "boolean")
+                            return "noStandardDescriptorAccessor: boolean expected";
+                    if (message.deprecated != null && message.hasOwnProperty("deprecated"))
+                        if (typeof message.deprecated !== "boolean")
+                            return "deprecated: boolean expected";
+                    if (message.mapEntry != null && message.hasOwnProperty("mapEntry"))
+                        if (typeof message.mapEntry !== "boolean")
+                            return "mapEntry: boolean expected";
+                    if (message.uninterpretedOption != null && message.hasOwnProperty("uninterpretedOption")) {
+                        if (!Array.isArray(message.uninterpretedOption))
+                            return "uninterpretedOption: array expected";
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i) {
+                            var error = $root.google.protobuf.UninterpretedOption.verify(message.uninterpretedOption[i]);
+                            if (error)
+                                return "uninterpretedOption." + error;
+                        }
+                    }
+                    if (message[".google.api.resource"] != null && message.hasOwnProperty(".google.api.resource")) {
+                        var error = $root.google.api.ResourceDescriptor.verify(message[".google.api.resource"]);
+                        if (error)
+                            return ".google.api.resource." + error;
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates a MessageOptions message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.MessageOptions
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.MessageOptions} MessageOptions
+                 */
+                MessageOptions.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.MessageOptions)
+                        return object;
+                    var message = new $root.google.protobuf.MessageOptions();
+                    if (object.messageSetWireFormat != null)
+                        message.messageSetWireFormat = Boolean(object.messageSetWireFormat);
+                    if (object.noStandardDescriptorAccessor != null)
+                        message.noStandardDescriptorAccessor = Boolean(object.noStandardDescriptorAccessor);
+                    if (object.deprecated != null)
+                        message.deprecated = Boolean(object.deprecated);
+                    if (object.mapEntry != null)
+                        message.mapEntry = Boolean(object.mapEntry);
+                    if (object.uninterpretedOption) {
+                        if (!Array.isArray(object.uninterpretedOption))
+                            throw TypeError(".google.protobuf.MessageOptions.uninterpretedOption: array expected");
+                        message.uninterpretedOption = [];
+                        for (var i = 0; i < object.uninterpretedOption.length; ++i) {
+                            if (typeof object.uninterpretedOption[i] !== "object")
+                                throw TypeError(".google.protobuf.MessageOptions.uninterpretedOption: object expected");
+                            message.uninterpretedOption[i] = $root.google.protobuf.UninterpretedOption.fromObject(object.uninterpretedOption[i]);
+                        }
+                    }
+                    if (object[".google.api.resource"] != null) {
+                        if (typeof object[".google.api.resource"] !== "object")
+                            throw TypeError(".google.protobuf.MessageOptions..google.api.resource: object expected");
+                        message[".google.api.resource"] = $root.google.api.ResourceDescriptor.fromObject(object[".google.api.resource"]);
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a MessageOptions message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.MessageOptions
+                 * @static
+                 * @param {google.protobuf.MessageOptions} message MessageOptions
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                MessageOptions.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.uninterpretedOption = [];
+                    if (options.defaults) {
+                        object.messageSetWireFormat = false;
+                        object.noStandardDescriptorAccessor = false;
+                        object.deprecated = false;
+                        object.mapEntry = false;
+                        object[".google.api.resource"] = null;
+                    }
+                    if (message.messageSetWireFormat != null && message.hasOwnProperty("messageSetWireFormat"))
+                        object.messageSetWireFormat = message.messageSetWireFormat;
+                    if (message.noStandardDescriptorAccessor != null && message.hasOwnProperty("noStandardDescriptorAccessor"))
+                        object.noStandardDescriptorAccessor = message.noStandardDescriptorAccessor;
+                    if (message.deprecated != null && message.hasOwnProperty("deprecated"))
+                        object.deprecated = message.deprecated;
+                    if (message.mapEntry != null && message.hasOwnProperty("mapEntry"))
+                        object.mapEntry = message.mapEntry;
+                    if (message.uninterpretedOption && message.uninterpretedOption.length) {
+                        object.uninterpretedOption = [];
+                        for (var j = 0; j < message.uninterpretedOption.length; ++j)
+                            object.uninterpretedOption[j] = $root.google.protobuf.UninterpretedOption.toObject(message.uninterpretedOption[j], options);
+                    }
+                    if (message[".google.api.resource"] != null && message.hasOwnProperty(".google.api.resource"))
+                        object[".google.api.resource"] = $root.google.api.ResourceDescriptor.toObject(message[".google.api.resource"], options);
+                    return object;
+                };
+    
+                /**
+                 * Converts this MessageOptions to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.MessageOptions
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                MessageOptions.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for MessageOptions
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.MessageOptions
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                MessageOptions.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.MessageOptions";
+                };
+    
+                return MessageOptions;
+            })();
+    
+            protobuf.FieldOptions = (function() {
+    
+                /**
+                 * Properties of a FieldOptions.
+                 * @memberof google.protobuf
+                 * @interface IFieldOptions
+                 * @property {google.protobuf.FieldOptions.CType|null} [ctype] FieldOptions ctype
+                 * @property {boolean|null} [packed] FieldOptions packed
+                 * @property {google.protobuf.FieldOptions.JSType|null} [jstype] FieldOptions jstype
+                 * @property {boolean|null} [lazy] FieldOptions lazy
+                 * @property {boolean|null} [unverifiedLazy] FieldOptions unverifiedLazy
+                 * @property {boolean|null} [deprecated] FieldOptions deprecated
+                 * @property {boolean|null} [weak] FieldOptions weak
+                 * @property {Array.<google.protobuf.IUninterpretedOption>|null} [uninterpretedOption] FieldOptions uninterpretedOption
+                 * @property {Array.<google.api.FieldBehavior>|null} [".google.api.fieldBehavior"] FieldOptions .google.api.fieldBehavior
+                 * @property {google.api.IResourceReference|null} [".google.api.resourceReference"] FieldOptions .google.api.resourceReference
+                 */
+    
+                /**
+                 * Constructs a new FieldOptions.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a FieldOptions.
+                 * @implements IFieldOptions
+                 * @constructor
+                 * @param {google.protobuf.IFieldOptions=} [properties] Properties to set
+                 */
+                function FieldOptions(properties) {
+                    this.uninterpretedOption = [];
+                    this[".google.api.fieldBehavior"] = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * FieldOptions ctype.
+                 * @member {google.protobuf.FieldOptions.CType} ctype
+                 * @memberof google.protobuf.FieldOptions
+                 * @instance
+                 */
+                FieldOptions.prototype.ctype = 0;
+    
+                /**
+                 * FieldOptions packed.
+                 * @member {boolean} packed
+                 * @memberof google.protobuf.FieldOptions
+                 * @instance
+                 */
+                FieldOptions.prototype.packed = false;
+    
+                /**
+                 * FieldOptions jstype.
+                 * @member {google.protobuf.FieldOptions.JSType} jstype
+                 * @memberof google.protobuf.FieldOptions
+                 * @instance
+                 */
+                FieldOptions.prototype.jstype = 0;
+    
+                /**
+                 * FieldOptions lazy.
+                 * @member {boolean} lazy
+                 * @memberof google.protobuf.FieldOptions
+                 * @instance
+                 */
+                FieldOptions.prototype.lazy = false;
+    
+                /**
+                 * FieldOptions unverifiedLazy.
+                 * @member {boolean} unverifiedLazy
+                 * @memberof google.protobuf.FieldOptions
+                 * @instance
+                 */
+                FieldOptions.prototype.unverifiedLazy = false;
+    
+                /**
+                 * FieldOptions deprecated.
+                 * @member {boolean} deprecated
+                 * @memberof google.protobuf.FieldOptions
+                 * @instance
+                 */
+                FieldOptions.prototype.deprecated = false;
+    
+                /**
+                 * FieldOptions weak.
+                 * @member {boolean} weak
+                 * @memberof google.protobuf.FieldOptions
+                 * @instance
+                 */
+                FieldOptions.prototype.weak = false;
+    
+                /**
+                 * FieldOptions uninterpretedOption.
+                 * @member {Array.<google.protobuf.IUninterpretedOption>} uninterpretedOption
+                 * @memberof google.protobuf.FieldOptions
+                 * @instance
+                 */
+                FieldOptions.prototype.uninterpretedOption = $util.emptyArray;
+    
+                /**
+                 * FieldOptions .google.api.fieldBehavior.
+                 * @member {Array.<google.api.FieldBehavior>} .google.api.fieldBehavior
+                 * @memberof google.protobuf.FieldOptions
+                 * @instance
+                 */
+                FieldOptions.prototype[".google.api.fieldBehavior"] = $util.emptyArray;
+    
+                /**
+                 * FieldOptions .google.api.resourceReference.
+                 * @member {google.api.IResourceReference|null|undefined} .google.api.resourceReference
+                 * @memberof google.protobuf.FieldOptions
+                 * @instance
+                 */
+                FieldOptions.prototype[".google.api.resourceReference"] = null;
+    
+                /**
+                 * Creates a new FieldOptions instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.FieldOptions
+                 * @static
+                 * @param {google.protobuf.IFieldOptions=} [properties] Properties to set
+                 * @returns {google.protobuf.FieldOptions} FieldOptions instance
+                 */
+                FieldOptions.create = function create(properties) {
+                    return new FieldOptions(properties);
+                };
+    
+                /**
+                 * Encodes the specified FieldOptions message. Does not implicitly {@link google.protobuf.FieldOptions.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.FieldOptions
+                 * @static
+                 * @param {google.protobuf.IFieldOptions} message FieldOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                FieldOptions.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.ctype != null && Object.hasOwnProperty.call(message, "ctype"))
+                        writer.uint32(/* id 1, wireType 0 =*/8).int32(message.ctype);
+                    if (message.packed != null && Object.hasOwnProperty.call(message, "packed"))
+                        writer.uint32(/* id 2, wireType 0 =*/16).bool(message.packed);
+                    if (message.deprecated != null && Object.hasOwnProperty.call(message, "deprecated"))
+                        writer.uint32(/* id 3, wireType 0 =*/24).bool(message.deprecated);
+                    if (message.lazy != null && Object.hasOwnProperty.call(message, "lazy"))
+                        writer.uint32(/* id 5, wireType 0 =*/40).bool(message.lazy);
+                    if (message.jstype != null && Object.hasOwnProperty.call(message, "jstype"))
+                        writer.uint32(/* id 6, wireType 0 =*/48).int32(message.jstype);
+                    if (message.weak != null && Object.hasOwnProperty.call(message, "weak"))
+                        writer.uint32(/* id 10, wireType 0 =*/80).bool(message.weak);
+                    if (message.unverifiedLazy != null && Object.hasOwnProperty.call(message, "unverifiedLazy"))
+                        writer.uint32(/* id 15, wireType 0 =*/120).bool(message.unverifiedLazy);
+                    if (message.uninterpretedOption != null && message.uninterpretedOption.length)
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i)
+                            $root.google.protobuf.UninterpretedOption.encode(message.uninterpretedOption[i], writer.uint32(/* id 999, wireType 2 =*/7994).fork()).ldelim();
+                    if (message[".google.api.fieldBehavior"] != null && message[".google.api.fieldBehavior"].length) {
+                        writer.uint32(/* id 1052, wireType 2 =*/8418).fork();
+                        for (var i = 0; i < message[".google.api.fieldBehavior"].length; ++i)
+                            writer.int32(message[".google.api.fieldBehavior"][i]);
+                        writer.ldelim();
+                    }
+                    if (message[".google.api.resourceReference"] != null && Object.hasOwnProperty.call(message, ".google.api.resourceReference"))
+                        $root.google.api.ResourceReference.encode(message[".google.api.resourceReference"], writer.uint32(/* id 1055, wireType 2 =*/8442).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified FieldOptions message, length delimited. Does not implicitly {@link google.protobuf.FieldOptions.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.FieldOptions
+                 * @static
+                 * @param {google.protobuf.IFieldOptions} message FieldOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                FieldOptions.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a FieldOptions message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.FieldOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.FieldOptions} FieldOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                FieldOptions.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.FieldOptions();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.ctype = reader.int32();
+                                break;
+                            }
+                        case 2: {
+                                message.packed = reader.bool();
+                                break;
+                            }
+                        case 6: {
+                                message.jstype = reader.int32();
+                                break;
+                            }
+                        case 5: {
+                                message.lazy = reader.bool();
+                                break;
+                            }
+                        case 15: {
+                                message.unverifiedLazy = reader.bool();
+                                break;
+                            }
+                        case 3: {
+                                message.deprecated = reader.bool();
+                                break;
+                            }
+                        case 10: {
+                                message.weak = reader.bool();
+                                break;
+                            }
+                        case 999: {
+                                if (!(message.uninterpretedOption && message.uninterpretedOption.length))
+                                    message.uninterpretedOption = [];
+                                message.uninterpretedOption.push($root.google.protobuf.UninterpretedOption.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 1052: {
+                                if (!(message[".google.api.fieldBehavior"] && message[".google.api.fieldBehavior"].length))
+                                    message[".google.api.fieldBehavior"] = [];
+                                if ((tag & 7) === 2) {
+                                    var end2 = reader.uint32() + reader.pos;
+                                    while (reader.pos < end2)
+                                        message[".google.api.fieldBehavior"].push(reader.int32());
+                                } else
+                                    message[".google.api.fieldBehavior"].push(reader.int32());
+                                break;
+                            }
+                        case 1055: {
+                                message[".google.api.resourceReference"] = $root.google.api.ResourceReference.decode(reader, reader.uint32());
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a FieldOptions message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.FieldOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.FieldOptions} FieldOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                FieldOptions.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a FieldOptions message.
+                 * @function verify
+                 * @memberof google.protobuf.FieldOptions
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                FieldOptions.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.ctype != null && message.hasOwnProperty("ctype"))
+                        switch (message.ctype) {
+                        default:
+                            return "ctype: enum value expected";
+                        case 0:
+                        case 1:
+                        case 2:
+                            break;
+                        }
+                    if (message.packed != null && message.hasOwnProperty("packed"))
+                        if (typeof message.packed !== "boolean")
+                            return "packed: boolean expected";
+                    if (message.jstype != null && message.hasOwnProperty("jstype"))
+                        switch (message.jstype) {
+                        default:
+                            return "jstype: enum value expected";
+                        case 0:
+                        case 1:
+                        case 2:
+                            break;
+                        }
+                    if (message.lazy != null && message.hasOwnProperty("lazy"))
+                        if (typeof message.lazy !== "boolean")
+                            return "lazy: boolean expected";
+                    if (message.unverifiedLazy != null && message.hasOwnProperty("unverifiedLazy"))
+                        if (typeof message.unverifiedLazy !== "boolean")
+                            return "unverifiedLazy: boolean expected";
+                    if (message.deprecated != null && message.hasOwnProperty("deprecated"))
+                        if (typeof message.deprecated !== "boolean")
+                            return "deprecated: boolean expected";
+                    if (message.weak != null && message.hasOwnProperty("weak"))
+                        if (typeof message.weak !== "boolean")
+                            return "weak: boolean expected";
+                    if (message.uninterpretedOption != null && message.hasOwnProperty("uninterpretedOption")) {
+                        if (!Array.isArray(message.uninterpretedOption))
+                            return "uninterpretedOption: array expected";
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i) {
+                            var error = $root.google.protobuf.UninterpretedOption.verify(message.uninterpretedOption[i]);
+                            if (error)
+                                return "uninterpretedOption." + error;
+                        }
+                    }
+                    if (message[".google.api.fieldBehavior"] != null && message.hasOwnProperty(".google.api.fieldBehavior")) {
+                        if (!Array.isArray(message[".google.api.fieldBehavior"]))
+                            return ".google.api.fieldBehavior: array expected";
+                        for (var i = 0; i < message[".google.api.fieldBehavior"].length; ++i)
+                            switch (message[".google.api.fieldBehavior"][i]) {
+                            default:
+                                return ".google.api.fieldBehavior: enum value[] expected";
+                            case 0:
+                            case 1:
+                            case 2:
+                            case 3:
+                            case 4:
+                            case 5:
+                            case 6:
+                            case 7:
+                                break;
+                            }
+                    }
+                    if (message[".google.api.resourceReference"] != null && message.hasOwnProperty(".google.api.resourceReference")) {
+                        var error = $root.google.api.ResourceReference.verify(message[".google.api.resourceReference"]);
+                        if (error)
+                            return ".google.api.resourceReference." + error;
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates a FieldOptions message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.FieldOptions
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.FieldOptions} FieldOptions
+                 */
+                FieldOptions.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.FieldOptions)
+                        return object;
+                    var message = new $root.google.protobuf.FieldOptions();
+                    switch (object.ctype) {
+                    default:
+                        if (typeof object.ctype === "number") {
+                            message.ctype = object.ctype;
+                            break;
+                        }
+                        break;
+                    case "STRING":
+                    case 0:
+                        message.ctype = 0;
+                        break;
+                    case "CORD":
+                    case 1:
+                        message.ctype = 1;
+                        break;
+                    case "STRING_PIECE":
+                    case 2:
+                        message.ctype = 2;
+                        break;
+                    }
+                    if (object.packed != null)
+                        message.packed = Boolean(object.packed);
+                    switch (object.jstype) {
+                    default:
+                        if (typeof object.jstype === "number") {
+                            message.jstype = object.jstype;
+                            break;
+                        }
+                        break;
+                    case "JS_NORMAL":
+                    case 0:
+                        message.jstype = 0;
+                        break;
+                    case "JS_STRING":
+                    case 1:
+                        message.jstype = 1;
+                        break;
+                    case "JS_NUMBER":
+                    case 2:
+                        message.jstype = 2;
+                        break;
+                    }
+                    if (object.lazy != null)
+                        message.lazy = Boolean(object.lazy);
+                    if (object.unverifiedLazy != null)
+                        message.unverifiedLazy = Boolean(object.unverifiedLazy);
+                    if (object.deprecated != null)
+                        message.deprecated = Boolean(object.deprecated);
+                    if (object.weak != null)
+                        message.weak = Boolean(object.weak);
+                    if (object.uninterpretedOption) {
+                        if (!Array.isArray(object.uninterpretedOption))
+                            throw TypeError(".google.protobuf.FieldOptions.uninterpretedOption: array expected");
+                        message.uninterpretedOption = [];
+                        for (var i = 0; i < object.uninterpretedOption.length; ++i) {
+                            if (typeof object.uninterpretedOption[i] !== "object")
+                                throw TypeError(".google.protobuf.FieldOptions.uninterpretedOption: object expected");
+                            message.uninterpretedOption[i] = $root.google.protobuf.UninterpretedOption.fromObject(object.uninterpretedOption[i]);
+                        }
+                    }
+                    if (object[".google.api.fieldBehavior"]) {
+                        if (!Array.isArray(object[".google.api.fieldBehavior"]))
+                            throw TypeError(".google.protobuf.FieldOptions..google.api.fieldBehavior: array expected");
+                        message[".google.api.fieldBehavior"] = [];
+                        for (var i = 0; i < object[".google.api.fieldBehavior"].length; ++i)
+                            switch (object[".google.api.fieldBehavior"][i]) {
+                            default:
+                                if (typeof object[".google.api.fieldBehavior"][i] === "number") {
+                                    message[".google.api.fieldBehavior"][i] = object[".google.api.fieldBehavior"][i];
+                                    break;
+                                }
+                            case "FIELD_BEHAVIOR_UNSPECIFIED":
+                            case 0:
+                                message[".google.api.fieldBehavior"][i] = 0;
+                                break;
+                            case "OPTIONAL":
+                            case 1:
+                                message[".google.api.fieldBehavior"][i] = 1;
+                                break;
+                            case "REQUIRED":
+                            case 2:
+                                message[".google.api.fieldBehavior"][i] = 2;
+                                break;
+                            case "OUTPUT_ONLY":
+                            case 3:
+                                message[".google.api.fieldBehavior"][i] = 3;
+                                break;
+                            case "INPUT_ONLY":
+                            case 4:
+                                message[".google.api.fieldBehavior"][i] = 4;
+                                break;
+                            case "IMMUTABLE":
+                            case 5:
+                                message[".google.api.fieldBehavior"][i] = 5;
+                                break;
+                            case "UNORDERED_LIST":
+                            case 6:
+                                message[".google.api.fieldBehavior"][i] = 6;
+                                break;
+                            case "NON_EMPTY_DEFAULT":
+                            case 7:
+                                message[".google.api.fieldBehavior"][i] = 7;
+                                break;
+                            }
+                    }
+                    if (object[".google.api.resourceReference"] != null) {
+                        if (typeof object[".google.api.resourceReference"] !== "object")
+                            throw TypeError(".google.protobuf.FieldOptions..google.api.resourceReference: object expected");
+                        message[".google.api.resourceReference"] = $root.google.api.ResourceReference.fromObject(object[".google.api.resourceReference"]);
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a FieldOptions message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.FieldOptions
+                 * @static
+                 * @param {google.protobuf.FieldOptions} message FieldOptions
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                FieldOptions.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults) {
+                        object.uninterpretedOption = [];
+                        object[".google.api.fieldBehavior"] = [];
+                    }
+                    if (options.defaults) {
+                        object.ctype = options.enums === String ? "STRING" : 0;
+                        object.packed = false;
+                        object.deprecated = false;
+                        object.lazy = false;
+                        object.jstype = options.enums === String ? "JS_NORMAL" : 0;
+                        object.weak = false;
+                        object.unverifiedLazy = false;
+                        object[".google.api.resourceReference"] = null;
+                    }
+                    if (message.ctype != null && message.hasOwnProperty("ctype"))
+                        object.ctype = options.enums === String ? $root.google.protobuf.FieldOptions.CType[message.ctype] === undefined ? message.ctype : $root.google.protobuf.FieldOptions.CType[message.ctype] : message.ctype;
+                    if (message.packed != null && message.hasOwnProperty("packed"))
+                        object.packed = message.packed;
+                    if (message.deprecated != null && message.hasOwnProperty("deprecated"))
+                        object.deprecated = message.deprecated;
+                    if (message.lazy != null && message.hasOwnProperty("lazy"))
+                        object.lazy = message.lazy;
+                    if (message.jstype != null && message.hasOwnProperty("jstype"))
+                        object.jstype = options.enums === String ? $root.google.protobuf.FieldOptions.JSType[message.jstype] === undefined ? message.jstype : $root.google.protobuf.FieldOptions.JSType[message.jstype] : message.jstype;
+                    if (message.weak != null && message.hasOwnProperty("weak"))
+                        object.weak = message.weak;
+                    if (message.unverifiedLazy != null && message.hasOwnProperty("unverifiedLazy"))
+                        object.unverifiedLazy = message.unverifiedLazy;
+                    if (message.uninterpretedOption && message.uninterpretedOption.length) {
+                        object.uninterpretedOption = [];
+                        for (var j = 0; j < message.uninterpretedOption.length; ++j)
+                            object.uninterpretedOption[j] = $root.google.protobuf.UninterpretedOption.toObject(message.uninterpretedOption[j], options);
+                    }
+                    if (message[".google.api.fieldBehavior"] && message[".google.api.fieldBehavior"].length) {
+                        object[".google.api.fieldBehavior"] = [];
+                        for (var j = 0; j < message[".google.api.fieldBehavior"].length; ++j)
+                            object[".google.api.fieldBehavior"][j] = options.enums === String ? $root.google.api.FieldBehavior[message[".google.api.fieldBehavior"][j]] === undefined ? message[".google.api.fieldBehavior"][j] : $root.google.api.FieldBehavior[message[".google.api.fieldBehavior"][j]] : message[".google.api.fieldBehavior"][j];
+                    }
+                    if (message[".google.api.resourceReference"] != null && message.hasOwnProperty(".google.api.resourceReference"))
+                        object[".google.api.resourceReference"] = $root.google.api.ResourceReference.toObject(message[".google.api.resourceReference"], options);
+                    return object;
+                };
+    
+                /**
+                 * Converts this FieldOptions to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.FieldOptions
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                FieldOptions.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for FieldOptions
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.FieldOptions
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                FieldOptions.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.FieldOptions";
+                };
+    
+                /**
+                 * CType enum.
+                 * @name google.protobuf.FieldOptions.CType
+                 * @enum {number}
+                 * @property {number} STRING=0 STRING value
+                 * @property {number} CORD=1 CORD value
+                 * @property {number} STRING_PIECE=2 STRING_PIECE value
+                 */
+                FieldOptions.CType = (function() {
+                    var valuesById = {}, values = Object.create(valuesById);
+                    values[valuesById[0] = "STRING"] = 0;
+                    values[valuesById[1] = "CORD"] = 1;
+                    values[valuesById[2] = "STRING_PIECE"] = 2;
+                    return values;
+                })();
+    
+                /**
+                 * JSType enum.
+                 * @name google.protobuf.FieldOptions.JSType
+                 * @enum {number}
+                 * @property {number} JS_NORMAL=0 JS_NORMAL value
+                 * @property {number} JS_STRING=1 JS_STRING value
+                 * @property {number} JS_NUMBER=2 JS_NUMBER value
+                 */
+                FieldOptions.JSType = (function() {
+                    var valuesById = {}, values = Object.create(valuesById);
+                    values[valuesById[0] = "JS_NORMAL"] = 0;
+                    values[valuesById[1] = "JS_STRING"] = 1;
+                    values[valuesById[2] = "JS_NUMBER"] = 2;
+                    return values;
+                })();
+    
+                return FieldOptions;
+            })();
+    
+            protobuf.OneofOptions = (function() {
+    
+                /**
+                 * Properties of an OneofOptions.
+                 * @memberof google.protobuf
+                 * @interface IOneofOptions
+                 * @property {Array.<google.protobuf.IUninterpretedOption>|null} [uninterpretedOption] OneofOptions uninterpretedOption
+                 */
+    
+                /**
+                 * Constructs a new OneofOptions.
+                 * @memberof google.protobuf
+                 * @classdesc Represents an OneofOptions.
+                 * @implements IOneofOptions
+                 * @constructor
+                 * @param {google.protobuf.IOneofOptions=} [properties] Properties to set
+                 */
+                function OneofOptions(properties) {
+                    this.uninterpretedOption = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * OneofOptions uninterpretedOption.
+                 * @member {Array.<google.protobuf.IUninterpretedOption>} uninterpretedOption
+                 * @memberof google.protobuf.OneofOptions
+                 * @instance
+                 */
+                OneofOptions.prototype.uninterpretedOption = $util.emptyArray;
+    
+                /**
+                 * Creates a new OneofOptions instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.OneofOptions
+                 * @static
+                 * @param {google.protobuf.IOneofOptions=} [properties] Properties to set
+                 * @returns {google.protobuf.OneofOptions} OneofOptions instance
+                 */
+                OneofOptions.create = function create(properties) {
+                    return new OneofOptions(properties);
+                };
+    
+                /**
+                 * Encodes the specified OneofOptions message. Does not implicitly {@link google.protobuf.OneofOptions.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.OneofOptions
+                 * @static
+                 * @param {google.protobuf.IOneofOptions} message OneofOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                OneofOptions.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.uninterpretedOption != null && message.uninterpretedOption.length)
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i)
+                            $root.google.protobuf.UninterpretedOption.encode(message.uninterpretedOption[i], writer.uint32(/* id 999, wireType 2 =*/7994).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified OneofOptions message, length delimited. Does not implicitly {@link google.protobuf.OneofOptions.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.OneofOptions
+                 * @static
+                 * @param {google.protobuf.IOneofOptions} message OneofOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                OneofOptions.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes an OneofOptions message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.OneofOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.OneofOptions} OneofOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                OneofOptions.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.OneofOptions();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 999: {
+                                if (!(message.uninterpretedOption && message.uninterpretedOption.length))
+                                    message.uninterpretedOption = [];
+                                message.uninterpretedOption.push($root.google.protobuf.UninterpretedOption.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes an OneofOptions message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.OneofOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.OneofOptions} OneofOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                OneofOptions.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies an OneofOptions message.
+                 * @function verify
+                 * @memberof google.protobuf.OneofOptions
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                OneofOptions.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.uninterpretedOption != null && message.hasOwnProperty("uninterpretedOption")) {
+                        if (!Array.isArray(message.uninterpretedOption))
+                            return "uninterpretedOption: array expected";
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i) {
+                            var error = $root.google.protobuf.UninterpretedOption.verify(message.uninterpretedOption[i]);
+                            if (error)
+                                return "uninterpretedOption." + error;
+                        }
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates an OneofOptions message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.OneofOptions
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.OneofOptions} OneofOptions
+                 */
+                OneofOptions.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.OneofOptions)
+                        return object;
+                    var message = new $root.google.protobuf.OneofOptions();
+                    if (object.uninterpretedOption) {
+                        if (!Array.isArray(object.uninterpretedOption))
+                            throw TypeError(".google.protobuf.OneofOptions.uninterpretedOption: array expected");
+                        message.uninterpretedOption = [];
+                        for (var i = 0; i < object.uninterpretedOption.length; ++i) {
+                            if (typeof object.uninterpretedOption[i] !== "object")
+                                throw TypeError(".google.protobuf.OneofOptions.uninterpretedOption: object expected");
+                            message.uninterpretedOption[i] = $root.google.protobuf.UninterpretedOption.fromObject(object.uninterpretedOption[i]);
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from an OneofOptions message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.OneofOptions
+                 * @static
+                 * @param {google.protobuf.OneofOptions} message OneofOptions
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                OneofOptions.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.uninterpretedOption = [];
+                    if (message.uninterpretedOption && message.uninterpretedOption.length) {
+                        object.uninterpretedOption = [];
+                        for (var j = 0; j < message.uninterpretedOption.length; ++j)
+                            object.uninterpretedOption[j] = $root.google.protobuf.UninterpretedOption.toObject(message.uninterpretedOption[j], options);
+                    }
+                    return object;
+                };
+    
+                /**
+                 * Converts this OneofOptions to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.OneofOptions
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                OneofOptions.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for OneofOptions
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.OneofOptions
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                OneofOptions.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.OneofOptions";
+                };
+    
+                return OneofOptions;
+            })();
+    
+            protobuf.EnumOptions = (function() {
+    
+                /**
+                 * Properties of an EnumOptions.
+                 * @memberof google.protobuf
+                 * @interface IEnumOptions
+                 * @property {boolean|null} [allowAlias] EnumOptions allowAlias
+                 * @property {boolean|null} [deprecated] EnumOptions deprecated
+                 * @property {Array.<google.protobuf.IUninterpretedOption>|null} [uninterpretedOption] EnumOptions uninterpretedOption
+                 */
+    
+                /**
+                 * Constructs a new EnumOptions.
+                 * @memberof google.protobuf
+                 * @classdesc Represents an EnumOptions.
+                 * @implements IEnumOptions
+                 * @constructor
+                 * @param {google.protobuf.IEnumOptions=} [properties] Properties to set
+                 */
+                function EnumOptions(properties) {
+                    this.uninterpretedOption = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * EnumOptions allowAlias.
+                 * @member {boolean} allowAlias
+                 * @memberof google.protobuf.EnumOptions
+                 * @instance
+                 */
+                EnumOptions.prototype.allowAlias = false;
+    
+                /**
+                 * EnumOptions deprecated.
+                 * @member {boolean} deprecated
+                 * @memberof google.protobuf.EnumOptions
+                 * @instance
+                 */
+                EnumOptions.prototype.deprecated = false;
+    
+                /**
+                 * EnumOptions uninterpretedOption.
+                 * @member {Array.<google.protobuf.IUninterpretedOption>} uninterpretedOption
+                 * @memberof google.protobuf.EnumOptions
+                 * @instance
+                 */
+                EnumOptions.prototype.uninterpretedOption = $util.emptyArray;
+    
+                /**
+                 * Creates a new EnumOptions instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.EnumOptions
+                 * @static
+                 * @param {google.protobuf.IEnumOptions=} [properties] Properties to set
+                 * @returns {google.protobuf.EnumOptions} EnumOptions instance
+                 */
+                EnumOptions.create = function create(properties) {
+                    return new EnumOptions(properties);
+                };
+    
+                /**
+                 * Encodes the specified EnumOptions message. Does not implicitly {@link google.protobuf.EnumOptions.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.EnumOptions
+                 * @static
+                 * @param {google.protobuf.IEnumOptions} message EnumOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                EnumOptions.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.allowAlias != null && Object.hasOwnProperty.call(message, "allowAlias"))
+                        writer.uint32(/* id 2, wireType 0 =*/16).bool(message.allowAlias);
+                    if (message.deprecated != null && Object.hasOwnProperty.call(message, "deprecated"))
+                        writer.uint32(/* id 3, wireType 0 =*/24).bool(message.deprecated);
+                    if (message.uninterpretedOption != null && message.uninterpretedOption.length)
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i)
+                            $root.google.protobuf.UninterpretedOption.encode(message.uninterpretedOption[i], writer.uint32(/* id 999, wireType 2 =*/7994).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified EnumOptions message, length delimited. Does not implicitly {@link google.protobuf.EnumOptions.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.EnumOptions
+                 * @static
+                 * @param {google.protobuf.IEnumOptions} message EnumOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                EnumOptions.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes an EnumOptions message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.EnumOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.EnumOptions} EnumOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                EnumOptions.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.EnumOptions();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 2: {
+                                message.allowAlias = reader.bool();
+                                break;
+                            }
+                        case 3: {
+                                message.deprecated = reader.bool();
+                                break;
+                            }
+                        case 999: {
+                                if (!(message.uninterpretedOption && message.uninterpretedOption.length))
+                                    message.uninterpretedOption = [];
+                                message.uninterpretedOption.push($root.google.protobuf.UninterpretedOption.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes an EnumOptions message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.EnumOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.EnumOptions} EnumOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                EnumOptions.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies an EnumOptions message.
+                 * @function verify
+                 * @memberof google.protobuf.EnumOptions
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                EnumOptions.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.allowAlias != null && message.hasOwnProperty("allowAlias"))
+                        if (typeof message.allowAlias !== "boolean")
+                            return "allowAlias: boolean expected";
+                    if (message.deprecated != null && message.hasOwnProperty("deprecated"))
+                        if (typeof message.deprecated !== "boolean")
+                            return "deprecated: boolean expected";
+                    if (message.uninterpretedOption != null && message.hasOwnProperty("uninterpretedOption")) {
+                        if (!Array.isArray(message.uninterpretedOption))
+                            return "uninterpretedOption: array expected";
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i) {
+                            var error = $root.google.protobuf.UninterpretedOption.verify(message.uninterpretedOption[i]);
+                            if (error)
+                                return "uninterpretedOption." + error;
+                        }
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates an EnumOptions message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.EnumOptions
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.EnumOptions} EnumOptions
+                 */
+                EnumOptions.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.EnumOptions)
+                        return object;
+                    var message = new $root.google.protobuf.EnumOptions();
+                    if (object.allowAlias != null)
+                        message.allowAlias = Boolean(object.allowAlias);
+                    if (object.deprecated != null)
+                        message.deprecated = Boolean(object.deprecated);
+                    if (object.uninterpretedOption) {
+                        if (!Array.isArray(object.uninterpretedOption))
+                            throw TypeError(".google.protobuf.EnumOptions.uninterpretedOption: array expected");
+                        message.uninterpretedOption = [];
+                        for (var i = 0; i < object.uninterpretedOption.length; ++i) {
+                            if (typeof object.uninterpretedOption[i] !== "object")
+                                throw TypeError(".google.protobuf.EnumOptions.uninterpretedOption: object expected");
+                            message.uninterpretedOption[i] = $root.google.protobuf.UninterpretedOption.fromObject(object.uninterpretedOption[i]);
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from an EnumOptions message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.EnumOptions
+                 * @static
+                 * @param {google.protobuf.EnumOptions} message EnumOptions
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                EnumOptions.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.uninterpretedOption = [];
+                    if (options.defaults) {
+                        object.allowAlias = false;
+                        object.deprecated = false;
+                    }
+                    if (message.allowAlias != null && message.hasOwnProperty("allowAlias"))
+                        object.allowAlias = message.allowAlias;
+                    if (message.deprecated != null && message.hasOwnProperty("deprecated"))
+                        object.deprecated = message.deprecated;
+                    if (message.uninterpretedOption && message.uninterpretedOption.length) {
+                        object.uninterpretedOption = [];
+                        for (var j = 0; j < message.uninterpretedOption.length; ++j)
+                            object.uninterpretedOption[j] = $root.google.protobuf.UninterpretedOption.toObject(message.uninterpretedOption[j], options);
+                    }
+                    return object;
+                };
+    
+                /**
+                 * Converts this EnumOptions to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.EnumOptions
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                EnumOptions.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for EnumOptions
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.EnumOptions
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                EnumOptions.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.EnumOptions";
+                };
+    
+                return EnumOptions;
+            })();
+    
+            protobuf.EnumValueOptions = (function() {
+    
+                /**
+                 * Properties of an EnumValueOptions.
+                 * @memberof google.protobuf
+                 * @interface IEnumValueOptions
+                 * @property {boolean|null} [deprecated] EnumValueOptions deprecated
+                 * @property {Array.<google.protobuf.IUninterpretedOption>|null} [uninterpretedOption] EnumValueOptions uninterpretedOption
+                 */
+    
+                /**
+                 * Constructs a new EnumValueOptions.
+                 * @memberof google.protobuf
+                 * @classdesc Represents an EnumValueOptions.
+                 * @implements IEnumValueOptions
+                 * @constructor
+                 * @param {google.protobuf.IEnumValueOptions=} [properties] Properties to set
+                 */
+                function EnumValueOptions(properties) {
+                    this.uninterpretedOption = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * EnumValueOptions deprecated.
+                 * @member {boolean} deprecated
+                 * @memberof google.protobuf.EnumValueOptions
+                 * @instance
+                 */
+                EnumValueOptions.prototype.deprecated = false;
+    
+                /**
+                 * EnumValueOptions uninterpretedOption.
+                 * @member {Array.<google.protobuf.IUninterpretedOption>} uninterpretedOption
+                 * @memberof google.protobuf.EnumValueOptions
+                 * @instance
+                 */
+                EnumValueOptions.prototype.uninterpretedOption = $util.emptyArray;
+    
+                /**
+                 * Creates a new EnumValueOptions instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.EnumValueOptions
+                 * @static
+                 * @param {google.protobuf.IEnumValueOptions=} [properties] Properties to set
+                 * @returns {google.protobuf.EnumValueOptions} EnumValueOptions instance
+                 */
+                EnumValueOptions.create = function create(properties) {
+                    return new EnumValueOptions(properties);
+                };
+    
+                /**
+                 * Encodes the specified EnumValueOptions message. Does not implicitly {@link google.protobuf.EnumValueOptions.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.EnumValueOptions
+                 * @static
+                 * @param {google.protobuf.IEnumValueOptions} message EnumValueOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                EnumValueOptions.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.deprecated != null && Object.hasOwnProperty.call(message, "deprecated"))
+                        writer.uint32(/* id 1, wireType 0 =*/8).bool(message.deprecated);
+                    if (message.uninterpretedOption != null && message.uninterpretedOption.length)
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i)
+                            $root.google.protobuf.UninterpretedOption.encode(message.uninterpretedOption[i], writer.uint32(/* id 999, wireType 2 =*/7994).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified EnumValueOptions message, length delimited. Does not implicitly {@link google.protobuf.EnumValueOptions.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.EnumValueOptions
+                 * @static
+                 * @param {google.protobuf.IEnumValueOptions} message EnumValueOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                EnumValueOptions.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes an EnumValueOptions message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.EnumValueOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.EnumValueOptions} EnumValueOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                EnumValueOptions.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.EnumValueOptions();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.deprecated = reader.bool();
+                                break;
+                            }
+                        case 999: {
+                                if (!(message.uninterpretedOption && message.uninterpretedOption.length))
+                                    message.uninterpretedOption = [];
+                                message.uninterpretedOption.push($root.google.protobuf.UninterpretedOption.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes an EnumValueOptions message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.EnumValueOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.EnumValueOptions} EnumValueOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                EnumValueOptions.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies an EnumValueOptions message.
+                 * @function verify
+                 * @memberof google.protobuf.EnumValueOptions
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                EnumValueOptions.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.deprecated != null && message.hasOwnProperty("deprecated"))
+                        if (typeof message.deprecated !== "boolean")
+                            return "deprecated: boolean expected";
+                    if (message.uninterpretedOption != null && message.hasOwnProperty("uninterpretedOption")) {
+                        if (!Array.isArray(message.uninterpretedOption))
+                            return "uninterpretedOption: array expected";
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i) {
+                            var error = $root.google.protobuf.UninterpretedOption.verify(message.uninterpretedOption[i]);
+                            if (error)
+                                return "uninterpretedOption." + error;
+                        }
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates an EnumValueOptions message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.EnumValueOptions
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.EnumValueOptions} EnumValueOptions
+                 */
+                EnumValueOptions.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.EnumValueOptions)
+                        return object;
+                    var message = new $root.google.protobuf.EnumValueOptions();
+                    if (object.deprecated != null)
+                        message.deprecated = Boolean(object.deprecated);
+                    if (object.uninterpretedOption) {
+                        if (!Array.isArray(object.uninterpretedOption))
+                            throw TypeError(".google.protobuf.EnumValueOptions.uninterpretedOption: array expected");
+                        message.uninterpretedOption = [];
+                        for (var i = 0; i < object.uninterpretedOption.length; ++i) {
+                            if (typeof object.uninterpretedOption[i] !== "object")
+                                throw TypeError(".google.protobuf.EnumValueOptions.uninterpretedOption: object expected");
+                            message.uninterpretedOption[i] = $root.google.protobuf.UninterpretedOption.fromObject(object.uninterpretedOption[i]);
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from an EnumValueOptions message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.EnumValueOptions
+                 * @static
+                 * @param {google.protobuf.EnumValueOptions} message EnumValueOptions
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                EnumValueOptions.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.uninterpretedOption = [];
+                    if (options.defaults)
+                        object.deprecated = false;
+                    if (message.deprecated != null && message.hasOwnProperty("deprecated"))
+                        object.deprecated = message.deprecated;
+                    if (message.uninterpretedOption && message.uninterpretedOption.length) {
+                        object.uninterpretedOption = [];
+                        for (var j = 0; j < message.uninterpretedOption.length; ++j)
+                            object.uninterpretedOption[j] = $root.google.protobuf.UninterpretedOption.toObject(message.uninterpretedOption[j], options);
+                    }
+                    return object;
+                };
+    
+                /**
+                 * Converts this EnumValueOptions to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.EnumValueOptions
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                EnumValueOptions.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for EnumValueOptions
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.EnumValueOptions
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                EnumValueOptions.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.EnumValueOptions";
+                };
+    
+                return EnumValueOptions;
+            })();
+    
+            protobuf.ServiceOptions = (function() {
+    
+                /**
+                 * Properties of a ServiceOptions.
+                 * @memberof google.protobuf
+                 * @interface IServiceOptions
+                 * @property {boolean|null} [deprecated] ServiceOptions deprecated
+                 * @property {Array.<google.protobuf.IUninterpretedOption>|null} [uninterpretedOption] ServiceOptions uninterpretedOption
+                 * @property {string|null} [".google.api.defaultHost"] ServiceOptions .google.api.defaultHost
+                 * @property {string|null} [".google.api.oauthScopes"] ServiceOptions .google.api.oauthScopes
+                 */
+    
+                /**
+                 * Constructs a new ServiceOptions.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a ServiceOptions.
+                 * @implements IServiceOptions
+                 * @constructor
+                 * @param {google.protobuf.IServiceOptions=} [properties] Properties to set
+                 */
+                function ServiceOptions(properties) {
+                    this.uninterpretedOption = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * ServiceOptions deprecated.
+                 * @member {boolean} deprecated
+                 * @memberof google.protobuf.ServiceOptions
+                 * @instance
+                 */
+                ServiceOptions.prototype.deprecated = false;
+    
+                /**
+                 * ServiceOptions uninterpretedOption.
+                 * @member {Array.<google.protobuf.IUninterpretedOption>} uninterpretedOption
+                 * @memberof google.protobuf.ServiceOptions
+                 * @instance
+                 */
+                ServiceOptions.prototype.uninterpretedOption = $util.emptyArray;
+    
+                /**
+                 * ServiceOptions .google.api.defaultHost.
+                 * @member {string} .google.api.defaultHost
+                 * @memberof google.protobuf.ServiceOptions
+                 * @instance
+                 */
+                ServiceOptions.prototype[".google.api.defaultHost"] = "";
+    
+                /**
+                 * ServiceOptions .google.api.oauthScopes.
+                 * @member {string} .google.api.oauthScopes
+                 * @memberof google.protobuf.ServiceOptions
+                 * @instance
+                 */
+                ServiceOptions.prototype[".google.api.oauthScopes"] = "";
+    
+                /**
+                 * Creates a new ServiceOptions instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.ServiceOptions
+                 * @static
+                 * @param {google.protobuf.IServiceOptions=} [properties] Properties to set
+                 * @returns {google.protobuf.ServiceOptions} ServiceOptions instance
+                 */
+                ServiceOptions.create = function create(properties) {
+                    return new ServiceOptions(properties);
+                };
+    
+                /**
+                 * Encodes the specified ServiceOptions message. Does not implicitly {@link google.protobuf.ServiceOptions.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.ServiceOptions
+                 * @static
+                 * @param {google.protobuf.IServiceOptions} message ServiceOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                ServiceOptions.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.deprecated != null && Object.hasOwnProperty.call(message, "deprecated"))
+                        writer.uint32(/* id 33, wireType 0 =*/264).bool(message.deprecated);
+                    if (message.uninterpretedOption != null && message.uninterpretedOption.length)
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i)
+                            $root.google.protobuf.UninterpretedOption.encode(message.uninterpretedOption[i], writer.uint32(/* id 999, wireType 2 =*/7994).fork()).ldelim();
+                    if (message[".google.api.defaultHost"] != null && Object.hasOwnProperty.call(message, ".google.api.defaultHost"))
+                        writer.uint32(/* id 1049, wireType 2 =*/8394).string(message[".google.api.defaultHost"]);
+                    if (message[".google.api.oauthScopes"] != null && Object.hasOwnProperty.call(message, ".google.api.oauthScopes"))
+                        writer.uint32(/* id 1050, wireType 2 =*/8402).string(message[".google.api.oauthScopes"]);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified ServiceOptions message, length delimited. Does not implicitly {@link google.protobuf.ServiceOptions.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.ServiceOptions
+                 * @static
+                 * @param {google.protobuf.IServiceOptions} message ServiceOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                ServiceOptions.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a ServiceOptions message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.ServiceOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.ServiceOptions} ServiceOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                ServiceOptions.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.ServiceOptions();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 33: {
+                                message.deprecated = reader.bool();
+                                break;
+                            }
+                        case 999: {
+                                if (!(message.uninterpretedOption && message.uninterpretedOption.length))
+                                    message.uninterpretedOption = [];
+                                message.uninterpretedOption.push($root.google.protobuf.UninterpretedOption.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 1049: {
+                                message[".google.api.defaultHost"] = reader.string();
+                                break;
+                            }
+                        case 1050: {
+                                message[".google.api.oauthScopes"] = reader.string();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a ServiceOptions message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.ServiceOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.ServiceOptions} ServiceOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                ServiceOptions.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a ServiceOptions message.
+                 * @function verify
+                 * @memberof google.protobuf.ServiceOptions
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                ServiceOptions.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.deprecated != null && message.hasOwnProperty("deprecated"))
+                        if (typeof message.deprecated !== "boolean")
+                            return "deprecated: boolean expected";
+                    if (message.uninterpretedOption != null && message.hasOwnProperty("uninterpretedOption")) {
+                        if (!Array.isArray(message.uninterpretedOption))
+                            return "uninterpretedOption: array expected";
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i) {
+                            var error = $root.google.protobuf.UninterpretedOption.verify(message.uninterpretedOption[i]);
+                            if (error)
+                                return "uninterpretedOption." + error;
+                        }
+                    }
+                    if (message[".google.api.defaultHost"] != null && message.hasOwnProperty(".google.api.defaultHost"))
+                        if (!$util.isString(message[".google.api.defaultHost"]))
+                            return ".google.api.defaultHost: string expected";
+                    if (message[".google.api.oauthScopes"] != null && message.hasOwnProperty(".google.api.oauthScopes"))
+                        if (!$util.isString(message[".google.api.oauthScopes"]))
+                            return ".google.api.oauthScopes: string expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates a ServiceOptions message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.ServiceOptions
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.ServiceOptions} ServiceOptions
+                 */
+                ServiceOptions.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.ServiceOptions)
+                        return object;
+                    var message = new $root.google.protobuf.ServiceOptions();
+                    if (object.deprecated != null)
+                        message.deprecated = Boolean(object.deprecated);
+                    if (object.uninterpretedOption) {
+                        if (!Array.isArray(object.uninterpretedOption))
+                            throw TypeError(".google.protobuf.ServiceOptions.uninterpretedOption: array expected");
+                        message.uninterpretedOption = [];
+                        for (var i = 0; i < object.uninterpretedOption.length; ++i) {
+                            if (typeof object.uninterpretedOption[i] !== "object")
+                                throw TypeError(".google.protobuf.ServiceOptions.uninterpretedOption: object expected");
+                            message.uninterpretedOption[i] = $root.google.protobuf.UninterpretedOption.fromObject(object.uninterpretedOption[i]);
+                        }
+                    }
+                    if (object[".google.api.defaultHost"] != null)
+                        message[".google.api.defaultHost"] = String(object[".google.api.defaultHost"]);
+                    if (object[".google.api.oauthScopes"] != null)
+                        message[".google.api.oauthScopes"] = String(object[".google.api.oauthScopes"]);
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a ServiceOptions message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.ServiceOptions
+                 * @static
+                 * @param {google.protobuf.ServiceOptions} message ServiceOptions
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                ServiceOptions.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.uninterpretedOption = [];
+                    if (options.defaults) {
+                        object.deprecated = false;
+                        object[".google.api.defaultHost"] = "";
+                        object[".google.api.oauthScopes"] = "";
+                    }
+                    if (message.deprecated != null && message.hasOwnProperty("deprecated"))
+                        object.deprecated = message.deprecated;
+                    if (message.uninterpretedOption && message.uninterpretedOption.length) {
+                        object.uninterpretedOption = [];
+                        for (var j = 0; j < message.uninterpretedOption.length; ++j)
+                            object.uninterpretedOption[j] = $root.google.protobuf.UninterpretedOption.toObject(message.uninterpretedOption[j], options);
+                    }
+                    if (message[".google.api.defaultHost"] != null && message.hasOwnProperty(".google.api.defaultHost"))
+                        object[".google.api.defaultHost"] = message[".google.api.defaultHost"];
+                    if (message[".google.api.oauthScopes"] != null && message.hasOwnProperty(".google.api.oauthScopes"))
+                        object[".google.api.oauthScopes"] = message[".google.api.oauthScopes"];
+                    return object;
+                };
+    
+                /**
+                 * Converts this ServiceOptions to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.ServiceOptions
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                ServiceOptions.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for ServiceOptions
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.ServiceOptions
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                ServiceOptions.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.ServiceOptions";
+                };
+    
+                return ServiceOptions;
+            })();
+    
+            protobuf.MethodOptions = (function() {
+    
+                /**
+                 * Properties of a MethodOptions.
+                 * @memberof google.protobuf
+                 * @interface IMethodOptions
+                 * @property {boolean|null} [deprecated] MethodOptions deprecated
+                 * @property {google.protobuf.MethodOptions.IdempotencyLevel|null} [idempotencyLevel] MethodOptions idempotencyLevel
+                 * @property {Array.<google.protobuf.IUninterpretedOption>|null} [uninterpretedOption] MethodOptions uninterpretedOption
+                 * @property {google.api.IHttpRule|null} [".google.api.http"] MethodOptions .google.api.http
+                 * @property {Array.<string>|null} [".google.api.methodSignature"] MethodOptions .google.api.methodSignature
+                 * @property {google.longrunning.IOperationInfo|null} [".google.longrunning.operationInfo"] MethodOptions .google.longrunning.operationInfo
+                 */
+    
+                /**
+                 * Constructs a new MethodOptions.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a MethodOptions.
+                 * @implements IMethodOptions
+                 * @constructor
+                 * @param {google.protobuf.IMethodOptions=} [properties] Properties to set
+                 */
+                function MethodOptions(properties) {
+                    this.uninterpretedOption = [];
+                    this[".google.api.methodSignature"] = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * MethodOptions deprecated.
+                 * @member {boolean} deprecated
+                 * @memberof google.protobuf.MethodOptions
+                 * @instance
+                 */
+                MethodOptions.prototype.deprecated = false;
+    
+                /**
+                 * MethodOptions idempotencyLevel.
+                 * @member {google.protobuf.MethodOptions.IdempotencyLevel} idempotencyLevel
+                 * @memberof google.protobuf.MethodOptions
+                 * @instance
+                 */
+                MethodOptions.prototype.idempotencyLevel = 0;
+    
+                /**
+                 * MethodOptions uninterpretedOption.
+                 * @member {Array.<google.protobuf.IUninterpretedOption>} uninterpretedOption
+                 * @memberof google.protobuf.MethodOptions
+                 * @instance
+                 */
+                MethodOptions.prototype.uninterpretedOption = $util.emptyArray;
+    
+                /**
+                 * MethodOptions .google.api.http.
+                 * @member {google.api.IHttpRule|null|undefined} .google.api.http
+                 * @memberof google.protobuf.MethodOptions
+                 * @instance
+                 */
+                MethodOptions.prototype[".google.api.http"] = null;
+    
+                /**
+                 * MethodOptions .google.api.methodSignature.
+                 * @member {Array.<string>} .google.api.methodSignature
+                 * @memberof google.protobuf.MethodOptions
+                 * @instance
+                 */
+                MethodOptions.prototype[".google.api.methodSignature"] = $util.emptyArray;
+    
+                /**
+                 * MethodOptions .google.longrunning.operationInfo.
+                 * @member {google.longrunning.IOperationInfo|null|undefined} .google.longrunning.operationInfo
+                 * @memberof google.protobuf.MethodOptions
+                 * @instance
+                 */
+                MethodOptions.prototype[".google.longrunning.operationInfo"] = null;
+    
+                /**
+                 * Creates a new MethodOptions instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.MethodOptions
+                 * @static
+                 * @param {google.protobuf.IMethodOptions=} [properties] Properties to set
+                 * @returns {google.protobuf.MethodOptions} MethodOptions instance
+                 */
+                MethodOptions.create = function create(properties) {
+                    return new MethodOptions(properties);
+                };
+    
+                /**
+                 * Encodes the specified MethodOptions message. Does not implicitly {@link google.protobuf.MethodOptions.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.MethodOptions
+                 * @static
+                 * @param {google.protobuf.IMethodOptions} message MethodOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                MethodOptions.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.deprecated != null && Object.hasOwnProperty.call(message, "deprecated"))
+                        writer.uint32(/* id 33, wireType 0 =*/264).bool(message.deprecated);
+                    if (message.idempotencyLevel != null && Object.hasOwnProperty.call(message, "idempotencyLevel"))
+                        writer.uint32(/* id 34, wireType 0 =*/272).int32(message.idempotencyLevel);
+                    if (message.uninterpretedOption != null && message.uninterpretedOption.length)
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i)
+                            $root.google.protobuf.UninterpretedOption.encode(message.uninterpretedOption[i], writer.uint32(/* id 999, wireType 2 =*/7994).fork()).ldelim();
+                    if (message[".google.longrunning.operationInfo"] != null && Object.hasOwnProperty.call(message, ".google.longrunning.operationInfo"))
+                        $root.google.longrunning.OperationInfo.encode(message[".google.longrunning.operationInfo"], writer.uint32(/* id 1049, wireType 2 =*/8394).fork()).ldelim();
+                    if (message[".google.api.methodSignature"] != null && message[".google.api.methodSignature"].length)
+                        for (var i = 0; i < message[".google.api.methodSignature"].length; ++i)
+                            writer.uint32(/* id 1051, wireType 2 =*/8410).string(message[".google.api.methodSignature"][i]);
+                    if (message[".google.api.http"] != null && Object.hasOwnProperty.call(message, ".google.api.http"))
+                        $root.google.api.HttpRule.encode(message[".google.api.http"], writer.uint32(/* id 72295728, wireType 2 =*/578365826).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified MethodOptions message, length delimited. Does not implicitly {@link google.protobuf.MethodOptions.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.MethodOptions
+                 * @static
+                 * @param {google.protobuf.IMethodOptions} message MethodOptions message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                MethodOptions.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a MethodOptions message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.MethodOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.MethodOptions} MethodOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                MethodOptions.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.MethodOptions();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 33: {
+                                message.deprecated = reader.bool();
+                                break;
+                            }
+                        case 34: {
+                                message.idempotencyLevel = reader.int32();
+                                break;
+                            }
+                        case 999: {
+                                if (!(message.uninterpretedOption && message.uninterpretedOption.length))
+                                    message.uninterpretedOption = [];
+                                message.uninterpretedOption.push($root.google.protobuf.UninterpretedOption.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 72295728: {
+                                message[".google.api.http"] = $root.google.api.HttpRule.decode(reader, reader.uint32());
+                                break;
+                            }
+                        case 1051: {
+                                if (!(message[".google.api.methodSignature"] && message[".google.api.methodSignature"].length))
+                                    message[".google.api.methodSignature"] = [];
+                                message[".google.api.methodSignature"].push(reader.string());
+                                break;
+                            }
+                        case 1049: {
+                                message[".google.longrunning.operationInfo"] = $root.google.longrunning.OperationInfo.decode(reader, reader.uint32());
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a MethodOptions message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.MethodOptions
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.MethodOptions} MethodOptions
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                MethodOptions.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a MethodOptions message.
+                 * @function verify
+                 * @memberof google.protobuf.MethodOptions
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                MethodOptions.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.deprecated != null && message.hasOwnProperty("deprecated"))
+                        if (typeof message.deprecated !== "boolean")
+                            return "deprecated: boolean expected";
+                    if (message.idempotencyLevel != null && message.hasOwnProperty("idempotencyLevel"))
+                        switch (message.idempotencyLevel) {
+                        default:
+                            return "idempotencyLevel: enum value expected";
+                        case 0:
+                        case 1:
+                        case 2:
+                            break;
+                        }
+                    if (message.uninterpretedOption != null && message.hasOwnProperty("uninterpretedOption")) {
+                        if (!Array.isArray(message.uninterpretedOption))
+                            return "uninterpretedOption: array expected";
+                        for (var i = 0; i < message.uninterpretedOption.length; ++i) {
+                            var error = $root.google.protobuf.UninterpretedOption.verify(message.uninterpretedOption[i]);
+                            if (error)
+                                return "uninterpretedOption." + error;
+                        }
+                    }
+                    if (message[".google.api.http"] != null && message.hasOwnProperty(".google.api.http")) {
+                        var error = $root.google.api.HttpRule.verify(message[".google.api.http"]);
+                        if (error)
+                            return ".google.api.http." + error;
+                    }
+                    if (message[".google.api.methodSignature"] != null && message.hasOwnProperty(".google.api.methodSignature")) {
+                        if (!Array.isArray(message[".google.api.methodSignature"]))
+                            return ".google.api.methodSignature: array expected";
+                        for (var i = 0; i < message[".google.api.methodSignature"].length; ++i)
+                            if (!$util.isString(message[".google.api.methodSignature"][i]))
+                                return ".google.api.methodSignature: string[] expected";
+                    }
+                    if (message[".google.longrunning.operationInfo"] != null && message.hasOwnProperty(".google.longrunning.operationInfo")) {
+                        var error = $root.google.longrunning.OperationInfo.verify(message[".google.longrunning.operationInfo"]);
+                        if (error)
+                            return ".google.longrunning.operationInfo." + error;
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates a MethodOptions message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.MethodOptions
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.MethodOptions} MethodOptions
+                 */
+                MethodOptions.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.MethodOptions)
+                        return object;
+                    var message = new $root.google.protobuf.MethodOptions();
+                    if (object.deprecated != null)
+                        message.deprecated = Boolean(object.deprecated);
+                    switch (object.idempotencyLevel) {
+                    default:
+                        if (typeof object.idempotencyLevel === "number") {
+                            message.idempotencyLevel = object.idempotencyLevel;
+                            break;
+                        }
+                        break;
+                    case "IDEMPOTENCY_UNKNOWN":
+                    case 0:
+                        message.idempotencyLevel = 0;
+                        break;
+                    case "NO_SIDE_EFFECTS":
+                    case 1:
+                        message.idempotencyLevel = 1;
+                        break;
+                    case "IDEMPOTENT":
+                    case 2:
+                        message.idempotencyLevel = 2;
+                        break;
+                    }
+                    if (object.uninterpretedOption) {
+                        if (!Array.isArray(object.uninterpretedOption))
+                            throw TypeError(".google.protobuf.MethodOptions.uninterpretedOption: array expected");
+                        message.uninterpretedOption = [];
+                        for (var i = 0; i < object.uninterpretedOption.length; ++i) {
+                            if (typeof object.uninterpretedOption[i] !== "object")
+                                throw TypeError(".google.protobuf.MethodOptions.uninterpretedOption: object expected");
+                            message.uninterpretedOption[i] = $root.google.protobuf.UninterpretedOption.fromObject(object.uninterpretedOption[i]);
+                        }
+                    }
+                    if (object[".google.api.http"] != null) {
+                        if (typeof object[".google.api.http"] !== "object")
+                            throw TypeError(".google.protobuf.MethodOptions..google.api.http: object expected");
+                        message[".google.api.http"] = $root.google.api.HttpRule.fromObject(object[".google.api.http"]);
+                    }
+                    if (object[".google.api.methodSignature"]) {
+                        if (!Array.isArray(object[".google.api.methodSignature"]))
+                            throw TypeError(".google.protobuf.MethodOptions..google.api.methodSignature: array expected");
+                        message[".google.api.methodSignature"] = [];
+                        for (var i = 0; i < object[".google.api.methodSignature"].length; ++i)
+                            message[".google.api.methodSignature"][i] = String(object[".google.api.methodSignature"][i]);
+                    }
+                    if (object[".google.longrunning.operationInfo"] != null) {
+                        if (typeof object[".google.longrunning.operationInfo"] !== "object")
+                            throw TypeError(".google.protobuf.MethodOptions..google.longrunning.operationInfo: object expected");
+                        message[".google.longrunning.operationInfo"] = $root.google.longrunning.OperationInfo.fromObject(object[".google.longrunning.operationInfo"]);
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a MethodOptions message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.MethodOptions
+                 * @static
+                 * @param {google.protobuf.MethodOptions} message MethodOptions
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                MethodOptions.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults) {
+                        object.uninterpretedOption = [];
+                        object[".google.api.methodSignature"] = [];
+                    }
+                    if (options.defaults) {
+                        object.deprecated = false;
+                        object.idempotencyLevel = options.enums === String ? "IDEMPOTENCY_UNKNOWN" : 0;
+                        object[".google.longrunning.operationInfo"] = null;
+                        object[".google.api.http"] = null;
+                    }
+                    if (message.deprecated != null && message.hasOwnProperty("deprecated"))
+                        object.deprecated = message.deprecated;
+                    if (message.idempotencyLevel != null && message.hasOwnProperty("idempotencyLevel"))
+                        object.idempotencyLevel = options.enums === String ? $root.google.protobuf.MethodOptions.IdempotencyLevel[message.idempotencyLevel] === undefined ? message.idempotencyLevel : $root.google.protobuf.MethodOptions.IdempotencyLevel[message.idempotencyLevel] : message.idempotencyLevel;
+                    if (message.uninterpretedOption && message.uninterpretedOption.length) {
+                        object.uninterpretedOption = [];
+                        for (var j = 0; j < message.uninterpretedOption.length; ++j)
+                            object.uninterpretedOption[j] = $root.google.protobuf.UninterpretedOption.toObject(message.uninterpretedOption[j], options);
+                    }
+                    if (message[".google.longrunning.operationInfo"] != null && message.hasOwnProperty(".google.longrunning.operationInfo"))
+                        object[".google.longrunning.operationInfo"] = $root.google.longrunning.OperationInfo.toObject(message[".google.longrunning.operationInfo"], options);
+                    if (message[".google.api.methodSignature"] && message[".google.api.methodSignature"].length) {
+                        object[".google.api.methodSignature"] = [];
+                        for (var j = 0; j < message[".google.api.methodSignature"].length; ++j)
+                            object[".google.api.methodSignature"][j] = message[".google.api.methodSignature"][j];
+                    }
+                    if (message[".google.api.http"] != null && message.hasOwnProperty(".google.api.http"))
+                        object[".google.api.http"] = $root.google.api.HttpRule.toObject(message[".google.api.http"], options);
+                    return object;
+                };
+    
+                /**
+                 * Converts this MethodOptions to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.MethodOptions
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                MethodOptions.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for MethodOptions
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.MethodOptions
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                MethodOptions.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.MethodOptions";
+                };
+    
+                /**
+                 * IdempotencyLevel enum.
+                 * @name google.protobuf.MethodOptions.IdempotencyLevel
+                 * @enum {number}
+                 * @property {number} IDEMPOTENCY_UNKNOWN=0 IDEMPOTENCY_UNKNOWN value
+                 * @property {number} NO_SIDE_EFFECTS=1 NO_SIDE_EFFECTS value
+                 * @property {number} IDEMPOTENT=2 IDEMPOTENT value
+                 */
+                MethodOptions.IdempotencyLevel = (function() {
+                    var valuesById = {}, values = Object.create(valuesById);
+                    values[valuesById[0] = "IDEMPOTENCY_UNKNOWN"] = 0;
+                    values[valuesById[1] = "NO_SIDE_EFFECTS"] = 1;
+                    values[valuesById[2] = "IDEMPOTENT"] = 2;
+                    return values;
+                })();
+    
+                return MethodOptions;
+            })();
+    
+            protobuf.UninterpretedOption = (function() {
+    
+                /**
+                 * Properties of an UninterpretedOption.
+                 * @memberof google.protobuf
+                 * @interface IUninterpretedOption
+                 * @property {Array.<google.protobuf.UninterpretedOption.INamePart>|null} [name] UninterpretedOption name
+                 * @property {string|null} [identifierValue] UninterpretedOption identifierValue
+                 * @property {number|Long|null} [positiveIntValue] UninterpretedOption positiveIntValue
+                 * @property {number|Long|null} [negativeIntValue] UninterpretedOption negativeIntValue
+                 * @property {number|null} [doubleValue] UninterpretedOption doubleValue
+                 * @property {Uint8Array|null} [stringValue] UninterpretedOption stringValue
+                 * @property {string|null} [aggregateValue] UninterpretedOption aggregateValue
+                 */
+    
+                /**
+                 * Constructs a new UninterpretedOption.
+                 * @memberof google.protobuf
+                 * @classdesc Represents an UninterpretedOption.
+                 * @implements IUninterpretedOption
+                 * @constructor
+                 * @param {google.protobuf.IUninterpretedOption=} [properties] Properties to set
+                 */
+                function UninterpretedOption(properties) {
+                    this.name = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * UninterpretedOption name.
+                 * @member {Array.<google.protobuf.UninterpretedOption.INamePart>} name
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @instance
+                 */
+                UninterpretedOption.prototype.name = $util.emptyArray;
+    
+                /**
+                 * UninterpretedOption identifierValue.
+                 * @member {string} identifierValue
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @instance
+                 */
+                UninterpretedOption.prototype.identifierValue = "";
+    
+                /**
+                 * UninterpretedOption positiveIntValue.
+                 * @member {number|Long} positiveIntValue
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @instance
+                 */
+                UninterpretedOption.prototype.positiveIntValue = $util.Long ? $util.Long.fromBits(0,0,true) : 0;
+    
+                /**
+                 * UninterpretedOption negativeIntValue.
+                 * @member {number|Long} negativeIntValue
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @instance
+                 */
+                UninterpretedOption.prototype.negativeIntValue = $util.Long ? $util.Long.fromBits(0,0,false) : 0;
+    
+                /**
+                 * UninterpretedOption doubleValue.
+                 * @member {number} doubleValue
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @instance
+                 */
+                UninterpretedOption.prototype.doubleValue = 0;
+    
+                /**
+                 * UninterpretedOption stringValue.
+                 * @member {Uint8Array} stringValue
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @instance
+                 */
+                UninterpretedOption.prototype.stringValue = $util.newBuffer([]);
+    
+                /**
+                 * UninterpretedOption aggregateValue.
+                 * @member {string} aggregateValue
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @instance
+                 */
+                UninterpretedOption.prototype.aggregateValue = "";
+    
+                /**
+                 * Creates a new UninterpretedOption instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @static
+                 * @param {google.protobuf.IUninterpretedOption=} [properties] Properties to set
+                 * @returns {google.protobuf.UninterpretedOption} UninterpretedOption instance
+                 */
+                UninterpretedOption.create = function create(properties) {
+                    return new UninterpretedOption(properties);
+                };
+    
+                /**
+                 * Encodes the specified UninterpretedOption message. Does not implicitly {@link google.protobuf.UninterpretedOption.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @static
+                 * @param {google.protobuf.IUninterpretedOption} message UninterpretedOption message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                UninterpretedOption.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.name != null && message.name.length)
+                        for (var i = 0; i < message.name.length; ++i)
+                            $root.google.protobuf.UninterpretedOption.NamePart.encode(message.name[i], writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                    if (message.identifierValue != null && Object.hasOwnProperty.call(message, "identifierValue"))
+                        writer.uint32(/* id 3, wireType 2 =*/26).string(message.identifierValue);
+                    if (message.positiveIntValue != null && Object.hasOwnProperty.call(message, "positiveIntValue"))
+                        writer.uint32(/* id 4, wireType 0 =*/32).uint64(message.positiveIntValue);
+                    if (message.negativeIntValue != null && Object.hasOwnProperty.call(message, "negativeIntValue"))
+                        writer.uint32(/* id 5, wireType 0 =*/40).int64(message.negativeIntValue);
+                    if (message.doubleValue != null && Object.hasOwnProperty.call(message, "doubleValue"))
+                        writer.uint32(/* id 6, wireType 1 =*/49).double(message.doubleValue);
+                    if (message.stringValue != null && Object.hasOwnProperty.call(message, "stringValue"))
+                        writer.uint32(/* id 7, wireType 2 =*/58).bytes(message.stringValue);
+                    if (message.aggregateValue != null && Object.hasOwnProperty.call(message, "aggregateValue"))
+                        writer.uint32(/* id 8, wireType 2 =*/66).string(message.aggregateValue);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified UninterpretedOption message, length delimited. Does not implicitly {@link google.protobuf.UninterpretedOption.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @static
+                 * @param {google.protobuf.IUninterpretedOption} message UninterpretedOption message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                UninterpretedOption.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes an UninterpretedOption message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.UninterpretedOption} UninterpretedOption
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                UninterpretedOption.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.UninterpretedOption();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 2: {
+                                if (!(message.name && message.name.length))
+                                    message.name = [];
+                                message.name.push($root.google.protobuf.UninterpretedOption.NamePart.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 3: {
+                                message.identifierValue = reader.string();
+                                break;
+                            }
+                        case 4: {
+                                message.positiveIntValue = reader.uint64();
+                                break;
+                            }
+                        case 5: {
+                                message.negativeIntValue = reader.int64();
+                                break;
+                            }
+                        case 6: {
+                                message.doubleValue = reader.double();
+                                break;
+                            }
+                        case 7: {
+                                message.stringValue = reader.bytes();
+                                break;
+                            }
+                        case 8: {
+                                message.aggregateValue = reader.string();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes an UninterpretedOption message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.UninterpretedOption} UninterpretedOption
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                UninterpretedOption.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies an UninterpretedOption message.
+                 * @function verify
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                UninterpretedOption.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.name != null && message.hasOwnProperty("name")) {
+                        if (!Array.isArray(message.name))
+                            return "name: array expected";
+                        for (var i = 0; i < message.name.length; ++i) {
+                            var error = $root.google.protobuf.UninterpretedOption.NamePart.verify(message.name[i]);
+                            if (error)
+                                return "name." + error;
+                        }
+                    }
+                    if (message.identifierValue != null && message.hasOwnProperty("identifierValue"))
+                        if (!$util.isString(message.identifierValue))
+                            return "identifierValue: string expected";
+                    if (message.positiveIntValue != null && message.hasOwnProperty("positiveIntValue"))
+                        if (!$util.isInteger(message.positiveIntValue) && !(message.positiveIntValue && $util.isInteger(message.positiveIntValue.low) && $util.isInteger(message.positiveIntValue.high)))
+                            return "positiveIntValue: integer|Long expected";
+                    if (message.negativeIntValue != null && message.hasOwnProperty("negativeIntValue"))
+                        if (!$util.isInteger(message.negativeIntValue) && !(message.negativeIntValue && $util.isInteger(message.negativeIntValue.low) && $util.isInteger(message.negativeIntValue.high)))
+                            return "negativeIntValue: integer|Long expected";
+                    if (message.doubleValue != null && message.hasOwnProperty("doubleValue"))
+                        if (typeof message.doubleValue !== "number")
+                            return "doubleValue: number expected";
+                    if (message.stringValue != null && message.hasOwnProperty("stringValue"))
+                        if (!(message.stringValue && typeof message.stringValue.length === "number" || $util.isString(message.stringValue)))
+                            return "stringValue: buffer expected";
+                    if (message.aggregateValue != null && message.hasOwnProperty("aggregateValue"))
+                        if (!$util.isString(message.aggregateValue))
+                            return "aggregateValue: string expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates an UninterpretedOption message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.UninterpretedOption} UninterpretedOption
+                 */
+                UninterpretedOption.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.UninterpretedOption)
+                        return object;
+                    var message = new $root.google.protobuf.UninterpretedOption();
+                    if (object.name) {
+                        if (!Array.isArray(object.name))
+                            throw TypeError(".google.protobuf.UninterpretedOption.name: array expected");
+                        message.name = [];
+                        for (var i = 0; i < object.name.length; ++i) {
+                            if (typeof object.name[i] !== "object")
+                                throw TypeError(".google.protobuf.UninterpretedOption.name: object expected");
+                            message.name[i] = $root.google.protobuf.UninterpretedOption.NamePart.fromObject(object.name[i]);
+                        }
+                    }
+                    if (object.identifierValue != null)
+                        message.identifierValue = String(object.identifierValue);
+                    if (object.positiveIntValue != null)
+                        if ($util.Long)
+                            (message.positiveIntValue = $util.Long.fromValue(object.positiveIntValue)).unsigned = true;
+                        else if (typeof object.positiveIntValue === "string")
+                            message.positiveIntValue = parseInt(object.positiveIntValue, 10);
+                        else if (typeof object.positiveIntValue === "number")
+                            message.positiveIntValue = object.positiveIntValue;
+                        else if (typeof object.positiveIntValue === "object")
+                            message.positiveIntValue = new $util.LongBits(object.positiveIntValue.low >>> 0, object.positiveIntValue.high >>> 0).toNumber(true);
+                    if (object.negativeIntValue != null)
+                        if ($util.Long)
+                            (message.negativeIntValue = $util.Long.fromValue(object.negativeIntValue)).unsigned = false;
+                        else if (typeof object.negativeIntValue === "string")
+                            message.negativeIntValue = parseInt(object.negativeIntValue, 10);
+                        else if (typeof object.negativeIntValue === "number")
+                            message.negativeIntValue = object.negativeIntValue;
+                        else if (typeof object.negativeIntValue === "object")
+                            message.negativeIntValue = new $util.LongBits(object.negativeIntValue.low >>> 0, object.negativeIntValue.high >>> 0).toNumber();
+                    if (object.doubleValue != null)
+                        message.doubleValue = Number(object.doubleValue);
+                    if (object.stringValue != null)
+                        if (typeof object.stringValue === "string")
+                            $util.base64.decode(object.stringValue, message.stringValue = $util.newBuffer($util.base64.length(object.stringValue)), 0);
+                        else if (object.stringValue.length >= 0)
+                            message.stringValue = object.stringValue;
+                    if (object.aggregateValue != null)
+                        message.aggregateValue = String(object.aggregateValue);
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from an UninterpretedOption message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @static
+                 * @param {google.protobuf.UninterpretedOption} message UninterpretedOption
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                UninterpretedOption.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.name = [];
+                    if (options.defaults) {
+                        object.identifierValue = "";
+                        if ($util.Long) {
+                            var long = new $util.Long(0, 0, true);
+                            object.positiveIntValue = options.longs === String ? long.toString() : options.longs === Number ? long.toNumber() : long;
+                        } else
+                            object.positiveIntValue = options.longs === String ? "0" : 0;
+                        if ($util.Long) {
+                            var long = new $util.Long(0, 0, false);
+                            object.negativeIntValue = options.longs === String ? long.toString() : options.longs === Number ? long.toNumber() : long;
+                        } else
+                            object.negativeIntValue = options.longs === String ? "0" : 0;
+                        object.doubleValue = 0;
+                        if (options.bytes === String)
+                            object.stringValue = "";
+                        else {
+                            object.stringValue = [];
+                            if (options.bytes !== Array)
+                                object.stringValue = $util.newBuffer(object.stringValue);
+                        }
+                        object.aggregateValue = "";
+                    }
+                    if (message.name && message.name.length) {
+                        object.name = [];
+                        for (var j = 0; j < message.name.length; ++j)
+                            object.name[j] = $root.google.protobuf.UninterpretedOption.NamePart.toObject(message.name[j], options);
+                    }
+                    if (message.identifierValue != null && message.hasOwnProperty("identifierValue"))
+                        object.identifierValue = message.identifierValue;
+                    if (message.positiveIntValue != null && message.hasOwnProperty("positiveIntValue"))
+                        if (typeof message.positiveIntValue === "number")
+                            object.positiveIntValue = options.longs === String ? String(message.positiveIntValue) : message.positiveIntValue;
+                        else
+                            object.positiveIntValue = options.longs === String ? $util.Long.prototype.toString.call(message.positiveIntValue) : options.longs === Number ? new $util.LongBits(message.positiveIntValue.low >>> 0, message.positiveIntValue.high >>> 0).toNumber(true) : message.positiveIntValue;
+                    if (message.negativeIntValue != null && message.hasOwnProperty("negativeIntValue"))
+                        if (typeof message.negativeIntValue === "number")
+                            object.negativeIntValue = options.longs === String ? String(message.negativeIntValue) : message.negativeIntValue;
+                        else
+                            object.negativeIntValue = options.longs === String ? $util.Long.prototype.toString.call(message.negativeIntValue) : options.longs === Number ? new $util.LongBits(message.negativeIntValue.low >>> 0, message.negativeIntValue.high >>> 0).toNumber() : message.negativeIntValue;
+                    if (message.doubleValue != null && message.hasOwnProperty("doubleValue"))
+                        object.doubleValue = options.json && !isFinite(message.doubleValue) ? String(message.doubleValue) : message.doubleValue;
+                    if (message.stringValue != null && message.hasOwnProperty("stringValue"))
+                        object.stringValue = options.bytes === String ? $util.base64.encode(message.stringValue, 0, message.stringValue.length) : options.bytes === Array ? Array.prototype.slice.call(message.stringValue) : message.stringValue;
+                    if (message.aggregateValue != null && message.hasOwnProperty("aggregateValue"))
+                        object.aggregateValue = message.aggregateValue;
+                    return object;
+                };
+    
+                /**
+                 * Converts this UninterpretedOption to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                UninterpretedOption.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for UninterpretedOption
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.UninterpretedOption
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                UninterpretedOption.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.UninterpretedOption";
+                };
+    
+                UninterpretedOption.NamePart = (function() {
+    
+                    /**
+                     * Properties of a NamePart.
+                     * @memberof google.protobuf.UninterpretedOption
+                     * @interface INamePart
+                     * @property {string} namePart NamePart namePart
+                     * @property {boolean} isExtension NamePart isExtension
+                     */
+    
+                    /**
+                     * Constructs a new NamePart.
+                     * @memberof google.protobuf.UninterpretedOption
+                     * @classdesc Represents a NamePart.
+                     * @implements INamePart
+                     * @constructor
+                     * @param {google.protobuf.UninterpretedOption.INamePart=} [properties] Properties to set
+                     */
+                    function NamePart(properties) {
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * NamePart namePart.
+                     * @member {string} namePart
+                     * @memberof google.protobuf.UninterpretedOption.NamePart
+                     * @instance
+                     */
+                    NamePart.prototype.namePart = "";
+    
+                    /**
+                     * NamePart isExtension.
+                     * @member {boolean} isExtension
+                     * @memberof google.protobuf.UninterpretedOption.NamePart
+                     * @instance
+                     */
+                    NamePart.prototype.isExtension = false;
+    
+                    /**
+                     * Creates a new NamePart instance using the specified properties.
+                     * @function create
+                     * @memberof google.protobuf.UninterpretedOption.NamePart
+                     * @static
+                     * @param {google.protobuf.UninterpretedOption.INamePart=} [properties] Properties to set
+                     * @returns {google.protobuf.UninterpretedOption.NamePart} NamePart instance
+                     */
+                    NamePart.create = function create(properties) {
+                        return new NamePart(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified NamePart message. Does not implicitly {@link google.protobuf.UninterpretedOption.NamePart.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.protobuf.UninterpretedOption.NamePart
+                     * @static
+                     * @param {google.protobuf.UninterpretedOption.INamePart} message NamePart message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    NamePart.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.namePart);
+                        writer.uint32(/* id 2, wireType 0 =*/16).bool(message.isExtension);
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified NamePart message, length delimited. Does not implicitly {@link google.protobuf.UninterpretedOption.NamePart.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.protobuf.UninterpretedOption.NamePart
+                     * @static
+                     * @param {google.protobuf.UninterpretedOption.INamePart} message NamePart message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    NamePart.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes a NamePart message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.protobuf.UninterpretedOption.NamePart
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.protobuf.UninterpretedOption.NamePart} NamePart
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    NamePart.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.UninterpretedOption.NamePart();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    message.namePart = reader.string();
+                                    break;
+                                }
+                            case 2: {
+                                    message.isExtension = reader.bool();
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        if (!message.hasOwnProperty("namePart"))
+                            throw $util.ProtocolError("missing required 'namePart'", { instance: message });
+                        if (!message.hasOwnProperty("isExtension"))
+                            throw $util.ProtocolError("missing required 'isExtension'", { instance: message });
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes a NamePart message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.protobuf.UninterpretedOption.NamePart
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.protobuf.UninterpretedOption.NamePart} NamePart
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    NamePart.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies a NamePart message.
+                     * @function verify
+                     * @memberof google.protobuf.UninterpretedOption.NamePart
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    NamePart.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (!$util.isString(message.namePart))
+                            return "namePart: string expected";
+                        if (typeof message.isExtension !== "boolean")
+                            return "isExtension: boolean expected";
+                        return null;
+                    };
+    
+                    /**
+                     * Creates a NamePart message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.protobuf.UninterpretedOption.NamePart
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.protobuf.UninterpretedOption.NamePart} NamePart
+                     */
+                    NamePart.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.protobuf.UninterpretedOption.NamePart)
+                            return object;
+                        var message = new $root.google.protobuf.UninterpretedOption.NamePart();
+                        if (object.namePart != null)
+                            message.namePart = String(object.namePart);
+                        if (object.isExtension != null)
+                            message.isExtension = Boolean(object.isExtension);
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from a NamePart message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.protobuf.UninterpretedOption.NamePart
+                     * @static
+                     * @param {google.protobuf.UninterpretedOption.NamePart} message NamePart
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    NamePart.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.defaults) {
+                            object.namePart = "";
+                            object.isExtension = false;
+                        }
+                        if (message.namePart != null && message.hasOwnProperty("namePart"))
+                            object.namePart = message.namePart;
+                        if (message.isExtension != null && message.hasOwnProperty("isExtension"))
+                            object.isExtension = message.isExtension;
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this NamePart to JSON.
+                     * @function toJSON
+                     * @memberof google.protobuf.UninterpretedOption.NamePart
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    NamePart.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for NamePart
+                     * @function getTypeUrl
+                     * @memberof google.protobuf.UninterpretedOption.NamePart
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    NamePart.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.protobuf.UninterpretedOption.NamePart";
+                    };
+    
+                    return NamePart;
+                })();
+    
+                return UninterpretedOption;
+            })();
+    
+            protobuf.SourceCodeInfo = (function() {
+    
+                /**
+                 * Properties of a SourceCodeInfo.
+                 * @memberof google.protobuf
+                 * @interface ISourceCodeInfo
+                 * @property {Array.<google.protobuf.SourceCodeInfo.ILocation>|null} [location] SourceCodeInfo location
+                 */
+    
+                /**
+                 * Constructs a new SourceCodeInfo.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a SourceCodeInfo.
+                 * @implements ISourceCodeInfo
+                 * @constructor
+                 * @param {google.protobuf.ISourceCodeInfo=} [properties] Properties to set
+                 */
+                function SourceCodeInfo(properties) {
+                    this.location = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * SourceCodeInfo location.
+                 * @member {Array.<google.protobuf.SourceCodeInfo.ILocation>} location
+                 * @memberof google.protobuf.SourceCodeInfo
+                 * @instance
+                 */
+                SourceCodeInfo.prototype.location = $util.emptyArray;
+    
+                /**
+                 * Creates a new SourceCodeInfo instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.SourceCodeInfo
+                 * @static
+                 * @param {google.protobuf.ISourceCodeInfo=} [properties] Properties to set
+                 * @returns {google.protobuf.SourceCodeInfo} SourceCodeInfo instance
+                 */
+                SourceCodeInfo.create = function create(properties) {
+                    return new SourceCodeInfo(properties);
+                };
+    
+                /**
+                 * Encodes the specified SourceCodeInfo message. Does not implicitly {@link google.protobuf.SourceCodeInfo.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.SourceCodeInfo
+                 * @static
+                 * @param {google.protobuf.ISourceCodeInfo} message SourceCodeInfo message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                SourceCodeInfo.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.location != null && message.location.length)
+                        for (var i = 0; i < message.location.length; ++i)
+                            $root.google.protobuf.SourceCodeInfo.Location.encode(message.location[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified SourceCodeInfo message, length delimited. Does not implicitly {@link google.protobuf.SourceCodeInfo.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.SourceCodeInfo
+                 * @static
+                 * @param {google.protobuf.ISourceCodeInfo} message SourceCodeInfo message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                SourceCodeInfo.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a SourceCodeInfo message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.SourceCodeInfo
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.SourceCodeInfo} SourceCodeInfo
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                SourceCodeInfo.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.SourceCodeInfo();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                if (!(message.location && message.location.length))
+                                    message.location = [];
+                                message.location.push($root.google.protobuf.SourceCodeInfo.Location.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a SourceCodeInfo message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.SourceCodeInfo
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.SourceCodeInfo} SourceCodeInfo
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                SourceCodeInfo.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a SourceCodeInfo message.
+                 * @function verify
+                 * @memberof google.protobuf.SourceCodeInfo
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                SourceCodeInfo.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.location != null && message.hasOwnProperty("location")) {
+                        if (!Array.isArray(message.location))
+                            return "location: array expected";
+                        for (var i = 0; i < message.location.length; ++i) {
+                            var error = $root.google.protobuf.SourceCodeInfo.Location.verify(message.location[i]);
+                            if (error)
+                                return "location." + error;
+                        }
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates a SourceCodeInfo message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.SourceCodeInfo
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.SourceCodeInfo} SourceCodeInfo
+                 */
+                SourceCodeInfo.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.SourceCodeInfo)
+                        return object;
+                    var message = new $root.google.protobuf.SourceCodeInfo();
+                    if (object.location) {
+                        if (!Array.isArray(object.location))
+                            throw TypeError(".google.protobuf.SourceCodeInfo.location: array expected");
+                        message.location = [];
+                        for (var i = 0; i < object.location.length; ++i) {
+                            if (typeof object.location[i] !== "object")
+                                throw TypeError(".google.protobuf.SourceCodeInfo.location: object expected");
+                            message.location[i] = $root.google.protobuf.SourceCodeInfo.Location.fromObject(object.location[i]);
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a SourceCodeInfo message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.SourceCodeInfo
+                 * @static
+                 * @param {google.protobuf.SourceCodeInfo} message SourceCodeInfo
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                SourceCodeInfo.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.location = [];
+                    if (message.location && message.location.length) {
+                        object.location = [];
+                        for (var j = 0; j < message.location.length; ++j)
+                            object.location[j] = $root.google.protobuf.SourceCodeInfo.Location.toObject(message.location[j], options);
+                    }
+                    return object;
+                };
+    
+                /**
+                 * Converts this SourceCodeInfo to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.SourceCodeInfo
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                SourceCodeInfo.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for SourceCodeInfo
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.SourceCodeInfo
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                SourceCodeInfo.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.SourceCodeInfo";
+                };
+    
+                SourceCodeInfo.Location = (function() {
+    
+                    /**
+                     * Properties of a Location.
+                     * @memberof google.protobuf.SourceCodeInfo
+                     * @interface ILocation
+                     * @property {Array.<number>|null} [path] Location path
+                     * @property {Array.<number>|null} [span] Location span
+                     * @property {string|null} [leadingComments] Location leadingComments
+                     * @property {string|null} [trailingComments] Location trailingComments
+                     * @property {Array.<string>|null} [leadingDetachedComments] Location leadingDetachedComments
+                     */
+    
+                    /**
+                     * Constructs a new Location.
+                     * @memberof google.protobuf.SourceCodeInfo
+                     * @classdesc Represents a Location.
+                     * @implements ILocation
+                     * @constructor
+                     * @param {google.protobuf.SourceCodeInfo.ILocation=} [properties] Properties to set
+                     */
+                    function Location(properties) {
+                        this.path = [];
+                        this.span = [];
+                        this.leadingDetachedComments = [];
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * Location path.
+                     * @member {Array.<number>} path
+                     * @memberof google.protobuf.SourceCodeInfo.Location
+                     * @instance
+                     */
+                    Location.prototype.path = $util.emptyArray;
+    
+                    /**
+                     * Location span.
+                     * @member {Array.<number>} span
+                     * @memberof google.protobuf.SourceCodeInfo.Location
+                     * @instance
+                     */
+                    Location.prototype.span = $util.emptyArray;
+    
+                    /**
+                     * Location leadingComments.
+                     * @member {string} leadingComments
+                     * @memberof google.protobuf.SourceCodeInfo.Location
+                     * @instance
+                     */
+                    Location.prototype.leadingComments = "";
+    
+                    /**
+                     * Location trailingComments.
+                     * @member {string} trailingComments
+                     * @memberof google.protobuf.SourceCodeInfo.Location
+                     * @instance
+                     */
+                    Location.prototype.trailingComments = "";
+    
+                    /**
+                     * Location leadingDetachedComments.
+                     * @member {Array.<string>} leadingDetachedComments
+                     * @memberof google.protobuf.SourceCodeInfo.Location
+                     * @instance
+                     */
+                    Location.prototype.leadingDetachedComments = $util.emptyArray;
+    
+                    /**
+                     * Creates a new Location instance using the specified properties.
+                     * @function create
+                     * @memberof google.protobuf.SourceCodeInfo.Location
+                     * @static
+                     * @param {google.protobuf.SourceCodeInfo.ILocation=} [properties] Properties to set
+                     * @returns {google.protobuf.SourceCodeInfo.Location} Location instance
+                     */
+                    Location.create = function create(properties) {
+                        return new Location(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified Location message. Does not implicitly {@link google.protobuf.SourceCodeInfo.Location.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.protobuf.SourceCodeInfo.Location
+                     * @static
+                     * @param {google.protobuf.SourceCodeInfo.ILocation} message Location message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    Location.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.path != null && message.path.length) {
+                            writer.uint32(/* id 1, wireType 2 =*/10).fork();
+                            for (var i = 0; i < message.path.length; ++i)
+                                writer.int32(message.path[i]);
+                            writer.ldelim();
+                        }
+                        if (message.span != null && message.span.length) {
+                            writer.uint32(/* id 2, wireType 2 =*/18).fork();
+                            for (var i = 0; i < message.span.length; ++i)
+                                writer.int32(message.span[i]);
+                            writer.ldelim();
+                        }
+                        if (message.leadingComments != null && Object.hasOwnProperty.call(message, "leadingComments"))
+                            writer.uint32(/* id 3, wireType 2 =*/26).string(message.leadingComments);
+                        if (message.trailingComments != null && Object.hasOwnProperty.call(message, "trailingComments"))
+                            writer.uint32(/* id 4, wireType 2 =*/34).string(message.trailingComments);
+                        if (message.leadingDetachedComments != null && message.leadingDetachedComments.length)
+                            for (var i = 0; i < message.leadingDetachedComments.length; ++i)
+                                writer.uint32(/* id 6, wireType 2 =*/50).string(message.leadingDetachedComments[i]);
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified Location message, length delimited. Does not implicitly {@link google.protobuf.SourceCodeInfo.Location.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.protobuf.SourceCodeInfo.Location
+                     * @static
+                     * @param {google.protobuf.SourceCodeInfo.ILocation} message Location message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    Location.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes a Location message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.protobuf.SourceCodeInfo.Location
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.protobuf.SourceCodeInfo.Location} Location
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    Location.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.SourceCodeInfo.Location();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    if (!(message.path && message.path.length))
+                                        message.path = [];
+                                    if ((tag & 7) === 2) {
+                                        var end2 = reader.uint32() + reader.pos;
+                                        while (reader.pos < end2)
+                                            message.path.push(reader.int32());
+                                    } else
+                                        message.path.push(reader.int32());
+                                    break;
+                                }
+                            case 2: {
+                                    if (!(message.span && message.span.length))
+                                        message.span = [];
+                                    if ((tag & 7) === 2) {
+                                        var end2 = reader.uint32() + reader.pos;
+                                        while (reader.pos < end2)
+                                            message.span.push(reader.int32());
+                                    } else
+                                        message.span.push(reader.int32());
+                                    break;
+                                }
+                            case 3: {
+                                    message.leadingComments = reader.string();
+                                    break;
+                                }
+                            case 4: {
+                                    message.trailingComments = reader.string();
+                                    break;
+                                }
+                            case 6: {
+                                    if (!(message.leadingDetachedComments && message.leadingDetachedComments.length))
+                                        message.leadingDetachedComments = [];
+                                    message.leadingDetachedComments.push(reader.string());
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes a Location message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.protobuf.SourceCodeInfo.Location
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.protobuf.SourceCodeInfo.Location} Location
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    Location.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies a Location message.
+                     * @function verify
+                     * @memberof google.protobuf.SourceCodeInfo.Location
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    Location.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.path != null && message.hasOwnProperty("path")) {
+                            if (!Array.isArray(message.path))
+                                return "path: array expected";
+                            for (var i = 0; i < message.path.length; ++i)
+                                if (!$util.isInteger(message.path[i]))
+                                    return "path: integer[] expected";
+                        }
+                        if (message.span != null && message.hasOwnProperty("span")) {
+                            if (!Array.isArray(message.span))
+                                return "span: array expected";
+                            for (var i = 0; i < message.span.length; ++i)
+                                if (!$util.isInteger(message.span[i]))
+                                    return "span: integer[] expected";
+                        }
+                        if (message.leadingComments != null && message.hasOwnProperty("leadingComments"))
+                            if (!$util.isString(message.leadingComments))
+                                return "leadingComments: string expected";
+                        if (message.trailingComments != null && message.hasOwnProperty("trailingComments"))
+                            if (!$util.isString(message.trailingComments))
+                                return "trailingComments: string expected";
+                        if (message.leadingDetachedComments != null && message.hasOwnProperty("leadingDetachedComments")) {
+                            if (!Array.isArray(message.leadingDetachedComments))
+                                return "leadingDetachedComments: array expected";
+                            for (var i = 0; i < message.leadingDetachedComments.length; ++i)
+                                if (!$util.isString(message.leadingDetachedComments[i]))
+                                    return "leadingDetachedComments: string[] expected";
+                        }
+                        return null;
+                    };
+    
+                    /**
+                     * Creates a Location message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.protobuf.SourceCodeInfo.Location
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.protobuf.SourceCodeInfo.Location} Location
+                     */
+                    Location.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.protobuf.SourceCodeInfo.Location)
+                            return object;
+                        var message = new $root.google.protobuf.SourceCodeInfo.Location();
+                        if (object.path) {
+                            if (!Array.isArray(object.path))
+                                throw TypeError(".google.protobuf.SourceCodeInfo.Location.path: array expected");
+                            message.path = [];
+                            for (var i = 0; i < object.path.length; ++i)
+                                message.path[i] = object.path[i] | 0;
+                        }
+                        if (object.span) {
+                            if (!Array.isArray(object.span))
+                                throw TypeError(".google.protobuf.SourceCodeInfo.Location.span: array expected");
+                            message.span = [];
+                            for (var i = 0; i < object.span.length; ++i)
+                                message.span[i] = object.span[i] | 0;
+                        }
+                        if (object.leadingComments != null)
+                            message.leadingComments = String(object.leadingComments);
+                        if (object.trailingComments != null)
+                            message.trailingComments = String(object.trailingComments);
+                        if (object.leadingDetachedComments) {
+                            if (!Array.isArray(object.leadingDetachedComments))
+                                throw TypeError(".google.protobuf.SourceCodeInfo.Location.leadingDetachedComments: array expected");
+                            message.leadingDetachedComments = [];
+                            for (var i = 0; i < object.leadingDetachedComments.length; ++i)
+                                message.leadingDetachedComments[i] = String(object.leadingDetachedComments[i]);
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from a Location message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.protobuf.SourceCodeInfo.Location
+                     * @static
+                     * @param {google.protobuf.SourceCodeInfo.Location} message Location
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    Location.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.arrays || options.defaults) {
+                            object.path = [];
+                            object.span = [];
+                            object.leadingDetachedComments = [];
+                        }
+                        if (options.defaults) {
+                            object.leadingComments = "";
+                            object.trailingComments = "";
+                        }
+                        if (message.path && message.path.length) {
+                            object.path = [];
+                            for (var j = 0; j < message.path.length; ++j)
+                                object.path[j] = message.path[j];
+                        }
+                        if (message.span && message.span.length) {
+                            object.span = [];
+                            for (var j = 0; j < message.span.length; ++j)
+                                object.span[j] = message.span[j];
+                        }
+                        if (message.leadingComments != null && message.hasOwnProperty("leadingComments"))
+                            object.leadingComments = message.leadingComments;
+                        if (message.trailingComments != null && message.hasOwnProperty("trailingComments"))
+                            object.trailingComments = message.trailingComments;
+                        if (message.leadingDetachedComments && message.leadingDetachedComments.length) {
+                            object.leadingDetachedComments = [];
+                            for (var j = 0; j < message.leadingDetachedComments.length; ++j)
+                                object.leadingDetachedComments[j] = message.leadingDetachedComments[j];
+                        }
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this Location to JSON.
+                     * @function toJSON
+                     * @memberof google.protobuf.SourceCodeInfo.Location
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    Location.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for Location
+                     * @function getTypeUrl
+                     * @memberof google.protobuf.SourceCodeInfo.Location
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    Location.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.protobuf.SourceCodeInfo.Location";
+                    };
+    
+                    return Location;
+                })();
+    
+                return SourceCodeInfo;
+            })();
+    
+            protobuf.GeneratedCodeInfo = (function() {
+    
+                /**
+                 * Properties of a GeneratedCodeInfo.
+                 * @memberof google.protobuf
+                 * @interface IGeneratedCodeInfo
+                 * @property {Array.<google.protobuf.GeneratedCodeInfo.IAnnotation>|null} [annotation] GeneratedCodeInfo annotation
+                 */
+    
+                /**
+                 * Constructs a new GeneratedCodeInfo.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a GeneratedCodeInfo.
+                 * @implements IGeneratedCodeInfo
+                 * @constructor
+                 * @param {google.protobuf.IGeneratedCodeInfo=} [properties] Properties to set
+                 */
+                function GeneratedCodeInfo(properties) {
+                    this.annotation = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * GeneratedCodeInfo annotation.
+                 * @member {Array.<google.protobuf.GeneratedCodeInfo.IAnnotation>} annotation
+                 * @memberof google.protobuf.GeneratedCodeInfo
+                 * @instance
+                 */
+                GeneratedCodeInfo.prototype.annotation = $util.emptyArray;
+    
+                /**
+                 * Creates a new GeneratedCodeInfo instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.GeneratedCodeInfo
+                 * @static
+                 * @param {google.protobuf.IGeneratedCodeInfo=} [properties] Properties to set
+                 * @returns {google.protobuf.GeneratedCodeInfo} GeneratedCodeInfo instance
+                 */
+                GeneratedCodeInfo.create = function create(properties) {
+                    return new GeneratedCodeInfo(properties);
+                };
+    
+                /**
+                 * Encodes the specified GeneratedCodeInfo message. Does not implicitly {@link google.protobuf.GeneratedCodeInfo.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.GeneratedCodeInfo
+                 * @static
+                 * @param {google.protobuf.IGeneratedCodeInfo} message GeneratedCodeInfo message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                GeneratedCodeInfo.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.annotation != null && message.annotation.length)
+                        for (var i = 0; i < message.annotation.length; ++i)
+                            $root.google.protobuf.GeneratedCodeInfo.Annotation.encode(message.annotation[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified GeneratedCodeInfo message, length delimited. Does not implicitly {@link google.protobuf.GeneratedCodeInfo.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.GeneratedCodeInfo
+                 * @static
+                 * @param {google.protobuf.IGeneratedCodeInfo} message GeneratedCodeInfo message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                GeneratedCodeInfo.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a GeneratedCodeInfo message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.GeneratedCodeInfo
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.GeneratedCodeInfo} GeneratedCodeInfo
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                GeneratedCodeInfo.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.GeneratedCodeInfo();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                if (!(message.annotation && message.annotation.length))
+                                    message.annotation = [];
+                                message.annotation.push($root.google.protobuf.GeneratedCodeInfo.Annotation.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a GeneratedCodeInfo message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.GeneratedCodeInfo
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.GeneratedCodeInfo} GeneratedCodeInfo
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                GeneratedCodeInfo.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a GeneratedCodeInfo message.
+                 * @function verify
+                 * @memberof google.protobuf.GeneratedCodeInfo
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                GeneratedCodeInfo.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.annotation != null && message.hasOwnProperty("annotation")) {
+                        if (!Array.isArray(message.annotation))
+                            return "annotation: array expected";
+                        for (var i = 0; i < message.annotation.length; ++i) {
+                            var error = $root.google.protobuf.GeneratedCodeInfo.Annotation.verify(message.annotation[i]);
+                            if (error)
+                                return "annotation." + error;
+                        }
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates a GeneratedCodeInfo message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.GeneratedCodeInfo
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.GeneratedCodeInfo} GeneratedCodeInfo
+                 */
+                GeneratedCodeInfo.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.GeneratedCodeInfo)
+                        return object;
+                    var message = new $root.google.protobuf.GeneratedCodeInfo();
+                    if (object.annotation) {
+                        if (!Array.isArray(object.annotation))
+                            throw TypeError(".google.protobuf.GeneratedCodeInfo.annotation: array expected");
+                        message.annotation = [];
+                        for (var i = 0; i < object.annotation.length; ++i) {
+                            if (typeof object.annotation[i] !== "object")
+                                throw TypeError(".google.protobuf.GeneratedCodeInfo.annotation: object expected");
+                            message.annotation[i] = $root.google.protobuf.GeneratedCodeInfo.Annotation.fromObject(object.annotation[i]);
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a GeneratedCodeInfo message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.GeneratedCodeInfo
+                 * @static
+                 * @param {google.protobuf.GeneratedCodeInfo} message GeneratedCodeInfo
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                GeneratedCodeInfo.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.annotation = [];
+                    if (message.annotation && message.annotation.length) {
+                        object.annotation = [];
+                        for (var j = 0; j < message.annotation.length; ++j)
+                            object.annotation[j] = $root.google.protobuf.GeneratedCodeInfo.Annotation.toObject(message.annotation[j], options);
+                    }
+                    return object;
+                };
+    
+                /**
+                 * Converts this GeneratedCodeInfo to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.GeneratedCodeInfo
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                GeneratedCodeInfo.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for GeneratedCodeInfo
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.GeneratedCodeInfo
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                GeneratedCodeInfo.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.GeneratedCodeInfo";
+                };
+    
+                GeneratedCodeInfo.Annotation = (function() {
+    
+                    /**
+                     * Properties of an Annotation.
+                     * @memberof google.protobuf.GeneratedCodeInfo
+                     * @interface IAnnotation
+                     * @property {Array.<number>|null} [path] Annotation path
+                     * @property {string|null} [sourceFile] Annotation sourceFile
+                     * @property {number|null} [begin] Annotation begin
+                     * @property {number|null} [end] Annotation end
+                     * @property {google.protobuf.GeneratedCodeInfo.Annotation.Semantic|null} [semantic] Annotation semantic
+                     */
+    
+                    /**
+                     * Constructs a new Annotation.
+                     * @memberof google.protobuf.GeneratedCodeInfo
+                     * @classdesc Represents an Annotation.
+                     * @implements IAnnotation
+                     * @constructor
+                     * @param {google.protobuf.GeneratedCodeInfo.IAnnotation=} [properties] Properties to set
+                     */
+                    function Annotation(properties) {
+                        this.path = [];
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * Annotation path.
+                     * @member {Array.<number>} path
+                     * @memberof google.protobuf.GeneratedCodeInfo.Annotation
+                     * @instance
+                     */
+                    Annotation.prototype.path = $util.emptyArray;
+    
+                    /**
+                     * Annotation sourceFile.
+                     * @member {string} sourceFile
+                     * @memberof google.protobuf.GeneratedCodeInfo.Annotation
+                     * @instance
+                     */
+                    Annotation.prototype.sourceFile = "";
+    
+                    /**
+                     * Annotation begin.
+                     * @member {number} begin
+                     * @memberof google.protobuf.GeneratedCodeInfo.Annotation
+                     * @instance
+                     */
+                    Annotation.prototype.begin = 0;
+    
+                    /**
+                     * Annotation end.
+                     * @member {number} end
+                     * @memberof google.protobuf.GeneratedCodeInfo.Annotation
+                     * @instance
+                     */
+                    Annotation.prototype.end = 0;
+    
+                    /**
+                     * Annotation semantic.
+                     * @member {google.protobuf.GeneratedCodeInfo.Annotation.Semantic} semantic
+                     * @memberof google.protobuf.GeneratedCodeInfo.Annotation
+                     * @instance
+                     */
+                    Annotation.prototype.semantic = 0;
+    
+                    /**
+                     * Creates a new Annotation instance using the specified properties.
+                     * @function create
+                     * @memberof google.protobuf.GeneratedCodeInfo.Annotation
+                     * @static
+                     * @param {google.protobuf.GeneratedCodeInfo.IAnnotation=} [properties] Properties to set
+                     * @returns {google.protobuf.GeneratedCodeInfo.Annotation} Annotation instance
+                     */
+                    Annotation.create = function create(properties) {
+                        return new Annotation(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified Annotation message. Does not implicitly {@link google.protobuf.GeneratedCodeInfo.Annotation.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.protobuf.GeneratedCodeInfo.Annotation
+                     * @static
+                     * @param {google.protobuf.GeneratedCodeInfo.IAnnotation} message Annotation message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    Annotation.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.path != null && message.path.length) {
+                            writer.uint32(/* id 1, wireType 2 =*/10).fork();
+                            for (var i = 0; i < message.path.length; ++i)
+                                writer.int32(message.path[i]);
+                            writer.ldelim();
+                        }
+                        if (message.sourceFile != null && Object.hasOwnProperty.call(message, "sourceFile"))
+                            writer.uint32(/* id 2, wireType 2 =*/18).string(message.sourceFile);
+                        if (message.begin != null && Object.hasOwnProperty.call(message, "begin"))
+                            writer.uint32(/* id 3, wireType 0 =*/24).int32(message.begin);
+                        if (message.end != null && Object.hasOwnProperty.call(message, "end"))
+                            writer.uint32(/* id 4, wireType 0 =*/32).int32(message.end);
+                        if (message.semantic != null && Object.hasOwnProperty.call(message, "semantic"))
+                            writer.uint32(/* id 5, wireType 0 =*/40).int32(message.semantic);
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified Annotation message, length delimited. Does not implicitly {@link google.protobuf.GeneratedCodeInfo.Annotation.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.protobuf.GeneratedCodeInfo.Annotation
+                     * @static
+                     * @param {google.protobuf.GeneratedCodeInfo.IAnnotation} message Annotation message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    Annotation.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes an Annotation message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.protobuf.GeneratedCodeInfo.Annotation
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.protobuf.GeneratedCodeInfo.Annotation} Annotation
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    Annotation.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.GeneratedCodeInfo.Annotation();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    if (!(message.path && message.path.length))
+                                        message.path = [];
+                                    if ((tag & 7) === 2) {
+                                        var end2 = reader.uint32() + reader.pos;
+                                        while (reader.pos < end2)
+                                            message.path.push(reader.int32());
+                                    } else
+                                        message.path.push(reader.int32());
+                                    break;
+                                }
+                            case 2: {
+                                    message.sourceFile = reader.string();
+                                    break;
+                                }
+                            case 3: {
+                                    message.begin = reader.int32();
+                                    break;
+                                }
+                            case 4: {
+                                    message.end = reader.int32();
+                                    break;
+                                }
+                            case 5: {
+                                    message.semantic = reader.int32();
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes an Annotation message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.protobuf.GeneratedCodeInfo.Annotation
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.protobuf.GeneratedCodeInfo.Annotation} Annotation
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    Annotation.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies an Annotation message.
+                     * @function verify
+                     * @memberof google.protobuf.GeneratedCodeInfo.Annotation
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    Annotation.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.path != null && message.hasOwnProperty("path")) {
+                            if (!Array.isArray(message.path))
+                                return "path: array expected";
+                            for (var i = 0; i < message.path.length; ++i)
+                                if (!$util.isInteger(message.path[i]))
+                                    return "path: integer[] expected";
+                        }
+                        if (message.sourceFile != null && message.hasOwnProperty("sourceFile"))
+                            if (!$util.isString(message.sourceFile))
+                                return "sourceFile: string expected";
+                        if (message.begin != null && message.hasOwnProperty("begin"))
+                            if (!$util.isInteger(message.begin))
+                                return "begin: integer expected";
+                        if (message.end != null && message.hasOwnProperty("end"))
+                            if (!$util.isInteger(message.end))
+                                return "end: integer expected";
+                        if (message.semantic != null && message.hasOwnProperty("semantic"))
+                            switch (message.semantic) {
+                            default:
+                                return "semantic: enum value expected";
+                            case 0:
+                            case 1:
+                            case 2:
+                                break;
+                            }
+                        return null;
+                    };
+    
+                    /**
+                     * Creates an Annotation message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.protobuf.GeneratedCodeInfo.Annotation
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.protobuf.GeneratedCodeInfo.Annotation} Annotation
+                     */
+                    Annotation.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.protobuf.GeneratedCodeInfo.Annotation)
+                            return object;
+                        var message = new $root.google.protobuf.GeneratedCodeInfo.Annotation();
+                        if (object.path) {
+                            if (!Array.isArray(object.path))
+                                throw TypeError(".google.protobuf.GeneratedCodeInfo.Annotation.path: array expected");
+                            message.path = [];
+                            for (var i = 0; i < object.path.length; ++i)
+                                message.path[i] = object.path[i] | 0;
+                        }
+                        if (object.sourceFile != null)
+                            message.sourceFile = String(object.sourceFile);
+                        if (object.begin != null)
+                            message.begin = object.begin | 0;
+                        if (object.end != null)
+                            message.end = object.end | 0;
+                        switch (object.semantic) {
+                        default:
+                            if (typeof object.semantic === "number") {
+                                message.semantic = object.semantic;
+                                break;
+                            }
+                            break;
+                        case "NONE":
+                        case 0:
+                            message.semantic = 0;
+                            break;
+                        case "SET":
+                        case 1:
+                            message.semantic = 1;
+                            break;
+                        case "ALIAS":
+                        case 2:
+                            message.semantic = 2;
+                            break;
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from an Annotation message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.protobuf.GeneratedCodeInfo.Annotation
+                     * @static
+                     * @param {google.protobuf.GeneratedCodeInfo.Annotation} message Annotation
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    Annotation.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.arrays || options.defaults)
+                            object.path = [];
+                        if (options.defaults) {
+                            object.sourceFile = "";
+                            object.begin = 0;
+                            object.end = 0;
+                            object.semantic = options.enums === String ? "NONE" : 0;
+                        }
+                        if (message.path && message.path.length) {
+                            object.path = [];
+                            for (var j = 0; j < message.path.length; ++j)
+                                object.path[j] = message.path[j];
+                        }
+                        if (message.sourceFile != null && message.hasOwnProperty("sourceFile"))
+                            object.sourceFile = message.sourceFile;
+                        if (message.begin != null && message.hasOwnProperty("begin"))
+                            object.begin = message.begin;
+                        if (message.end != null && message.hasOwnProperty("end"))
+                            object.end = message.end;
+                        if (message.semantic != null && message.hasOwnProperty("semantic"))
+                            object.semantic = options.enums === String ? $root.google.protobuf.GeneratedCodeInfo.Annotation.Semantic[message.semantic] === undefined ? message.semantic : $root.google.protobuf.GeneratedCodeInfo.Annotation.Semantic[message.semantic] : message.semantic;
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this Annotation to JSON.
+                     * @function toJSON
+                     * @memberof google.protobuf.GeneratedCodeInfo.Annotation
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    Annotation.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for Annotation
+                     * @function getTypeUrl
+                     * @memberof google.protobuf.GeneratedCodeInfo.Annotation
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    Annotation.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.protobuf.GeneratedCodeInfo.Annotation";
+                    };
+    
+                    /**
+                     * Semantic enum.
+                     * @name google.protobuf.GeneratedCodeInfo.Annotation.Semantic
+                     * @enum {number}
+                     * @property {number} NONE=0 NONE value
+                     * @property {number} SET=1 SET value
+                     * @property {number} ALIAS=2 ALIAS value
+                     */
+                    Annotation.Semantic = (function() {
+                        var valuesById = {}, values = Object.create(valuesById);
+                        values[valuesById[0] = "NONE"] = 0;
+                        values[valuesById[1] = "SET"] = 1;
+                        values[valuesById[2] = "ALIAS"] = 2;
+                        return values;
+                    })();
+    
+                    return Annotation;
+                })();
+    
+                return GeneratedCodeInfo;
+            })();
+    
+            protobuf.FieldMask = (function() {
+    
+                /**
+                 * Properties of a FieldMask.
+                 * @memberof google.protobuf
+                 * @interface IFieldMask
+                 * @property {Array.<string>|null} [paths] FieldMask paths
+                 */
+    
+                /**
+                 * Constructs a new FieldMask.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a FieldMask.
+                 * @implements IFieldMask
+                 * @constructor
+                 * @param {google.protobuf.IFieldMask=} [properties] Properties to set
+                 */
+                function FieldMask(properties) {
+                    this.paths = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * FieldMask paths.
+                 * @member {Array.<string>} paths
+                 * @memberof google.protobuf.FieldMask
+                 * @instance
+                 */
+                FieldMask.prototype.paths = $util.emptyArray;
+    
+                /**
+                 * Creates a new FieldMask instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.FieldMask
+                 * @static
+                 * @param {google.protobuf.IFieldMask=} [properties] Properties to set
+                 * @returns {google.protobuf.FieldMask} FieldMask instance
+                 */
+                FieldMask.create = function create(properties) {
+                    return new FieldMask(properties);
+                };
+    
+                /**
+                 * Encodes the specified FieldMask message. Does not implicitly {@link google.protobuf.FieldMask.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.FieldMask
+                 * @static
+                 * @param {google.protobuf.IFieldMask} message FieldMask message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                FieldMask.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.paths != null && message.paths.length)
+                        for (var i = 0; i < message.paths.length; ++i)
+                            writer.uint32(/* id 1, wireType 2 =*/10).string(message.paths[i]);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified FieldMask message, length delimited. Does not implicitly {@link google.protobuf.FieldMask.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.FieldMask
+                 * @static
+                 * @param {google.protobuf.IFieldMask} message FieldMask message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                FieldMask.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a FieldMask message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.FieldMask
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.FieldMask} FieldMask
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                FieldMask.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.FieldMask();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                if (!(message.paths && message.paths.length))
+                                    message.paths = [];
+                                message.paths.push(reader.string());
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a FieldMask message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.FieldMask
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.FieldMask} FieldMask
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                FieldMask.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a FieldMask message.
+                 * @function verify
+                 * @memberof google.protobuf.FieldMask
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                FieldMask.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.paths != null && message.hasOwnProperty("paths")) {
+                        if (!Array.isArray(message.paths))
+                            return "paths: array expected";
+                        for (var i = 0; i < message.paths.length; ++i)
+                            if (!$util.isString(message.paths[i]))
+                                return "paths: string[] expected";
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates a FieldMask message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.FieldMask
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.FieldMask} FieldMask
+                 */
+                FieldMask.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.FieldMask)
+                        return object;
+                    var message = new $root.google.protobuf.FieldMask();
+                    if (object.paths) {
+                        if (!Array.isArray(object.paths))
+                            throw TypeError(".google.protobuf.FieldMask.paths: array expected");
+                        message.paths = [];
+                        for (var i = 0; i < object.paths.length; ++i)
+                            message.paths[i] = String(object.paths[i]);
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a FieldMask message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.FieldMask
+                 * @static
+                 * @param {google.protobuf.FieldMask} message FieldMask
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                FieldMask.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.paths = [];
+                    if (message.paths && message.paths.length) {
+                        object.paths = [];
+                        for (var j = 0; j < message.paths.length; ++j)
+                            object.paths[j] = message.paths[j];
+                    }
+                    return object;
+                };
+    
+                /**
+                 * Converts this FieldMask to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.FieldMask
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                FieldMask.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for FieldMask
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.FieldMask
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                FieldMask.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.FieldMask";
+                };
+    
+                return FieldMask;
+            })();
+    
+            protobuf.Timestamp = (function() {
+    
+                /**
+                 * Properties of a Timestamp.
+                 * @memberof google.protobuf
+                 * @interface ITimestamp
+                 * @property {number|Long|null} [seconds] Timestamp seconds
+                 * @property {number|null} [nanos] Timestamp nanos
+                 */
+    
+                /**
+                 * Constructs a new Timestamp.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a Timestamp.
+                 * @implements ITimestamp
+                 * @constructor
+                 * @param {google.protobuf.ITimestamp=} [properties] Properties to set
+                 */
+                function Timestamp(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * Timestamp seconds.
+                 * @member {number|Long} seconds
+                 * @memberof google.protobuf.Timestamp
+                 * @instance
+                 */
+                Timestamp.prototype.seconds = $util.Long ? $util.Long.fromBits(0,0,false) : 0;
+    
+                /**
+                 * Timestamp nanos.
+                 * @member {number} nanos
+                 * @memberof google.protobuf.Timestamp
+                 * @instance
+                 */
+                Timestamp.prototype.nanos = 0;
+    
+                /**
+                 * Creates a new Timestamp instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.Timestamp
+                 * @static
+                 * @param {google.protobuf.ITimestamp=} [properties] Properties to set
+                 * @returns {google.protobuf.Timestamp} Timestamp instance
+                 */
+                Timestamp.create = function create(properties) {
+                    return new Timestamp(properties);
+                };
+    
+                /**
+                 * Encodes the specified Timestamp message. Does not implicitly {@link google.protobuf.Timestamp.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.Timestamp
+                 * @static
+                 * @param {google.protobuf.ITimestamp} message Timestamp message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Timestamp.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.seconds != null && Object.hasOwnProperty.call(message, "seconds"))
+                        writer.uint32(/* id 1, wireType 0 =*/8).int64(message.seconds);
+                    if (message.nanos != null && Object.hasOwnProperty.call(message, "nanos"))
+                        writer.uint32(/* id 2, wireType 0 =*/16).int32(message.nanos);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified Timestamp message, length delimited. Does not implicitly {@link google.protobuf.Timestamp.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.Timestamp
+                 * @static
+                 * @param {google.protobuf.ITimestamp} message Timestamp message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Timestamp.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a Timestamp message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.Timestamp
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.Timestamp} Timestamp
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Timestamp.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.Timestamp();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.seconds = reader.int64();
+                                break;
+                            }
+                        case 2: {
+                                message.nanos = reader.int32();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a Timestamp message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.Timestamp
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.Timestamp} Timestamp
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Timestamp.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a Timestamp message.
+                 * @function verify
+                 * @memberof google.protobuf.Timestamp
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                Timestamp.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.seconds != null && message.hasOwnProperty("seconds"))
+                        if (!$util.isInteger(message.seconds) && !(message.seconds && $util.isInteger(message.seconds.low) && $util.isInteger(message.seconds.high)))
+                            return "seconds: integer|Long expected";
+                    if (message.nanos != null && message.hasOwnProperty("nanos"))
+                        if (!$util.isInteger(message.nanos))
+                            return "nanos: integer expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates a Timestamp message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.Timestamp
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.Timestamp} Timestamp
+                 */
+                Timestamp.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.Timestamp)
+                        return object;
+                    var message = new $root.google.protobuf.Timestamp();
+                    if (object.seconds != null)
+                        if ($util.Long)
+                            (message.seconds = $util.Long.fromValue(object.seconds)).unsigned = false;
+                        else if (typeof object.seconds === "string")
+                            message.seconds = parseInt(object.seconds, 10);
+                        else if (typeof object.seconds === "number")
+                            message.seconds = object.seconds;
+                        else if (typeof object.seconds === "object")
+                            message.seconds = new $util.LongBits(object.seconds.low >>> 0, object.seconds.high >>> 0).toNumber();
+                    if (object.nanos != null)
+                        message.nanos = object.nanos | 0;
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a Timestamp message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.Timestamp
+                 * @static
+                 * @param {google.protobuf.Timestamp} message Timestamp
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                Timestamp.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults) {
+                        if ($util.Long) {
+                            var long = new $util.Long(0, 0, false);
+                            object.seconds = options.longs === String ? long.toString() : options.longs === Number ? long.toNumber() : long;
+                        } else
+                            object.seconds = options.longs === String ? "0" : 0;
+                        object.nanos = 0;
+                    }
+                    if (message.seconds != null && message.hasOwnProperty("seconds"))
+                        if (typeof message.seconds === "number")
+                            object.seconds = options.longs === String ? String(message.seconds) : message.seconds;
+                        else
+                            object.seconds = options.longs === String ? $util.Long.prototype.toString.call(message.seconds) : options.longs === Number ? new $util.LongBits(message.seconds.low >>> 0, message.seconds.high >>> 0).toNumber() : message.seconds;
+                    if (message.nanos != null && message.hasOwnProperty("nanos"))
+                        object.nanos = message.nanos;
+                    return object;
+                };
+    
+                /**
+                 * Converts this Timestamp to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.Timestamp
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                Timestamp.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for Timestamp
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.Timestamp
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                Timestamp.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.Timestamp";
+                };
+    
+                return Timestamp;
+            })();
+    
+            protobuf.Any = (function() {
+    
+                /**
+                 * Properties of an Any.
+                 * @memberof google.protobuf
+                 * @interface IAny
+                 * @property {string|null} [type_url] Any type_url
+                 * @property {Uint8Array|null} [value] Any value
+                 */
+    
+                /**
+                 * Constructs a new Any.
+                 * @memberof google.protobuf
+                 * @classdesc Represents an Any.
+                 * @implements IAny
+                 * @constructor
+                 * @param {google.protobuf.IAny=} [properties] Properties to set
+                 */
+                function Any(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * Any type_url.
+                 * @member {string} type_url
+                 * @memberof google.protobuf.Any
+                 * @instance
+                 */
+                Any.prototype.type_url = "";
+    
+                /**
+                 * Any value.
+                 * @member {Uint8Array} value
+                 * @memberof google.protobuf.Any
+                 * @instance
+                 */
+                Any.prototype.value = $util.newBuffer([]);
+    
+                /**
+                 * Creates a new Any instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.Any
+                 * @static
+                 * @param {google.protobuf.IAny=} [properties] Properties to set
+                 * @returns {google.protobuf.Any} Any instance
+                 */
+                Any.create = function create(properties) {
+                    return new Any(properties);
+                };
+    
+                /**
+                 * Encodes the specified Any message. Does not implicitly {@link google.protobuf.Any.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.Any
+                 * @static
+                 * @param {google.protobuf.IAny} message Any message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Any.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.type_url != null && Object.hasOwnProperty.call(message, "type_url"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.type_url);
+                    if (message.value != null && Object.hasOwnProperty.call(message, "value"))
+                        writer.uint32(/* id 2, wireType 2 =*/18).bytes(message.value);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified Any message, length delimited. Does not implicitly {@link google.protobuf.Any.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.Any
+                 * @static
+                 * @param {google.protobuf.IAny} message Any message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Any.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes an Any message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.Any
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.Any} Any
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Any.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.Any();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.type_url = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                message.value = reader.bytes();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes an Any message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.Any
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.Any} Any
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Any.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies an Any message.
+                 * @function verify
+                 * @memberof google.protobuf.Any
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                Any.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.type_url != null && message.hasOwnProperty("type_url"))
+                        if (!$util.isString(message.type_url))
+                            return "type_url: string expected";
+                    if (message.value != null && message.hasOwnProperty("value"))
+                        if (!(message.value && typeof message.value.length === "number" || $util.isString(message.value)))
+                            return "value: buffer expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates an Any message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.Any
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.Any} Any
+                 */
+                Any.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.Any)
+                        return object;
+                    var message = new $root.google.protobuf.Any();
+                    if (object.type_url != null)
+                        message.type_url = String(object.type_url);
+                    if (object.value != null)
+                        if (typeof object.value === "string")
+                            $util.base64.decode(object.value, message.value = $util.newBuffer($util.base64.length(object.value)), 0);
+                        else if (object.value.length >= 0)
+                            message.value = object.value;
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from an Any message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.Any
+                 * @static
+                 * @param {google.protobuf.Any} message Any
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                Any.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults) {
+                        object.type_url = "";
+                        if (options.bytes === String)
+                            object.value = "";
+                        else {
+                            object.value = [];
+                            if (options.bytes !== Array)
+                                object.value = $util.newBuffer(object.value);
+                        }
+                    }
+                    if (message.type_url != null && message.hasOwnProperty("type_url"))
+                        object.type_url = message.type_url;
+                    if (message.value != null && message.hasOwnProperty("value"))
+                        object.value = options.bytes === String ? $util.base64.encode(message.value, 0, message.value.length) : options.bytes === Array ? Array.prototype.slice.call(message.value) : message.value;
+                    return object;
+                };
+    
+                /**
+                 * Converts this Any to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.Any
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                Any.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for Any
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.Any
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                Any.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.Any";
+                };
+    
+                return Any;
+            })();
+    
+            protobuf.Duration = (function() {
+    
+                /**
+                 * Properties of a Duration.
+                 * @memberof google.protobuf
+                 * @interface IDuration
+                 * @property {number|Long|null} [seconds] Duration seconds
+                 * @property {number|null} [nanos] Duration nanos
+                 */
+    
+                /**
+                 * Constructs a new Duration.
+                 * @memberof google.protobuf
+                 * @classdesc Represents a Duration.
+                 * @implements IDuration
+                 * @constructor
+                 * @param {google.protobuf.IDuration=} [properties] Properties to set
+                 */
+                function Duration(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * Duration seconds.
+                 * @member {number|Long} seconds
+                 * @memberof google.protobuf.Duration
+                 * @instance
+                 */
+                Duration.prototype.seconds = $util.Long ? $util.Long.fromBits(0,0,false) : 0;
+    
+                /**
+                 * Duration nanos.
+                 * @member {number} nanos
+                 * @memberof google.protobuf.Duration
+                 * @instance
+                 */
+                Duration.prototype.nanos = 0;
+    
+                /**
+                 * Creates a new Duration instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.Duration
+                 * @static
+                 * @param {google.protobuf.IDuration=} [properties] Properties to set
+                 * @returns {google.protobuf.Duration} Duration instance
+                 */
+                Duration.create = function create(properties) {
+                    return new Duration(properties);
+                };
+    
+                /**
+                 * Encodes the specified Duration message. Does not implicitly {@link google.protobuf.Duration.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.Duration
+                 * @static
+                 * @param {google.protobuf.IDuration} message Duration message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Duration.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.seconds != null && Object.hasOwnProperty.call(message, "seconds"))
+                        writer.uint32(/* id 1, wireType 0 =*/8).int64(message.seconds);
+                    if (message.nanos != null && Object.hasOwnProperty.call(message, "nanos"))
+                        writer.uint32(/* id 2, wireType 0 =*/16).int32(message.nanos);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified Duration message, length delimited. Does not implicitly {@link google.protobuf.Duration.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.Duration
+                 * @static
+                 * @param {google.protobuf.IDuration} message Duration message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Duration.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a Duration message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.Duration
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.Duration} Duration
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Duration.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.Duration();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.seconds = reader.int64();
+                                break;
+                            }
+                        case 2: {
+                                message.nanos = reader.int32();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a Duration message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.Duration
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.Duration} Duration
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Duration.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a Duration message.
+                 * @function verify
+                 * @memberof google.protobuf.Duration
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                Duration.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.seconds != null && message.hasOwnProperty("seconds"))
+                        if (!$util.isInteger(message.seconds) && !(message.seconds && $util.isInteger(message.seconds.low) && $util.isInteger(message.seconds.high)))
+                            return "seconds: integer|Long expected";
+                    if (message.nanos != null && message.hasOwnProperty("nanos"))
+                        if (!$util.isInteger(message.nanos))
+                            return "nanos: integer expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates a Duration message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.Duration
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.Duration} Duration
+                 */
+                Duration.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.Duration)
+                        return object;
+                    var message = new $root.google.protobuf.Duration();
+                    if (object.seconds != null)
+                        if ($util.Long)
+                            (message.seconds = $util.Long.fromValue(object.seconds)).unsigned = false;
+                        else if (typeof object.seconds === "string")
+                            message.seconds = parseInt(object.seconds, 10);
+                        else if (typeof object.seconds === "number")
+                            message.seconds = object.seconds;
+                        else if (typeof object.seconds === "object")
+                            message.seconds = new $util.LongBits(object.seconds.low >>> 0, object.seconds.high >>> 0).toNumber();
+                    if (object.nanos != null)
+                        message.nanos = object.nanos | 0;
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a Duration message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.Duration
+                 * @static
+                 * @param {google.protobuf.Duration} message Duration
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                Duration.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults) {
+                        if ($util.Long) {
+                            var long = new $util.Long(0, 0, false);
+                            object.seconds = options.longs === String ? long.toString() : options.longs === Number ? long.toNumber() : long;
+                        } else
+                            object.seconds = options.longs === String ? "0" : 0;
+                        object.nanos = 0;
+                    }
+                    if (message.seconds != null && message.hasOwnProperty("seconds"))
+                        if (typeof message.seconds === "number")
+                            object.seconds = options.longs === String ? String(message.seconds) : message.seconds;
+                        else
+                            object.seconds = options.longs === String ? $util.Long.prototype.toString.call(message.seconds) : options.longs === Number ? new $util.LongBits(message.seconds.low >>> 0, message.seconds.high >>> 0).toNumber() : message.seconds;
+                    if (message.nanos != null && message.hasOwnProperty("nanos"))
+                        object.nanos = message.nanos;
+                    return object;
+                };
+    
+                /**
+                 * Converts this Duration to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.Duration
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                Duration.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for Duration
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.Duration
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                Duration.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.Duration";
+                };
+    
+                return Duration;
+            })();
+    
+            protobuf.Empty = (function() {
+    
+                /**
+                 * Properties of an Empty.
+                 * @memberof google.protobuf
+                 * @interface IEmpty
+                 */
+    
+                /**
+                 * Constructs a new Empty.
+                 * @memberof google.protobuf
+                 * @classdesc Represents an Empty.
+                 * @implements IEmpty
+                 * @constructor
+                 * @param {google.protobuf.IEmpty=} [properties] Properties to set
+                 */
+                function Empty(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * Creates a new Empty instance using the specified properties.
+                 * @function create
+                 * @memberof google.protobuf.Empty
+                 * @static
+                 * @param {google.protobuf.IEmpty=} [properties] Properties to set
+                 * @returns {google.protobuf.Empty} Empty instance
+                 */
+                Empty.create = function create(properties) {
+                    return new Empty(properties);
+                };
+    
+                /**
+                 * Encodes the specified Empty message. Does not implicitly {@link google.protobuf.Empty.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.protobuf.Empty
+                 * @static
+                 * @param {google.protobuf.IEmpty} message Empty message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Empty.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified Empty message, length delimited. Does not implicitly {@link google.protobuf.Empty.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.protobuf.Empty
+                 * @static
+                 * @param {google.protobuf.IEmpty} message Empty message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Empty.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes an Empty message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.protobuf.Empty
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.protobuf.Empty} Empty
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Empty.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.Empty();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes an Empty message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.protobuf.Empty
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.protobuf.Empty} Empty
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Empty.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies an Empty message.
+                 * @function verify
+                 * @memberof google.protobuf.Empty
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                Empty.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates an Empty message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.protobuf.Empty
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.protobuf.Empty} Empty
+                 */
+                Empty.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.protobuf.Empty)
+                        return object;
+                    return new $root.google.protobuf.Empty();
+                };
+    
+                /**
+                 * Creates a plain object from an Empty message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.protobuf.Empty
+                 * @static
+                 * @param {google.protobuf.Empty} message Empty
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                Empty.toObject = function toObject() {
+                    return {};
+                };
+    
+                /**
+                 * Converts this Empty to JSON.
+                 * @function toJSON
+                 * @memberof google.protobuf.Empty
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                Empty.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for Empty
+                 * @function getTypeUrl
+                 * @memberof google.protobuf.Empty
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                Empty.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.protobuf.Empty";
+                };
+    
+                return Empty;
+            })();
+    
+            return protobuf;
+        })();
+    
+        google.iam = (function() {
+    
+            /**
+             * Namespace iam.
+             * @memberof google
+             * @namespace
+             */
+            var iam = {};
+    
+            iam.v1 = (function() {
+    
+                /**
+                 * Namespace v1.
+                 * @memberof google.iam
+                 * @namespace
+                 */
+                var v1 = {};
+    
+                v1.IAMPolicy = (function() {
+    
+                    /**
+                     * Constructs a new IAMPolicy service.
+                     * @memberof google.iam.v1
+                     * @classdesc Represents a IAMPolicy
+                     * @extends $protobuf.rpc.Service
+                     * @constructor
+                     * @param {$protobuf.RPCImpl} rpcImpl RPC implementation
+                     * @param {boolean} [requestDelimited=false] Whether requests are length-delimited
+                     * @param {boolean} [responseDelimited=false] Whether responses are length-delimited
+                     */
+                    function IAMPolicy(rpcImpl, requestDelimited, responseDelimited) {
+                        $protobuf.rpc.Service.call(this, rpcImpl, requestDelimited, responseDelimited);
+                    }
+    
+                    (IAMPolicy.prototype = Object.create($protobuf.rpc.Service.prototype)).constructor = IAMPolicy;
+    
+                    /**
+                     * Creates new IAMPolicy service using the specified rpc implementation.
+                     * @function create
+                     * @memberof google.iam.v1.IAMPolicy
+                     * @static
+                     * @param {$protobuf.RPCImpl} rpcImpl RPC implementation
+                     * @param {boolean} [requestDelimited=false] Whether requests are length-delimited
+                     * @param {boolean} [responseDelimited=false] Whether responses are length-delimited
+                     * @returns {IAMPolicy} RPC service. Useful where requests and/or responses are streamed.
+                     */
+                    IAMPolicy.create = function create(rpcImpl, requestDelimited, responseDelimited) {
+                        return new this(rpcImpl, requestDelimited, responseDelimited);
+                    };
+    
+                    /**
+                     * Callback as used by {@link google.iam.v1.IAMPolicy|setIamPolicy}.
+                     * @memberof google.iam.v1.IAMPolicy
+                     * @typedef SetIamPolicyCallback
+                     * @type {function}
+                     * @param {Error|null} error Error, if any
+                     * @param {google.iam.v1.Policy} [response] Policy
+                     */
+    
+                    /**
+                     * Calls SetIamPolicy.
+                     * @function setIamPolicy
+                     * @memberof google.iam.v1.IAMPolicy
+                     * @instance
+                     * @param {google.iam.v1.ISetIamPolicyRequest} request SetIamPolicyRequest message or plain object
+                     * @param {google.iam.v1.IAMPolicy.SetIamPolicyCallback} callback Node-style callback called with the error, if any, and Policy
+                     * @returns {undefined}
+                     * @variation 1
+                     */
+                    Object.defineProperty(IAMPolicy.prototype.setIamPolicy = function setIamPolicy(request, callback) {
+                        return this.rpcCall(setIamPolicy, $root.google.iam.v1.SetIamPolicyRequest, $root.google.iam.v1.Policy, request, callback);
+                    }, "name", { value: "SetIamPolicy" });
+    
+                    /**
+                     * Calls SetIamPolicy.
+                     * @function setIamPolicy
+                     * @memberof google.iam.v1.IAMPolicy
+                     * @instance
+                     * @param {google.iam.v1.ISetIamPolicyRequest} request SetIamPolicyRequest message or plain object
+                     * @returns {Promise<google.iam.v1.Policy>} Promise
+                     * @variation 2
+                     */
+    
+                    /**
+                     * Callback as used by {@link google.iam.v1.IAMPolicy|getIamPolicy}.
+                     * @memberof google.iam.v1.IAMPolicy
+                     * @typedef GetIamPolicyCallback
+                     * @type {function}
+                     * @param {Error|null} error Error, if any
+                     * @param {google.iam.v1.Policy} [response] Policy
+                     */
+    
+                    /**
+                     * Calls GetIamPolicy.
+                     * @function getIamPolicy
+                     * @memberof google.iam.v1.IAMPolicy
+                     * @instance
+                     * @param {google.iam.v1.IGetIamPolicyRequest} request GetIamPolicyRequest message or plain object
+                     * @param {google.iam.v1.IAMPolicy.GetIamPolicyCallback} callback Node-style callback called with the error, if any, and Policy
+                     * @returns {undefined}
+                     * @variation 1
+                     */
+                    Object.defineProperty(IAMPolicy.prototype.getIamPolicy = function getIamPolicy(request, callback) {
+                        return this.rpcCall(getIamPolicy, $root.google.iam.v1.GetIamPolicyRequest, $root.google.iam.v1.Policy, request, callback);
+                    }, "name", { value: "GetIamPolicy" });
+    
+                    /**
+                     * Calls GetIamPolicy.
+                     * @function getIamPolicy
+                     * @memberof google.iam.v1.IAMPolicy
+                     * @instance
+                     * @param {google.iam.v1.IGetIamPolicyRequest} request GetIamPolicyRequest message or plain object
+                     * @returns {Promise<google.iam.v1.Policy>} Promise
+                     * @variation 2
+                     */
+    
+                    /**
+                     * Callback as used by {@link google.iam.v1.IAMPolicy|testIamPermissions}.
+                     * @memberof google.iam.v1.IAMPolicy
+                     * @typedef TestIamPermissionsCallback
+                     * @type {function}
+                     * @param {Error|null} error Error, if any
+                     * @param {google.iam.v1.TestIamPermissionsResponse} [response] TestIamPermissionsResponse
+                     */
+    
+                    /**
+                     * Calls TestIamPermissions.
+                     * @function testIamPermissions
+                     * @memberof google.iam.v1.IAMPolicy
+                     * @instance
+                     * @param {google.iam.v1.ITestIamPermissionsRequest} request TestIamPermissionsRequest message or plain object
+                     * @param {google.iam.v1.IAMPolicy.TestIamPermissionsCallback} callback Node-style callback called with the error, if any, and TestIamPermissionsResponse
+                     * @returns {undefined}
+                     * @variation 1
+                     */
+                    Object.defineProperty(IAMPolicy.prototype.testIamPermissions = function testIamPermissions(request, callback) {
+                        return this.rpcCall(testIamPermissions, $root.google.iam.v1.TestIamPermissionsRequest, $root.google.iam.v1.TestIamPermissionsResponse, request, callback);
+                    }, "name", { value: "TestIamPermissions" });
+    
+                    /**
+                     * Calls TestIamPermissions.
+                     * @function testIamPermissions
+                     * @memberof google.iam.v1.IAMPolicy
+                     * @instance
+                     * @param {google.iam.v1.ITestIamPermissionsRequest} request TestIamPermissionsRequest message or plain object
+                     * @returns {Promise<google.iam.v1.TestIamPermissionsResponse>} Promise
+                     * @variation 2
+                     */
+    
+                    return IAMPolicy;
+                })();
+    
+                v1.SetIamPolicyRequest = (function() {
+    
+                    /**
+                     * Properties of a SetIamPolicyRequest.
+                     * @memberof google.iam.v1
+                     * @interface ISetIamPolicyRequest
+                     * @property {string|null} [resource] SetIamPolicyRequest resource
+                     * @property {google.iam.v1.IPolicy|null} [policy] SetIamPolicyRequest policy
+                     * @property {google.protobuf.IFieldMask|null} [updateMask] SetIamPolicyRequest updateMask
+                     */
+    
+                    /**
+                     * Constructs a new SetIamPolicyRequest.
+                     * @memberof google.iam.v1
+                     * @classdesc Represents a SetIamPolicyRequest.
+                     * @implements ISetIamPolicyRequest
+                     * @constructor
+                     * @param {google.iam.v1.ISetIamPolicyRequest=} [properties] Properties to set
+                     */
+                    function SetIamPolicyRequest(properties) {
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * SetIamPolicyRequest resource.
+                     * @member {string} resource
+                     * @memberof google.iam.v1.SetIamPolicyRequest
+                     * @instance
+                     */
+                    SetIamPolicyRequest.prototype.resource = "";
+    
+                    /**
+                     * SetIamPolicyRequest policy.
+                     * @member {google.iam.v1.IPolicy|null|undefined} policy
+                     * @memberof google.iam.v1.SetIamPolicyRequest
+                     * @instance
+                     */
+                    SetIamPolicyRequest.prototype.policy = null;
+    
+                    /**
+                     * SetIamPolicyRequest updateMask.
+                     * @member {google.protobuf.IFieldMask|null|undefined} updateMask
+                     * @memberof google.iam.v1.SetIamPolicyRequest
+                     * @instance
+                     */
+                    SetIamPolicyRequest.prototype.updateMask = null;
+    
+                    /**
+                     * Creates a new SetIamPolicyRequest instance using the specified properties.
+                     * @function create
+                     * @memberof google.iam.v1.SetIamPolicyRequest
+                     * @static
+                     * @param {google.iam.v1.ISetIamPolicyRequest=} [properties] Properties to set
+                     * @returns {google.iam.v1.SetIamPolicyRequest} SetIamPolicyRequest instance
+                     */
+                    SetIamPolicyRequest.create = function create(properties) {
+                        return new SetIamPolicyRequest(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified SetIamPolicyRequest message. Does not implicitly {@link google.iam.v1.SetIamPolicyRequest.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.iam.v1.SetIamPolicyRequest
+                     * @static
+                     * @param {google.iam.v1.ISetIamPolicyRequest} message SetIamPolicyRequest message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    SetIamPolicyRequest.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.resource != null && Object.hasOwnProperty.call(message, "resource"))
+                            writer.uint32(/* id 1, wireType 2 =*/10).string(message.resource);
+                        if (message.policy != null && Object.hasOwnProperty.call(message, "policy"))
+                            $root.google.iam.v1.Policy.encode(message.policy, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                        if (message.updateMask != null && Object.hasOwnProperty.call(message, "updateMask"))
+                            $root.google.protobuf.FieldMask.encode(message.updateMask, writer.uint32(/* id 3, wireType 2 =*/26).fork()).ldelim();
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified SetIamPolicyRequest message, length delimited. Does not implicitly {@link google.iam.v1.SetIamPolicyRequest.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.iam.v1.SetIamPolicyRequest
+                     * @static
+                     * @param {google.iam.v1.ISetIamPolicyRequest} message SetIamPolicyRequest message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    SetIamPolicyRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes a SetIamPolicyRequest message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.iam.v1.SetIamPolicyRequest
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.iam.v1.SetIamPolicyRequest} SetIamPolicyRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    SetIamPolicyRequest.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.iam.v1.SetIamPolicyRequest();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    message.resource = reader.string();
+                                    break;
+                                }
+                            case 2: {
+                                    message.policy = $root.google.iam.v1.Policy.decode(reader, reader.uint32());
+                                    break;
+                                }
+                            case 3: {
+                                    message.updateMask = $root.google.protobuf.FieldMask.decode(reader, reader.uint32());
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes a SetIamPolicyRequest message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.iam.v1.SetIamPolicyRequest
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.iam.v1.SetIamPolicyRequest} SetIamPolicyRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    SetIamPolicyRequest.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies a SetIamPolicyRequest message.
+                     * @function verify
+                     * @memberof google.iam.v1.SetIamPolicyRequest
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    SetIamPolicyRequest.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.resource != null && message.hasOwnProperty("resource"))
+                            if (!$util.isString(message.resource))
+                                return "resource: string expected";
+                        if (message.policy != null && message.hasOwnProperty("policy")) {
+                            var error = $root.google.iam.v1.Policy.verify(message.policy);
+                            if (error)
+                                return "policy." + error;
+                        }
+                        if (message.updateMask != null && message.hasOwnProperty("updateMask")) {
+                            var error = $root.google.protobuf.FieldMask.verify(message.updateMask);
+                            if (error)
+                                return "updateMask." + error;
+                        }
+                        return null;
+                    };
+    
+                    /**
+                     * Creates a SetIamPolicyRequest message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.iam.v1.SetIamPolicyRequest
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.iam.v1.SetIamPolicyRequest} SetIamPolicyRequest
+                     */
+                    SetIamPolicyRequest.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.iam.v1.SetIamPolicyRequest)
+                            return object;
+                        var message = new $root.google.iam.v1.SetIamPolicyRequest();
+                        if (object.resource != null)
+                            message.resource = String(object.resource);
+                        if (object.policy != null) {
+                            if (typeof object.policy !== "object")
+                                throw TypeError(".google.iam.v1.SetIamPolicyRequest.policy: object expected");
+                            message.policy = $root.google.iam.v1.Policy.fromObject(object.policy);
+                        }
+                        if (object.updateMask != null) {
+                            if (typeof object.updateMask !== "object")
+                                throw TypeError(".google.iam.v1.SetIamPolicyRequest.updateMask: object expected");
+                            message.updateMask = $root.google.protobuf.FieldMask.fromObject(object.updateMask);
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from a SetIamPolicyRequest message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.iam.v1.SetIamPolicyRequest
+                     * @static
+                     * @param {google.iam.v1.SetIamPolicyRequest} message SetIamPolicyRequest
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    SetIamPolicyRequest.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.defaults) {
+                            object.resource = "";
+                            object.policy = null;
+                            object.updateMask = null;
+                        }
+                        if (message.resource != null && message.hasOwnProperty("resource"))
+                            object.resource = message.resource;
+                        if (message.policy != null && message.hasOwnProperty("policy"))
+                            object.policy = $root.google.iam.v1.Policy.toObject(message.policy, options);
+                        if (message.updateMask != null && message.hasOwnProperty("updateMask"))
+                            object.updateMask = $root.google.protobuf.FieldMask.toObject(message.updateMask, options);
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this SetIamPolicyRequest to JSON.
+                     * @function toJSON
+                     * @memberof google.iam.v1.SetIamPolicyRequest
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    SetIamPolicyRequest.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for SetIamPolicyRequest
+                     * @function getTypeUrl
+                     * @memberof google.iam.v1.SetIamPolicyRequest
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    SetIamPolicyRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.iam.v1.SetIamPolicyRequest";
+                    };
+    
+                    return SetIamPolicyRequest;
+                })();
+    
+                v1.GetIamPolicyRequest = (function() {
+    
+                    /**
+                     * Properties of a GetIamPolicyRequest.
+                     * @memberof google.iam.v1
+                     * @interface IGetIamPolicyRequest
+                     * @property {string|null} [resource] GetIamPolicyRequest resource
+                     * @property {google.iam.v1.IGetPolicyOptions|null} [options] GetIamPolicyRequest options
+                     */
+    
+                    /**
+                     * Constructs a new GetIamPolicyRequest.
+                     * @memberof google.iam.v1
+                     * @classdesc Represents a GetIamPolicyRequest.
+                     * @implements IGetIamPolicyRequest
+                     * @constructor
+                     * @param {google.iam.v1.IGetIamPolicyRequest=} [properties] Properties to set
+                     */
+                    function GetIamPolicyRequest(properties) {
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * GetIamPolicyRequest resource.
+                     * @member {string} resource
+                     * @memberof google.iam.v1.GetIamPolicyRequest
+                     * @instance
+                     */
+                    GetIamPolicyRequest.prototype.resource = "";
+    
+                    /**
+                     * GetIamPolicyRequest options.
+                     * @member {google.iam.v1.IGetPolicyOptions|null|undefined} options
+                     * @memberof google.iam.v1.GetIamPolicyRequest
+                     * @instance
+                     */
+                    GetIamPolicyRequest.prototype.options = null;
+    
+                    /**
+                     * Creates a new GetIamPolicyRequest instance using the specified properties.
+                     * @function create
+                     * @memberof google.iam.v1.GetIamPolicyRequest
+                     * @static
+                     * @param {google.iam.v1.IGetIamPolicyRequest=} [properties] Properties to set
+                     * @returns {google.iam.v1.GetIamPolicyRequest} GetIamPolicyRequest instance
+                     */
+                    GetIamPolicyRequest.create = function create(properties) {
+                        return new GetIamPolicyRequest(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified GetIamPolicyRequest message. Does not implicitly {@link google.iam.v1.GetIamPolicyRequest.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.iam.v1.GetIamPolicyRequest
+                     * @static
+                     * @param {google.iam.v1.IGetIamPolicyRequest} message GetIamPolicyRequest message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    GetIamPolicyRequest.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.resource != null && Object.hasOwnProperty.call(message, "resource"))
+                            writer.uint32(/* id 1, wireType 2 =*/10).string(message.resource);
+                        if (message.options != null && Object.hasOwnProperty.call(message, "options"))
+                            $root.google.iam.v1.GetPolicyOptions.encode(message.options, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified GetIamPolicyRequest message, length delimited. Does not implicitly {@link google.iam.v1.GetIamPolicyRequest.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.iam.v1.GetIamPolicyRequest
+                     * @static
+                     * @param {google.iam.v1.IGetIamPolicyRequest} message GetIamPolicyRequest message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    GetIamPolicyRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes a GetIamPolicyRequest message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.iam.v1.GetIamPolicyRequest
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.iam.v1.GetIamPolicyRequest} GetIamPolicyRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    GetIamPolicyRequest.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.iam.v1.GetIamPolicyRequest();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    message.resource = reader.string();
+                                    break;
+                                }
+                            case 2: {
+                                    message.options = $root.google.iam.v1.GetPolicyOptions.decode(reader, reader.uint32());
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes a GetIamPolicyRequest message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.iam.v1.GetIamPolicyRequest
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.iam.v1.GetIamPolicyRequest} GetIamPolicyRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    GetIamPolicyRequest.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies a GetIamPolicyRequest message.
+                     * @function verify
+                     * @memberof google.iam.v1.GetIamPolicyRequest
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    GetIamPolicyRequest.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.resource != null && message.hasOwnProperty("resource"))
+                            if (!$util.isString(message.resource))
+                                return "resource: string expected";
+                        if (message.options != null && message.hasOwnProperty("options")) {
+                            var error = $root.google.iam.v1.GetPolicyOptions.verify(message.options);
+                            if (error)
+                                return "options." + error;
+                        }
+                        return null;
+                    };
+    
+                    /**
+                     * Creates a GetIamPolicyRequest message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.iam.v1.GetIamPolicyRequest
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.iam.v1.GetIamPolicyRequest} GetIamPolicyRequest
+                     */
+                    GetIamPolicyRequest.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.iam.v1.GetIamPolicyRequest)
+                            return object;
+                        var message = new $root.google.iam.v1.GetIamPolicyRequest();
+                        if (object.resource != null)
+                            message.resource = String(object.resource);
+                        if (object.options != null) {
+                            if (typeof object.options !== "object")
+                                throw TypeError(".google.iam.v1.GetIamPolicyRequest.options: object expected");
+                            message.options = $root.google.iam.v1.GetPolicyOptions.fromObject(object.options);
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from a GetIamPolicyRequest message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.iam.v1.GetIamPolicyRequest
+                     * @static
+                     * @param {google.iam.v1.GetIamPolicyRequest} message GetIamPolicyRequest
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    GetIamPolicyRequest.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.defaults) {
+                            object.resource = "";
+                            object.options = null;
+                        }
+                        if (message.resource != null && message.hasOwnProperty("resource"))
+                            object.resource = message.resource;
+                        if (message.options != null && message.hasOwnProperty("options"))
+                            object.options = $root.google.iam.v1.GetPolicyOptions.toObject(message.options, options);
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this GetIamPolicyRequest to JSON.
+                     * @function toJSON
+                     * @memberof google.iam.v1.GetIamPolicyRequest
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    GetIamPolicyRequest.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for GetIamPolicyRequest
+                     * @function getTypeUrl
+                     * @memberof google.iam.v1.GetIamPolicyRequest
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    GetIamPolicyRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.iam.v1.GetIamPolicyRequest";
+                    };
+    
+                    return GetIamPolicyRequest;
+                })();
+    
+                v1.TestIamPermissionsRequest = (function() {
+    
+                    /**
+                     * Properties of a TestIamPermissionsRequest.
+                     * @memberof google.iam.v1
+                     * @interface ITestIamPermissionsRequest
+                     * @property {string|null} [resource] TestIamPermissionsRequest resource
+                     * @property {Array.<string>|null} [permissions] TestIamPermissionsRequest permissions
+                     */
+    
+                    /**
+                     * Constructs a new TestIamPermissionsRequest.
+                     * @memberof google.iam.v1
+                     * @classdesc Represents a TestIamPermissionsRequest.
+                     * @implements ITestIamPermissionsRequest
+                     * @constructor
+                     * @param {google.iam.v1.ITestIamPermissionsRequest=} [properties] Properties to set
+                     */
+                    function TestIamPermissionsRequest(properties) {
+                        this.permissions = [];
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * TestIamPermissionsRequest resource.
+                     * @member {string} resource
+                     * @memberof google.iam.v1.TestIamPermissionsRequest
+                     * @instance
+                     */
+                    TestIamPermissionsRequest.prototype.resource = "";
+    
+                    /**
+                     * TestIamPermissionsRequest permissions.
+                     * @member {Array.<string>} permissions
+                     * @memberof google.iam.v1.TestIamPermissionsRequest
+                     * @instance
+                     */
+                    TestIamPermissionsRequest.prototype.permissions = $util.emptyArray;
+    
+                    /**
+                     * Creates a new TestIamPermissionsRequest instance using the specified properties.
+                     * @function create
+                     * @memberof google.iam.v1.TestIamPermissionsRequest
+                     * @static
+                     * @param {google.iam.v1.ITestIamPermissionsRequest=} [properties] Properties to set
+                     * @returns {google.iam.v1.TestIamPermissionsRequest} TestIamPermissionsRequest instance
+                     */
+                    TestIamPermissionsRequest.create = function create(properties) {
+                        return new TestIamPermissionsRequest(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified TestIamPermissionsRequest message. Does not implicitly {@link google.iam.v1.TestIamPermissionsRequest.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.iam.v1.TestIamPermissionsRequest
+                     * @static
+                     * @param {google.iam.v1.ITestIamPermissionsRequest} message TestIamPermissionsRequest message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    TestIamPermissionsRequest.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.resource != null && Object.hasOwnProperty.call(message, "resource"))
+                            writer.uint32(/* id 1, wireType 2 =*/10).string(message.resource);
+                        if (message.permissions != null && message.permissions.length)
+                            for (var i = 0; i < message.permissions.length; ++i)
+                                writer.uint32(/* id 2, wireType 2 =*/18).string(message.permissions[i]);
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified TestIamPermissionsRequest message, length delimited. Does not implicitly {@link google.iam.v1.TestIamPermissionsRequest.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.iam.v1.TestIamPermissionsRequest
+                     * @static
+                     * @param {google.iam.v1.ITestIamPermissionsRequest} message TestIamPermissionsRequest message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    TestIamPermissionsRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes a TestIamPermissionsRequest message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.iam.v1.TestIamPermissionsRequest
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.iam.v1.TestIamPermissionsRequest} TestIamPermissionsRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    TestIamPermissionsRequest.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.iam.v1.TestIamPermissionsRequest();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    message.resource = reader.string();
+                                    break;
+                                }
+                            case 2: {
+                                    if (!(message.permissions && message.permissions.length))
+                                        message.permissions = [];
+                                    message.permissions.push(reader.string());
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes a TestIamPermissionsRequest message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.iam.v1.TestIamPermissionsRequest
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.iam.v1.TestIamPermissionsRequest} TestIamPermissionsRequest
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    TestIamPermissionsRequest.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies a TestIamPermissionsRequest message.
+                     * @function verify
+                     * @memberof google.iam.v1.TestIamPermissionsRequest
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    TestIamPermissionsRequest.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.resource != null && message.hasOwnProperty("resource"))
+                            if (!$util.isString(message.resource))
+                                return "resource: string expected";
+                        if (message.permissions != null && message.hasOwnProperty("permissions")) {
+                            if (!Array.isArray(message.permissions))
+                                return "permissions: array expected";
+                            for (var i = 0; i < message.permissions.length; ++i)
+                                if (!$util.isString(message.permissions[i]))
+                                    return "permissions: string[] expected";
+                        }
+                        return null;
+                    };
+    
+                    /**
+                     * Creates a TestIamPermissionsRequest message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.iam.v1.TestIamPermissionsRequest
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.iam.v1.TestIamPermissionsRequest} TestIamPermissionsRequest
+                     */
+                    TestIamPermissionsRequest.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.iam.v1.TestIamPermissionsRequest)
+                            return object;
+                        var message = new $root.google.iam.v1.TestIamPermissionsRequest();
+                        if (object.resource != null)
+                            message.resource = String(object.resource);
+                        if (object.permissions) {
+                            if (!Array.isArray(object.permissions))
+                                throw TypeError(".google.iam.v1.TestIamPermissionsRequest.permissions: array expected");
+                            message.permissions = [];
+                            for (var i = 0; i < object.permissions.length; ++i)
+                                message.permissions[i] = String(object.permissions[i]);
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from a TestIamPermissionsRequest message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.iam.v1.TestIamPermissionsRequest
+                     * @static
+                     * @param {google.iam.v1.TestIamPermissionsRequest} message TestIamPermissionsRequest
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    TestIamPermissionsRequest.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.arrays || options.defaults)
+                            object.permissions = [];
+                        if (options.defaults)
+                            object.resource = "";
+                        if (message.resource != null && message.hasOwnProperty("resource"))
+                            object.resource = message.resource;
+                        if (message.permissions && message.permissions.length) {
+                            object.permissions = [];
+                            for (var j = 0; j < message.permissions.length; ++j)
+                                object.permissions[j] = message.permissions[j];
+                        }
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this TestIamPermissionsRequest to JSON.
+                     * @function toJSON
+                     * @memberof google.iam.v1.TestIamPermissionsRequest
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    TestIamPermissionsRequest.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for TestIamPermissionsRequest
+                     * @function getTypeUrl
+                     * @memberof google.iam.v1.TestIamPermissionsRequest
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    TestIamPermissionsRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.iam.v1.TestIamPermissionsRequest";
+                    };
+    
+                    return TestIamPermissionsRequest;
+                })();
+    
+                v1.TestIamPermissionsResponse = (function() {
+    
+                    /**
+                     * Properties of a TestIamPermissionsResponse.
+                     * @memberof google.iam.v1
+                     * @interface ITestIamPermissionsResponse
+                     * @property {Array.<string>|null} [permissions] TestIamPermissionsResponse permissions
+                     */
+    
+                    /**
+                     * Constructs a new TestIamPermissionsResponse.
+                     * @memberof google.iam.v1
+                     * @classdesc Represents a TestIamPermissionsResponse.
+                     * @implements ITestIamPermissionsResponse
+                     * @constructor
+                     * @param {google.iam.v1.ITestIamPermissionsResponse=} [properties] Properties to set
+                     */
+                    function TestIamPermissionsResponse(properties) {
+                        this.permissions = [];
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * TestIamPermissionsResponse permissions.
+                     * @member {Array.<string>} permissions
+                     * @memberof google.iam.v1.TestIamPermissionsResponse
+                     * @instance
+                     */
+                    TestIamPermissionsResponse.prototype.permissions = $util.emptyArray;
+    
+                    /**
+                     * Creates a new TestIamPermissionsResponse instance using the specified properties.
+                     * @function create
+                     * @memberof google.iam.v1.TestIamPermissionsResponse
+                     * @static
+                     * @param {google.iam.v1.ITestIamPermissionsResponse=} [properties] Properties to set
+                     * @returns {google.iam.v1.TestIamPermissionsResponse} TestIamPermissionsResponse instance
+                     */
+                    TestIamPermissionsResponse.create = function create(properties) {
+                        return new TestIamPermissionsResponse(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified TestIamPermissionsResponse message. Does not implicitly {@link google.iam.v1.TestIamPermissionsResponse.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.iam.v1.TestIamPermissionsResponse
+                     * @static
+                     * @param {google.iam.v1.ITestIamPermissionsResponse} message TestIamPermissionsResponse message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    TestIamPermissionsResponse.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.permissions != null && message.permissions.length)
+                            for (var i = 0; i < message.permissions.length; ++i)
+                                writer.uint32(/* id 1, wireType 2 =*/10).string(message.permissions[i]);
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified TestIamPermissionsResponse message, length delimited. Does not implicitly {@link google.iam.v1.TestIamPermissionsResponse.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.iam.v1.TestIamPermissionsResponse
+                     * @static
+                     * @param {google.iam.v1.ITestIamPermissionsResponse} message TestIamPermissionsResponse message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    TestIamPermissionsResponse.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes a TestIamPermissionsResponse message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.iam.v1.TestIamPermissionsResponse
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.iam.v1.TestIamPermissionsResponse} TestIamPermissionsResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    TestIamPermissionsResponse.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.iam.v1.TestIamPermissionsResponse();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    if (!(message.permissions && message.permissions.length))
+                                        message.permissions = [];
+                                    message.permissions.push(reader.string());
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes a TestIamPermissionsResponse message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.iam.v1.TestIamPermissionsResponse
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.iam.v1.TestIamPermissionsResponse} TestIamPermissionsResponse
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    TestIamPermissionsResponse.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies a TestIamPermissionsResponse message.
+                     * @function verify
+                     * @memberof google.iam.v1.TestIamPermissionsResponse
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    TestIamPermissionsResponse.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.permissions != null && message.hasOwnProperty("permissions")) {
+                            if (!Array.isArray(message.permissions))
+                                return "permissions: array expected";
+                            for (var i = 0; i < message.permissions.length; ++i)
+                                if (!$util.isString(message.permissions[i]))
+                                    return "permissions: string[] expected";
+                        }
+                        return null;
+                    };
+    
+                    /**
+                     * Creates a TestIamPermissionsResponse message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.iam.v1.TestIamPermissionsResponse
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.iam.v1.TestIamPermissionsResponse} TestIamPermissionsResponse
+                     */
+                    TestIamPermissionsResponse.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.iam.v1.TestIamPermissionsResponse)
+                            return object;
+                        var message = new $root.google.iam.v1.TestIamPermissionsResponse();
+                        if (object.permissions) {
+                            if (!Array.isArray(object.permissions))
+                                throw TypeError(".google.iam.v1.TestIamPermissionsResponse.permissions: array expected");
+                            message.permissions = [];
+                            for (var i = 0; i < object.permissions.length; ++i)
+                                message.permissions[i] = String(object.permissions[i]);
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from a TestIamPermissionsResponse message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.iam.v1.TestIamPermissionsResponse
+                     * @static
+                     * @param {google.iam.v1.TestIamPermissionsResponse} message TestIamPermissionsResponse
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    TestIamPermissionsResponse.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.arrays || options.defaults)
+                            object.permissions = [];
+                        if (message.permissions && message.permissions.length) {
+                            object.permissions = [];
+                            for (var j = 0; j < message.permissions.length; ++j)
+                                object.permissions[j] = message.permissions[j];
+                        }
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this TestIamPermissionsResponse to JSON.
+                     * @function toJSON
+                     * @memberof google.iam.v1.TestIamPermissionsResponse
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    TestIamPermissionsResponse.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for TestIamPermissionsResponse
+                     * @function getTypeUrl
+                     * @memberof google.iam.v1.TestIamPermissionsResponse
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    TestIamPermissionsResponse.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.iam.v1.TestIamPermissionsResponse";
+                    };
+    
+                    return TestIamPermissionsResponse;
+                })();
+    
+                v1.GetPolicyOptions = (function() {
+    
+                    /**
+                     * Properties of a GetPolicyOptions.
+                     * @memberof google.iam.v1
+                     * @interface IGetPolicyOptions
+                     * @property {number|null} [requestedPolicyVersion] GetPolicyOptions requestedPolicyVersion
+                     */
+    
+                    /**
+                     * Constructs a new GetPolicyOptions.
+                     * @memberof google.iam.v1
+                     * @classdesc Represents a GetPolicyOptions.
+                     * @implements IGetPolicyOptions
+                     * @constructor
+                     * @param {google.iam.v1.IGetPolicyOptions=} [properties] Properties to set
+                     */
+                    function GetPolicyOptions(properties) {
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * GetPolicyOptions requestedPolicyVersion.
+                     * @member {number} requestedPolicyVersion
+                     * @memberof google.iam.v1.GetPolicyOptions
+                     * @instance
+                     */
+                    GetPolicyOptions.prototype.requestedPolicyVersion = 0;
+    
+                    /**
+                     * Creates a new GetPolicyOptions instance using the specified properties.
+                     * @function create
+                     * @memberof google.iam.v1.GetPolicyOptions
+                     * @static
+                     * @param {google.iam.v1.IGetPolicyOptions=} [properties] Properties to set
+                     * @returns {google.iam.v1.GetPolicyOptions} GetPolicyOptions instance
+                     */
+                    GetPolicyOptions.create = function create(properties) {
+                        return new GetPolicyOptions(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified GetPolicyOptions message. Does not implicitly {@link google.iam.v1.GetPolicyOptions.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.iam.v1.GetPolicyOptions
+                     * @static
+                     * @param {google.iam.v1.IGetPolicyOptions} message GetPolicyOptions message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    GetPolicyOptions.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.requestedPolicyVersion != null && Object.hasOwnProperty.call(message, "requestedPolicyVersion"))
+                            writer.uint32(/* id 1, wireType 0 =*/8).int32(message.requestedPolicyVersion);
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified GetPolicyOptions message, length delimited. Does not implicitly {@link google.iam.v1.GetPolicyOptions.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.iam.v1.GetPolicyOptions
+                     * @static
+                     * @param {google.iam.v1.IGetPolicyOptions} message GetPolicyOptions message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    GetPolicyOptions.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes a GetPolicyOptions message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.iam.v1.GetPolicyOptions
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.iam.v1.GetPolicyOptions} GetPolicyOptions
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    GetPolicyOptions.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.iam.v1.GetPolicyOptions();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    message.requestedPolicyVersion = reader.int32();
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes a GetPolicyOptions message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.iam.v1.GetPolicyOptions
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.iam.v1.GetPolicyOptions} GetPolicyOptions
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    GetPolicyOptions.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies a GetPolicyOptions message.
+                     * @function verify
+                     * @memberof google.iam.v1.GetPolicyOptions
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    GetPolicyOptions.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.requestedPolicyVersion != null && message.hasOwnProperty("requestedPolicyVersion"))
+                            if (!$util.isInteger(message.requestedPolicyVersion))
+                                return "requestedPolicyVersion: integer expected";
+                        return null;
+                    };
+    
+                    /**
+                     * Creates a GetPolicyOptions message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.iam.v1.GetPolicyOptions
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.iam.v1.GetPolicyOptions} GetPolicyOptions
+                     */
+                    GetPolicyOptions.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.iam.v1.GetPolicyOptions)
+                            return object;
+                        var message = new $root.google.iam.v1.GetPolicyOptions();
+                        if (object.requestedPolicyVersion != null)
+                            message.requestedPolicyVersion = object.requestedPolicyVersion | 0;
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from a GetPolicyOptions message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.iam.v1.GetPolicyOptions
+                     * @static
+                     * @param {google.iam.v1.GetPolicyOptions} message GetPolicyOptions
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    GetPolicyOptions.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.defaults)
+                            object.requestedPolicyVersion = 0;
+                        if (message.requestedPolicyVersion != null && message.hasOwnProperty("requestedPolicyVersion"))
+                            object.requestedPolicyVersion = message.requestedPolicyVersion;
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this GetPolicyOptions to JSON.
+                     * @function toJSON
+                     * @memberof google.iam.v1.GetPolicyOptions
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    GetPolicyOptions.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for GetPolicyOptions
+                     * @function getTypeUrl
+                     * @memberof google.iam.v1.GetPolicyOptions
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    GetPolicyOptions.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.iam.v1.GetPolicyOptions";
+                    };
+    
+                    return GetPolicyOptions;
+                })();
+    
+                v1.Policy = (function() {
+    
+                    /**
+                     * Properties of a Policy.
+                     * @memberof google.iam.v1
+                     * @interface IPolicy
+                     * @property {number|null} [version] Policy version
+                     * @property {Array.<google.iam.v1.IBinding>|null} [bindings] Policy bindings
+                     * @property {Array.<google.iam.v1.IAuditConfig>|null} [auditConfigs] Policy auditConfigs
+                     * @property {Uint8Array|null} [etag] Policy etag
+                     */
+    
+                    /**
+                     * Constructs a new Policy.
+                     * @memberof google.iam.v1
+                     * @classdesc Represents a Policy.
+                     * @implements IPolicy
+                     * @constructor
+                     * @param {google.iam.v1.IPolicy=} [properties] Properties to set
+                     */
+                    function Policy(properties) {
+                        this.bindings = [];
+                        this.auditConfigs = [];
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * Policy version.
+                     * @member {number} version
+                     * @memberof google.iam.v1.Policy
+                     * @instance
+                     */
+                    Policy.prototype.version = 0;
+    
+                    /**
+                     * Policy bindings.
+                     * @member {Array.<google.iam.v1.IBinding>} bindings
+                     * @memberof google.iam.v1.Policy
+                     * @instance
+                     */
+                    Policy.prototype.bindings = $util.emptyArray;
+    
+                    /**
+                     * Policy auditConfigs.
+                     * @member {Array.<google.iam.v1.IAuditConfig>} auditConfigs
+                     * @memberof google.iam.v1.Policy
+                     * @instance
+                     */
+                    Policy.prototype.auditConfigs = $util.emptyArray;
+    
+                    /**
+                     * Policy etag.
+                     * @member {Uint8Array} etag
+                     * @memberof google.iam.v1.Policy
+                     * @instance
+                     */
+                    Policy.prototype.etag = $util.newBuffer([]);
+    
+                    /**
+                     * Creates a new Policy instance using the specified properties.
+                     * @function create
+                     * @memberof google.iam.v1.Policy
+                     * @static
+                     * @param {google.iam.v1.IPolicy=} [properties] Properties to set
+                     * @returns {google.iam.v1.Policy} Policy instance
+                     */
+                    Policy.create = function create(properties) {
+                        return new Policy(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified Policy message. Does not implicitly {@link google.iam.v1.Policy.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.iam.v1.Policy
+                     * @static
+                     * @param {google.iam.v1.IPolicy} message Policy message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    Policy.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.version != null && Object.hasOwnProperty.call(message, "version"))
+                            writer.uint32(/* id 1, wireType 0 =*/8).int32(message.version);
+                        if (message.etag != null && Object.hasOwnProperty.call(message, "etag"))
+                            writer.uint32(/* id 3, wireType 2 =*/26).bytes(message.etag);
+                        if (message.bindings != null && message.bindings.length)
+                            for (var i = 0; i < message.bindings.length; ++i)
+                                $root.google.iam.v1.Binding.encode(message.bindings[i], writer.uint32(/* id 4, wireType 2 =*/34).fork()).ldelim();
+                        if (message.auditConfigs != null && message.auditConfigs.length)
+                            for (var i = 0; i < message.auditConfigs.length; ++i)
+                                $root.google.iam.v1.AuditConfig.encode(message.auditConfigs[i], writer.uint32(/* id 6, wireType 2 =*/50).fork()).ldelim();
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified Policy message, length delimited. Does not implicitly {@link google.iam.v1.Policy.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.iam.v1.Policy
+                     * @static
+                     * @param {google.iam.v1.IPolicy} message Policy message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    Policy.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes a Policy message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.iam.v1.Policy
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.iam.v1.Policy} Policy
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    Policy.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.iam.v1.Policy();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    message.version = reader.int32();
+                                    break;
+                                }
+                            case 4: {
+                                    if (!(message.bindings && message.bindings.length))
+                                        message.bindings = [];
+                                    message.bindings.push($root.google.iam.v1.Binding.decode(reader, reader.uint32()));
+                                    break;
+                                }
+                            case 6: {
+                                    if (!(message.auditConfigs && message.auditConfigs.length))
+                                        message.auditConfigs = [];
+                                    message.auditConfigs.push($root.google.iam.v1.AuditConfig.decode(reader, reader.uint32()));
+                                    break;
+                                }
+                            case 3: {
+                                    message.etag = reader.bytes();
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes a Policy message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.iam.v1.Policy
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.iam.v1.Policy} Policy
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    Policy.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies a Policy message.
+                     * @function verify
+                     * @memberof google.iam.v1.Policy
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    Policy.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.version != null && message.hasOwnProperty("version"))
+                            if (!$util.isInteger(message.version))
+                                return "version: integer expected";
+                        if (message.bindings != null && message.hasOwnProperty("bindings")) {
+                            if (!Array.isArray(message.bindings))
+                                return "bindings: array expected";
+                            for (var i = 0; i < message.bindings.length; ++i) {
+                                var error = $root.google.iam.v1.Binding.verify(message.bindings[i]);
+                                if (error)
+                                    return "bindings." + error;
+                            }
+                        }
+                        if (message.auditConfigs != null && message.hasOwnProperty("auditConfigs")) {
+                            if (!Array.isArray(message.auditConfigs))
+                                return "auditConfigs: array expected";
+                            for (var i = 0; i < message.auditConfigs.length; ++i) {
+                                var error = $root.google.iam.v1.AuditConfig.verify(message.auditConfigs[i]);
+                                if (error)
+                                    return "auditConfigs." + error;
+                            }
+                        }
+                        if (message.etag != null && message.hasOwnProperty("etag"))
+                            if (!(message.etag && typeof message.etag.length === "number" || $util.isString(message.etag)))
+                                return "etag: buffer expected";
+                        return null;
+                    };
+    
+                    /**
+                     * Creates a Policy message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.iam.v1.Policy
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.iam.v1.Policy} Policy
+                     */
+                    Policy.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.iam.v1.Policy)
+                            return object;
+                        var message = new $root.google.iam.v1.Policy();
+                        if (object.version != null)
+                            message.version = object.version | 0;
+                        if (object.bindings) {
+                            if (!Array.isArray(object.bindings))
+                                throw TypeError(".google.iam.v1.Policy.bindings: array expected");
+                            message.bindings = [];
+                            for (var i = 0; i < object.bindings.length; ++i) {
+                                if (typeof object.bindings[i] !== "object")
+                                    throw TypeError(".google.iam.v1.Policy.bindings: object expected");
+                                message.bindings[i] = $root.google.iam.v1.Binding.fromObject(object.bindings[i]);
+                            }
+                        }
+                        if (object.auditConfigs) {
+                            if (!Array.isArray(object.auditConfigs))
+                                throw TypeError(".google.iam.v1.Policy.auditConfigs: array expected");
+                            message.auditConfigs = [];
+                            for (var i = 0; i < object.auditConfigs.length; ++i) {
+                                if (typeof object.auditConfigs[i] !== "object")
+                                    throw TypeError(".google.iam.v1.Policy.auditConfigs: object expected");
+                                message.auditConfigs[i] = $root.google.iam.v1.AuditConfig.fromObject(object.auditConfigs[i]);
+                            }
+                        }
+                        if (object.etag != null)
+                            if (typeof object.etag === "string")
+                                $util.base64.decode(object.etag, message.etag = $util.newBuffer($util.base64.length(object.etag)), 0);
+                            else if (object.etag.length >= 0)
+                                message.etag = object.etag;
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from a Policy message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.iam.v1.Policy
+                     * @static
+                     * @param {google.iam.v1.Policy} message Policy
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    Policy.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.arrays || options.defaults) {
+                            object.bindings = [];
+                            object.auditConfigs = [];
+                        }
+                        if (options.defaults) {
+                            object.version = 0;
+                            if (options.bytes === String)
+                                object.etag = "";
+                            else {
+                                object.etag = [];
+                                if (options.bytes !== Array)
+                                    object.etag = $util.newBuffer(object.etag);
+                            }
+                        }
+                        if (message.version != null && message.hasOwnProperty("version"))
+                            object.version = message.version;
+                        if (message.etag != null && message.hasOwnProperty("etag"))
+                            object.etag = options.bytes === String ? $util.base64.encode(message.etag, 0, message.etag.length) : options.bytes === Array ? Array.prototype.slice.call(message.etag) : message.etag;
+                        if (message.bindings && message.bindings.length) {
+                            object.bindings = [];
+                            for (var j = 0; j < message.bindings.length; ++j)
+                                object.bindings[j] = $root.google.iam.v1.Binding.toObject(message.bindings[j], options);
+                        }
+                        if (message.auditConfigs && message.auditConfigs.length) {
+                            object.auditConfigs = [];
+                            for (var j = 0; j < message.auditConfigs.length; ++j)
+                                object.auditConfigs[j] = $root.google.iam.v1.AuditConfig.toObject(message.auditConfigs[j], options);
+                        }
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this Policy to JSON.
+                     * @function toJSON
+                     * @memberof google.iam.v1.Policy
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    Policy.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for Policy
+                     * @function getTypeUrl
+                     * @memberof google.iam.v1.Policy
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    Policy.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.iam.v1.Policy";
+                    };
+    
+                    return Policy;
+                })();
+    
+                v1.Binding = (function() {
+    
+                    /**
+                     * Properties of a Binding.
+                     * @memberof google.iam.v1
+                     * @interface IBinding
+                     * @property {string|null} [role] Binding role
+                     * @property {Array.<string>|null} [members] Binding members
+                     * @property {google.type.IExpr|null} [condition] Binding condition
+                     */
+    
+                    /**
+                     * Constructs a new Binding.
+                     * @memberof google.iam.v1
+                     * @classdesc Represents a Binding.
+                     * @implements IBinding
+                     * @constructor
+                     * @param {google.iam.v1.IBinding=} [properties] Properties to set
+                     */
+                    function Binding(properties) {
+                        this.members = [];
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * Binding role.
+                     * @member {string} role
+                     * @memberof google.iam.v1.Binding
+                     * @instance
+                     */
+                    Binding.prototype.role = "";
+    
+                    /**
+                     * Binding members.
+                     * @member {Array.<string>} members
+                     * @memberof google.iam.v1.Binding
+                     * @instance
+                     */
+                    Binding.prototype.members = $util.emptyArray;
+    
+                    /**
+                     * Binding condition.
+                     * @member {google.type.IExpr|null|undefined} condition
+                     * @memberof google.iam.v1.Binding
+                     * @instance
+                     */
+                    Binding.prototype.condition = null;
+    
+                    /**
+                     * Creates a new Binding instance using the specified properties.
+                     * @function create
+                     * @memberof google.iam.v1.Binding
+                     * @static
+                     * @param {google.iam.v1.IBinding=} [properties] Properties to set
+                     * @returns {google.iam.v1.Binding} Binding instance
+                     */
+                    Binding.create = function create(properties) {
+                        return new Binding(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified Binding message. Does not implicitly {@link google.iam.v1.Binding.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.iam.v1.Binding
+                     * @static
+                     * @param {google.iam.v1.IBinding} message Binding message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    Binding.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.role != null && Object.hasOwnProperty.call(message, "role"))
+                            writer.uint32(/* id 1, wireType 2 =*/10).string(message.role);
+                        if (message.members != null && message.members.length)
+                            for (var i = 0; i < message.members.length; ++i)
+                                writer.uint32(/* id 2, wireType 2 =*/18).string(message.members[i]);
+                        if (message.condition != null && Object.hasOwnProperty.call(message, "condition"))
+                            $root.google.type.Expr.encode(message.condition, writer.uint32(/* id 3, wireType 2 =*/26).fork()).ldelim();
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified Binding message, length delimited. Does not implicitly {@link google.iam.v1.Binding.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.iam.v1.Binding
+                     * @static
+                     * @param {google.iam.v1.IBinding} message Binding message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    Binding.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes a Binding message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.iam.v1.Binding
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.iam.v1.Binding} Binding
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    Binding.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.iam.v1.Binding();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    message.role = reader.string();
+                                    break;
+                                }
+                            case 2: {
+                                    if (!(message.members && message.members.length))
+                                        message.members = [];
+                                    message.members.push(reader.string());
+                                    break;
+                                }
+                            case 3: {
+                                    message.condition = $root.google.type.Expr.decode(reader, reader.uint32());
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes a Binding message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.iam.v1.Binding
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.iam.v1.Binding} Binding
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    Binding.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies a Binding message.
+                     * @function verify
+                     * @memberof google.iam.v1.Binding
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    Binding.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.role != null && message.hasOwnProperty("role"))
+                            if (!$util.isString(message.role))
+                                return "role: string expected";
+                        if (message.members != null && message.hasOwnProperty("members")) {
+                            if (!Array.isArray(message.members))
+                                return "members: array expected";
+                            for (var i = 0; i < message.members.length; ++i)
+                                if (!$util.isString(message.members[i]))
+                                    return "members: string[] expected";
+                        }
+                        if (message.condition != null && message.hasOwnProperty("condition")) {
+                            var error = $root.google.type.Expr.verify(message.condition);
+                            if (error)
+                                return "condition." + error;
+                        }
+                        return null;
+                    };
+    
+                    /**
+                     * Creates a Binding message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.iam.v1.Binding
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.iam.v1.Binding} Binding
+                     */
+                    Binding.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.iam.v1.Binding)
+                            return object;
+                        var message = new $root.google.iam.v1.Binding();
+                        if (object.role != null)
+                            message.role = String(object.role);
+                        if (object.members) {
+                            if (!Array.isArray(object.members))
+                                throw TypeError(".google.iam.v1.Binding.members: array expected");
+                            message.members = [];
+                            for (var i = 0; i < object.members.length; ++i)
+                                message.members[i] = String(object.members[i]);
+                        }
+                        if (object.condition != null) {
+                            if (typeof object.condition !== "object")
+                                throw TypeError(".google.iam.v1.Binding.condition: object expected");
+                            message.condition = $root.google.type.Expr.fromObject(object.condition);
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from a Binding message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.iam.v1.Binding
+                     * @static
+                     * @param {google.iam.v1.Binding} message Binding
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    Binding.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.arrays || options.defaults)
+                            object.members = [];
+                        if (options.defaults) {
+                            object.role = "";
+                            object.condition = null;
+                        }
+                        if (message.role != null && message.hasOwnProperty("role"))
+                            object.role = message.role;
+                        if (message.members && message.members.length) {
+                            object.members = [];
+                            for (var j = 0; j < message.members.length; ++j)
+                                object.members[j] = message.members[j];
+                        }
+                        if (message.condition != null && message.hasOwnProperty("condition"))
+                            object.condition = $root.google.type.Expr.toObject(message.condition, options);
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this Binding to JSON.
+                     * @function toJSON
+                     * @memberof google.iam.v1.Binding
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    Binding.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for Binding
+                     * @function getTypeUrl
+                     * @memberof google.iam.v1.Binding
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    Binding.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.iam.v1.Binding";
+                    };
+    
+                    return Binding;
+                })();
+    
+                v1.AuditConfig = (function() {
+    
+                    /**
+                     * Properties of an AuditConfig.
+                     * @memberof google.iam.v1
+                     * @interface IAuditConfig
+                     * @property {string|null} [service] AuditConfig service
+                     * @property {Array.<google.iam.v1.IAuditLogConfig>|null} [auditLogConfigs] AuditConfig auditLogConfigs
+                     */
+    
+                    /**
+                     * Constructs a new AuditConfig.
+                     * @memberof google.iam.v1
+                     * @classdesc Represents an AuditConfig.
+                     * @implements IAuditConfig
+                     * @constructor
+                     * @param {google.iam.v1.IAuditConfig=} [properties] Properties to set
+                     */
+                    function AuditConfig(properties) {
+                        this.auditLogConfigs = [];
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * AuditConfig service.
+                     * @member {string} service
+                     * @memberof google.iam.v1.AuditConfig
+                     * @instance
+                     */
+                    AuditConfig.prototype.service = "";
+    
+                    /**
+                     * AuditConfig auditLogConfigs.
+                     * @member {Array.<google.iam.v1.IAuditLogConfig>} auditLogConfigs
+                     * @memberof google.iam.v1.AuditConfig
+                     * @instance
+                     */
+                    AuditConfig.prototype.auditLogConfigs = $util.emptyArray;
+    
+                    /**
+                     * Creates a new AuditConfig instance using the specified properties.
+                     * @function create
+                     * @memberof google.iam.v1.AuditConfig
+                     * @static
+                     * @param {google.iam.v1.IAuditConfig=} [properties] Properties to set
+                     * @returns {google.iam.v1.AuditConfig} AuditConfig instance
+                     */
+                    AuditConfig.create = function create(properties) {
+                        return new AuditConfig(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified AuditConfig message. Does not implicitly {@link google.iam.v1.AuditConfig.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.iam.v1.AuditConfig
+                     * @static
+                     * @param {google.iam.v1.IAuditConfig} message AuditConfig message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    AuditConfig.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.service != null && Object.hasOwnProperty.call(message, "service"))
+                            writer.uint32(/* id 1, wireType 2 =*/10).string(message.service);
+                        if (message.auditLogConfigs != null && message.auditLogConfigs.length)
+                            for (var i = 0; i < message.auditLogConfigs.length; ++i)
+                                $root.google.iam.v1.AuditLogConfig.encode(message.auditLogConfigs[i], writer.uint32(/* id 3, wireType 2 =*/26).fork()).ldelim();
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified AuditConfig message, length delimited. Does not implicitly {@link google.iam.v1.AuditConfig.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.iam.v1.AuditConfig
+                     * @static
+                     * @param {google.iam.v1.IAuditConfig} message AuditConfig message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    AuditConfig.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes an AuditConfig message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.iam.v1.AuditConfig
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.iam.v1.AuditConfig} AuditConfig
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    AuditConfig.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.iam.v1.AuditConfig();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    message.service = reader.string();
+                                    break;
+                                }
+                            case 3: {
+                                    if (!(message.auditLogConfigs && message.auditLogConfigs.length))
+                                        message.auditLogConfigs = [];
+                                    message.auditLogConfigs.push($root.google.iam.v1.AuditLogConfig.decode(reader, reader.uint32()));
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes an AuditConfig message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.iam.v1.AuditConfig
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.iam.v1.AuditConfig} AuditConfig
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    AuditConfig.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies an AuditConfig message.
+                     * @function verify
+                     * @memberof google.iam.v1.AuditConfig
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    AuditConfig.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.service != null && message.hasOwnProperty("service"))
+                            if (!$util.isString(message.service))
+                                return "service: string expected";
+                        if (message.auditLogConfigs != null && message.hasOwnProperty("auditLogConfigs")) {
+                            if (!Array.isArray(message.auditLogConfigs))
+                                return "auditLogConfigs: array expected";
+                            for (var i = 0; i < message.auditLogConfigs.length; ++i) {
+                                var error = $root.google.iam.v1.AuditLogConfig.verify(message.auditLogConfigs[i]);
+                                if (error)
+                                    return "auditLogConfigs." + error;
+                            }
+                        }
+                        return null;
+                    };
+    
+                    /**
+                     * Creates an AuditConfig message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.iam.v1.AuditConfig
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.iam.v1.AuditConfig} AuditConfig
+                     */
+                    AuditConfig.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.iam.v1.AuditConfig)
+                            return object;
+                        var message = new $root.google.iam.v1.AuditConfig();
+                        if (object.service != null)
+                            message.service = String(object.service);
+                        if (object.auditLogConfigs) {
+                            if (!Array.isArray(object.auditLogConfigs))
+                                throw TypeError(".google.iam.v1.AuditConfig.auditLogConfigs: array expected");
+                            message.auditLogConfigs = [];
+                            for (var i = 0; i < object.auditLogConfigs.length; ++i) {
+                                if (typeof object.auditLogConfigs[i] !== "object")
+                                    throw TypeError(".google.iam.v1.AuditConfig.auditLogConfigs: object expected");
+                                message.auditLogConfigs[i] = $root.google.iam.v1.AuditLogConfig.fromObject(object.auditLogConfigs[i]);
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from an AuditConfig message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.iam.v1.AuditConfig
+                     * @static
+                     * @param {google.iam.v1.AuditConfig} message AuditConfig
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    AuditConfig.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.arrays || options.defaults)
+                            object.auditLogConfigs = [];
+                        if (options.defaults)
+                            object.service = "";
+                        if (message.service != null && message.hasOwnProperty("service"))
+                            object.service = message.service;
+                        if (message.auditLogConfigs && message.auditLogConfigs.length) {
+                            object.auditLogConfigs = [];
+                            for (var j = 0; j < message.auditLogConfigs.length; ++j)
+                                object.auditLogConfigs[j] = $root.google.iam.v1.AuditLogConfig.toObject(message.auditLogConfigs[j], options);
+                        }
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this AuditConfig to JSON.
+                     * @function toJSON
+                     * @memberof google.iam.v1.AuditConfig
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    AuditConfig.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for AuditConfig
+                     * @function getTypeUrl
+                     * @memberof google.iam.v1.AuditConfig
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    AuditConfig.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.iam.v1.AuditConfig";
+                    };
+    
+                    return AuditConfig;
+                })();
+    
+                v1.AuditLogConfig = (function() {
+    
+                    /**
+                     * Properties of an AuditLogConfig.
+                     * @memberof google.iam.v1
+                     * @interface IAuditLogConfig
+                     * @property {google.iam.v1.AuditLogConfig.LogType|null} [logType] AuditLogConfig logType
+                     * @property {Array.<string>|null} [exemptedMembers] AuditLogConfig exemptedMembers
+                     */
+    
+                    /**
+                     * Constructs a new AuditLogConfig.
+                     * @memberof google.iam.v1
+                     * @classdesc Represents an AuditLogConfig.
+                     * @implements IAuditLogConfig
+                     * @constructor
+                     * @param {google.iam.v1.IAuditLogConfig=} [properties] Properties to set
+                     */
+                    function AuditLogConfig(properties) {
+                        this.exemptedMembers = [];
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * AuditLogConfig logType.
+                     * @member {google.iam.v1.AuditLogConfig.LogType} logType
+                     * @memberof google.iam.v1.AuditLogConfig
+                     * @instance
+                     */
+                    AuditLogConfig.prototype.logType = 0;
+    
+                    /**
+                     * AuditLogConfig exemptedMembers.
+                     * @member {Array.<string>} exemptedMembers
+                     * @memberof google.iam.v1.AuditLogConfig
+                     * @instance
+                     */
+                    AuditLogConfig.prototype.exemptedMembers = $util.emptyArray;
+    
+                    /**
+                     * Creates a new AuditLogConfig instance using the specified properties.
+                     * @function create
+                     * @memberof google.iam.v1.AuditLogConfig
+                     * @static
+                     * @param {google.iam.v1.IAuditLogConfig=} [properties] Properties to set
+                     * @returns {google.iam.v1.AuditLogConfig} AuditLogConfig instance
+                     */
+                    AuditLogConfig.create = function create(properties) {
+                        return new AuditLogConfig(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified AuditLogConfig message. Does not implicitly {@link google.iam.v1.AuditLogConfig.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.iam.v1.AuditLogConfig
+                     * @static
+                     * @param {google.iam.v1.IAuditLogConfig} message AuditLogConfig message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    AuditLogConfig.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.logType != null && Object.hasOwnProperty.call(message, "logType"))
+                            writer.uint32(/* id 1, wireType 0 =*/8).int32(message.logType);
+                        if (message.exemptedMembers != null && message.exemptedMembers.length)
+                            for (var i = 0; i < message.exemptedMembers.length; ++i)
+                                writer.uint32(/* id 2, wireType 2 =*/18).string(message.exemptedMembers[i]);
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified AuditLogConfig message, length delimited. Does not implicitly {@link google.iam.v1.AuditLogConfig.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.iam.v1.AuditLogConfig
+                     * @static
+                     * @param {google.iam.v1.IAuditLogConfig} message AuditLogConfig message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    AuditLogConfig.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes an AuditLogConfig message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.iam.v1.AuditLogConfig
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.iam.v1.AuditLogConfig} AuditLogConfig
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    AuditLogConfig.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.iam.v1.AuditLogConfig();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    message.logType = reader.int32();
+                                    break;
+                                }
+                            case 2: {
+                                    if (!(message.exemptedMembers && message.exemptedMembers.length))
+                                        message.exemptedMembers = [];
+                                    message.exemptedMembers.push(reader.string());
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes an AuditLogConfig message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.iam.v1.AuditLogConfig
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.iam.v1.AuditLogConfig} AuditLogConfig
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    AuditLogConfig.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies an AuditLogConfig message.
+                     * @function verify
+                     * @memberof google.iam.v1.AuditLogConfig
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    AuditLogConfig.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.logType != null && message.hasOwnProperty("logType"))
+                            switch (message.logType) {
+                            default:
+                                return "logType: enum value expected";
+                            case 0:
+                            case 1:
+                            case 2:
+                            case 3:
+                                break;
+                            }
+                        if (message.exemptedMembers != null && message.hasOwnProperty("exemptedMembers")) {
+                            if (!Array.isArray(message.exemptedMembers))
+                                return "exemptedMembers: array expected";
+                            for (var i = 0; i < message.exemptedMembers.length; ++i)
+                                if (!$util.isString(message.exemptedMembers[i]))
+                                    return "exemptedMembers: string[] expected";
+                        }
+                        return null;
+                    };
+    
+                    /**
+                     * Creates an AuditLogConfig message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.iam.v1.AuditLogConfig
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.iam.v1.AuditLogConfig} AuditLogConfig
+                     */
+                    AuditLogConfig.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.iam.v1.AuditLogConfig)
+                            return object;
+                        var message = new $root.google.iam.v1.AuditLogConfig();
+                        switch (object.logType) {
+                        default:
+                            if (typeof object.logType === "number") {
+                                message.logType = object.logType;
+                                break;
+                            }
+                            break;
+                        case "LOG_TYPE_UNSPECIFIED":
+                        case 0:
+                            message.logType = 0;
+                            break;
+                        case "ADMIN_READ":
+                        case 1:
+                            message.logType = 1;
+                            break;
+                        case "DATA_WRITE":
+                        case 2:
+                            message.logType = 2;
+                            break;
+                        case "DATA_READ":
+                        case 3:
+                            message.logType = 3;
+                            break;
+                        }
+                        if (object.exemptedMembers) {
+                            if (!Array.isArray(object.exemptedMembers))
+                                throw TypeError(".google.iam.v1.AuditLogConfig.exemptedMembers: array expected");
+                            message.exemptedMembers = [];
+                            for (var i = 0; i < object.exemptedMembers.length; ++i)
+                                message.exemptedMembers[i] = String(object.exemptedMembers[i]);
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from an AuditLogConfig message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.iam.v1.AuditLogConfig
+                     * @static
+                     * @param {google.iam.v1.AuditLogConfig} message AuditLogConfig
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    AuditLogConfig.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.arrays || options.defaults)
+                            object.exemptedMembers = [];
+                        if (options.defaults)
+                            object.logType = options.enums === String ? "LOG_TYPE_UNSPECIFIED" : 0;
+                        if (message.logType != null && message.hasOwnProperty("logType"))
+                            object.logType = options.enums === String ? $root.google.iam.v1.AuditLogConfig.LogType[message.logType] === undefined ? message.logType : $root.google.iam.v1.AuditLogConfig.LogType[message.logType] : message.logType;
+                        if (message.exemptedMembers && message.exemptedMembers.length) {
+                            object.exemptedMembers = [];
+                            for (var j = 0; j < message.exemptedMembers.length; ++j)
+                                object.exemptedMembers[j] = message.exemptedMembers[j];
+                        }
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this AuditLogConfig to JSON.
+                     * @function toJSON
+                     * @memberof google.iam.v1.AuditLogConfig
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    AuditLogConfig.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for AuditLogConfig
+                     * @function getTypeUrl
+                     * @memberof google.iam.v1.AuditLogConfig
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    AuditLogConfig.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.iam.v1.AuditLogConfig";
+                    };
+    
+                    /**
+                     * LogType enum.
+                     * @name google.iam.v1.AuditLogConfig.LogType
+                     * @enum {number}
+                     * @property {number} LOG_TYPE_UNSPECIFIED=0 LOG_TYPE_UNSPECIFIED value
+                     * @property {number} ADMIN_READ=1 ADMIN_READ value
+                     * @property {number} DATA_WRITE=2 DATA_WRITE value
+                     * @property {number} DATA_READ=3 DATA_READ value
+                     */
+                    AuditLogConfig.LogType = (function() {
+                        var valuesById = {}, values = Object.create(valuesById);
+                        values[valuesById[0] = "LOG_TYPE_UNSPECIFIED"] = 0;
+                        values[valuesById[1] = "ADMIN_READ"] = 1;
+                        values[valuesById[2] = "DATA_WRITE"] = 2;
+                        values[valuesById[3] = "DATA_READ"] = 3;
+                        return values;
+                    })();
+    
+                    return AuditLogConfig;
+                })();
+    
+                v1.PolicyDelta = (function() {
+    
+                    /**
+                     * Properties of a PolicyDelta.
+                     * @memberof google.iam.v1
+                     * @interface IPolicyDelta
+                     * @property {Array.<google.iam.v1.IBindingDelta>|null} [bindingDeltas] PolicyDelta bindingDeltas
+                     * @property {Array.<google.iam.v1.IAuditConfigDelta>|null} [auditConfigDeltas] PolicyDelta auditConfigDeltas
+                     */
+    
+                    /**
+                     * Constructs a new PolicyDelta.
+                     * @memberof google.iam.v1
+                     * @classdesc Represents a PolicyDelta.
+                     * @implements IPolicyDelta
+                     * @constructor
+                     * @param {google.iam.v1.IPolicyDelta=} [properties] Properties to set
+                     */
+                    function PolicyDelta(properties) {
+                        this.bindingDeltas = [];
+                        this.auditConfigDeltas = [];
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * PolicyDelta bindingDeltas.
+                     * @member {Array.<google.iam.v1.IBindingDelta>} bindingDeltas
+                     * @memberof google.iam.v1.PolicyDelta
+                     * @instance
+                     */
+                    PolicyDelta.prototype.bindingDeltas = $util.emptyArray;
+    
+                    /**
+                     * PolicyDelta auditConfigDeltas.
+                     * @member {Array.<google.iam.v1.IAuditConfigDelta>} auditConfigDeltas
+                     * @memberof google.iam.v1.PolicyDelta
+                     * @instance
+                     */
+                    PolicyDelta.prototype.auditConfigDeltas = $util.emptyArray;
+    
+                    /**
+                     * Creates a new PolicyDelta instance using the specified properties.
+                     * @function create
+                     * @memberof google.iam.v1.PolicyDelta
+                     * @static
+                     * @param {google.iam.v1.IPolicyDelta=} [properties] Properties to set
+                     * @returns {google.iam.v1.PolicyDelta} PolicyDelta instance
+                     */
+                    PolicyDelta.create = function create(properties) {
+                        return new PolicyDelta(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified PolicyDelta message. Does not implicitly {@link google.iam.v1.PolicyDelta.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.iam.v1.PolicyDelta
+                     * @static
+                     * @param {google.iam.v1.IPolicyDelta} message PolicyDelta message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    PolicyDelta.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.bindingDeltas != null && message.bindingDeltas.length)
+                            for (var i = 0; i < message.bindingDeltas.length; ++i)
+                                $root.google.iam.v1.BindingDelta.encode(message.bindingDeltas[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                        if (message.auditConfigDeltas != null && message.auditConfigDeltas.length)
+                            for (var i = 0; i < message.auditConfigDeltas.length; ++i)
+                                $root.google.iam.v1.AuditConfigDelta.encode(message.auditConfigDeltas[i], writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified PolicyDelta message, length delimited. Does not implicitly {@link google.iam.v1.PolicyDelta.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.iam.v1.PolicyDelta
+                     * @static
+                     * @param {google.iam.v1.IPolicyDelta} message PolicyDelta message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    PolicyDelta.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes a PolicyDelta message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.iam.v1.PolicyDelta
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.iam.v1.PolicyDelta} PolicyDelta
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    PolicyDelta.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.iam.v1.PolicyDelta();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    if (!(message.bindingDeltas && message.bindingDeltas.length))
+                                        message.bindingDeltas = [];
+                                    message.bindingDeltas.push($root.google.iam.v1.BindingDelta.decode(reader, reader.uint32()));
+                                    break;
+                                }
+                            case 2: {
+                                    if (!(message.auditConfigDeltas && message.auditConfigDeltas.length))
+                                        message.auditConfigDeltas = [];
+                                    message.auditConfigDeltas.push($root.google.iam.v1.AuditConfigDelta.decode(reader, reader.uint32()));
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes a PolicyDelta message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.iam.v1.PolicyDelta
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.iam.v1.PolicyDelta} PolicyDelta
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    PolicyDelta.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies a PolicyDelta message.
+                     * @function verify
+                     * @memberof google.iam.v1.PolicyDelta
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    PolicyDelta.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.bindingDeltas != null && message.hasOwnProperty("bindingDeltas")) {
+                            if (!Array.isArray(message.bindingDeltas))
+                                return "bindingDeltas: array expected";
+                            for (var i = 0; i < message.bindingDeltas.length; ++i) {
+                                var error = $root.google.iam.v1.BindingDelta.verify(message.bindingDeltas[i]);
+                                if (error)
+                                    return "bindingDeltas." + error;
+                            }
+                        }
+                        if (message.auditConfigDeltas != null && message.hasOwnProperty("auditConfigDeltas")) {
+                            if (!Array.isArray(message.auditConfigDeltas))
+                                return "auditConfigDeltas: array expected";
+                            for (var i = 0; i < message.auditConfigDeltas.length; ++i) {
+                                var error = $root.google.iam.v1.AuditConfigDelta.verify(message.auditConfigDeltas[i]);
+                                if (error)
+                                    return "auditConfigDeltas." + error;
+                            }
+                        }
+                        return null;
+                    };
+    
+                    /**
+                     * Creates a PolicyDelta message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.iam.v1.PolicyDelta
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.iam.v1.PolicyDelta} PolicyDelta
+                     */
+                    PolicyDelta.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.iam.v1.PolicyDelta)
+                            return object;
+                        var message = new $root.google.iam.v1.PolicyDelta();
+                        if (object.bindingDeltas) {
+                            if (!Array.isArray(object.bindingDeltas))
+                                throw TypeError(".google.iam.v1.PolicyDelta.bindingDeltas: array expected");
+                            message.bindingDeltas = [];
+                            for (var i = 0; i < object.bindingDeltas.length; ++i) {
+                                if (typeof object.bindingDeltas[i] !== "object")
+                                    throw TypeError(".google.iam.v1.PolicyDelta.bindingDeltas: object expected");
+                                message.bindingDeltas[i] = $root.google.iam.v1.BindingDelta.fromObject(object.bindingDeltas[i]);
+                            }
+                        }
+                        if (object.auditConfigDeltas) {
+                            if (!Array.isArray(object.auditConfigDeltas))
+                                throw TypeError(".google.iam.v1.PolicyDelta.auditConfigDeltas: array expected");
+                            message.auditConfigDeltas = [];
+                            for (var i = 0; i < object.auditConfigDeltas.length; ++i) {
+                                if (typeof object.auditConfigDeltas[i] !== "object")
+                                    throw TypeError(".google.iam.v1.PolicyDelta.auditConfigDeltas: object expected");
+                                message.auditConfigDeltas[i] = $root.google.iam.v1.AuditConfigDelta.fromObject(object.auditConfigDeltas[i]);
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from a PolicyDelta message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.iam.v1.PolicyDelta
+                     * @static
+                     * @param {google.iam.v1.PolicyDelta} message PolicyDelta
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    PolicyDelta.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.arrays || options.defaults) {
+                            object.bindingDeltas = [];
+                            object.auditConfigDeltas = [];
+                        }
+                        if (message.bindingDeltas && message.bindingDeltas.length) {
+                            object.bindingDeltas = [];
+                            for (var j = 0; j < message.bindingDeltas.length; ++j)
+                                object.bindingDeltas[j] = $root.google.iam.v1.BindingDelta.toObject(message.bindingDeltas[j], options);
+                        }
+                        if (message.auditConfigDeltas && message.auditConfigDeltas.length) {
+                            object.auditConfigDeltas = [];
+                            for (var j = 0; j < message.auditConfigDeltas.length; ++j)
+                                object.auditConfigDeltas[j] = $root.google.iam.v1.AuditConfigDelta.toObject(message.auditConfigDeltas[j], options);
+                        }
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this PolicyDelta to JSON.
+                     * @function toJSON
+                     * @memberof google.iam.v1.PolicyDelta
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    PolicyDelta.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for PolicyDelta
+                     * @function getTypeUrl
+                     * @memberof google.iam.v1.PolicyDelta
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    PolicyDelta.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.iam.v1.PolicyDelta";
+                    };
+    
+                    return PolicyDelta;
+                })();
+    
+                v1.BindingDelta = (function() {
+    
+                    /**
+                     * Properties of a BindingDelta.
+                     * @memberof google.iam.v1
+                     * @interface IBindingDelta
+                     * @property {google.iam.v1.BindingDelta.Action|null} [action] BindingDelta action
+                     * @property {string|null} [role] BindingDelta role
+                     * @property {string|null} [member] BindingDelta member
+                     * @property {google.type.IExpr|null} [condition] BindingDelta condition
+                     */
+    
+                    /**
+                     * Constructs a new BindingDelta.
+                     * @memberof google.iam.v1
+                     * @classdesc Represents a BindingDelta.
+                     * @implements IBindingDelta
+                     * @constructor
+                     * @param {google.iam.v1.IBindingDelta=} [properties] Properties to set
+                     */
+                    function BindingDelta(properties) {
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * BindingDelta action.
+                     * @member {google.iam.v1.BindingDelta.Action} action
+                     * @memberof google.iam.v1.BindingDelta
+                     * @instance
+                     */
+                    BindingDelta.prototype.action = 0;
+    
+                    /**
+                     * BindingDelta role.
+                     * @member {string} role
+                     * @memberof google.iam.v1.BindingDelta
+                     * @instance
+                     */
+                    BindingDelta.prototype.role = "";
+    
+                    /**
+                     * BindingDelta member.
+                     * @member {string} member
+                     * @memberof google.iam.v1.BindingDelta
+                     * @instance
+                     */
+                    BindingDelta.prototype.member = "";
+    
+                    /**
+                     * BindingDelta condition.
+                     * @member {google.type.IExpr|null|undefined} condition
+                     * @memberof google.iam.v1.BindingDelta
+                     * @instance
+                     */
+                    BindingDelta.prototype.condition = null;
+    
+                    /**
+                     * Creates a new BindingDelta instance using the specified properties.
+                     * @function create
+                     * @memberof google.iam.v1.BindingDelta
+                     * @static
+                     * @param {google.iam.v1.IBindingDelta=} [properties] Properties to set
+                     * @returns {google.iam.v1.BindingDelta} BindingDelta instance
+                     */
+                    BindingDelta.create = function create(properties) {
+                        return new BindingDelta(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified BindingDelta message. Does not implicitly {@link google.iam.v1.BindingDelta.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.iam.v1.BindingDelta
+                     * @static
+                     * @param {google.iam.v1.IBindingDelta} message BindingDelta message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    BindingDelta.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.action != null && Object.hasOwnProperty.call(message, "action"))
+                            writer.uint32(/* id 1, wireType 0 =*/8).int32(message.action);
+                        if (message.role != null && Object.hasOwnProperty.call(message, "role"))
+                            writer.uint32(/* id 2, wireType 2 =*/18).string(message.role);
+                        if (message.member != null && Object.hasOwnProperty.call(message, "member"))
+                            writer.uint32(/* id 3, wireType 2 =*/26).string(message.member);
+                        if (message.condition != null && Object.hasOwnProperty.call(message, "condition"))
+                            $root.google.type.Expr.encode(message.condition, writer.uint32(/* id 4, wireType 2 =*/34).fork()).ldelim();
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified BindingDelta message, length delimited. Does not implicitly {@link google.iam.v1.BindingDelta.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.iam.v1.BindingDelta
+                     * @static
+                     * @param {google.iam.v1.IBindingDelta} message BindingDelta message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    BindingDelta.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes a BindingDelta message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.iam.v1.BindingDelta
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.iam.v1.BindingDelta} BindingDelta
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    BindingDelta.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.iam.v1.BindingDelta();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    message.action = reader.int32();
+                                    break;
+                                }
+                            case 2: {
+                                    message.role = reader.string();
+                                    break;
+                                }
+                            case 3: {
+                                    message.member = reader.string();
+                                    break;
+                                }
+                            case 4: {
+                                    message.condition = $root.google.type.Expr.decode(reader, reader.uint32());
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes a BindingDelta message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.iam.v1.BindingDelta
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.iam.v1.BindingDelta} BindingDelta
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    BindingDelta.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies a BindingDelta message.
+                     * @function verify
+                     * @memberof google.iam.v1.BindingDelta
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    BindingDelta.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.action != null && message.hasOwnProperty("action"))
+                            switch (message.action) {
+                            default:
+                                return "action: enum value expected";
+                            case 0:
+                            case 1:
+                            case 2:
+                                break;
+                            }
+                        if (message.role != null && message.hasOwnProperty("role"))
+                            if (!$util.isString(message.role))
+                                return "role: string expected";
+                        if (message.member != null && message.hasOwnProperty("member"))
+                            if (!$util.isString(message.member))
+                                return "member: string expected";
+                        if (message.condition != null && message.hasOwnProperty("condition")) {
+                            var error = $root.google.type.Expr.verify(message.condition);
+                            if (error)
+                                return "condition." + error;
+                        }
+                        return null;
+                    };
+    
+                    /**
+                     * Creates a BindingDelta message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.iam.v1.BindingDelta
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.iam.v1.BindingDelta} BindingDelta
+                     */
+                    BindingDelta.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.iam.v1.BindingDelta)
+                            return object;
+                        var message = new $root.google.iam.v1.BindingDelta();
+                        switch (object.action) {
+                        default:
+                            if (typeof object.action === "number") {
+                                message.action = object.action;
+                                break;
+                            }
+                            break;
+                        case "ACTION_UNSPECIFIED":
+                        case 0:
+                            message.action = 0;
+                            break;
+                        case "ADD":
+                        case 1:
+                            message.action = 1;
+                            break;
+                        case "REMOVE":
+                        case 2:
+                            message.action = 2;
+                            break;
+                        }
+                        if (object.role != null)
+                            message.role = String(object.role);
+                        if (object.member != null)
+                            message.member = String(object.member);
+                        if (object.condition != null) {
+                            if (typeof object.condition !== "object")
+                                throw TypeError(".google.iam.v1.BindingDelta.condition: object expected");
+                            message.condition = $root.google.type.Expr.fromObject(object.condition);
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from a BindingDelta message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.iam.v1.BindingDelta
+                     * @static
+                     * @param {google.iam.v1.BindingDelta} message BindingDelta
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    BindingDelta.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.defaults) {
+                            object.action = options.enums === String ? "ACTION_UNSPECIFIED" : 0;
+                            object.role = "";
+                            object.member = "";
+                            object.condition = null;
+                        }
+                        if (message.action != null && message.hasOwnProperty("action"))
+                            object.action = options.enums === String ? $root.google.iam.v1.BindingDelta.Action[message.action] === undefined ? message.action : $root.google.iam.v1.BindingDelta.Action[message.action] : message.action;
+                        if (message.role != null && message.hasOwnProperty("role"))
+                            object.role = message.role;
+                        if (message.member != null && message.hasOwnProperty("member"))
+                            object.member = message.member;
+                        if (message.condition != null && message.hasOwnProperty("condition"))
+                            object.condition = $root.google.type.Expr.toObject(message.condition, options);
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this BindingDelta to JSON.
+                     * @function toJSON
+                     * @memberof google.iam.v1.BindingDelta
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    BindingDelta.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for BindingDelta
+                     * @function getTypeUrl
+                     * @memberof google.iam.v1.BindingDelta
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    BindingDelta.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.iam.v1.BindingDelta";
+                    };
+    
+                    /**
+                     * Action enum.
+                     * @name google.iam.v1.BindingDelta.Action
+                     * @enum {number}
+                     * @property {number} ACTION_UNSPECIFIED=0 ACTION_UNSPECIFIED value
+                     * @property {number} ADD=1 ADD value
+                     * @property {number} REMOVE=2 REMOVE value
+                     */
+                    BindingDelta.Action = (function() {
+                        var valuesById = {}, values = Object.create(valuesById);
+                        values[valuesById[0] = "ACTION_UNSPECIFIED"] = 0;
+                        values[valuesById[1] = "ADD"] = 1;
+                        values[valuesById[2] = "REMOVE"] = 2;
+                        return values;
+                    })();
+    
+                    return BindingDelta;
+                })();
+    
+                v1.AuditConfigDelta = (function() {
+    
+                    /**
+                     * Properties of an AuditConfigDelta.
+                     * @memberof google.iam.v1
+                     * @interface IAuditConfigDelta
+                     * @property {google.iam.v1.AuditConfigDelta.Action|null} [action] AuditConfigDelta action
+                     * @property {string|null} [service] AuditConfigDelta service
+                     * @property {string|null} [exemptedMember] AuditConfigDelta exemptedMember
+                     * @property {string|null} [logType] AuditConfigDelta logType
+                     */
+    
+                    /**
+                     * Constructs a new AuditConfigDelta.
+                     * @memberof google.iam.v1
+                     * @classdesc Represents an AuditConfigDelta.
+                     * @implements IAuditConfigDelta
+                     * @constructor
+                     * @param {google.iam.v1.IAuditConfigDelta=} [properties] Properties to set
+                     */
+                    function AuditConfigDelta(properties) {
+                        if (properties)
+                            for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                                if (properties[keys[i]] != null)
+                                    this[keys[i]] = properties[keys[i]];
+                    }
+    
+                    /**
+                     * AuditConfigDelta action.
+                     * @member {google.iam.v1.AuditConfigDelta.Action} action
+                     * @memberof google.iam.v1.AuditConfigDelta
+                     * @instance
+                     */
+                    AuditConfigDelta.prototype.action = 0;
+    
+                    /**
+                     * AuditConfigDelta service.
+                     * @member {string} service
+                     * @memberof google.iam.v1.AuditConfigDelta
+                     * @instance
+                     */
+                    AuditConfigDelta.prototype.service = "";
+    
+                    /**
+                     * AuditConfigDelta exemptedMember.
+                     * @member {string} exemptedMember
+                     * @memberof google.iam.v1.AuditConfigDelta
+                     * @instance
+                     */
+                    AuditConfigDelta.prototype.exemptedMember = "";
+    
+                    /**
+                     * AuditConfigDelta logType.
+                     * @member {string} logType
+                     * @memberof google.iam.v1.AuditConfigDelta
+                     * @instance
+                     */
+                    AuditConfigDelta.prototype.logType = "";
+    
+                    /**
+                     * Creates a new AuditConfigDelta instance using the specified properties.
+                     * @function create
+                     * @memberof google.iam.v1.AuditConfigDelta
+                     * @static
+                     * @param {google.iam.v1.IAuditConfigDelta=} [properties] Properties to set
+                     * @returns {google.iam.v1.AuditConfigDelta} AuditConfigDelta instance
+                     */
+                    AuditConfigDelta.create = function create(properties) {
+                        return new AuditConfigDelta(properties);
+                    };
+    
+                    /**
+                     * Encodes the specified AuditConfigDelta message. Does not implicitly {@link google.iam.v1.AuditConfigDelta.verify|verify} messages.
+                     * @function encode
+                     * @memberof google.iam.v1.AuditConfigDelta
+                     * @static
+                     * @param {google.iam.v1.IAuditConfigDelta} message AuditConfigDelta message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    AuditConfigDelta.encode = function encode(message, writer) {
+                        if (!writer)
+                            writer = $Writer.create();
+                        if (message.action != null && Object.hasOwnProperty.call(message, "action"))
+                            writer.uint32(/* id 1, wireType 0 =*/8).int32(message.action);
+                        if (message.service != null && Object.hasOwnProperty.call(message, "service"))
+                            writer.uint32(/* id 2, wireType 2 =*/18).string(message.service);
+                        if (message.exemptedMember != null && Object.hasOwnProperty.call(message, "exemptedMember"))
+                            writer.uint32(/* id 3, wireType 2 =*/26).string(message.exemptedMember);
+                        if (message.logType != null && Object.hasOwnProperty.call(message, "logType"))
+                            writer.uint32(/* id 4, wireType 2 =*/34).string(message.logType);
+                        return writer;
+                    };
+    
+                    /**
+                     * Encodes the specified AuditConfigDelta message, length delimited. Does not implicitly {@link google.iam.v1.AuditConfigDelta.verify|verify} messages.
+                     * @function encodeDelimited
+                     * @memberof google.iam.v1.AuditConfigDelta
+                     * @static
+                     * @param {google.iam.v1.IAuditConfigDelta} message AuditConfigDelta message or plain object to encode
+                     * @param {$protobuf.Writer} [writer] Writer to encode to
+                     * @returns {$protobuf.Writer} Writer
+                     */
+                    AuditConfigDelta.encodeDelimited = function encodeDelimited(message, writer) {
+                        return this.encode(message, writer).ldelim();
+                    };
+    
+                    /**
+                     * Decodes an AuditConfigDelta message from the specified reader or buffer.
+                     * @function decode
+                     * @memberof google.iam.v1.AuditConfigDelta
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @param {number} [length] Message length if known beforehand
+                     * @returns {google.iam.v1.AuditConfigDelta} AuditConfigDelta
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    AuditConfigDelta.decode = function decode(reader, length) {
+                        if (!(reader instanceof $Reader))
+                            reader = $Reader.create(reader);
+                        var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.iam.v1.AuditConfigDelta();
+                        while (reader.pos < end) {
+                            var tag = reader.uint32();
+                            switch (tag >>> 3) {
+                            case 1: {
+                                    message.action = reader.int32();
+                                    break;
+                                }
+                            case 2: {
+                                    message.service = reader.string();
+                                    break;
+                                }
+                            case 3: {
+                                    message.exemptedMember = reader.string();
+                                    break;
+                                }
+                            case 4: {
+                                    message.logType = reader.string();
+                                    break;
+                                }
+                            default:
+                                reader.skipType(tag & 7);
+                                break;
+                            }
+                        }
+                        return message;
+                    };
+    
+                    /**
+                     * Decodes an AuditConfigDelta message from the specified reader or buffer, length delimited.
+                     * @function decodeDelimited
+                     * @memberof google.iam.v1.AuditConfigDelta
+                     * @static
+                     * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                     * @returns {google.iam.v1.AuditConfigDelta} AuditConfigDelta
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    AuditConfigDelta.decodeDelimited = function decodeDelimited(reader) {
+                        if (!(reader instanceof $Reader))
+                            reader = new $Reader(reader);
+                        return this.decode(reader, reader.uint32());
+                    };
+    
+                    /**
+                     * Verifies an AuditConfigDelta message.
+                     * @function verify
+                     * @memberof google.iam.v1.AuditConfigDelta
+                     * @static
+                     * @param {Object.<string,*>} message Plain object to verify
+                     * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                     */
+                    AuditConfigDelta.verify = function verify(message) {
+                        if (typeof message !== "object" || message === null)
+                            return "object expected";
+                        if (message.action != null && message.hasOwnProperty("action"))
+                            switch (message.action) {
+                            default:
+                                return "action: enum value expected";
+                            case 0:
+                            case 1:
+                            case 2:
+                                break;
+                            }
+                        if (message.service != null && message.hasOwnProperty("service"))
+                            if (!$util.isString(message.service))
+                                return "service: string expected";
+                        if (message.exemptedMember != null && message.hasOwnProperty("exemptedMember"))
+                            if (!$util.isString(message.exemptedMember))
+                                return "exemptedMember: string expected";
+                        if (message.logType != null && message.hasOwnProperty("logType"))
+                            if (!$util.isString(message.logType))
+                                return "logType: string expected";
+                        return null;
+                    };
+    
+                    /**
+                     * Creates an AuditConfigDelta message from a plain object. Also converts values to their respective internal types.
+                     * @function fromObject
+                     * @memberof google.iam.v1.AuditConfigDelta
+                     * @static
+                     * @param {Object.<string,*>} object Plain object
+                     * @returns {google.iam.v1.AuditConfigDelta} AuditConfigDelta
+                     */
+                    AuditConfigDelta.fromObject = function fromObject(object) {
+                        if (object instanceof $root.google.iam.v1.AuditConfigDelta)
+                            return object;
+                        var message = new $root.google.iam.v1.AuditConfigDelta();
+                        switch (object.action) {
+                        default:
+                            if (typeof object.action === "number") {
+                                message.action = object.action;
+                                break;
+                            }
+                            break;
+                        case "ACTION_UNSPECIFIED":
+                        case 0:
+                            message.action = 0;
+                            break;
+                        case "ADD":
+                        case 1:
+                            message.action = 1;
+                            break;
+                        case "REMOVE":
+                        case 2:
+                            message.action = 2;
+                            break;
+                        }
+                        if (object.service != null)
+                            message.service = String(object.service);
+                        if (object.exemptedMember != null)
+                            message.exemptedMember = String(object.exemptedMember);
+                        if (object.logType != null)
+                            message.logType = String(object.logType);
+                        return message;
+                    };
+    
+                    /**
+                     * Creates a plain object from an AuditConfigDelta message. Also converts values to other types if specified.
+                     * @function toObject
+                     * @memberof google.iam.v1.AuditConfigDelta
+                     * @static
+                     * @param {google.iam.v1.AuditConfigDelta} message AuditConfigDelta
+                     * @param {$protobuf.IConversionOptions} [options] Conversion options
+                     * @returns {Object.<string,*>} Plain object
+                     */
+                    AuditConfigDelta.toObject = function toObject(message, options) {
+                        if (!options)
+                            options = {};
+                        var object = {};
+                        if (options.defaults) {
+                            object.action = options.enums === String ? "ACTION_UNSPECIFIED" : 0;
+                            object.service = "";
+                            object.exemptedMember = "";
+                            object.logType = "";
+                        }
+                        if (message.action != null && message.hasOwnProperty("action"))
+                            object.action = options.enums === String ? $root.google.iam.v1.AuditConfigDelta.Action[message.action] === undefined ? message.action : $root.google.iam.v1.AuditConfigDelta.Action[message.action] : message.action;
+                        if (message.service != null && message.hasOwnProperty("service"))
+                            object.service = message.service;
+                        if (message.exemptedMember != null && message.hasOwnProperty("exemptedMember"))
+                            object.exemptedMember = message.exemptedMember;
+                        if (message.logType != null && message.hasOwnProperty("logType"))
+                            object.logType = message.logType;
+                        return object;
+                    };
+    
+                    /**
+                     * Converts this AuditConfigDelta to JSON.
+                     * @function toJSON
+                     * @memberof google.iam.v1.AuditConfigDelta
+                     * @instance
+                     * @returns {Object.<string,*>} JSON object
+                     */
+                    AuditConfigDelta.prototype.toJSON = function toJSON() {
+                        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                    };
+    
+                    /**
+                     * Gets the default type url for AuditConfigDelta
+                     * @function getTypeUrl
+                     * @memberof google.iam.v1.AuditConfigDelta
+                     * @static
+                     * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                     * @returns {string} The default type url
+                     */
+                    AuditConfigDelta.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                        if (typeUrlPrefix === undefined) {
+                            typeUrlPrefix = "type.googleapis.com";
+                        }
+                        return typeUrlPrefix + "/google.iam.v1.AuditConfigDelta";
+                    };
+    
+                    /**
+                     * Action enum.
+                     * @name google.iam.v1.AuditConfigDelta.Action
+                     * @enum {number}
+                     * @property {number} ACTION_UNSPECIFIED=0 ACTION_UNSPECIFIED value
+                     * @property {number} ADD=1 ADD value
+                     * @property {number} REMOVE=2 REMOVE value
+                     */
+                    AuditConfigDelta.Action = (function() {
+                        var valuesById = {}, values = Object.create(valuesById);
+                        values[valuesById[0] = "ACTION_UNSPECIFIED"] = 0;
+                        values[valuesById[1] = "ADD"] = 1;
+                        values[valuesById[2] = "REMOVE"] = 2;
+                        return values;
+                    })();
+    
+                    return AuditConfigDelta;
+                })();
+    
+                return v1;
+            })();
+    
+            return iam;
+        })();
+    
+        google.type = (function() {
+    
+            /**
+             * Namespace type.
+             * @memberof google
+             * @namespace
+             */
+            var type = {};
+    
+            type.Expr = (function() {
+    
+                /**
+                 * Properties of an Expr.
+                 * @memberof google.type
+                 * @interface IExpr
+                 * @property {string|null} [expression] Expr expression
+                 * @property {string|null} [title] Expr title
+                 * @property {string|null} [description] Expr description
+                 * @property {string|null} [location] Expr location
+                 */
+    
+                /**
+                 * Constructs a new Expr.
+                 * @memberof google.type
+                 * @classdesc Represents an Expr.
+                 * @implements IExpr
+                 * @constructor
+                 * @param {google.type.IExpr=} [properties] Properties to set
+                 */
+                function Expr(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * Expr expression.
+                 * @member {string} expression
+                 * @memberof google.type.Expr
+                 * @instance
+                 */
+                Expr.prototype.expression = "";
+    
+                /**
+                 * Expr title.
+                 * @member {string} title
+                 * @memberof google.type.Expr
+                 * @instance
+                 */
+                Expr.prototype.title = "";
+    
+                /**
+                 * Expr description.
+                 * @member {string} description
+                 * @memberof google.type.Expr
+                 * @instance
+                 */
+                Expr.prototype.description = "";
+    
+                /**
+                 * Expr location.
+                 * @member {string} location
+                 * @memberof google.type.Expr
+                 * @instance
+                 */
+                Expr.prototype.location = "";
+    
+                /**
+                 * Creates a new Expr instance using the specified properties.
+                 * @function create
+                 * @memberof google.type.Expr
+                 * @static
+                 * @param {google.type.IExpr=} [properties] Properties to set
+                 * @returns {google.type.Expr} Expr instance
+                 */
+                Expr.create = function create(properties) {
+                    return new Expr(properties);
+                };
+    
+                /**
+                 * Encodes the specified Expr message. Does not implicitly {@link google.type.Expr.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.type.Expr
+                 * @static
+                 * @param {google.type.IExpr} message Expr message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Expr.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.expression != null && Object.hasOwnProperty.call(message, "expression"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.expression);
+                    if (message.title != null && Object.hasOwnProperty.call(message, "title"))
+                        writer.uint32(/* id 2, wireType 2 =*/18).string(message.title);
+                    if (message.description != null && Object.hasOwnProperty.call(message, "description"))
+                        writer.uint32(/* id 3, wireType 2 =*/26).string(message.description);
+                    if (message.location != null && Object.hasOwnProperty.call(message, "location"))
+                        writer.uint32(/* id 4, wireType 2 =*/34).string(message.location);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified Expr message, length delimited. Does not implicitly {@link google.type.Expr.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.type.Expr
+                 * @static
+                 * @param {google.type.IExpr} message Expr message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Expr.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes an Expr message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.type.Expr
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.type.Expr} Expr
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Expr.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.type.Expr();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.expression = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                message.title = reader.string();
+                                break;
+                            }
+                        case 3: {
+                                message.description = reader.string();
+                                break;
+                            }
+                        case 4: {
+                                message.location = reader.string();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes an Expr message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.type.Expr
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.type.Expr} Expr
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Expr.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies an Expr message.
+                 * @function verify
+                 * @memberof google.type.Expr
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                Expr.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.expression != null && message.hasOwnProperty("expression"))
+                        if (!$util.isString(message.expression))
+                            return "expression: string expected";
+                    if (message.title != null && message.hasOwnProperty("title"))
+                        if (!$util.isString(message.title))
+                            return "title: string expected";
+                    if (message.description != null && message.hasOwnProperty("description"))
+                        if (!$util.isString(message.description))
+                            return "description: string expected";
+                    if (message.location != null && message.hasOwnProperty("location"))
+                        if (!$util.isString(message.location))
+                            return "location: string expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates an Expr message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.type.Expr
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.type.Expr} Expr
+                 */
+                Expr.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.type.Expr)
+                        return object;
+                    var message = new $root.google.type.Expr();
+                    if (object.expression != null)
+                        message.expression = String(object.expression);
+                    if (object.title != null)
+                        message.title = String(object.title);
+                    if (object.description != null)
+                        message.description = String(object.description);
+                    if (object.location != null)
+                        message.location = String(object.location);
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from an Expr message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.type.Expr
+                 * @static
+                 * @param {google.type.Expr} message Expr
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                Expr.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults) {
+                        object.expression = "";
+                        object.title = "";
+                        object.description = "";
+                        object.location = "";
+                    }
+                    if (message.expression != null && message.hasOwnProperty("expression"))
+                        object.expression = message.expression;
+                    if (message.title != null && message.hasOwnProperty("title"))
+                        object.title = message.title;
+                    if (message.description != null && message.hasOwnProperty("description"))
+                        object.description = message.description;
+                    if (message.location != null && message.hasOwnProperty("location"))
+                        object.location = message.location;
+                    return object;
+                };
+    
+                /**
+                 * Converts this Expr to JSON.
+                 * @function toJSON
+                 * @memberof google.type.Expr
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                Expr.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for Expr
+                 * @function getTypeUrl
+                 * @memberof google.type.Expr
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                Expr.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.type.Expr";
+                };
+    
+                return Expr;
+            })();
+    
+            return type;
+        })();
+    
+        google.longrunning = (function() {
+    
+            /**
+             * Namespace longrunning.
+             * @memberof google
+             * @namespace
+             */
+            var longrunning = {};
+    
+            longrunning.Operations = (function() {
+    
+                /**
+                 * Constructs a new Operations service.
+                 * @memberof google.longrunning
+                 * @classdesc Represents an Operations
+                 * @extends $protobuf.rpc.Service
+                 * @constructor
+                 * @param {$protobuf.RPCImpl} rpcImpl RPC implementation
+                 * @param {boolean} [requestDelimited=false] Whether requests are length-delimited
+                 * @param {boolean} [responseDelimited=false] Whether responses are length-delimited
+                 */
+                function Operations(rpcImpl, requestDelimited, responseDelimited) {
+                    $protobuf.rpc.Service.call(this, rpcImpl, requestDelimited, responseDelimited);
+                }
+    
+                (Operations.prototype = Object.create($protobuf.rpc.Service.prototype)).constructor = Operations;
+    
+                /**
+                 * Creates new Operations service using the specified rpc implementation.
+                 * @function create
+                 * @memberof google.longrunning.Operations
+                 * @static
+                 * @param {$protobuf.RPCImpl} rpcImpl RPC implementation
+                 * @param {boolean} [requestDelimited=false] Whether requests are length-delimited
+                 * @param {boolean} [responseDelimited=false] Whether responses are length-delimited
+                 * @returns {Operations} RPC service. Useful where requests and/or responses are streamed.
+                 */
+                Operations.create = function create(rpcImpl, requestDelimited, responseDelimited) {
+                    return new this(rpcImpl, requestDelimited, responseDelimited);
+                };
+    
+                /**
+                 * Callback as used by {@link google.longrunning.Operations|listOperations}.
+                 * @memberof google.longrunning.Operations
+                 * @typedef ListOperationsCallback
+                 * @type {function}
+                 * @param {Error|null} error Error, if any
+                 * @param {google.longrunning.ListOperationsResponse} [response] ListOperationsResponse
+                 */
+    
+                /**
+                 * Calls ListOperations.
+                 * @function listOperations
+                 * @memberof google.longrunning.Operations
+                 * @instance
+                 * @param {google.longrunning.IListOperationsRequest} request ListOperationsRequest message or plain object
+                 * @param {google.longrunning.Operations.ListOperationsCallback} callback Node-style callback called with the error, if any, and ListOperationsResponse
+                 * @returns {undefined}
+                 * @variation 1
+                 */
+                Object.defineProperty(Operations.prototype.listOperations = function listOperations(request, callback) {
+                    return this.rpcCall(listOperations, $root.google.longrunning.ListOperationsRequest, $root.google.longrunning.ListOperationsResponse, request, callback);
+                }, "name", { value: "ListOperations" });
+    
+                /**
+                 * Calls ListOperations.
+                 * @function listOperations
+                 * @memberof google.longrunning.Operations
+                 * @instance
+                 * @param {google.longrunning.IListOperationsRequest} request ListOperationsRequest message or plain object
+                 * @returns {Promise<google.longrunning.ListOperationsResponse>} Promise
+                 * @variation 2
+                 */
+    
+                /**
+                 * Callback as used by {@link google.longrunning.Operations|getOperation}.
+                 * @memberof google.longrunning.Operations
+                 * @typedef GetOperationCallback
+                 * @type {function}
+                 * @param {Error|null} error Error, if any
+                 * @param {google.longrunning.Operation} [response] Operation
+                 */
+    
+                /**
+                 * Calls GetOperation.
+                 * @function getOperation
+                 * @memberof google.longrunning.Operations
+                 * @instance
+                 * @param {google.longrunning.IGetOperationRequest} request GetOperationRequest message or plain object
+                 * @param {google.longrunning.Operations.GetOperationCallback} callback Node-style callback called with the error, if any, and Operation
+                 * @returns {undefined}
+                 * @variation 1
+                 */
+                Object.defineProperty(Operations.prototype.getOperation = function getOperation(request, callback) {
+                    return this.rpcCall(getOperation, $root.google.longrunning.GetOperationRequest, $root.google.longrunning.Operation, request, callback);
+                }, "name", { value: "GetOperation" });
+    
+                /**
+                 * Calls GetOperation.
+                 * @function getOperation
+                 * @memberof google.longrunning.Operations
+                 * @instance
+                 * @param {google.longrunning.IGetOperationRequest} request GetOperationRequest message or plain object
+                 * @returns {Promise<google.longrunning.Operation>} Promise
+                 * @variation 2
+                 */
+    
+                /**
+                 * Callback as used by {@link google.longrunning.Operations|deleteOperation}.
+                 * @memberof google.longrunning.Operations
+                 * @typedef DeleteOperationCallback
+                 * @type {function}
+                 * @param {Error|null} error Error, if any
+                 * @param {google.protobuf.Empty} [response] Empty
+                 */
+    
+                /**
+                 * Calls DeleteOperation.
+                 * @function deleteOperation
+                 * @memberof google.longrunning.Operations
+                 * @instance
+                 * @param {google.longrunning.IDeleteOperationRequest} request DeleteOperationRequest message or plain object
+                 * @param {google.longrunning.Operations.DeleteOperationCallback} callback Node-style callback called with the error, if any, and Empty
+                 * @returns {undefined}
+                 * @variation 1
+                 */
+                Object.defineProperty(Operations.prototype.deleteOperation = function deleteOperation(request, callback) {
+                    return this.rpcCall(deleteOperation, $root.google.longrunning.DeleteOperationRequest, $root.google.protobuf.Empty, request, callback);
+                }, "name", { value: "DeleteOperation" });
+    
+                /**
+                 * Calls DeleteOperation.
+                 * @function deleteOperation
+                 * @memberof google.longrunning.Operations
+                 * @instance
+                 * @param {google.longrunning.IDeleteOperationRequest} request DeleteOperationRequest message or plain object
+                 * @returns {Promise<google.protobuf.Empty>} Promise
+                 * @variation 2
+                 */
+    
+                /**
+                 * Callback as used by {@link google.longrunning.Operations|cancelOperation}.
+                 * @memberof google.longrunning.Operations
+                 * @typedef CancelOperationCallback
+                 * @type {function}
+                 * @param {Error|null} error Error, if any
+                 * @param {google.protobuf.Empty} [response] Empty
+                 */
+    
+                /**
+                 * Calls CancelOperation.
+                 * @function cancelOperation
+                 * @memberof google.longrunning.Operations
+                 * @instance
+                 * @param {google.longrunning.ICancelOperationRequest} request CancelOperationRequest message or plain object
+                 * @param {google.longrunning.Operations.CancelOperationCallback} callback Node-style callback called with the error, if any, and Empty
+                 * @returns {undefined}
+                 * @variation 1
+                 */
+                Object.defineProperty(Operations.prototype.cancelOperation = function cancelOperation(request, callback) {
+                    return this.rpcCall(cancelOperation, $root.google.longrunning.CancelOperationRequest, $root.google.protobuf.Empty, request, callback);
+                }, "name", { value: "CancelOperation" });
+    
+                /**
+                 * Calls CancelOperation.
+                 * @function cancelOperation
+                 * @memberof google.longrunning.Operations
+                 * @instance
+                 * @param {google.longrunning.ICancelOperationRequest} request CancelOperationRequest message or plain object
+                 * @returns {Promise<google.protobuf.Empty>} Promise
+                 * @variation 2
+                 */
+    
+                /**
+                 * Callback as used by {@link google.longrunning.Operations|waitOperation}.
+                 * @memberof google.longrunning.Operations
+                 * @typedef WaitOperationCallback
+                 * @type {function}
+                 * @param {Error|null} error Error, if any
+                 * @param {google.longrunning.Operation} [response] Operation
+                 */
+    
+                /**
+                 * Calls WaitOperation.
+                 * @function waitOperation
+                 * @memberof google.longrunning.Operations
+                 * @instance
+                 * @param {google.longrunning.IWaitOperationRequest} request WaitOperationRequest message or plain object
+                 * @param {google.longrunning.Operations.WaitOperationCallback} callback Node-style callback called with the error, if any, and Operation
+                 * @returns {undefined}
+                 * @variation 1
+                 */
+                Object.defineProperty(Operations.prototype.waitOperation = function waitOperation(request, callback) {
+                    return this.rpcCall(waitOperation, $root.google.longrunning.WaitOperationRequest, $root.google.longrunning.Operation, request, callback);
+                }, "name", { value: "WaitOperation" });
+    
+                /**
+                 * Calls WaitOperation.
+                 * @function waitOperation
+                 * @memberof google.longrunning.Operations
+                 * @instance
+                 * @param {google.longrunning.IWaitOperationRequest} request WaitOperationRequest message or plain object
+                 * @returns {Promise<google.longrunning.Operation>} Promise
+                 * @variation 2
+                 */
+    
+                return Operations;
+            })();
+    
+            longrunning.Operation = (function() {
+    
+                /**
+                 * Properties of an Operation.
+                 * @memberof google.longrunning
+                 * @interface IOperation
+                 * @property {string|null} [name] Operation name
+                 * @property {google.protobuf.IAny|null} [metadata] Operation metadata
+                 * @property {boolean|null} [done] Operation done
+                 * @property {google.rpc.IStatus|null} [error] Operation error
+                 * @property {google.protobuf.IAny|null} [response] Operation response
+                 */
+    
+                /**
+                 * Constructs a new Operation.
+                 * @memberof google.longrunning
+                 * @classdesc Represents an Operation.
+                 * @implements IOperation
+                 * @constructor
+                 * @param {google.longrunning.IOperation=} [properties] Properties to set
+                 */
+                function Operation(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * Operation name.
+                 * @member {string} name
+                 * @memberof google.longrunning.Operation
+                 * @instance
+                 */
+                Operation.prototype.name = "";
+    
+                /**
+                 * Operation metadata.
+                 * @member {google.protobuf.IAny|null|undefined} metadata
+                 * @memberof google.longrunning.Operation
+                 * @instance
+                 */
+                Operation.prototype.metadata = null;
+    
+                /**
+                 * Operation done.
+                 * @member {boolean} done
+                 * @memberof google.longrunning.Operation
+                 * @instance
+                 */
+                Operation.prototype.done = false;
+    
+                /**
+                 * Operation error.
+                 * @member {google.rpc.IStatus|null|undefined} error
+                 * @memberof google.longrunning.Operation
+                 * @instance
+                 */
+                Operation.prototype.error = null;
+    
+                /**
+                 * Operation response.
+                 * @member {google.protobuf.IAny|null|undefined} response
+                 * @memberof google.longrunning.Operation
+                 * @instance
+                 */
+                Operation.prototype.response = null;
+    
+                // OneOf field names bound to virtual getters and setters
+                var $oneOfFields;
+    
+                /**
+                 * Operation result.
+                 * @member {"error"|"response"|undefined} result
+                 * @memberof google.longrunning.Operation
+                 * @instance
+                 */
+                Object.defineProperty(Operation.prototype, "result", {
+                    get: $util.oneOfGetter($oneOfFields = ["error", "response"]),
+                    set: $util.oneOfSetter($oneOfFields)
+                });
+    
+                /**
+                 * Creates a new Operation instance using the specified properties.
+                 * @function create
+                 * @memberof google.longrunning.Operation
+                 * @static
+                 * @param {google.longrunning.IOperation=} [properties] Properties to set
+                 * @returns {google.longrunning.Operation} Operation instance
+                 */
+                Operation.create = function create(properties) {
+                    return new Operation(properties);
+                };
+    
+                /**
+                 * Encodes the specified Operation message. Does not implicitly {@link google.longrunning.Operation.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.longrunning.Operation
+                 * @static
+                 * @param {google.longrunning.IOperation} message Operation message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Operation.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                    if (message.metadata != null && Object.hasOwnProperty.call(message, "metadata"))
+                        $root.google.protobuf.Any.encode(message.metadata, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                    if (message.done != null && Object.hasOwnProperty.call(message, "done"))
+                        writer.uint32(/* id 3, wireType 0 =*/24).bool(message.done);
+                    if (message.error != null && Object.hasOwnProperty.call(message, "error"))
+                        $root.google.rpc.Status.encode(message.error, writer.uint32(/* id 4, wireType 2 =*/34).fork()).ldelim();
+                    if (message.response != null && Object.hasOwnProperty.call(message, "response"))
+                        $root.google.protobuf.Any.encode(message.response, writer.uint32(/* id 5, wireType 2 =*/42).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified Operation message, length delimited. Does not implicitly {@link google.longrunning.Operation.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.longrunning.Operation
+                 * @static
+                 * @param {google.longrunning.IOperation} message Operation message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Operation.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes an Operation message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.longrunning.Operation
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.longrunning.Operation} Operation
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Operation.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.longrunning.Operation();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.name = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                message.metadata = $root.google.protobuf.Any.decode(reader, reader.uint32());
+                                break;
+                            }
+                        case 3: {
+                                message.done = reader.bool();
+                                break;
+                            }
+                        case 4: {
+                                message.error = $root.google.rpc.Status.decode(reader, reader.uint32());
+                                break;
+                            }
+                        case 5: {
+                                message.response = $root.google.protobuf.Any.decode(reader, reader.uint32());
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes an Operation message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.longrunning.Operation
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.longrunning.Operation} Operation
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Operation.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies an Operation message.
+                 * @function verify
+                 * @memberof google.longrunning.Operation
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                Operation.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    var properties = {};
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        if (!$util.isString(message.name))
+                            return "name: string expected";
+                    if (message.metadata != null && message.hasOwnProperty("metadata")) {
+                        var error = $root.google.protobuf.Any.verify(message.metadata);
+                        if (error)
+                            return "metadata." + error;
+                    }
+                    if (message.done != null && message.hasOwnProperty("done"))
+                        if (typeof message.done !== "boolean")
+                            return "done: boolean expected";
+                    if (message.error != null && message.hasOwnProperty("error")) {
+                        properties.result = 1;
+                        {
+                            var error = $root.google.rpc.Status.verify(message.error);
+                            if (error)
+                                return "error." + error;
+                        }
+                    }
+                    if (message.response != null && message.hasOwnProperty("response")) {
+                        if (properties.result === 1)
+                            return "result: multiple values";
+                        properties.result = 1;
+                        {
+                            var error = $root.google.protobuf.Any.verify(message.response);
+                            if (error)
+                                return "response." + error;
+                        }
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates an Operation message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.longrunning.Operation
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.longrunning.Operation} Operation
+                 */
+                Operation.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.longrunning.Operation)
+                        return object;
+                    var message = new $root.google.longrunning.Operation();
+                    if (object.name != null)
+                        message.name = String(object.name);
+                    if (object.metadata != null) {
+                        if (typeof object.metadata !== "object")
+                            throw TypeError(".google.longrunning.Operation.metadata: object expected");
+                        message.metadata = $root.google.protobuf.Any.fromObject(object.metadata);
+                    }
+                    if (object.done != null)
+                        message.done = Boolean(object.done);
+                    if (object.error != null) {
+                        if (typeof object.error !== "object")
+                            throw TypeError(".google.longrunning.Operation.error: object expected");
+                        message.error = $root.google.rpc.Status.fromObject(object.error);
+                    }
+                    if (object.response != null) {
+                        if (typeof object.response !== "object")
+                            throw TypeError(".google.longrunning.Operation.response: object expected");
+                        message.response = $root.google.protobuf.Any.fromObject(object.response);
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from an Operation message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.longrunning.Operation
+                 * @static
+                 * @param {google.longrunning.Operation} message Operation
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                Operation.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults) {
+                        object.name = "";
+                        object.metadata = null;
+                        object.done = false;
+                    }
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        object.name = message.name;
+                    if (message.metadata != null && message.hasOwnProperty("metadata"))
+                        object.metadata = $root.google.protobuf.Any.toObject(message.metadata, options);
+                    if (message.done != null && message.hasOwnProperty("done"))
+                        object.done = message.done;
+                    if (message.error != null && message.hasOwnProperty("error")) {
+                        object.error = $root.google.rpc.Status.toObject(message.error, options);
+                        if (options.oneofs)
+                            object.result = "error";
+                    }
+                    if (message.response != null && message.hasOwnProperty("response")) {
+                        object.response = $root.google.protobuf.Any.toObject(message.response, options);
+                        if (options.oneofs)
+                            object.result = "response";
+                    }
+                    return object;
+                };
+    
+                /**
+                 * Converts this Operation to JSON.
+                 * @function toJSON
+                 * @memberof google.longrunning.Operation
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                Operation.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for Operation
+                 * @function getTypeUrl
+                 * @memberof google.longrunning.Operation
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                Operation.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.longrunning.Operation";
+                };
+    
+                return Operation;
+            })();
+    
+            longrunning.GetOperationRequest = (function() {
+    
+                /**
+                 * Properties of a GetOperationRequest.
+                 * @memberof google.longrunning
+                 * @interface IGetOperationRequest
+                 * @property {string|null} [name] GetOperationRequest name
+                 */
+    
+                /**
+                 * Constructs a new GetOperationRequest.
+                 * @memberof google.longrunning
+                 * @classdesc Represents a GetOperationRequest.
+                 * @implements IGetOperationRequest
+                 * @constructor
+                 * @param {google.longrunning.IGetOperationRequest=} [properties] Properties to set
+                 */
+                function GetOperationRequest(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * GetOperationRequest name.
+                 * @member {string} name
+                 * @memberof google.longrunning.GetOperationRequest
+                 * @instance
+                 */
+                GetOperationRequest.prototype.name = "";
+    
+                /**
+                 * Creates a new GetOperationRequest instance using the specified properties.
+                 * @function create
+                 * @memberof google.longrunning.GetOperationRequest
+                 * @static
+                 * @param {google.longrunning.IGetOperationRequest=} [properties] Properties to set
+                 * @returns {google.longrunning.GetOperationRequest} GetOperationRequest instance
+                 */
+                GetOperationRequest.create = function create(properties) {
+                    return new GetOperationRequest(properties);
+                };
+    
+                /**
+                 * Encodes the specified GetOperationRequest message. Does not implicitly {@link google.longrunning.GetOperationRequest.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.longrunning.GetOperationRequest
+                 * @static
+                 * @param {google.longrunning.IGetOperationRequest} message GetOperationRequest message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                GetOperationRequest.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified GetOperationRequest message, length delimited. Does not implicitly {@link google.longrunning.GetOperationRequest.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.longrunning.GetOperationRequest
+                 * @static
+                 * @param {google.longrunning.IGetOperationRequest} message GetOperationRequest message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                GetOperationRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a GetOperationRequest message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.longrunning.GetOperationRequest
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.longrunning.GetOperationRequest} GetOperationRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                GetOperationRequest.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.longrunning.GetOperationRequest();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.name = reader.string();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a GetOperationRequest message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.longrunning.GetOperationRequest
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.longrunning.GetOperationRequest} GetOperationRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                GetOperationRequest.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a GetOperationRequest message.
+                 * @function verify
+                 * @memberof google.longrunning.GetOperationRequest
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                GetOperationRequest.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        if (!$util.isString(message.name))
+                            return "name: string expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates a GetOperationRequest message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.longrunning.GetOperationRequest
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.longrunning.GetOperationRequest} GetOperationRequest
+                 */
+                GetOperationRequest.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.longrunning.GetOperationRequest)
+                        return object;
+                    var message = new $root.google.longrunning.GetOperationRequest();
+                    if (object.name != null)
+                        message.name = String(object.name);
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a GetOperationRequest message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.longrunning.GetOperationRequest
+                 * @static
+                 * @param {google.longrunning.GetOperationRequest} message GetOperationRequest
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                GetOperationRequest.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults)
+                        object.name = "";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        object.name = message.name;
+                    return object;
+                };
+    
+                /**
+                 * Converts this GetOperationRequest to JSON.
+                 * @function toJSON
+                 * @memberof google.longrunning.GetOperationRequest
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                GetOperationRequest.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for GetOperationRequest
+                 * @function getTypeUrl
+                 * @memberof google.longrunning.GetOperationRequest
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                GetOperationRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.longrunning.GetOperationRequest";
+                };
+    
+                return GetOperationRequest;
+            })();
+    
+            longrunning.ListOperationsRequest = (function() {
+    
+                /**
+                 * Properties of a ListOperationsRequest.
+                 * @memberof google.longrunning
+                 * @interface IListOperationsRequest
+                 * @property {string|null} [name] ListOperationsRequest name
+                 * @property {string|null} [filter] ListOperationsRequest filter
+                 * @property {number|null} [pageSize] ListOperationsRequest pageSize
+                 * @property {string|null} [pageToken] ListOperationsRequest pageToken
+                 */
+    
+                /**
+                 * Constructs a new ListOperationsRequest.
+                 * @memberof google.longrunning
+                 * @classdesc Represents a ListOperationsRequest.
+                 * @implements IListOperationsRequest
+                 * @constructor
+                 * @param {google.longrunning.IListOperationsRequest=} [properties] Properties to set
+                 */
+                function ListOperationsRequest(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * ListOperationsRequest name.
+                 * @member {string} name
+                 * @memberof google.longrunning.ListOperationsRequest
+                 * @instance
+                 */
+                ListOperationsRequest.prototype.name = "";
+    
+                /**
+                 * ListOperationsRequest filter.
+                 * @member {string} filter
+                 * @memberof google.longrunning.ListOperationsRequest
+                 * @instance
+                 */
+                ListOperationsRequest.prototype.filter = "";
+    
+                /**
+                 * ListOperationsRequest pageSize.
+                 * @member {number} pageSize
+                 * @memberof google.longrunning.ListOperationsRequest
+                 * @instance
+                 */
+                ListOperationsRequest.prototype.pageSize = 0;
+    
+                /**
+                 * ListOperationsRequest pageToken.
+                 * @member {string} pageToken
+                 * @memberof google.longrunning.ListOperationsRequest
+                 * @instance
+                 */
+                ListOperationsRequest.prototype.pageToken = "";
+    
+                /**
+                 * Creates a new ListOperationsRequest instance using the specified properties.
+                 * @function create
+                 * @memberof google.longrunning.ListOperationsRequest
+                 * @static
+                 * @param {google.longrunning.IListOperationsRequest=} [properties] Properties to set
+                 * @returns {google.longrunning.ListOperationsRequest} ListOperationsRequest instance
+                 */
+                ListOperationsRequest.create = function create(properties) {
+                    return new ListOperationsRequest(properties);
+                };
+    
+                /**
+                 * Encodes the specified ListOperationsRequest message. Does not implicitly {@link google.longrunning.ListOperationsRequest.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.longrunning.ListOperationsRequest
+                 * @static
+                 * @param {google.longrunning.IListOperationsRequest} message ListOperationsRequest message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                ListOperationsRequest.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.filter != null && Object.hasOwnProperty.call(message, "filter"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.filter);
+                    if (message.pageSize != null && Object.hasOwnProperty.call(message, "pageSize"))
+                        writer.uint32(/* id 2, wireType 0 =*/16).int32(message.pageSize);
+                    if (message.pageToken != null && Object.hasOwnProperty.call(message, "pageToken"))
+                        writer.uint32(/* id 3, wireType 2 =*/26).string(message.pageToken);
+                    if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                        writer.uint32(/* id 4, wireType 2 =*/34).string(message.name);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified ListOperationsRequest message, length delimited. Does not implicitly {@link google.longrunning.ListOperationsRequest.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.longrunning.ListOperationsRequest
+                 * @static
+                 * @param {google.longrunning.IListOperationsRequest} message ListOperationsRequest message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                ListOperationsRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a ListOperationsRequest message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.longrunning.ListOperationsRequest
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.longrunning.ListOperationsRequest} ListOperationsRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                ListOperationsRequest.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.longrunning.ListOperationsRequest();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 4: {
+                                message.name = reader.string();
+                                break;
+                            }
+                        case 1: {
+                                message.filter = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                message.pageSize = reader.int32();
+                                break;
+                            }
+                        case 3: {
+                                message.pageToken = reader.string();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a ListOperationsRequest message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.longrunning.ListOperationsRequest
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.longrunning.ListOperationsRequest} ListOperationsRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                ListOperationsRequest.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a ListOperationsRequest message.
+                 * @function verify
+                 * @memberof google.longrunning.ListOperationsRequest
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                ListOperationsRequest.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        if (!$util.isString(message.name))
+                            return "name: string expected";
+                    if (message.filter != null && message.hasOwnProperty("filter"))
+                        if (!$util.isString(message.filter))
+                            return "filter: string expected";
+                    if (message.pageSize != null && message.hasOwnProperty("pageSize"))
+                        if (!$util.isInteger(message.pageSize))
+                            return "pageSize: integer expected";
+                    if (message.pageToken != null && message.hasOwnProperty("pageToken"))
+                        if (!$util.isString(message.pageToken))
+                            return "pageToken: string expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates a ListOperationsRequest message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.longrunning.ListOperationsRequest
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.longrunning.ListOperationsRequest} ListOperationsRequest
+                 */
+                ListOperationsRequest.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.longrunning.ListOperationsRequest)
+                        return object;
+                    var message = new $root.google.longrunning.ListOperationsRequest();
+                    if (object.name != null)
+                        message.name = String(object.name);
+                    if (object.filter != null)
+                        message.filter = String(object.filter);
+                    if (object.pageSize != null)
+                        message.pageSize = object.pageSize | 0;
+                    if (object.pageToken != null)
+                        message.pageToken = String(object.pageToken);
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a ListOperationsRequest message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.longrunning.ListOperationsRequest
+                 * @static
+                 * @param {google.longrunning.ListOperationsRequest} message ListOperationsRequest
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                ListOperationsRequest.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults) {
+                        object.filter = "";
+                        object.pageSize = 0;
+                        object.pageToken = "";
+                        object.name = "";
+                    }
+                    if (message.filter != null && message.hasOwnProperty("filter"))
+                        object.filter = message.filter;
+                    if (message.pageSize != null && message.hasOwnProperty("pageSize"))
+                        object.pageSize = message.pageSize;
+                    if (message.pageToken != null && message.hasOwnProperty("pageToken"))
+                        object.pageToken = message.pageToken;
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        object.name = message.name;
+                    return object;
+                };
+    
+                /**
+                 * Converts this ListOperationsRequest to JSON.
+                 * @function toJSON
+                 * @memberof google.longrunning.ListOperationsRequest
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                ListOperationsRequest.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for ListOperationsRequest
+                 * @function getTypeUrl
+                 * @memberof google.longrunning.ListOperationsRequest
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                ListOperationsRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.longrunning.ListOperationsRequest";
+                };
+    
+                return ListOperationsRequest;
+            })();
+    
+            longrunning.ListOperationsResponse = (function() {
+    
+                /**
+                 * Properties of a ListOperationsResponse.
+                 * @memberof google.longrunning
+                 * @interface IListOperationsResponse
+                 * @property {Array.<google.longrunning.IOperation>|null} [operations] ListOperationsResponse operations
+                 * @property {string|null} [nextPageToken] ListOperationsResponse nextPageToken
+                 */
+    
+                /**
+                 * Constructs a new ListOperationsResponse.
+                 * @memberof google.longrunning
+                 * @classdesc Represents a ListOperationsResponse.
+                 * @implements IListOperationsResponse
+                 * @constructor
+                 * @param {google.longrunning.IListOperationsResponse=} [properties] Properties to set
+                 */
+                function ListOperationsResponse(properties) {
+                    this.operations = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * ListOperationsResponse operations.
+                 * @member {Array.<google.longrunning.IOperation>} operations
+                 * @memberof google.longrunning.ListOperationsResponse
+                 * @instance
+                 */
+                ListOperationsResponse.prototype.operations = $util.emptyArray;
+    
+                /**
+                 * ListOperationsResponse nextPageToken.
+                 * @member {string} nextPageToken
+                 * @memberof google.longrunning.ListOperationsResponse
+                 * @instance
+                 */
+                ListOperationsResponse.prototype.nextPageToken = "";
+    
+                /**
+                 * Creates a new ListOperationsResponse instance using the specified properties.
+                 * @function create
+                 * @memberof google.longrunning.ListOperationsResponse
+                 * @static
+                 * @param {google.longrunning.IListOperationsResponse=} [properties] Properties to set
+                 * @returns {google.longrunning.ListOperationsResponse} ListOperationsResponse instance
+                 */
+                ListOperationsResponse.create = function create(properties) {
+                    return new ListOperationsResponse(properties);
+                };
+    
+                /**
+                 * Encodes the specified ListOperationsResponse message. Does not implicitly {@link google.longrunning.ListOperationsResponse.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.longrunning.ListOperationsResponse
+                 * @static
+                 * @param {google.longrunning.IListOperationsResponse} message ListOperationsResponse message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                ListOperationsResponse.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.operations != null && message.operations.length)
+                        for (var i = 0; i < message.operations.length; ++i)
+                            $root.google.longrunning.Operation.encode(message.operations[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim();
+                    if (message.nextPageToken != null && Object.hasOwnProperty.call(message, "nextPageToken"))
+                        writer.uint32(/* id 2, wireType 2 =*/18).string(message.nextPageToken);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified ListOperationsResponse message, length delimited. Does not implicitly {@link google.longrunning.ListOperationsResponse.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.longrunning.ListOperationsResponse
+                 * @static
+                 * @param {google.longrunning.IListOperationsResponse} message ListOperationsResponse message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                ListOperationsResponse.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a ListOperationsResponse message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.longrunning.ListOperationsResponse
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.longrunning.ListOperationsResponse} ListOperationsResponse
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                ListOperationsResponse.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.longrunning.ListOperationsResponse();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                if (!(message.operations && message.operations.length))
+                                    message.operations = [];
+                                message.operations.push($root.google.longrunning.Operation.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        case 2: {
+                                message.nextPageToken = reader.string();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a ListOperationsResponse message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.longrunning.ListOperationsResponse
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.longrunning.ListOperationsResponse} ListOperationsResponse
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                ListOperationsResponse.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a ListOperationsResponse message.
+                 * @function verify
+                 * @memberof google.longrunning.ListOperationsResponse
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                ListOperationsResponse.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.operations != null && message.hasOwnProperty("operations")) {
+                        if (!Array.isArray(message.operations))
+                            return "operations: array expected";
+                        for (var i = 0; i < message.operations.length; ++i) {
+                            var error = $root.google.longrunning.Operation.verify(message.operations[i]);
+                            if (error)
+                                return "operations." + error;
+                        }
+                    }
+                    if (message.nextPageToken != null && message.hasOwnProperty("nextPageToken"))
+                        if (!$util.isString(message.nextPageToken))
+                            return "nextPageToken: string expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates a ListOperationsResponse message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.longrunning.ListOperationsResponse
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.longrunning.ListOperationsResponse} ListOperationsResponse
+                 */
+                ListOperationsResponse.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.longrunning.ListOperationsResponse)
+                        return object;
+                    var message = new $root.google.longrunning.ListOperationsResponse();
+                    if (object.operations) {
+                        if (!Array.isArray(object.operations))
+                            throw TypeError(".google.longrunning.ListOperationsResponse.operations: array expected");
+                        message.operations = [];
+                        for (var i = 0; i < object.operations.length; ++i) {
+                            if (typeof object.operations[i] !== "object")
+                                throw TypeError(".google.longrunning.ListOperationsResponse.operations: object expected");
+                            message.operations[i] = $root.google.longrunning.Operation.fromObject(object.operations[i]);
+                        }
+                    }
+                    if (object.nextPageToken != null)
+                        message.nextPageToken = String(object.nextPageToken);
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a ListOperationsResponse message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.longrunning.ListOperationsResponse
+                 * @static
+                 * @param {google.longrunning.ListOperationsResponse} message ListOperationsResponse
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                ListOperationsResponse.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.operations = [];
+                    if (options.defaults)
+                        object.nextPageToken = "";
+                    if (message.operations && message.operations.length) {
+                        object.operations = [];
+                        for (var j = 0; j < message.operations.length; ++j)
+                            object.operations[j] = $root.google.longrunning.Operation.toObject(message.operations[j], options);
+                    }
+                    if (message.nextPageToken != null && message.hasOwnProperty("nextPageToken"))
+                        object.nextPageToken = message.nextPageToken;
+                    return object;
+                };
+    
+                /**
+                 * Converts this ListOperationsResponse to JSON.
+                 * @function toJSON
+                 * @memberof google.longrunning.ListOperationsResponse
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                ListOperationsResponse.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for ListOperationsResponse
+                 * @function getTypeUrl
+                 * @memberof google.longrunning.ListOperationsResponse
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                ListOperationsResponse.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.longrunning.ListOperationsResponse";
+                };
+    
+                return ListOperationsResponse;
+            })();
+    
+            longrunning.CancelOperationRequest = (function() {
+    
+                /**
+                 * Properties of a CancelOperationRequest.
+                 * @memberof google.longrunning
+                 * @interface ICancelOperationRequest
+                 * @property {string|null} [name] CancelOperationRequest name
+                 */
+    
+                /**
+                 * Constructs a new CancelOperationRequest.
+                 * @memberof google.longrunning
+                 * @classdesc Represents a CancelOperationRequest.
+                 * @implements ICancelOperationRequest
+                 * @constructor
+                 * @param {google.longrunning.ICancelOperationRequest=} [properties] Properties to set
+                 */
+                function CancelOperationRequest(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * CancelOperationRequest name.
+                 * @member {string} name
+                 * @memberof google.longrunning.CancelOperationRequest
+                 * @instance
+                 */
+                CancelOperationRequest.prototype.name = "";
+    
+                /**
+                 * Creates a new CancelOperationRequest instance using the specified properties.
+                 * @function create
+                 * @memberof google.longrunning.CancelOperationRequest
+                 * @static
+                 * @param {google.longrunning.ICancelOperationRequest=} [properties] Properties to set
+                 * @returns {google.longrunning.CancelOperationRequest} CancelOperationRequest instance
+                 */
+                CancelOperationRequest.create = function create(properties) {
+                    return new CancelOperationRequest(properties);
+                };
+    
+                /**
+                 * Encodes the specified CancelOperationRequest message. Does not implicitly {@link google.longrunning.CancelOperationRequest.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.longrunning.CancelOperationRequest
+                 * @static
+                 * @param {google.longrunning.ICancelOperationRequest} message CancelOperationRequest message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                CancelOperationRequest.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified CancelOperationRequest message, length delimited. Does not implicitly {@link google.longrunning.CancelOperationRequest.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.longrunning.CancelOperationRequest
+                 * @static
+                 * @param {google.longrunning.ICancelOperationRequest} message CancelOperationRequest message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                CancelOperationRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a CancelOperationRequest message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.longrunning.CancelOperationRequest
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.longrunning.CancelOperationRequest} CancelOperationRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                CancelOperationRequest.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.longrunning.CancelOperationRequest();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.name = reader.string();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a CancelOperationRequest message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.longrunning.CancelOperationRequest
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.longrunning.CancelOperationRequest} CancelOperationRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                CancelOperationRequest.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a CancelOperationRequest message.
+                 * @function verify
+                 * @memberof google.longrunning.CancelOperationRequest
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                CancelOperationRequest.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        if (!$util.isString(message.name))
+                            return "name: string expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates a CancelOperationRequest message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.longrunning.CancelOperationRequest
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.longrunning.CancelOperationRequest} CancelOperationRequest
+                 */
+                CancelOperationRequest.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.longrunning.CancelOperationRequest)
+                        return object;
+                    var message = new $root.google.longrunning.CancelOperationRequest();
+                    if (object.name != null)
+                        message.name = String(object.name);
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a CancelOperationRequest message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.longrunning.CancelOperationRequest
+                 * @static
+                 * @param {google.longrunning.CancelOperationRequest} message CancelOperationRequest
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                CancelOperationRequest.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults)
+                        object.name = "";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        object.name = message.name;
+                    return object;
+                };
+    
+                /**
+                 * Converts this CancelOperationRequest to JSON.
+                 * @function toJSON
+                 * @memberof google.longrunning.CancelOperationRequest
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                CancelOperationRequest.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for CancelOperationRequest
+                 * @function getTypeUrl
+                 * @memberof google.longrunning.CancelOperationRequest
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                CancelOperationRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.longrunning.CancelOperationRequest";
+                };
+    
+                return CancelOperationRequest;
+            })();
+    
+            longrunning.DeleteOperationRequest = (function() {
+    
+                /**
+                 * Properties of a DeleteOperationRequest.
+                 * @memberof google.longrunning
+                 * @interface IDeleteOperationRequest
+                 * @property {string|null} [name] DeleteOperationRequest name
+                 */
+    
+                /**
+                 * Constructs a new DeleteOperationRequest.
+                 * @memberof google.longrunning
+                 * @classdesc Represents a DeleteOperationRequest.
+                 * @implements IDeleteOperationRequest
+                 * @constructor
+                 * @param {google.longrunning.IDeleteOperationRequest=} [properties] Properties to set
+                 */
+                function DeleteOperationRequest(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * DeleteOperationRequest name.
+                 * @member {string} name
+                 * @memberof google.longrunning.DeleteOperationRequest
+                 * @instance
+                 */
+                DeleteOperationRequest.prototype.name = "";
+    
+                /**
+                 * Creates a new DeleteOperationRequest instance using the specified properties.
+                 * @function create
+                 * @memberof google.longrunning.DeleteOperationRequest
+                 * @static
+                 * @param {google.longrunning.IDeleteOperationRequest=} [properties] Properties to set
+                 * @returns {google.longrunning.DeleteOperationRequest} DeleteOperationRequest instance
+                 */
+                DeleteOperationRequest.create = function create(properties) {
+                    return new DeleteOperationRequest(properties);
+                };
+    
+                /**
+                 * Encodes the specified DeleteOperationRequest message. Does not implicitly {@link google.longrunning.DeleteOperationRequest.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.longrunning.DeleteOperationRequest
+                 * @static
+                 * @param {google.longrunning.IDeleteOperationRequest} message DeleteOperationRequest message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                DeleteOperationRequest.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified DeleteOperationRequest message, length delimited. Does not implicitly {@link google.longrunning.DeleteOperationRequest.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.longrunning.DeleteOperationRequest
+                 * @static
+                 * @param {google.longrunning.IDeleteOperationRequest} message DeleteOperationRequest message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                DeleteOperationRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a DeleteOperationRequest message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.longrunning.DeleteOperationRequest
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.longrunning.DeleteOperationRequest} DeleteOperationRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                DeleteOperationRequest.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.longrunning.DeleteOperationRequest();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.name = reader.string();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a DeleteOperationRequest message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.longrunning.DeleteOperationRequest
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.longrunning.DeleteOperationRequest} DeleteOperationRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                DeleteOperationRequest.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a DeleteOperationRequest message.
+                 * @function verify
+                 * @memberof google.longrunning.DeleteOperationRequest
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                DeleteOperationRequest.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        if (!$util.isString(message.name))
+                            return "name: string expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates a DeleteOperationRequest message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.longrunning.DeleteOperationRequest
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.longrunning.DeleteOperationRequest} DeleteOperationRequest
+                 */
+                DeleteOperationRequest.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.longrunning.DeleteOperationRequest)
+                        return object;
+                    var message = new $root.google.longrunning.DeleteOperationRequest();
+                    if (object.name != null)
+                        message.name = String(object.name);
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a DeleteOperationRequest message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.longrunning.DeleteOperationRequest
+                 * @static
+                 * @param {google.longrunning.DeleteOperationRequest} message DeleteOperationRequest
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                DeleteOperationRequest.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults)
+                        object.name = "";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        object.name = message.name;
+                    return object;
+                };
+    
+                /**
+                 * Converts this DeleteOperationRequest to JSON.
+                 * @function toJSON
+                 * @memberof google.longrunning.DeleteOperationRequest
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                DeleteOperationRequest.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for DeleteOperationRequest
+                 * @function getTypeUrl
+                 * @memberof google.longrunning.DeleteOperationRequest
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                DeleteOperationRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.longrunning.DeleteOperationRequest";
+                };
+    
+                return DeleteOperationRequest;
+            })();
+    
+            longrunning.WaitOperationRequest = (function() {
+    
+                /**
+                 * Properties of a WaitOperationRequest.
+                 * @memberof google.longrunning
+                 * @interface IWaitOperationRequest
+                 * @property {string|null} [name] WaitOperationRequest name
+                 * @property {google.protobuf.IDuration|null} [timeout] WaitOperationRequest timeout
+                 */
+    
+                /**
+                 * Constructs a new WaitOperationRequest.
+                 * @memberof google.longrunning
+                 * @classdesc Represents a WaitOperationRequest.
+                 * @implements IWaitOperationRequest
+                 * @constructor
+                 * @param {google.longrunning.IWaitOperationRequest=} [properties] Properties to set
+                 */
+                function WaitOperationRequest(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * WaitOperationRequest name.
+                 * @member {string} name
+                 * @memberof google.longrunning.WaitOperationRequest
+                 * @instance
+                 */
+                WaitOperationRequest.prototype.name = "";
+    
+                /**
+                 * WaitOperationRequest timeout.
+                 * @member {google.protobuf.IDuration|null|undefined} timeout
+                 * @memberof google.longrunning.WaitOperationRequest
+                 * @instance
+                 */
+                WaitOperationRequest.prototype.timeout = null;
+    
+                /**
+                 * Creates a new WaitOperationRequest instance using the specified properties.
+                 * @function create
+                 * @memberof google.longrunning.WaitOperationRequest
+                 * @static
+                 * @param {google.longrunning.IWaitOperationRequest=} [properties] Properties to set
+                 * @returns {google.longrunning.WaitOperationRequest} WaitOperationRequest instance
+                 */
+                WaitOperationRequest.create = function create(properties) {
+                    return new WaitOperationRequest(properties);
+                };
+    
+                /**
+                 * Encodes the specified WaitOperationRequest message. Does not implicitly {@link google.longrunning.WaitOperationRequest.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.longrunning.WaitOperationRequest
+                 * @static
+                 * @param {google.longrunning.IWaitOperationRequest} message WaitOperationRequest message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                WaitOperationRequest.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.name != null && Object.hasOwnProperty.call(message, "name"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.name);
+                    if (message.timeout != null && Object.hasOwnProperty.call(message, "timeout"))
+                        $root.google.protobuf.Duration.encode(message.timeout, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified WaitOperationRequest message, length delimited. Does not implicitly {@link google.longrunning.WaitOperationRequest.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.longrunning.WaitOperationRequest
+                 * @static
+                 * @param {google.longrunning.IWaitOperationRequest} message WaitOperationRequest message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                WaitOperationRequest.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a WaitOperationRequest message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.longrunning.WaitOperationRequest
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.longrunning.WaitOperationRequest} WaitOperationRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                WaitOperationRequest.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.longrunning.WaitOperationRequest();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.name = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                message.timeout = $root.google.protobuf.Duration.decode(reader, reader.uint32());
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a WaitOperationRequest message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.longrunning.WaitOperationRequest
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.longrunning.WaitOperationRequest} WaitOperationRequest
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                WaitOperationRequest.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a WaitOperationRequest message.
+                 * @function verify
+                 * @memberof google.longrunning.WaitOperationRequest
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                WaitOperationRequest.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        if (!$util.isString(message.name))
+                            return "name: string expected";
+                    if (message.timeout != null && message.hasOwnProperty("timeout")) {
+                        var error = $root.google.protobuf.Duration.verify(message.timeout);
+                        if (error)
+                            return "timeout." + error;
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates a WaitOperationRequest message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.longrunning.WaitOperationRequest
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.longrunning.WaitOperationRequest} WaitOperationRequest
+                 */
+                WaitOperationRequest.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.longrunning.WaitOperationRequest)
+                        return object;
+                    var message = new $root.google.longrunning.WaitOperationRequest();
+                    if (object.name != null)
+                        message.name = String(object.name);
+                    if (object.timeout != null) {
+                        if (typeof object.timeout !== "object")
+                            throw TypeError(".google.longrunning.WaitOperationRequest.timeout: object expected");
+                        message.timeout = $root.google.protobuf.Duration.fromObject(object.timeout);
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a WaitOperationRequest message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.longrunning.WaitOperationRequest
+                 * @static
+                 * @param {google.longrunning.WaitOperationRequest} message WaitOperationRequest
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                WaitOperationRequest.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults) {
+                        object.name = "";
+                        object.timeout = null;
+                    }
+                    if (message.name != null && message.hasOwnProperty("name"))
+                        object.name = message.name;
+                    if (message.timeout != null && message.hasOwnProperty("timeout"))
+                        object.timeout = $root.google.protobuf.Duration.toObject(message.timeout, options);
+                    return object;
+                };
+    
+                /**
+                 * Converts this WaitOperationRequest to JSON.
+                 * @function toJSON
+                 * @memberof google.longrunning.WaitOperationRequest
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                WaitOperationRequest.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for WaitOperationRequest
+                 * @function getTypeUrl
+                 * @memberof google.longrunning.WaitOperationRequest
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                WaitOperationRequest.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.longrunning.WaitOperationRequest";
+                };
+    
+                return WaitOperationRequest;
+            })();
+    
+            longrunning.OperationInfo = (function() {
+    
+                /**
+                 * Properties of an OperationInfo.
+                 * @memberof google.longrunning
+                 * @interface IOperationInfo
+                 * @property {string|null} [responseType] OperationInfo responseType
+                 * @property {string|null} [metadataType] OperationInfo metadataType
+                 */
+    
+                /**
+                 * Constructs a new OperationInfo.
+                 * @memberof google.longrunning
+                 * @classdesc Represents an OperationInfo.
+                 * @implements IOperationInfo
+                 * @constructor
+                 * @param {google.longrunning.IOperationInfo=} [properties] Properties to set
+                 */
+                function OperationInfo(properties) {
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * OperationInfo responseType.
+                 * @member {string} responseType
+                 * @memberof google.longrunning.OperationInfo
+                 * @instance
+                 */
+                OperationInfo.prototype.responseType = "";
+    
+                /**
+                 * OperationInfo metadataType.
+                 * @member {string} metadataType
+                 * @memberof google.longrunning.OperationInfo
+                 * @instance
+                 */
+                OperationInfo.prototype.metadataType = "";
+    
+                /**
+                 * Creates a new OperationInfo instance using the specified properties.
+                 * @function create
+                 * @memberof google.longrunning.OperationInfo
+                 * @static
+                 * @param {google.longrunning.IOperationInfo=} [properties] Properties to set
+                 * @returns {google.longrunning.OperationInfo} OperationInfo instance
+                 */
+                OperationInfo.create = function create(properties) {
+                    return new OperationInfo(properties);
+                };
+    
+                /**
+                 * Encodes the specified OperationInfo message. Does not implicitly {@link google.longrunning.OperationInfo.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.longrunning.OperationInfo
+                 * @static
+                 * @param {google.longrunning.IOperationInfo} message OperationInfo message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                OperationInfo.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.responseType != null && Object.hasOwnProperty.call(message, "responseType"))
+                        writer.uint32(/* id 1, wireType 2 =*/10).string(message.responseType);
+                    if (message.metadataType != null && Object.hasOwnProperty.call(message, "metadataType"))
+                        writer.uint32(/* id 2, wireType 2 =*/18).string(message.metadataType);
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified OperationInfo message, length delimited. Does not implicitly {@link google.longrunning.OperationInfo.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.longrunning.OperationInfo
+                 * @static
+                 * @param {google.longrunning.IOperationInfo} message OperationInfo message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                OperationInfo.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes an OperationInfo message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.longrunning.OperationInfo
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.longrunning.OperationInfo} OperationInfo
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                OperationInfo.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.longrunning.OperationInfo();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.responseType = reader.string();
+                                break;
+                            }
+                        case 2: {
+                                message.metadataType = reader.string();
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes an OperationInfo message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.longrunning.OperationInfo
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.longrunning.OperationInfo} OperationInfo
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                OperationInfo.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies an OperationInfo message.
+                 * @function verify
+                 * @memberof google.longrunning.OperationInfo
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                OperationInfo.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.responseType != null && message.hasOwnProperty("responseType"))
+                        if (!$util.isString(message.responseType))
+                            return "responseType: string expected";
+                    if (message.metadataType != null && message.hasOwnProperty("metadataType"))
+                        if (!$util.isString(message.metadataType))
+                            return "metadataType: string expected";
+                    return null;
+                };
+    
+                /**
+                 * Creates an OperationInfo message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.longrunning.OperationInfo
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.longrunning.OperationInfo} OperationInfo
+                 */
+                OperationInfo.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.longrunning.OperationInfo)
+                        return object;
+                    var message = new $root.google.longrunning.OperationInfo();
+                    if (object.responseType != null)
+                        message.responseType = String(object.responseType);
+                    if (object.metadataType != null)
+                        message.metadataType = String(object.metadataType);
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from an OperationInfo message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.longrunning.OperationInfo
+                 * @static
+                 * @param {google.longrunning.OperationInfo} message OperationInfo
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                OperationInfo.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.defaults) {
+                        object.responseType = "";
+                        object.metadataType = "";
+                    }
+                    if (message.responseType != null && message.hasOwnProperty("responseType"))
+                        object.responseType = message.responseType;
+                    if (message.metadataType != null && message.hasOwnProperty("metadataType"))
+                        object.metadataType = message.metadataType;
+                    return object;
+                };
+    
+                /**
+                 * Converts this OperationInfo to JSON.
+                 * @function toJSON
+                 * @memberof google.longrunning.OperationInfo
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                OperationInfo.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for OperationInfo
+                 * @function getTypeUrl
+                 * @memberof google.longrunning.OperationInfo
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                OperationInfo.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.longrunning.OperationInfo";
+                };
+    
+                return OperationInfo;
+            })();
+    
+            return longrunning;
+        })();
+    
+        google.rpc = (function() {
+    
+            /**
+             * Namespace rpc.
+             * @memberof google
+             * @namespace
+             */
+            var rpc = {};
+    
+            rpc.Status = (function() {
+    
+                /**
+                 * Properties of a Status.
+                 * @memberof google.rpc
+                 * @interface IStatus
+                 * @property {number|null} [code] Status code
+                 * @property {string|null} [message] Status message
+                 * @property {Array.<google.protobuf.IAny>|null} [details] Status details
+                 */
+    
+                /**
+                 * Constructs a new Status.
+                 * @memberof google.rpc
+                 * @classdesc Represents a Status.
+                 * @implements IStatus
+                 * @constructor
+                 * @param {google.rpc.IStatus=} [properties] Properties to set
+                 */
+                function Status(properties) {
+                    this.details = [];
+                    if (properties)
+                        for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
+                            if (properties[keys[i]] != null)
+                                this[keys[i]] = properties[keys[i]];
+                }
+    
+                /**
+                 * Status code.
+                 * @member {number} code
+                 * @memberof google.rpc.Status
+                 * @instance
+                 */
+                Status.prototype.code = 0;
+    
+                /**
+                 * Status message.
+                 * @member {string} message
+                 * @memberof google.rpc.Status
+                 * @instance
+                 */
+                Status.prototype.message = "";
+    
+                /**
+                 * Status details.
+                 * @member {Array.<google.protobuf.IAny>} details
+                 * @memberof google.rpc.Status
+                 * @instance
+                 */
+                Status.prototype.details = $util.emptyArray;
+    
+                /**
+                 * Creates a new Status instance using the specified properties.
+                 * @function create
+                 * @memberof google.rpc.Status
+                 * @static
+                 * @param {google.rpc.IStatus=} [properties] Properties to set
+                 * @returns {google.rpc.Status} Status instance
+                 */
+                Status.create = function create(properties) {
+                    return new Status(properties);
+                };
+    
+                /**
+                 * Encodes the specified Status message. Does not implicitly {@link google.rpc.Status.verify|verify} messages.
+                 * @function encode
+                 * @memberof google.rpc.Status
+                 * @static
+                 * @param {google.rpc.IStatus} message Status message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Status.encode = function encode(message, writer) {
+                    if (!writer)
+                        writer = $Writer.create();
+                    if (message.code != null && Object.hasOwnProperty.call(message, "code"))
+                        writer.uint32(/* id 1, wireType 0 =*/8).int32(message.code);
+                    if (message.message != null && Object.hasOwnProperty.call(message, "message"))
+                        writer.uint32(/* id 2, wireType 2 =*/18).string(message.message);
+                    if (message.details != null && message.details.length)
+                        for (var i = 0; i < message.details.length; ++i)
+                            $root.google.protobuf.Any.encode(message.details[i], writer.uint32(/* id 3, wireType 2 =*/26).fork()).ldelim();
+                    return writer;
+                };
+    
+                /**
+                 * Encodes the specified Status message, length delimited. Does not implicitly {@link google.rpc.Status.verify|verify} messages.
+                 * @function encodeDelimited
+                 * @memberof google.rpc.Status
+                 * @static
+                 * @param {google.rpc.IStatus} message Status message or plain object to encode
+                 * @param {$protobuf.Writer} [writer] Writer to encode to
+                 * @returns {$protobuf.Writer} Writer
+                 */
+                Status.encodeDelimited = function encodeDelimited(message, writer) {
+                    return this.encode(message, writer).ldelim();
+                };
+    
+                /**
+                 * Decodes a Status message from the specified reader or buffer.
+                 * @function decode
+                 * @memberof google.rpc.Status
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @param {number} [length] Message length if known beforehand
+                 * @returns {google.rpc.Status} Status
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Status.decode = function decode(reader, length) {
+                    if (!(reader instanceof $Reader))
+                        reader = $Reader.create(reader);
+                    var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.rpc.Status();
+                    while (reader.pos < end) {
+                        var tag = reader.uint32();
+                        switch (tag >>> 3) {
+                        case 1: {
+                                message.code = reader.int32();
+                                break;
+                            }
+                        case 2: {
+                                message.message = reader.string();
+                                break;
+                            }
+                        case 3: {
+                                if (!(message.details && message.details.length))
+                                    message.details = [];
+                                message.details.push($root.google.protobuf.Any.decode(reader, reader.uint32()));
+                                break;
+                            }
+                        default:
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Decodes a Status message from the specified reader or buffer, length delimited.
+                 * @function decodeDelimited
+                 * @memberof google.rpc.Status
+                 * @static
+                 * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from
+                 * @returns {google.rpc.Status} Status
+                 * @throws {Error} If the payload is not a reader or valid buffer
+                 * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                 */
+                Status.decodeDelimited = function decodeDelimited(reader) {
+                    if (!(reader instanceof $Reader))
+                        reader = new $Reader(reader);
+                    return this.decode(reader, reader.uint32());
+                };
+    
+                /**
+                 * Verifies a Status message.
+                 * @function verify
+                 * @memberof google.rpc.Status
+                 * @static
+                 * @param {Object.<string,*>} message Plain object to verify
+                 * @returns {string|null} `null` if valid, otherwise the reason why it is not
+                 */
+                Status.verify = function verify(message) {
+                    if (typeof message !== "object" || message === null)
+                        return "object expected";
+                    if (message.code != null && message.hasOwnProperty("code"))
+                        if (!$util.isInteger(message.code))
+                            return "code: integer expected";
+                    if (message.message != null && message.hasOwnProperty("message"))
+                        if (!$util.isString(message.message))
+                            return "message: string expected";
+                    if (message.details != null && message.hasOwnProperty("details")) {
+                        if (!Array.isArray(message.details))
+                            return "details: array expected";
+                        for (var i = 0; i < message.details.length; ++i) {
+                            var error = $root.google.protobuf.Any.verify(message.details[i]);
+                            if (error)
+                                return "details." + error;
+                        }
+                    }
+                    return null;
+                };
+    
+                /**
+                 * Creates a Status message from a plain object. Also converts values to their respective internal types.
+                 * @function fromObject
+                 * @memberof google.rpc.Status
+                 * @static
+                 * @param {Object.<string,*>} object Plain object
+                 * @returns {google.rpc.Status} Status
+                 */
+                Status.fromObject = function fromObject(object) {
+                    if (object instanceof $root.google.rpc.Status)
+                        return object;
+                    var message = new $root.google.rpc.Status();
+                    if (object.code != null)
+                        message.code = object.code | 0;
+                    if (object.message != null)
+                        message.message = String(object.message);
+                    if (object.details) {
+                        if (!Array.isArray(object.details))
+                            throw TypeError(".google.rpc.Status.details: array expected");
+                        message.details = [];
+                        for (var i = 0; i < object.details.length; ++i) {
+                            if (typeof object.details[i] !== "object")
+                                throw TypeError(".google.rpc.Status.details: object expected");
+                            message.details[i] = $root.google.protobuf.Any.fromObject(object.details[i]);
+                        }
+                    }
+                    return message;
+                };
+    
+                /**
+                 * Creates a plain object from a Status message. Also converts values to other types if specified.
+                 * @function toObject
+                 * @memberof google.rpc.Status
+                 * @static
+                 * @param {google.rpc.Status} message Status
+                 * @param {$protobuf.IConversionOptions} [options] Conversion options
+                 * @returns {Object.<string,*>} Plain object
+                 */
+                Status.toObject = function toObject(message, options) {
+                    if (!options)
+                        options = {};
+                    var object = {};
+                    if (options.arrays || options.defaults)
+                        object.details = [];
+                    if (options.defaults) {
+                        object.code = 0;
+                        object.message = "";
+                    }
+                    if (message.code != null && message.hasOwnProperty("code"))
+                        object.code = message.code;
+                    if (message.message != null && message.hasOwnProperty("message"))
+                        object.message = message.message;
+                    if (message.details && message.details.length) {
+                        object.details = [];
+                        for (var j = 0; j < message.details.length; ++j)
+                            object.details[j] = $root.google.protobuf.Any.toObject(message.details[j], options);
+                    }
+                    return object;
+                };
+    
+                /**
+                 * Converts this Status to JSON.
+                 * @function toJSON
+                 * @memberof google.rpc.Status
+                 * @instance
+                 * @returns {Object.<string,*>} JSON object
+                 */
+                Status.prototype.toJSON = function toJSON() {
+                    return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+                };
+    
+                /**
+                 * Gets the default type url for Status
+                 * @function getTypeUrl
+                 * @memberof google.rpc.Status
+                 * @static
+                 * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com")
+                 * @returns {string} The default type url
+                 */
+                Status.getTypeUrl = function getTypeUrl(typeUrlPrefix) {
+                    if (typeUrlPrefix === undefined) {
+                        typeUrlPrefix = "type.googleapis.com";
+                    }
+                    return typeUrlPrefix + "/google.rpc.Status";
+                };
+    
+                return Status;
+            })();
+    
+            return rpc;
+        })();
+    
+        return google;
+    })();
+
+    return $root;
+});
diff --git a/packages/google-identity-accesscontextmanager/protos/protos.json b/packages/google-identity-accesscontextmanager/protos/protos.json
new file mode 100644
index 00000000000..6b65417ee5d
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/protos/protos.json
@@ -0,0 +1,3380 @@
+{
+  "nested": {
+    "google": {
+      "nested": {
+        "identity": {
+          "nested": {
+            "accesscontextmanager": {
+              "nested": {
+                "type": {
+                  "options": {
+                    "csharp_namespace": "Google.Identity.AccessContextManager.Type",
+                    "go_package": "google.golang.org/genproto/googleapis/identity/accesscontextmanager/type",
+                    "java_package": "com.google.identity.accesscontextmanager.type",
+                    "java_multiple_files": true,
+                    "java_outer_classname": "TypeProto",
+                    "php_namespace": "Google\\Identity\\AccessContextManager\\Type",
+                    "ruby_package": "Google::Identity::AccessContextManager::Type"
+                  },
+                  "nested": {
+                    "DeviceEncryptionStatus": {
+                      "values": {
+                        "ENCRYPTION_UNSPECIFIED": 0,
+                        "ENCRYPTION_UNSUPPORTED": 1,
+                        "UNENCRYPTED": 2,
+                        "ENCRYPTED": 3
+                      }
+                    },
+                    "OsType": {
+                      "values": {
+                        "OS_UNSPECIFIED": 0,
+                        "DESKTOP_MAC": 1,
+                        "DESKTOP_WINDOWS": 2,
+                        "DESKTOP_LINUX": 3,
+                        "DESKTOP_CHROME_OS": 6,
+                        "ANDROID": 4,
+                        "IOS": 5
+                      }
+                    },
+                    "DeviceManagementLevel": {
+                      "values": {
+                        "MANAGEMENT_UNSPECIFIED": 0,
+                        "NONE": 1,
+                        "BASIC": 2,
+                        "COMPLETE": 3
+                      }
+                    }
+                  }
+                },
+                "v1": {
+                  "options": {
+                    "csharp_namespace": "Google.Identity.AccessContextManager.V1",
+                    "go_package": "google.golang.org/genproto/googleapis/identity/accesscontextmanager/v1;accesscontextmanager",
+                    "java_multiple_files": true,
+                    "java_outer_classname": "ServicePerimeterProto",
+                    "java_package": "com.google.identity.accesscontextmanager.v1",
+                    "objc_class_prefix": "GACM",
+                    "php_namespace": "Google\\Identity\\AccessContextManager\\V1",
+                    "ruby_package": "Google::Identity::AccessContextManager::V1"
+                  },
+                  "nested": {
+                    "AccessContextManager": {
+                      "options": {
+                        "(google.api.default_host)": "accesscontextmanager.googleapis.com",
+                        "(google.api.oauth_scopes)": "https://www.googleapis.com/auth/cloud-platform"
+                      },
+                      "methods": {
+                        "ListAccessPolicies": {
+                          "requestType": "ListAccessPoliciesRequest",
+                          "responseType": "ListAccessPoliciesResponse",
+                          "options": {
+                            "(google.api.http).get": "/v1/accessPolicies"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "get": "/v1/accessPolicies"
+                              }
+                            }
+                          ]
+                        },
+                        "GetAccessPolicy": {
+                          "requestType": "GetAccessPolicyRequest",
+                          "responseType": "AccessPolicy",
+                          "options": {
+                            "(google.api.http).get": "/v1/{name=accessPolicies/*}",
+                            "(google.api.method_signature)": "name"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "get": "/v1/{name=accessPolicies/*}"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "name"
+                            }
+                          ]
+                        },
+                        "CreateAccessPolicy": {
+                          "requestType": "AccessPolicy",
+                          "responseType": "google.longrunning.Operation",
+                          "options": {
+                            "(google.api.http).post": "/v1/accessPolicies",
+                            "(google.api.http).body": "*",
+                            "(google.longrunning.operation_info).response_type": "AccessPolicy",
+                            "(google.longrunning.operation_info).metadata_type": "AccessContextManagerOperationMetadata"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "post": "/v1/accessPolicies",
+                                "body": "*"
+                              }
+                            },
+                            {
+                              "(google.longrunning.operation_info)": {
+                                "response_type": "AccessPolicy",
+                                "metadata_type": "AccessContextManagerOperationMetadata"
+                              }
+                            }
+                          ]
+                        },
+                        "UpdateAccessPolicy": {
+                          "requestType": "UpdateAccessPolicyRequest",
+                          "responseType": "google.longrunning.Operation",
+                          "options": {
+                            "(google.api.http).patch": "/v1/{policy.name=accessPolicies/*}",
+                            "(google.api.http).body": "policy",
+                            "(google.api.method_signature)": "policy,update_mask",
+                            "(google.longrunning.operation_info).response_type": "AccessPolicy",
+                            "(google.longrunning.operation_info).metadata_type": "AccessContextManagerOperationMetadata"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "patch": "/v1/{policy.name=accessPolicies/*}",
+                                "body": "policy"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "policy,update_mask"
+                            },
+                            {
+                              "(google.longrunning.operation_info)": {
+                                "response_type": "AccessPolicy",
+                                "metadata_type": "AccessContextManagerOperationMetadata"
+                              }
+                            }
+                          ]
+                        },
+                        "DeleteAccessPolicy": {
+                          "requestType": "DeleteAccessPolicyRequest",
+                          "responseType": "google.longrunning.Operation",
+                          "options": {
+                            "(google.api.http).delete": "/v1/{name=accessPolicies/*}",
+                            "(google.api.method_signature)": "name",
+                            "(google.longrunning.operation_info).response_type": "google.protobuf.Empty",
+                            "(google.longrunning.operation_info).metadata_type": "AccessContextManagerOperationMetadata"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "delete": "/v1/{name=accessPolicies/*}"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "name"
+                            },
+                            {
+                              "(google.longrunning.operation_info)": {
+                                "response_type": "google.protobuf.Empty",
+                                "metadata_type": "AccessContextManagerOperationMetadata"
+                              }
+                            }
+                          ]
+                        },
+                        "ListAccessLevels": {
+                          "requestType": "ListAccessLevelsRequest",
+                          "responseType": "ListAccessLevelsResponse",
+                          "options": {
+                            "(google.api.http).get": "/v1/{parent=accessPolicies/*}/accessLevels",
+                            "(google.api.method_signature)": "parent"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "get": "/v1/{parent=accessPolicies/*}/accessLevels"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "parent"
+                            }
+                          ]
+                        },
+                        "GetAccessLevel": {
+                          "requestType": "GetAccessLevelRequest",
+                          "responseType": "AccessLevel",
+                          "options": {
+                            "(google.api.http).get": "/v1/{name=accessPolicies/*/accessLevels/*}",
+                            "(google.api.method_signature)": "name"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "get": "/v1/{name=accessPolicies/*/accessLevels/*}"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "name"
+                            }
+                          ]
+                        },
+                        "CreateAccessLevel": {
+                          "requestType": "CreateAccessLevelRequest",
+                          "responseType": "google.longrunning.Operation",
+                          "options": {
+                            "(google.api.http).post": "/v1/{parent=accessPolicies/*}/accessLevels",
+                            "(google.api.http).body": "access_level",
+                            "(google.api.method_signature)": "parent,access_level",
+                            "(google.longrunning.operation_info).response_type": "AccessLevel",
+                            "(google.longrunning.operation_info).metadata_type": "AccessContextManagerOperationMetadata"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "post": "/v1/{parent=accessPolicies/*}/accessLevels",
+                                "body": "access_level"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "parent,access_level"
+                            },
+                            {
+                              "(google.longrunning.operation_info)": {
+                                "response_type": "AccessLevel",
+                                "metadata_type": "AccessContextManagerOperationMetadata"
+                              }
+                            }
+                          ]
+                        },
+                        "UpdateAccessLevel": {
+                          "requestType": "UpdateAccessLevelRequest",
+                          "responseType": "google.longrunning.Operation",
+                          "options": {
+                            "(google.api.http).patch": "/v1/{access_level.name=accessPolicies/*/accessLevels/*}",
+                            "(google.api.http).body": "access_level",
+                            "(google.api.method_signature)": "access_level,update_mask",
+                            "(google.longrunning.operation_info).response_type": "AccessLevel",
+                            "(google.longrunning.operation_info).metadata_type": "AccessContextManagerOperationMetadata"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "patch": "/v1/{access_level.name=accessPolicies/*/accessLevels/*}",
+                                "body": "access_level"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "access_level,update_mask"
+                            },
+                            {
+                              "(google.longrunning.operation_info)": {
+                                "response_type": "AccessLevel",
+                                "metadata_type": "AccessContextManagerOperationMetadata"
+                              }
+                            }
+                          ]
+                        },
+                        "DeleteAccessLevel": {
+                          "requestType": "DeleteAccessLevelRequest",
+                          "responseType": "google.longrunning.Operation",
+                          "options": {
+                            "(google.api.http).delete": "/v1/{name=accessPolicies/*/accessLevels/*}",
+                            "(google.api.method_signature)": "name",
+                            "(google.longrunning.operation_info).response_type": "google.protobuf.Empty",
+                            "(google.longrunning.operation_info).metadata_type": "AccessContextManagerOperationMetadata"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "delete": "/v1/{name=accessPolicies/*/accessLevels/*}"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "name"
+                            },
+                            {
+                              "(google.longrunning.operation_info)": {
+                                "response_type": "google.protobuf.Empty",
+                                "metadata_type": "AccessContextManagerOperationMetadata"
+                              }
+                            }
+                          ]
+                        },
+                        "ReplaceAccessLevels": {
+                          "requestType": "ReplaceAccessLevelsRequest",
+                          "responseType": "google.longrunning.Operation",
+                          "options": {
+                            "(google.api.http).post": "/v1/{parent=accessPolicies/*}/accessLevels:replaceAll",
+                            "(google.api.http).body": "*",
+                            "(google.longrunning.operation_info).response_type": "ReplaceAccessLevelsResponse",
+                            "(google.longrunning.operation_info).metadata_type": "AccessContextManagerOperationMetadata"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "post": "/v1/{parent=accessPolicies/*}/accessLevels:replaceAll",
+                                "body": "*"
+                              }
+                            },
+                            {
+                              "(google.longrunning.operation_info)": {
+                                "response_type": "ReplaceAccessLevelsResponse",
+                                "metadata_type": "AccessContextManagerOperationMetadata"
+                              }
+                            }
+                          ]
+                        },
+                        "ListServicePerimeters": {
+                          "requestType": "ListServicePerimetersRequest",
+                          "responseType": "ListServicePerimetersResponse",
+                          "options": {
+                            "(google.api.http).get": "/v1/{parent=accessPolicies/*}/servicePerimeters",
+                            "(google.api.method_signature)": "parent"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "get": "/v1/{parent=accessPolicies/*}/servicePerimeters"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "parent"
+                            }
+                          ]
+                        },
+                        "GetServicePerimeter": {
+                          "requestType": "GetServicePerimeterRequest",
+                          "responseType": "ServicePerimeter",
+                          "options": {
+                            "(google.api.http).get": "/v1/{name=accessPolicies/*/servicePerimeters/*}",
+                            "(google.api.method_signature)": "name"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "get": "/v1/{name=accessPolicies/*/servicePerimeters/*}"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "name"
+                            }
+                          ]
+                        },
+                        "CreateServicePerimeter": {
+                          "requestType": "CreateServicePerimeterRequest",
+                          "responseType": "google.longrunning.Operation",
+                          "options": {
+                            "(google.api.http).post": "/v1/{parent=accessPolicies/*}/servicePerimeters",
+                            "(google.api.http).body": "service_perimeter",
+                            "(google.api.method_signature)": "parent,service_perimeter",
+                            "(google.longrunning.operation_info).response_type": "ServicePerimeter",
+                            "(google.longrunning.operation_info).metadata_type": "AccessContextManagerOperationMetadata"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "post": "/v1/{parent=accessPolicies/*}/servicePerimeters",
+                                "body": "service_perimeter"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "parent,service_perimeter"
+                            },
+                            {
+                              "(google.longrunning.operation_info)": {
+                                "response_type": "ServicePerimeter",
+                                "metadata_type": "AccessContextManagerOperationMetadata"
+                              }
+                            }
+                          ]
+                        },
+                        "UpdateServicePerimeter": {
+                          "requestType": "UpdateServicePerimeterRequest",
+                          "responseType": "google.longrunning.Operation",
+                          "options": {
+                            "(google.api.http).patch": "/v1/{service_perimeter.name=accessPolicies/*/servicePerimeters/*}",
+                            "(google.api.http).body": "service_perimeter",
+                            "(google.api.method_signature)": "service_perimeter,update_mask",
+                            "(google.longrunning.operation_info).response_type": "ServicePerimeter",
+                            "(google.longrunning.operation_info).metadata_type": "AccessContextManagerOperationMetadata"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "patch": "/v1/{service_perimeter.name=accessPolicies/*/servicePerimeters/*}",
+                                "body": "service_perimeter"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "service_perimeter,update_mask"
+                            },
+                            {
+                              "(google.longrunning.operation_info)": {
+                                "response_type": "ServicePerimeter",
+                                "metadata_type": "AccessContextManagerOperationMetadata"
+                              }
+                            }
+                          ]
+                        },
+                        "DeleteServicePerimeter": {
+                          "requestType": "DeleteServicePerimeterRequest",
+                          "responseType": "google.longrunning.Operation",
+                          "options": {
+                            "(google.api.http).delete": "/v1/{name=accessPolicies/*/servicePerimeters/*}",
+                            "(google.api.method_signature)": "name",
+                            "(google.longrunning.operation_info).response_type": "google.protobuf.Empty",
+                            "(google.longrunning.operation_info).metadata_type": "AccessContextManagerOperationMetadata"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "delete": "/v1/{name=accessPolicies/*/servicePerimeters/*}"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "name"
+                            },
+                            {
+                              "(google.longrunning.operation_info)": {
+                                "response_type": "google.protobuf.Empty",
+                                "metadata_type": "AccessContextManagerOperationMetadata"
+                              }
+                            }
+                          ]
+                        },
+                        "ReplaceServicePerimeters": {
+                          "requestType": "ReplaceServicePerimetersRequest",
+                          "responseType": "google.longrunning.Operation",
+                          "options": {
+                            "(google.api.http).post": "/v1/{parent=accessPolicies/*}/servicePerimeters:replaceAll",
+                            "(google.api.http).body": "*",
+                            "(google.longrunning.operation_info).response_type": "ReplaceServicePerimetersResponse",
+                            "(google.longrunning.operation_info).metadata_type": "AccessContextManagerOperationMetadata"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "post": "/v1/{parent=accessPolicies/*}/servicePerimeters:replaceAll",
+                                "body": "*"
+                              }
+                            },
+                            {
+                              "(google.longrunning.operation_info)": {
+                                "response_type": "ReplaceServicePerimetersResponse",
+                                "metadata_type": "AccessContextManagerOperationMetadata"
+                              }
+                            }
+                          ]
+                        },
+                        "CommitServicePerimeters": {
+                          "requestType": "CommitServicePerimetersRequest",
+                          "responseType": "google.longrunning.Operation",
+                          "options": {
+                            "(google.api.http).post": "/v1/{parent=accessPolicies/*}/servicePerimeters:commit",
+                            "(google.api.http).body": "*",
+                            "(google.longrunning.operation_info).response_type": "CommitServicePerimetersResponse",
+                            "(google.longrunning.operation_info).metadata_type": "AccessContextManagerOperationMetadata"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "post": "/v1/{parent=accessPolicies/*}/servicePerimeters:commit",
+                                "body": "*"
+                              }
+                            },
+                            {
+                              "(google.longrunning.operation_info)": {
+                                "response_type": "CommitServicePerimetersResponse",
+                                "metadata_type": "AccessContextManagerOperationMetadata"
+                              }
+                            }
+                          ]
+                        },
+                        "ListGcpUserAccessBindings": {
+                          "requestType": "ListGcpUserAccessBindingsRequest",
+                          "responseType": "ListGcpUserAccessBindingsResponse",
+                          "options": {
+                            "(google.api.http).get": "/v1/{parent=organizations/*}/gcpUserAccessBindings",
+                            "(google.api.method_signature)": "parent"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "get": "/v1/{parent=organizations/*}/gcpUserAccessBindings"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "parent"
+                            }
+                          ]
+                        },
+                        "GetGcpUserAccessBinding": {
+                          "requestType": "GetGcpUserAccessBindingRequest",
+                          "responseType": "GcpUserAccessBinding",
+                          "options": {
+                            "(google.api.http).get": "/v1/{name=organizations/*/gcpUserAccessBindings/*}",
+                            "(google.api.method_signature)": "name"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "get": "/v1/{name=organizations/*/gcpUserAccessBindings/*}"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "name"
+                            }
+                          ]
+                        },
+                        "CreateGcpUserAccessBinding": {
+                          "requestType": "CreateGcpUserAccessBindingRequest",
+                          "responseType": "google.longrunning.Operation",
+                          "options": {
+                            "(google.api.http).post": "/v1/{parent=organizations/*}/gcpUserAccessBindings",
+                            "(google.api.http).body": "gcp_user_access_binding",
+                            "(google.api.method_signature)": "parent,gcp_user_access_binding",
+                            "(google.longrunning.operation_info).response_type": "GcpUserAccessBinding",
+                            "(google.longrunning.operation_info).metadata_type": "GcpUserAccessBindingOperationMetadata"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "post": "/v1/{parent=organizations/*}/gcpUserAccessBindings",
+                                "body": "gcp_user_access_binding"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "parent,gcp_user_access_binding"
+                            },
+                            {
+                              "(google.longrunning.operation_info)": {
+                                "response_type": "GcpUserAccessBinding",
+                                "metadata_type": "GcpUserAccessBindingOperationMetadata"
+                              }
+                            }
+                          ]
+                        },
+                        "UpdateGcpUserAccessBinding": {
+                          "requestType": "UpdateGcpUserAccessBindingRequest",
+                          "responseType": "google.longrunning.Operation",
+                          "options": {
+                            "(google.api.http).patch": "/v1/{gcp_user_access_binding.name=organizations/*/gcpUserAccessBindings/*}",
+                            "(google.api.http).body": "gcp_user_access_binding",
+                            "(google.api.method_signature)": "gcp_user_access_binding,update_mask",
+                            "(google.longrunning.operation_info).response_type": "GcpUserAccessBinding",
+                            "(google.longrunning.operation_info).metadata_type": "GcpUserAccessBindingOperationMetadata"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "patch": "/v1/{gcp_user_access_binding.name=organizations/*/gcpUserAccessBindings/*}",
+                                "body": "gcp_user_access_binding"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "gcp_user_access_binding,update_mask"
+                            },
+                            {
+                              "(google.longrunning.operation_info)": {
+                                "response_type": "GcpUserAccessBinding",
+                                "metadata_type": "GcpUserAccessBindingOperationMetadata"
+                              }
+                            }
+                          ]
+                        },
+                        "DeleteGcpUserAccessBinding": {
+                          "requestType": "DeleteGcpUserAccessBindingRequest",
+                          "responseType": "google.longrunning.Operation",
+                          "options": {
+                            "(google.api.http).delete": "/v1/{name=organizations/*/gcpUserAccessBindings/*}",
+                            "(google.api.method_signature)": "name",
+                            "(google.longrunning.operation_info).response_type": "google.protobuf.Empty",
+                            "(google.longrunning.operation_info).metadata_type": "GcpUserAccessBindingOperationMetadata"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "delete": "/v1/{name=organizations/*/gcpUserAccessBindings/*}"
+                              }
+                            },
+                            {
+                              "(google.api.method_signature)": "name"
+                            },
+                            {
+                              "(google.longrunning.operation_info)": {
+                                "response_type": "google.protobuf.Empty",
+                                "metadata_type": "GcpUserAccessBindingOperationMetadata"
+                              }
+                            }
+                          ]
+                        },
+                        "SetIamPolicy": {
+                          "requestType": "google.iam.v1.SetIamPolicyRequest",
+                          "responseType": "google.iam.v1.Policy",
+                          "options": {
+                            "(google.api.http).post": "/v1/{resource=accessPolicies/*}:setIamPolicy",
+                            "(google.api.http).body": "*"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "post": "/v1/{resource=accessPolicies/*}:setIamPolicy",
+                                "body": "*"
+                              }
+                            }
+                          ]
+                        },
+                        "GetIamPolicy": {
+                          "requestType": "google.iam.v1.GetIamPolicyRequest",
+                          "responseType": "google.iam.v1.Policy",
+                          "options": {
+                            "(google.api.http).post": "/v1/{resource=accessPolicies/*}:getIamPolicy",
+                            "(google.api.http).body": "*"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "post": "/v1/{resource=accessPolicies/*}:getIamPolicy",
+                                "body": "*"
+                              }
+                            }
+                          ]
+                        },
+                        "TestIamPermissions": {
+                          "requestType": "google.iam.v1.TestIamPermissionsRequest",
+                          "responseType": "google.iam.v1.TestIamPermissionsResponse",
+                          "options": {
+                            "(google.api.http).post": "/v1/{resource=accessPolicies/*}:testIamPermissions",
+                            "(google.api.http).body": "*",
+                            "(google.api.http).additional_bindings.post": "/v1/{resource=accessPolicies/*/servicePerimeters/*}:testIamPermissions",
+                            "(google.api.http).additional_bindings.body": "*"
+                          },
+                          "parsedOptions": [
+                            {
+                              "(google.api.http)": {
+                                "post": "/v1/{resource=accessPolicies/*}:testIamPermissions",
+                                "body": "*",
+                                "additional_bindings": [
+                                  {
+                                    "post": "/v1/{resource=accessPolicies/*/accessLevels/*}:testIamPermissions",
+                                    "body": "*"
+                                  },
+                                  {
+                                    "post": "/v1/{resource=accessPolicies/*/servicePerimeters/*}:testIamPermissions",
+                                    "body": "*"
+                                  }
+                                ]
+                              }
+                            }
+                          ]
+                        }
+                      }
+                    },
+                    "ListAccessPoliciesRequest": {
+                      "fields": {
+                        "parent": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).type": "cloudresourcemanager.googleapis.com/Organization"
+                          }
+                        },
+                        "pageSize": {
+                          "type": "int32",
+                          "id": 2
+                        },
+                        "pageToken": {
+                          "type": "string",
+                          "id": 3
+                        }
+                      }
+                    },
+                    "ListAccessPoliciesResponse": {
+                      "fields": {
+                        "accessPolicies": {
+                          "rule": "repeated",
+                          "type": "AccessPolicy",
+                          "id": 1
+                        },
+                        "nextPageToken": {
+                          "type": "string",
+                          "id": 2
+                        }
+                      }
+                    },
+                    "GetAccessPolicyRequest": {
+                      "fields": {
+                        "name": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).type": "accesscontextmanager.googleapis.com/AccessPolicy"
+                          }
+                        }
+                      }
+                    },
+                    "UpdateAccessPolicyRequest": {
+                      "fields": {
+                        "policy": {
+                          "type": "AccessPolicy",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED"
+                          }
+                        },
+                        "updateMask": {
+                          "type": "google.protobuf.FieldMask",
+                          "id": 2,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED"
+                          }
+                        }
+                      }
+                    },
+                    "DeleteAccessPolicyRequest": {
+                      "fields": {
+                        "name": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).type": "accesscontextmanager.googleapis.com/AccessPolicy"
+                          }
+                        }
+                      }
+                    },
+                    "ListAccessLevelsRequest": {
+                      "fields": {
+                        "parent": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).child_type": "accesscontextmanager.googleapis.com/AccessLevel"
+                          }
+                        },
+                        "pageSize": {
+                          "type": "int32",
+                          "id": 2
+                        },
+                        "pageToken": {
+                          "type": "string",
+                          "id": 3
+                        },
+                        "accessLevelFormat": {
+                          "type": "LevelFormat",
+                          "id": 4
+                        }
+                      }
+                    },
+                    "ListAccessLevelsResponse": {
+                      "fields": {
+                        "accessLevels": {
+                          "rule": "repeated",
+                          "type": "AccessLevel",
+                          "id": 1
+                        },
+                        "nextPageToken": {
+                          "type": "string",
+                          "id": 2
+                        }
+                      }
+                    },
+                    "GetAccessLevelRequest": {
+                      "fields": {
+                        "name": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).type": "accesscontextmanager.googleapis.com/AccessLevel"
+                          }
+                        },
+                        "accessLevelFormat": {
+                          "type": "LevelFormat",
+                          "id": 2
+                        }
+                      }
+                    },
+                    "CreateAccessLevelRequest": {
+                      "fields": {
+                        "parent": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).child_type": "accesscontextmanager.googleapis.com/AccessLevel"
+                          }
+                        },
+                        "accessLevel": {
+                          "type": "AccessLevel",
+                          "id": 2,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED"
+                          }
+                        }
+                      }
+                    },
+                    "UpdateAccessLevelRequest": {
+                      "fields": {
+                        "accessLevel": {
+                          "type": "AccessLevel",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED"
+                          }
+                        },
+                        "updateMask": {
+                          "type": "google.protobuf.FieldMask",
+                          "id": 2,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED"
+                          }
+                        }
+                      }
+                    },
+                    "DeleteAccessLevelRequest": {
+                      "fields": {
+                        "name": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).type": "accesscontextmanager.googleapis.com/AccessLevel"
+                          }
+                        }
+                      }
+                    },
+                    "ReplaceAccessLevelsRequest": {
+                      "fields": {
+                        "parent": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).child_type": "accesscontextmanager.googleapis.com/AccessLevel"
+                          }
+                        },
+                        "accessLevels": {
+                          "rule": "repeated",
+                          "type": "AccessLevel",
+                          "id": 2,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED"
+                          }
+                        },
+                        "etag": {
+                          "type": "string",
+                          "id": 4
+                        }
+                      }
+                    },
+                    "ReplaceAccessLevelsResponse": {
+                      "fields": {
+                        "accessLevels": {
+                          "rule": "repeated",
+                          "type": "AccessLevel",
+                          "id": 1
+                        }
+                      }
+                    },
+                    "ListServicePerimetersRequest": {
+                      "fields": {
+                        "parent": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).child_type": "accesscontextmanager.googleapis.com/ServicePerimeter"
+                          }
+                        },
+                        "pageSize": {
+                          "type": "int32",
+                          "id": 2
+                        },
+                        "pageToken": {
+                          "type": "string",
+                          "id": 3
+                        }
+                      }
+                    },
+                    "ListServicePerimetersResponse": {
+                      "fields": {
+                        "servicePerimeters": {
+                          "rule": "repeated",
+                          "type": "ServicePerimeter",
+                          "id": 1
+                        },
+                        "nextPageToken": {
+                          "type": "string",
+                          "id": 2
+                        }
+                      }
+                    },
+                    "GetServicePerimeterRequest": {
+                      "fields": {
+                        "name": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).type": "accesscontextmanager.googleapis.com/ServicePerimeter"
+                          }
+                        }
+                      }
+                    },
+                    "CreateServicePerimeterRequest": {
+                      "fields": {
+                        "parent": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).child_type": "accesscontextmanager.googleapis.com/ServicePerimeter"
+                          }
+                        },
+                        "servicePerimeter": {
+                          "type": "ServicePerimeter",
+                          "id": 2,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED"
+                          }
+                        }
+                      }
+                    },
+                    "UpdateServicePerimeterRequest": {
+                      "fields": {
+                        "servicePerimeter": {
+                          "type": "ServicePerimeter",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED"
+                          }
+                        },
+                        "updateMask": {
+                          "type": "google.protobuf.FieldMask",
+                          "id": 2,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED"
+                          }
+                        }
+                      }
+                    },
+                    "DeleteServicePerimeterRequest": {
+                      "fields": {
+                        "name": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).type": "accesscontextmanager.googleapis.com/ServicePerimeter"
+                          }
+                        }
+                      }
+                    },
+                    "ReplaceServicePerimetersRequest": {
+                      "fields": {
+                        "parent": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).child_type": "accesscontextmanager.googleapis.com/ServicePerimeter"
+                          }
+                        },
+                        "servicePerimeters": {
+                          "rule": "repeated",
+                          "type": "ServicePerimeter",
+                          "id": 2,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED"
+                          }
+                        },
+                        "etag": {
+                          "type": "string",
+                          "id": 3
+                        }
+                      }
+                    },
+                    "ReplaceServicePerimetersResponse": {
+                      "fields": {
+                        "servicePerimeters": {
+                          "rule": "repeated",
+                          "type": "ServicePerimeter",
+                          "id": 1
+                        }
+                      }
+                    },
+                    "CommitServicePerimetersRequest": {
+                      "fields": {
+                        "parent": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).child_type": "accesscontextmanager.googleapis.com/ServicePerimeter"
+                          }
+                        },
+                        "etag": {
+                          "type": "string",
+                          "id": 2
+                        }
+                      }
+                    },
+                    "CommitServicePerimetersResponse": {
+                      "fields": {
+                        "servicePerimeters": {
+                          "rule": "repeated",
+                          "type": "ServicePerimeter",
+                          "id": 1
+                        }
+                      }
+                    },
+                    "LevelFormat": {
+                      "values": {
+                        "LEVEL_FORMAT_UNSPECIFIED": 0,
+                        "AS_DEFINED": 1,
+                        "CEL": 2
+                      }
+                    },
+                    "ListGcpUserAccessBindingsRequest": {
+                      "fields": {
+                        "parent": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).type": "cloudresourcemanager.googleapis.com/Organization"
+                          }
+                        },
+                        "pageSize": {
+                          "type": "int32",
+                          "id": 2,
+                          "options": {
+                            "(google.api.field_behavior)": "OPTIONAL"
+                          }
+                        },
+                        "pageToken": {
+                          "type": "string",
+                          "id": 3,
+                          "options": {
+                            "(google.api.field_behavior)": "OPTIONAL"
+                          }
+                        }
+                      }
+                    },
+                    "ListGcpUserAccessBindingsResponse": {
+                      "fields": {
+                        "gcpUserAccessBindings": {
+                          "rule": "repeated",
+                          "type": "GcpUserAccessBinding",
+                          "id": 1
+                        },
+                        "nextPageToken": {
+                          "type": "string",
+                          "id": 2
+                        }
+                      }
+                    },
+                    "GetGcpUserAccessBindingRequest": {
+                      "fields": {
+                        "name": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).type": "accesscontextmanager.googleapis.com/GcpUserAccessBinding"
+                          }
+                        }
+                      }
+                    },
+                    "CreateGcpUserAccessBindingRequest": {
+                      "fields": {
+                        "parent": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).type": "cloudresourcemanager.googleapis.com/Organization"
+                          }
+                        },
+                        "gcpUserAccessBinding": {
+                          "type": "GcpUserAccessBinding",
+                          "id": 2,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED"
+                          }
+                        }
+                      }
+                    },
+                    "UpdateGcpUserAccessBindingRequest": {
+                      "fields": {
+                        "gcpUserAccessBinding": {
+                          "type": "GcpUserAccessBinding",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED"
+                          }
+                        },
+                        "updateMask": {
+                          "type": "google.protobuf.FieldMask",
+                          "id": 2,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED"
+                          }
+                        }
+                      }
+                    },
+                    "DeleteGcpUserAccessBindingRequest": {
+                      "fields": {
+                        "name": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).type": "accesscontextmanager.googleapis.com/GcpUserAccessBinding"
+                          }
+                        }
+                      }
+                    },
+                    "GcpUserAccessBindingOperationMetadata": {
+                      "fields": {}
+                    },
+                    "AccessContextManagerOperationMetadata": {
+                      "fields": {}
+                    },
+                    "AccessLevel": {
+                      "options": {
+                        "(google.api.resource).type": "accesscontextmanager.googleapis.com/AccessLevel",
+                        "(google.api.resource).pattern": "accessPolicies/{access_policy}/accessLevels/{access_level}"
+                      },
+                      "oneofs": {
+                        "level": {
+                          "oneof": [
+                            "basic",
+                            "custom"
+                          ]
+                        }
+                      },
+                      "fields": {
+                        "name": {
+                          "type": "string",
+                          "id": 1
+                        },
+                        "title": {
+                          "type": "string",
+                          "id": 2
+                        },
+                        "description": {
+                          "type": "string",
+                          "id": 3
+                        },
+                        "basic": {
+                          "type": "BasicLevel",
+                          "id": 4
+                        },
+                        "custom": {
+                          "type": "CustomLevel",
+                          "id": 5
+                        },
+                        "createTime": {
+                          "type": "google.protobuf.Timestamp",
+                          "id": 6
+                        },
+                        "updateTime": {
+                          "type": "google.protobuf.Timestamp",
+                          "id": 7
+                        }
+                      }
+                    },
+                    "BasicLevel": {
+                      "fields": {
+                        "conditions": {
+                          "rule": "repeated",
+                          "type": "Condition",
+                          "id": 1
+                        },
+                        "combiningFunction": {
+                          "type": "ConditionCombiningFunction",
+                          "id": 2
+                        }
+                      },
+                      "nested": {
+                        "ConditionCombiningFunction": {
+                          "values": {
+                            "AND": 0,
+                            "OR": 1
+                          }
+                        }
+                      }
+                    },
+                    "Condition": {
+                      "fields": {
+                        "ipSubnetworks": {
+                          "rule": "repeated",
+                          "type": "string",
+                          "id": 1
+                        },
+                        "devicePolicy": {
+                          "type": "DevicePolicy",
+                          "id": 2
+                        },
+                        "requiredAccessLevels": {
+                          "rule": "repeated",
+                          "type": "string",
+                          "id": 3
+                        },
+                        "negate": {
+                          "type": "bool",
+                          "id": 5
+                        },
+                        "members": {
+                          "rule": "repeated",
+                          "type": "string",
+                          "id": 6
+                        },
+                        "regions": {
+                          "rule": "repeated",
+                          "type": "string",
+                          "id": 7
+                        }
+                      }
+                    },
+                    "CustomLevel": {
+                      "fields": {
+                        "expr": {
+                          "type": "google.type.Expr",
+                          "id": 1
+                        }
+                      }
+                    },
+                    "DevicePolicy": {
+                      "fields": {
+                        "requireScreenlock": {
+                          "type": "bool",
+                          "id": 1
+                        },
+                        "allowedEncryptionStatuses": {
+                          "rule": "repeated",
+                          "type": "google.identity.accesscontextmanager.type.DeviceEncryptionStatus",
+                          "id": 2
+                        },
+                        "osConstraints": {
+                          "rule": "repeated",
+                          "type": "OsConstraint",
+                          "id": 3
+                        },
+                        "allowedDeviceManagementLevels": {
+                          "rule": "repeated",
+                          "type": "google.identity.accesscontextmanager.type.DeviceManagementLevel",
+                          "id": 6
+                        },
+                        "requireAdminApproval": {
+                          "type": "bool",
+                          "id": 7
+                        },
+                        "requireCorpOwned": {
+                          "type": "bool",
+                          "id": 8
+                        }
+                      }
+                    },
+                    "OsConstraint": {
+                      "fields": {
+                        "osType": {
+                          "type": "google.identity.accesscontextmanager.type.OsType",
+                          "id": 1
+                        },
+                        "minimumVersion": {
+                          "type": "string",
+                          "id": 2
+                        },
+                        "requireVerifiedChromeOs": {
+                          "type": "bool",
+                          "id": 3
+                        }
+                      }
+                    },
+                    "AccessPolicy": {
+                      "options": {
+                        "(google.api.resource).type": "accesscontextmanager.googleapis.com/AccessPolicy",
+                        "(google.api.resource).pattern": "accessPolicies/{access_policy}"
+                      },
+                      "fields": {
+                        "name": {
+                          "type": "string",
+                          "id": 1
+                        },
+                        "parent": {
+                          "type": "string",
+                          "id": 2
+                        },
+                        "title": {
+                          "type": "string",
+                          "id": 3
+                        },
+                        "scopes": {
+                          "rule": "repeated",
+                          "type": "string",
+                          "id": 7
+                        },
+                        "createTime": {
+                          "type": "google.protobuf.Timestamp",
+                          "id": 4
+                        },
+                        "updateTime": {
+                          "type": "google.protobuf.Timestamp",
+                          "id": 5
+                        },
+                        "etag": {
+                          "type": "string",
+                          "id": 6
+                        }
+                      }
+                    },
+                    "GcpUserAccessBinding": {
+                      "options": {
+                        "(google.api.resource).type": "accesscontextmanager.googleapis.com/GcpUserAccessBinding",
+                        "(google.api.resource).pattern": "organizations/{organization}/gcpUserAccessBindings/{gcp_user_access_binding}"
+                      },
+                      "fields": {
+                        "name": {
+                          "type": "string",
+                          "id": 1,
+                          "options": {
+                            "(google.api.field_behavior)": "IMMUTABLE"
+                          }
+                        },
+                        "groupKey": {
+                          "type": "string",
+                          "id": 2,
+                          "options": {
+                            "(google.api.field_behavior)": "IMMUTABLE"
+                          }
+                        },
+                        "accessLevels": {
+                          "rule": "repeated",
+                          "type": "string",
+                          "id": 3,
+                          "options": {
+                            "(google.api.field_behavior)": "REQUIRED",
+                            "(google.api.resource_reference).type": "accesscontextmanager.googleapis.com/AccessLevel"
+                          }
+                        }
+                      }
+                    },
+                    "ServicePerimeter": {
+                      "options": {
+                        "(google.api.resource).type": "accesscontextmanager.googleapis.com/ServicePerimeter",
+                        "(google.api.resource).pattern": "accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}"
+                      },
+                      "fields": {
+                        "name": {
+                          "type": "string",
+                          "id": 1
+                        },
+                        "title": {
+                          "type": "string",
+                          "id": 2
+                        },
+                        "description": {
+                          "type": "string",
+                          "id": 3
+                        },
+                        "createTime": {
+                          "type": "google.protobuf.Timestamp",
+                          "id": 4
+                        },
+                        "updateTime": {
+                          "type": "google.protobuf.Timestamp",
+                          "id": 5
+                        },
+                        "perimeterType": {
+                          "type": "PerimeterType",
+                          "id": 6
+                        },
+                        "status": {
+                          "type": "ServicePerimeterConfig",
+                          "id": 7
+                        },
+                        "spec": {
+                          "type": "ServicePerimeterConfig",
+                          "id": 8
+                        },
+                        "useExplicitDryRunSpec": {
+                          "type": "bool",
+                          "id": 9
+                        }
+                      },
+                      "nested": {
+                        "PerimeterType": {
+                          "values": {
+                            "PERIMETER_TYPE_REGULAR": 0,
+                            "PERIMETER_TYPE_BRIDGE": 1
+                          }
+                        }
+                      }
+                    },
+                    "ServicePerimeterConfig": {
+                      "fields": {
+                        "resources": {
+                          "rule": "repeated",
+                          "type": "string",
+                          "id": 1
+                        },
+                        "accessLevels": {
+                          "rule": "repeated",
+                          "type": "string",
+                          "id": 2
+                        },
+                        "restrictedServices": {
+                          "rule": "repeated",
+                          "type": "string",
+                          "id": 4
+                        },
+                        "vpcAccessibleServices": {
+                          "type": "VpcAccessibleServices",
+                          "id": 10
+                        },
+                        "ingressPolicies": {
+                          "rule": "repeated",
+                          "type": "IngressPolicy",
+                          "id": 8
+                        },
+                        "egressPolicies": {
+                          "rule": "repeated",
+                          "type": "EgressPolicy",
+                          "id": 9
+                        }
+                      },
+                      "nested": {
+                        "VpcAccessibleServices": {
+                          "fields": {
+                            "enableRestriction": {
+                              "type": "bool",
+                              "id": 1
+                            },
+                            "allowedServices": {
+                              "rule": "repeated",
+                              "type": "string",
+                              "id": 2
+                            }
+                          }
+                        },
+                        "IdentityType": {
+                          "values": {
+                            "IDENTITY_TYPE_UNSPECIFIED": 0,
+                            "ANY_IDENTITY": 1,
+                            "ANY_USER_ACCOUNT": 2,
+                            "ANY_SERVICE_ACCOUNT": 3
+                          }
+                        },
+                        "MethodSelector": {
+                          "oneofs": {
+                            "kind": {
+                              "oneof": [
+                                "method",
+                                "permission"
+                              ]
+                            }
+                          },
+                          "fields": {
+                            "method": {
+                              "type": "string",
+                              "id": 1
+                            },
+                            "permission": {
+                              "type": "string",
+                              "id": 2
+                            }
+                          }
+                        },
+                        "ApiOperation": {
+                          "fields": {
+                            "serviceName": {
+                              "type": "string",
+                              "id": 1
+                            },
+                            "methodSelectors": {
+                              "rule": "repeated",
+                              "type": "MethodSelector",
+                              "id": 2
+                            }
+                          }
+                        },
+                        "IngressSource": {
+                          "oneofs": {
+                            "source": {
+                              "oneof": [
+                                "accessLevel",
+                                "resource"
+                              ]
+                            }
+                          },
+                          "fields": {
+                            "accessLevel": {
+                              "type": "string",
+                              "id": 1
+                            },
+                            "resource": {
+                              "type": "string",
+                              "id": 2
+                            }
+                          }
+                        },
+                        "IngressFrom": {
+                          "fields": {
+                            "sources": {
+                              "rule": "repeated",
+                              "type": "IngressSource",
+                              "id": 1
+                            },
+                            "identities": {
+                              "rule": "repeated",
+                              "type": "string",
+                              "id": 2
+                            },
+                            "identityType": {
+                              "type": "IdentityType",
+                              "id": 3
+                            }
+                          }
+                        },
+                        "IngressTo": {
+                          "fields": {
+                            "operations": {
+                              "rule": "repeated",
+                              "type": "ApiOperation",
+                              "id": 1
+                            },
+                            "resources": {
+                              "rule": "repeated",
+                              "type": "string",
+                              "id": 2
+                            }
+                          }
+                        },
+                        "IngressPolicy": {
+                          "fields": {
+                            "ingressFrom": {
+                              "type": "IngressFrom",
+                              "id": 1
+                            },
+                            "ingressTo": {
+                              "type": "IngressTo",
+                              "id": 2
+                            }
+                          }
+                        },
+                        "EgressFrom": {
+                          "fields": {
+                            "identities": {
+                              "rule": "repeated",
+                              "type": "string",
+                              "id": 1
+                            },
+                            "identityType": {
+                              "type": "IdentityType",
+                              "id": 2
+                            }
+                          }
+                        },
+                        "EgressTo": {
+                          "fields": {
+                            "resources": {
+                              "rule": "repeated",
+                              "type": "string",
+                              "id": 1
+                            },
+                            "operations": {
+                              "rule": "repeated",
+                              "type": "ApiOperation",
+                              "id": 2
+                            },
+                            "externalResources": {
+                              "rule": "repeated",
+                              "type": "string",
+                              "id": 3
+                            }
+                          }
+                        },
+                        "EgressPolicy": {
+                          "fields": {
+                            "egressFrom": {
+                              "type": "EgressFrom",
+                              "id": 1
+                            },
+                            "egressTo": {
+                              "type": "EgressTo",
+                              "id": 2
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          }
+        },
+        "api": {
+          "options": {
+            "go_package": "google.golang.org/genproto/googleapis/api/annotations;annotations",
+            "java_multiple_files": true,
+            "java_outer_classname": "ResourceProto",
+            "java_package": "com.google.api",
+            "objc_class_prefix": "GAPI",
+            "cc_enable_arenas": true
+          },
+          "nested": {
+            "http": {
+              "type": "HttpRule",
+              "id": 72295728,
+              "extend": "google.protobuf.MethodOptions"
+            },
+            "Http": {
+              "fields": {
+                "rules": {
+                  "rule": "repeated",
+                  "type": "HttpRule",
+                  "id": 1
+                },
+                "fullyDecodeReservedExpansion": {
+                  "type": "bool",
+                  "id": 2
+                }
+              }
+            },
+            "HttpRule": {
+              "oneofs": {
+                "pattern": {
+                  "oneof": [
+                    "get",
+                    "put",
+                    "post",
+                    "delete",
+                    "patch",
+                    "custom"
+                  ]
+                }
+              },
+              "fields": {
+                "selector": {
+                  "type": "string",
+                  "id": 1
+                },
+                "get": {
+                  "type": "string",
+                  "id": 2
+                },
+                "put": {
+                  "type": "string",
+                  "id": 3
+                },
+                "post": {
+                  "type": "string",
+                  "id": 4
+                },
+                "delete": {
+                  "type": "string",
+                  "id": 5
+                },
+                "patch": {
+                  "type": "string",
+                  "id": 6
+                },
+                "custom": {
+                  "type": "CustomHttpPattern",
+                  "id": 8
+                },
+                "body": {
+                  "type": "string",
+                  "id": 7
+                },
+                "responseBody": {
+                  "type": "string",
+                  "id": 12
+                },
+                "additionalBindings": {
+                  "rule": "repeated",
+                  "type": "HttpRule",
+                  "id": 11
+                }
+              }
+            },
+            "CustomHttpPattern": {
+              "fields": {
+                "kind": {
+                  "type": "string",
+                  "id": 1
+                },
+                "path": {
+                  "type": "string",
+                  "id": 2
+                }
+              }
+            },
+            "methodSignature": {
+              "rule": "repeated",
+              "type": "string",
+              "id": 1051,
+              "extend": "google.protobuf.MethodOptions"
+            },
+            "defaultHost": {
+              "type": "string",
+              "id": 1049,
+              "extend": "google.protobuf.ServiceOptions"
+            },
+            "oauthScopes": {
+              "type": "string",
+              "id": 1050,
+              "extend": "google.protobuf.ServiceOptions"
+            },
+            "fieldBehavior": {
+              "rule": "repeated",
+              "type": "google.api.FieldBehavior",
+              "id": 1052,
+              "extend": "google.protobuf.FieldOptions"
+            },
+            "FieldBehavior": {
+              "values": {
+                "FIELD_BEHAVIOR_UNSPECIFIED": 0,
+                "OPTIONAL": 1,
+                "REQUIRED": 2,
+                "OUTPUT_ONLY": 3,
+                "INPUT_ONLY": 4,
+                "IMMUTABLE": 5,
+                "UNORDERED_LIST": 6,
+                "NON_EMPTY_DEFAULT": 7
+              }
+            },
+            "resourceReference": {
+              "type": "google.api.ResourceReference",
+              "id": 1055,
+              "extend": "google.protobuf.FieldOptions"
+            },
+            "resourceDefinition": {
+              "rule": "repeated",
+              "type": "google.api.ResourceDescriptor",
+              "id": 1053,
+              "extend": "google.protobuf.FileOptions"
+            },
+            "resource": {
+              "type": "google.api.ResourceDescriptor",
+              "id": 1053,
+              "extend": "google.protobuf.MessageOptions"
+            },
+            "ResourceDescriptor": {
+              "fields": {
+                "type": {
+                  "type": "string",
+                  "id": 1
+                },
+                "pattern": {
+                  "rule": "repeated",
+                  "type": "string",
+                  "id": 2
+                },
+                "nameField": {
+                  "type": "string",
+                  "id": 3
+                },
+                "history": {
+                  "type": "History",
+                  "id": 4
+                },
+                "plural": {
+                  "type": "string",
+                  "id": 5
+                },
+                "singular": {
+                  "type": "string",
+                  "id": 6
+                },
+                "style": {
+                  "rule": "repeated",
+                  "type": "Style",
+                  "id": 10
+                }
+              },
+              "nested": {
+                "History": {
+                  "values": {
+                    "HISTORY_UNSPECIFIED": 0,
+                    "ORIGINALLY_SINGLE_PATTERN": 1,
+                    "FUTURE_MULTI_PATTERN": 2
+                  }
+                },
+                "Style": {
+                  "values": {
+                    "STYLE_UNSPECIFIED": 0,
+                    "DECLARATIVE_FRIENDLY": 1
+                  }
+                }
+              }
+            },
+            "ResourceReference": {
+              "fields": {
+                "type": {
+                  "type": "string",
+                  "id": 1
+                },
+                "childType": {
+                  "type": "string",
+                  "id": 2
+                }
+              }
+            }
+          }
+        },
+        "protobuf": {
+          "options": {
+            "go_package": "google.golang.org/protobuf/types/descriptorpb",
+            "java_package": "com.google.protobuf",
+            "java_outer_classname": "DescriptorProtos",
+            "csharp_namespace": "Google.Protobuf.Reflection",
+            "objc_class_prefix": "GPB",
+            "cc_enable_arenas": true,
+            "optimize_for": "SPEED"
+          },
+          "nested": {
+            "FileDescriptorSet": {
+              "fields": {
+                "file": {
+                  "rule": "repeated",
+                  "type": "FileDescriptorProto",
+                  "id": 1
+                }
+              }
+            },
+            "FileDescriptorProto": {
+              "fields": {
+                "name": {
+                  "type": "string",
+                  "id": 1
+                },
+                "package": {
+                  "type": "string",
+                  "id": 2
+                },
+                "dependency": {
+                  "rule": "repeated",
+                  "type": "string",
+                  "id": 3
+                },
+                "publicDependency": {
+                  "rule": "repeated",
+                  "type": "int32",
+                  "id": 10,
+                  "options": {
+                    "packed": false
+                  }
+                },
+                "weakDependency": {
+                  "rule": "repeated",
+                  "type": "int32",
+                  "id": 11,
+                  "options": {
+                    "packed": false
+                  }
+                },
+                "messageType": {
+                  "rule": "repeated",
+                  "type": "DescriptorProto",
+                  "id": 4
+                },
+                "enumType": {
+                  "rule": "repeated",
+                  "type": "EnumDescriptorProto",
+                  "id": 5
+                },
+                "service": {
+                  "rule": "repeated",
+                  "type": "ServiceDescriptorProto",
+                  "id": 6
+                },
+                "extension": {
+                  "rule": "repeated",
+                  "type": "FieldDescriptorProto",
+                  "id": 7
+                },
+                "options": {
+                  "type": "FileOptions",
+                  "id": 8
+                },
+                "sourceCodeInfo": {
+                  "type": "SourceCodeInfo",
+                  "id": 9
+                },
+                "syntax": {
+                  "type": "string",
+                  "id": 12
+                },
+                "edition": {
+                  "type": "string",
+                  "id": 13
+                }
+              }
+            },
+            "DescriptorProto": {
+              "fields": {
+                "name": {
+                  "type": "string",
+                  "id": 1
+                },
+                "field": {
+                  "rule": "repeated",
+                  "type": "FieldDescriptorProto",
+                  "id": 2
+                },
+                "extension": {
+                  "rule": "repeated",
+                  "type": "FieldDescriptorProto",
+                  "id": 6
+                },
+                "nestedType": {
+                  "rule": "repeated",
+                  "type": "DescriptorProto",
+                  "id": 3
+                },
+                "enumType": {
+                  "rule": "repeated",
+                  "type": "EnumDescriptorProto",
+                  "id": 4
+                },
+                "extensionRange": {
+                  "rule": "repeated",
+                  "type": "ExtensionRange",
+                  "id": 5
+                },
+                "oneofDecl": {
+                  "rule": "repeated",
+                  "type": "OneofDescriptorProto",
+                  "id": 8
+                },
+                "options": {
+                  "type": "MessageOptions",
+                  "id": 7
+                },
+                "reservedRange": {
+                  "rule": "repeated",
+                  "type": "ReservedRange",
+                  "id": 9
+                },
+                "reservedName": {
+                  "rule": "repeated",
+                  "type": "string",
+                  "id": 10
+                }
+              },
+              "nested": {
+                "ExtensionRange": {
+                  "fields": {
+                    "start": {
+                      "type": "int32",
+                      "id": 1
+                    },
+                    "end": {
+                      "type": "int32",
+                      "id": 2
+                    },
+                    "options": {
+                      "type": "ExtensionRangeOptions",
+                      "id": 3
+                    }
+                  }
+                },
+                "ReservedRange": {
+                  "fields": {
+                    "start": {
+                      "type": "int32",
+                      "id": 1
+                    },
+                    "end": {
+                      "type": "int32",
+                      "id": 2
+                    }
+                  }
+                }
+              }
+            },
+            "ExtensionRangeOptions": {
+              "fields": {
+                "uninterpretedOption": {
+                  "rule": "repeated",
+                  "type": "UninterpretedOption",
+                  "id": 999
+                }
+              },
+              "extensions": [
+                [
+                  1000,
+                  536870911
+                ]
+              ]
+            },
+            "FieldDescriptorProto": {
+              "fields": {
+                "name": {
+                  "type": "string",
+                  "id": 1
+                },
+                "number": {
+                  "type": "int32",
+                  "id": 3
+                },
+                "label": {
+                  "type": "Label",
+                  "id": 4
+                },
+                "type": {
+                  "type": "Type",
+                  "id": 5
+                },
+                "typeName": {
+                  "type": "string",
+                  "id": 6
+                },
+                "extendee": {
+                  "type": "string",
+                  "id": 2
+                },
+                "defaultValue": {
+                  "type": "string",
+                  "id": 7
+                },
+                "oneofIndex": {
+                  "type": "int32",
+                  "id": 9
+                },
+                "jsonName": {
+                  "type": "string",
+                  "id": 10
+                },
+                "options": {
+                  "type": "FieldOptions",
+                  "id": 8
+                },
+                "proto3Optional": {
+                  "type": "bool",
+                  "id": 17
+                }
+              },
+              "nested": {
+                "Type": {
+                  "values": {
+                    "TYPE_DOUBLE": 1,
+                    "TYPE_FLOAT": 2,
+                    "TYPE_INT64": 3,
+                    "TYPE_UINT64": 4,
+                    "TYPE_INT32": 5,
+                    "TYPE_FIXED64": 6,
+                    "TYPE_FIXED32": 7,
+                    "TYPE_BOOL": 8,
+                    "TYPE_STRING": 9,
+                    "TYPE_GROUP": 10,
+                    "TYPE_MESSAGE": 11,
+                    "TYPE_BYTES": 12,
+                    "TYPE_UINT32": 13,
+                    "TYPE_ENUM": 14,
+                    "TYPE_SFIXED32": 15,
+                    "TYPE_SFIXED64": 16,
+                    "TYPE_SINT32": 17,
+                    "TYPE_SINT64": 18
+                  }
+                },
+                "Label": {
+                  "values": {
+                    "LABEL_OPTIONAL": 1,
+                    "LABEL_REQUIRED": 2,
+                    "LABEL_REPEATED": 3
+                  }
+                }
+              }
+            },
+            "OneofDescriptorProto": {
+              "fields": {
+                "name": {
+                  "type": "string",
+                  "id": 1
+                },
+                "options": {
+                  "type": "OneofOptions",
+                  "id": 2
+                }
+              }
+            },
+            "EnumDescriptorProto": {
+              "fields": {
+                "name": {
+                  "type": "string",
+                  "id": 1
+                },
+                "value": {
+                  "rule": "repeated",
+                  "type": "EnumValueDescriptorProto",
+                  "id": 2
+                },
+                "options": {
+                  "type": "EnumOptions",
+                  "id": 3
+                },
+                "reservedRange": {
+                  "rule": "repeated",
+                  "type": "EnumReservedRange",
+                  "id": 4
+                },
+                "reservedName": {
+                  "rule": "repeated",
+                  "type": "string",
+                  "id": 5
+                }
+              },
+              "nested": {
+                "EnumReservedRange": {
+                  "fields": {
+                    "start": {
+                      "type": "int32",
+                      "id": 1
+                    },
+                    "end": {
+                      "type": "int32",
+                      "id": 2
+                    }
+                  }
+                }
+              }
+            },
+            "EnumValueDescriptorProto": {
+              "fields": {
+                "name": {
+                  "type": "string",
+                  "id": 1
+                },
+                "number": {
+                  "type": "int32",
+                  "id": 2
+                },
+                "options": {
+                  "type": "EnumValueOptions",
+                  "id": 3
+                }
+              }
+            },
+            "ServiceDescriptorProto": {
+              "fields": {
+                "name": {
+                  "type": "string",
+                  "id": 1
+                },
+                "method": {
+                  "rule": "repeated",
+                  "type": "MethodDescriptorProto",
+                  "id": 2
+                },
+                "options": {
+                  "type": "ServiceOptions",
+                  "id": 3
+                }
+              }
+            },
+            "MethodDescriptorProto": {
+              "fields": {
+                "name": {
+                  "type": "string",
+                  "id": 1
+                },
+                "inputType": {
+                  "type": "string",
+                  "id": 2
+                },
+                "outputType": {
+                  "type": "string",
+                  "id": 3
+                },
+                "options": {
+                  "type": "MethodOptions",
+                  "id": 4
+                },
+                "clientStreaming": {
+                  "type": "bool",
+                  "id": 5,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "serverStreaming": {
+                  "type": "bool",
+                  "id": 6,
+                  "options": {
+                    "default": false
+                  }
+                }
+              }
+            },
+            "FileOptions": {
+              "fields": {
+                "javaPackage": {
+                  "type": "string",
+                  "id": 1
+                },
+                "javaOuterClassname": {
+                  "type": "string",
+                  "id": 8
+                },
+                "javaMultipleFiles": {
+                  "type": "bool",
+                  "id": 10,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "javaGenerateEqualsAndHash": {
+                  "type": "bool",
+                  "id": 20,
+                  "options": {
+                    "deprecated": true
+                  }
+                },
+                "javaStringCheckUtf8": {
+                  "type": "bool",
+                  "id": 27,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "optimizeFor": {
+                  "type": "OptimizeMode",
+                  "id": 9,
+                  "options": {
+                    "default": "SPEED"
+                  }
+                },
+                "goPackage": {
+                  "type": "string",
+                  "id": 11
+                },
+                "ccGenericServices": {
+                  "type": "bool",
+                  "id": 16,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "javaGenericServices": {
+                  "type": "bool",
+                  "id": 17,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "pyGenericServices": {
+                  "type": "bool",
+                  "id": 18,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "phpGenericServices": {
+                  "type": "bool",
+                  "id": 42,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "deprecated": {
+                  "type": "bool",
+                  "id": 23,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "ccEnableArenas": {
+                  "type": "bool",
+                  "id": 31,
+                  "options": {
+                    "default": true
+                  }
+                },
+                "objcClassPrefix": {
+                  "type": "string",
+                  "id": 36
+                },
+                "csharpNamespace": {
+                  "type": "string",
+                  "id": 37
+                },
+                "swiftPrefix": {
+                  "type": "string",
+                  "id": 39
+                },
+                "phpClassPrefix": {
+                  "type": "string",
+                  "id": 40
+                },
+                "phpNamespace": {
+                  "type": "string",
+                  "id": 41
+                },
+                "phpMetadataNamespace": {
+                  "type": "string",
+                  "id": 44
+                },
+                "rubyPackage": {
+                  "type": "string",
+                  "id": 45
+                },
+                "uninterpretedOption": {
+                  "rule": "repeated",
+                  "type": "UninterpretedOption",
+                  "id": 999
+                }
+              },
+              "extensions": [
+                [
+                  1000,
+                  536870911
+                ]
+              ],
+              "reserved": [
+                [
+                  38,
+                  38
+                ]
+              ],
+              "nested": {
+                "OptimizeMode": {
+                  "values": {
+                    "SPEED": 1,
+                    "CODE_SIZE": 2,
+                    "LITE_RUNTIME": 3
+                  }
+                }
+              }
+            },
+            "MessageOptions": {
+              "fields": {
+                "messageSetWireFormat": {
+                  "type": "bool",
+                  "id": 1,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "noStandardDescriptorAccessor": {
+                  "type": "bool",
+                  "id": 2,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "deprecated": {
+                  "type": "bool",
+                  "id": 3,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "mapEntry": {
+                  "type": "bool",
+                  "id": 7
+                },
+                "uninterpretedOption": {
+                  "rule": "repeated",
+                  "type": "UninterpretedOption",
+                  "id": 999
+                }
+              },
+              "extensions": [
+                [
+                  1000,
+                  536870911
+                ]
+              ],
+              "reserved": [
+                [
+                  4,
+                  4
+                ],
+                [
+                  5,
+                  5
+                ],
+                [
+                  6,
+                  6
+                ],
+                [
+                  8,
+                  8
+                ],
+                [
+                  9,
+                  9
+                ]
+              ]
+            },
+            "FieldOptions": {
+              "fields": {
+                "ctype": {
+                  "type": "CType",
+                  "id": 1,
+                  "options": {
+                    "default": "STRING"
+                  }
+                },
+                "packed": {
+                  "type": "bool",
+                  "id": 2
+                },
+                "jstype": {
+                  "type": "JSType",
+                  "id": 6,
+                  "options": {
+                    "default": "JS_NORMAL"
+                  }
+                },
+                "lazy": {
+                  "type": "bool",
+                  "id": 5,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "unverifiedLazy": {
+                  "type": "bool",
+                  "id": 15,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "deprecated": {
+                  "type": "bool",
+                  "id": 3,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "weak": {
+                  "type": "bool",
+                  "id": 10,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "uninterpretedOption": {
+                  "rule": "repeated",
+                  "type": "UninterpretedOption",
+                  "id": 999
+                }
+              },
+              "extensions": [
+                [
+                  1000,
+                  536870911
+                ]
+              ],
+              "reserved": [
+                [
+                  4,
+                  4
+                ]
+              ],
+              "nested": {
+                "CType": {
+                  "values": {
+                    "STRING": 0,
+                    "CORD": 1,
+                    "STRING_PIECE": 2
+                  }
+                },
+                "JSType": {
+                  "values": {
+                    "JS_NORMAL": 0,
+                    "JS_STRING": 1,
+                    "JS_NUMBER": 2
+                  }
+                }
+              }
+            },
+            "OneofOptions": {
+              "fields": {
+                "uninterpretedOption": {
+                  "rule": "repeated",
+                  "type": "UninterpretedOption",
+                  "id": 999
+                }
+              },
+              "extensions": [
+                [
+                  1000,
+                  536870911
+                ]
+              ]
+            },
+            "EnumOptions": {
+              "fields": {
+                "allowAlias": {
+                  "type": "bool",
+                  "id": 2
+                },
+                "deprecated": {
+                  "type": "bool",
+                  "id": 3,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "uninterpretedOption": {
+                  "rule": "repeated",
+                  "type": "UninterpretedOption",
+                  "id": 999
+                }
+              },
+              "extensions": [
+                [
+                  1000,
+                  536870911
+                ]
+              ],
+              "reserved": [
+                [
+                  5,
+                  5
+                ]
+              ]
+            },
+            "EnumValueOptions": {
+              "fields": {
+                "deprecated": {
+                  "type": "bool",
+                  "id": 1,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "uninterpretedOption": {
+                  "rule": "repeated",
+                  "type": "UninterpretedOption",
+                  "id": 999
+                }
+              },
+              "extensions": [
+                [
+                  1000,
+                  536870911
+                ]
+              ]
+            },
+            "ServiceOptions": {
+              "fields": {
+                "deprecated": {
+                  "type": "bool",
+                  "id": 33,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "uninterpretedOption": {
+                  "rule": "repeated",
+                  "type": "UninterpretedOption",
+                  "id": 999
+                }
+              },
+              "extensions": [
+                [
+                  1000,
+                  536870911
+                ]
+              ]
+            },
+            "MethodOptions": {
+              "fields": {
+                "deprecated": {
+                  "type": "bool",
+                  "id": 33,
+                  "options": {
+                    "default": false
+                  }
+                },
+                "idempotencyLevel": {
+                  "type": "IdempotencyLevel",
+                  "id": 34,
+                  "options": {
+                    "default": "IDEMPOTENCY_UNKNOWN"
+                  }
+                },
+                "uninterpretedOption": {
+                  "rule": "repeated",
+                  "type": "UninterpretedOption",
+                  "id": 999
+                }
+              },
+              "extensions": [
+                [
+                  1000,
+                  536870911
+                ]
+              ],
+              "nested": {
+                "IdempotencyLevel": {
+                  "values": {
+                    "IDEMPOTENCY_UNKNOWN": 0,
+                    "NO_SIDE_EFFECTS": 1,
+                    "IDEMPOTENT": 2
+                  }
+                }
+              }
+            },
+            "UninterpretedOption": {
+              "fields": {
+                "name": {
+                  "rule": "repeated",
+                  "type": "NamePart",
+                  "id": 2
+                },
+                "identifierValue": {
+                  "type": "string",
+                  "id": 3
+                },
+                "positiveIntValue": {
+                  "type": "uint64",
+                  "id": 4
+                },
+                "negativeIntValue": {
+                  "type": "int64",
+                  "id": 5
+                },
+                "doubleValue": {
+                  "type": "double",
+                  "id": 6
+                },
+                "stringValue": {
+                  "type": "bytes",
+                  "id": 7
+                },
+                "aggregateValue": {
+                  "type": "string",
+                  "id": 8
+                }
+              },
+              "nested": {
+                "NamePart": {
+                  "fields": {
+                    "namePart": {
+                      "rule": "required",
+                      "type": "string",
+                      "id": 1
+                    },
+                    "isExtension": {
+                      "rule": "required",
+                      "type": "bool",
+                      "id": 2
+                    }
+                  }
+                }
+              }
+            },
+            "SourceCodeInfo": {
+              "fields": {
+                "location": {
+                  "rule": "repeated",
+                  "type": "Location",
+                  "id": 1
+                }
+              },
+              "nested": {
+                "Location": {
+                  "fields": {
+                    "path": {
+                      "rule": "repeated",
+                      "type": "int32",
+                      "id": 1
+                    },
+                    "span": {
+                      "rule": "repeated",
+                      "type": "int32",
+                      "id": 2
+                    },
+                    "leadingComments": {
+                      "type": "string",
+                      "id": 3
+                    },
+                    "trailingComments": {
+                      "type": "string",
+                      "id": 4
+                    },
+                    "leadingDetachedComments": {
+                      "rule": "repeated",
+                      "type": "string",
+                      "id": 6
+                    }
+                  }
+                }
+              }
+            },
+            "GeneratedCodeInfo": {
+              "fields": {
+                "annotation": {
+                  "rule": "repeated",
+                  "type": "Annotation",
+                  "id": 1
+                }
+              },
+              "nested": {
+                "Annotation": {
+                  "fields": {
+                    "path": {
+                      "rule": "repeated",
+                      "type": "int32",
+                      "id": 1
+                    },
+                    "sourceFile": {
+                      "type": "string",
+                      "id": 2
+                    },
+                    "begin": {
+                      "type": "int32",
+                      "id": 3
+                    },
+                    "end": {
+                      "type": "int32",
+                      "id": 4
+                    },
+                    "semantic": {
+                      "type": "Semantic",
+                      "id": 5
+                    }
+                  },
+                  "nested": {
+                    "Semantic": {
+                      "values": {
+                        "NONE": 0,
+                        "SET": 1,
+                        "ALIAS": 2
+                      }
+                    }
+                  }
+                }
+              }
+            },
+            "FieldMask": {
+              "fields": {
+                "paths": {
+                  "rule": "repeated",
+                  "type": "string",
+                  "id": 1
+                }
+              }
+            },
+            "Timestamp": {
+              "fields": {
+                "seconds": {
+                  "type": "int64",
+                  "id": 1
+                },
+                "nanos": {
+                  "type": "int32",
+                  "id": 2
+                }
+              }
+            },
+            "Any": {
+              "fields": {
+                "type_url": {
+                  "type": "string",
+                  "id": 1
+                },
+                "value": {
+                  "type": "bytes",
+                  "id": 2
+                }
+              }
+            },
+            "Duration": {
+              "fields": {
+                "seconds": {
+                  "type": "int64",
+                  "id": 1
+                },
+                "nanos": {
+                  "type": "int32",
+                  "id": 2
+                }
+              }
+            },
+            "Empty": {
+              "fields": {}
+            }
+          }
+        },
+        "iam": {
+          "nested": {
+            "v1": {
+              "options": {
+                "cc_enable_arenas": true,
+                "csharp_namespace": "Google.Cloud.Iam.V1",
+                "go_package": "google.golang.org/genproto/googleapis/iam/v1;iam",
+                "java_multiple_files": true,
+                "java_outer_classname": "PolicyProto",
+                "java_package": "com.google.iam.v1",
+                "php_namespace": "Google\\Cloud\\Iam\\V1"
+              },
+              "nested": {
+                "IAMPolicy": {
+                  "options": {
+                    "(google.api.default_host)": "iam-meta-api.googleapis.com"
+                  },
+                  "methods": {
+                    "SetIamPolicy": {
+                      "requestType": "SetIamPolicyRequest",
+                      "responseType": "Policy",
+                      "options": {
+                        "(google.api.http).post": "/v1/{resource=**}:setIamPolicy",
+                        "(google.api.http).body": "*"
+                      },
+                      "parsedOptions": [
+                        {
+                          "(google.api.http)": {
+                            "post": "/v1/{resource=**}:setIamPolicy",
+                            "body": "*"
+                          }
+                        }
+                      ]
+                    },
+                    "GetIamPolicy": {
+                      "requestType": "GetIamPolicyRequest",
+                      "responseType": "Policy",
+                      "options": {
+                        "(google.api.http).post": "/v1/{resource=**}:getIamPolicy",
+                        "(google.api.http).body": "*"
+                      },
+                      "parsedOptions": [
+                        {
+                          "(google.api.http)": {
+                            "post": "/v1/{resource=**}:getIamPolicy",
+                            "body": "*"
+                          }
+                        }
+                      ]
+                    },
+                    "TestIamPermissions": {
+                      "requestType": "TestIamPermissionsRequest",
+                      "responseType": "TestIamPermissionsResponse",
+                      "options": {
+                        "(google.api.http).post": "/v1/{resource=**}:testIamPermissions",
+                        "(google.api.http).body": "*"
+                      },
+                      "parsedOptions": [
+                        {
+                          "(google.api.http)": {
+                            "post": "/v1/{resource=**}:testIamPermissions",
+                            "body": "*"
+                          }
+                        }
+                      ]
+                    }
+                  }
+                },
+                "SetIamPolicyRequest": {
+                  "fields": {
+                    "resource": {
+                      "type": "string",
+                      "id": 1,
+                      "options": {
+                        "(google.api.field_behavior)": "REQUIRED",
+                        "(google.api.resource_reference).type": "*"
+                      }
+                    },
+                    "policy": {
+                      "type": "Policy",
+                      "id": 2,
+                      "options": {
+                        "(google.api.field_behavior)": "REQUIRED"
+                      }
+                    },
+                    "updateMask": {
+                      "type": "google.protobuf.FieldMask",
+                      "id": 3
+                    }
+                  }
+                },
+                "GetIamPolicyRequest": {
+                  "fields": {
+                    "resource": {
+                      "type": "string",
+                      "id": 1,
+                      "options": {
+                        "(google.api.field_behavior)": "REQUIRED",
+                        "(google.api.resource_reference).type": "*"
+                      }
+                    },
+                    "options": {
+                      "type": "GetPolicyOptions",
+                      "id": 2
+                    }
+                  }
+                },
+                "TestIamPermissionsRequest": {
+                  "fields": {
+                    "resource": {
+                      "type": "string",
+                      "id": 1,
+                      "options": {
+                        "(google.api.field_behavior)": "REQUIRED",
+                        "(google.api.resource_reference).type": "*"
+                      }
+                    },
+                    "permissions": {
+                      "rule": "repeated",
+                      "type": "string",
+                      "id": 2,
+                      "options": {
+                        "(google.api.field_behavior)": "REQUIRED"
+                      }
+                    }
+                  }
+                },
+                "TestIamPermissionsResponse": {
+                  "fields": {
+                    "permissions": {
+                      "rule": "repeated",
+                      "type": "string",
+                      "id": 1
+                    }
+                  }
+                },
+                "GetPolicyOptions": {
+                  "fields": {
+                    "requestedPolicyVersion": {
+                      "type": "int32",
+                      "id": 1
+                    }
+                  }
+                },
+                "Policy": {
+                  "fields": {
+                    "version": {
+                      "type": "int32",
+                      "id": 1
+                    },
+                    "bindings": {
+                      "rule": "repeated",
+                      "type": "Binding",
+                      "id": 4
+                    },
+                    "auditConfigs": {
+                      "rule": "repeated",
+                      "type": "AuditConfig",
+                      "id": 6
+                    },
+                    "etag": {
+                      "type": "bytes",
+                      "id": 3
+                    }
+                  }
+                },
+                "Binding": {
+                  "fields": {
+                    "role": {
+                      "type": "string",
+                      "id": 1
+                    },
+                    "members": {
+                      "rule": "repeated",
+                      "type": "string",
+                      "id": 2
+                    },
+                    "condition": {
+                      "type": "google.type.Expr",
+                      "id": 3
+                    }
+                  }
+                },
+                "AuditConfig": {
+                  "fields": {
+                    "service": {
+                      "type": "string",
+                      "id": 1
+                    },
+                    "auditLogConfigs": {
+                      "rule": "repeated",
+                      "type": "AuditLogConfig",
+                      "id": 3
+                    }
+                  }
+                },
+                "AuditLogConfig": {
+                  "fields": {
+                    "logType": {
+                      "type": "LogType",
+                      "id": 1
+                    },
+                    "exemptedMembers": {
+                      "rule": "repeated",
+                      "type": "string",
+                      "id": 2
+                    }
+                  },
+                  "nested": {
+                    "LogType": {
+                      "values": {
+                        "LOG_TYPE_UNSPECIFIED": 0,
+                        "ADMIN_READ": 1,
+                        "DATA_WRITE": 2,
+                        "DATA_READ": 3
+                      }
+                    }
+                  }
+                },
+                "PolicyDelta": {
+                  "fields": {
+                    "bindingDeltas": {
+                      "rule": "repeated",
+                      "type": "BindingDelta",
+                      "id": 1
+                    },
+                    "auditConfigDeltas": {
+                      "rule": "repeated",
+                      "type": "AuditConfigDelta",
+                      "id": 2
+                    }
+                  }
+                },
+                "BindingDelta": {
+                  "fields": {
+                    "action": {
+                      "type": "Action",
+                      "id": 1
+                    },
+                    "role": {
+                      "type": "string",
+                      "id": 2
+                    },
+                    "member": {
+                      "type": "string",
+                      "id": 3
+                    },
+                    "condition": {
+                      "type": "google.type.Expr",
+                      "id": 4
+                    }
+                  },
+                  "nested": {
+                    "Action": {
+                      "values": {
+                        "ACTION_UNSPECIFIED": 0,
+                        "ADD": 1,
+                        "REMOVE": 2
+                      }
+                    }
+                  }
+                },
+                "AuditConfigDelta": {
+                  "fields": {
+                    "action": {
+                      "type": "Action",
+                      "id": 1
+                    },
+                    "service": {
+                      "type": "string",
+                      "id": 2
+                    },
+                    "exemptedMember": {
+                      "type": "string",
+                      "id": 3
+                    },
+                    "logType": {
+                      "type": "string",
+                      "id": 4
+                    }
+                  },
+                  "nested": {
+                    "Action": {
+                      "values": {
+                        "ACTION_UNSPECIFIED": 0,
+                        "ADD": 1,
+                        "REMOVE": 2
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          }
+        },
+        "type": {
+          "options": {
+            "go_package": "google.golang.org/genproto/googleapis/type/expr;expr",
+            "java_multiple_files": true,
+            "java_outer_classname": "ExprProto",
+            "java_package": "com.google.type",
+            "objc_class_prefix": "GTP"
+          },
+          "nested": {
+            "Expr": {
+              "fields": {
+                "expression": {
+                  "type": "string",
+                  "id": 1
+                },
+                "title": {
+                  "type": "string",
+                  "id": 2
+                },
+                "description": {
+                  "type": "string",
+                  "id": 3
+                },
+                "location": {
+                  "type": "string",
+                  "id": 4
+                }
+              }
+            }
+          }
+        },
+        "longrunning": {
+          "options": {
+            "cc_enable_arenas": true,
+            "csharp_namespace": "Google.LongRunning",
+            "go_package": "google.golang.org/genproto/googleapis/longrunning;longrunning",
+            "java_multiple_files": true,
+            "java_outer_classname": "OperationsProto",
+            "java_package": "com.google.longrunning",
+            "php_namespace": "Google\\LongRunning"
+          },
+          "nested": {
+            "operationInfo": {
+              "type": "google.longrunning.OperationInfo",
+              "id": 1049,
+              "extend": "google.protobuf.MethodOptions"
+            },
+            "Operations": {
+              "options": {
+                "(google.api.default_host)": "longrunning.googleapis.com"
+              },
+              "methods": {
+                "ListOperations": {
+                  "requestType": "ListOperationsRequest",
+                  "responseType": "ListOperationsResponse",
+                  "options": {
+                    "(google.api.http).get": "/v1/{name=operations}",
+                    "(google.api.method_signature)": "name,filter"
+                  },
+                  "parsedOptions": [
+                    {
+                      "(google.api.http)": {
+                        "get": "/v1/{name=operations}"
+                      }
+                    },
+                    {
+                      "(google.api.method_signature)": "name,filter"
+                    }
+                  ]
+                },
+                "GetOperation": {
+                  "requestType": "GetOperationRequest",
+                  "responseType": "Operation",
+                  "options": {
+                    "(google.api.http).get": "/v1/{name=operations/**}",
+                    "(google.api.method_signature)": "name"
+                  },
+                  "parsedOptions": [
+                    {
+                      "(google.api.http)": {
+                        "get": "/v1/{name=operations/**}"
+                      }
+                    },
+                    {
+                      "(google.api.method_signature)": "name"
+                    }
+                  ]
+                },
+                "DeleteOperation": {
+                  "requestType": "DeleteOperationRequest",
+                  "responseType": "google.protobuf.Empty",
+                  "options": {
+                    "(google.api.http).delete": "/v1/{name=operations/**}",
+                    "(google.api.method_signature)": "name"
+                  },
+                  "parsedOptions": [
+                    {
+                      "(google.api.http)": {
+                        "delete": "/v1/{name=operations/**}"
+                      }
+                    },
+                    {
+                      "(google.api.method_signature)": "name"
+                    }
+                  ]
+                },
+                "CancelOperation": {
+                  "requestType": "CancelOperationRequest",
+                  "responseType": "google.protobuf.Empty",
+                  "options": {
+                    "(google.api.http).post": "/v1/{name=operations/**}:cancel",
+                    "(google.api.http).body": "*",
+                    "(google.api.method_signature)": "name"
+                  },
+                  "parsedOptions": [
+                    {
+                      "(google.api.http)": {
+                        "post": "/v1/{name=operations/**}:cancel",
+                        "body": "*"
+                      }
+                    },
+                    {
+                      "(google.api.method_signature)": "name"
+                    }
+                  ]
+                },
+                "WaitOperation": {
+                  "requestType": "WaitOperationRequest",
+                  "responseType": "Operation"
+                }
+              }
+            },
+            "Operation": {
+              "oneofs": {
+                "result": {
+                  "oneof": [
+                    "error",
+                    "response"
+                  ]
+                }
+              },
+              "fields": {
+                "name": {
+                  "type": "string",
+                  "id": 1
+                },
+                "metadata": {
+                  "type": "google.protobuf.Any",
+                  "id": 2
+                },
+                "done": {
+                  "type": "bool",
+                  "id": 3
+                },
+                "error": {
+                  "type": "google.rpc.Status",
+                  "id": 4
+                },
+                "response": {
+                  "type": "google.protobuf.Any",
+                  "id": 5
+                }
+              }
+            },
+            "GetOperationRequest": {
+              "fields": {
+                "name": {
+                  "type": "string",
+                  "id": 1
+                }
+              }
+            },
+            "ListOperationsRequest": {
+              "fields": {
+                "name": {
+                  "type": "string",
+                  "id": 4
+                },
+                "filter": {
+                  "type": "string",
+                  "id": 1
+                },
+                "pageSize": {
+                  "type": "int32",
+                  "id": 2
+                },
+                "pageToken": {
+                  "type": "string",
+                  "id": 3
+                }
+              }
+            },
+            "ListOperationsResponse": {
+              "fields": {
+                "operations": {
+                  "rule": "repeated",
+                  "type": "Operation",
+                  "id": 1
+                },
+                "nextPageToken": {
+                  "type": "string",
+                  "id": 2
+                }
+              }
+            },
+            "CancelOperationRequest": {
+              "fields": {
+                "name": {
+                  "type": "string",
+                  "id": 1
+                }
+              }
+            },
+            "DeleteOperationRequest": {
+              "fields": {
+                "name": {
+                  "type": "string",
+                  "id": 1
+                }
+              }
+            },
+            "WaitOperationRequest": {
+              "fields": {
+                "name": {
+                  "type": "string",
+                  "id": 1
+                },
+                "timeout": {
+                  "type": "google.protobuf.Duration",
+                  "id": 2
+                }
+              }
+            },
+            "OperationInfo": {
+              "fields": {
+                "responseType": {
+                  "type": "string",
+                  "id": 1
+                },
+                "metadataType": {
+                  "type": "string",
+                  "id": 2
+                }
+              }
+            }
+          }
+        },
+        "rpc": {
+          "options": {
+            "cc_enable_arenas": true,
+            "go_package": "google.golang.org/genproto/googleapis/rpc/status;status",
+            "java_multiple_files": true,
+            "java_outer_classname": "StatusProto",
+            "java_package": "com.google.rpc",
+            "objc_class_prefix": "RPC"
+          },
+          "nested": {
+            "Status": {
+              "fields": {
+                "code": {
+                  "type": "int32",
+                  "id": 1
+                },
+                "message": {
+                  "type": "string",
+                  "id": 2
+                },
+                "details": {
+                  "rule": "repeated",
+                  "type": "google.protobuf.Any",
+                  "id": 3
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/packages/google-identity-accesscontextmanager/samples/README.md b/packages/google-identity-accesscontextmanager/samples/README.md
new file mode 100644
index 00000000000..e553a100ba5
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/README.md
@@ -0,0 +1,50 @@
+[//]: # "This README.md file is auto-generated, all changes to this file will be lost."
+[//]: # "To regenerate it, use `python -m synthtool`."
+<img src="https://avatars2.githubusercontent.com/u/2810941?v=3&s=96" alt="Google Cloud Platform logo" title="Google Cloud Platform" align="right" height="96" width="96"/>
+
+# [Access Context Manager: Node.js Samples](https://github.com/googleapis/nodejs-access-context-manager)
+
+[![Open in Cloud Shell][shell_img]][shell_link]
+
+
+
+## Table of Contents
+
+* [Before you begin](#before-you-begin)
+* [Samples](#samples)
+  * [Quickstart](#quickstart)
+
+## Before you begin
+
+Before running the samples, make sure you've followed the steps outlined in
+[Using the client library](https://github.com/googleapis/nodejs-access-context-manager#using-the-client-library).
+
+`cd samples`
+
+`npm install`
+
+`cd ..`
+
+## Samples
+
+
+
+### Quickstart
+
+View the [source code](https://github.com/googleapis/nodejs-access-context-manager/blob/main/samples/quickstart.js).
+
+[![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-access-context-manager&page=editor&open_in_editor=samples/quickstart.js,samples/README.md)
+
+__Usage:__
+
+
+`node samples/quickstart.js`
+
+
+
+
+
+
+[shell_img]: https://gstatic.com/cloudssh/images/open-btn.png
+[shell_link]: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-access-context-manager&page=editor&open_in_editor=samples/README.md
+[product-docs]: https://cloud.google.com/access-context-manager/
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.commit_service_perimeters.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.commit_service_perimeters.js
new file mode 100644
index 00000000000..327f50ca219
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.commit_service_perimeters.js
@@ -0,0 +1,77 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(parent) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_CommitServicePerimeters_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Resource name for the parent Access Policy 
+   *  google.identity.accesscontextmanager.v1.AccessPolicy  which owns all
+   *  Service Perimeters 
+   *  google.identity.accesscontextmanager.v1.ServicePerimeter  in scope for
+   *  the commit operation.
+   *  Format: `accessPolicies/{policy_id}`
+   */
+  // const parent = 'abc123'
+  /**
+   *  Optional. The etag for the version of the Access Policy 
+   *  google.identity.accesscontextmanager.v1.AccessPolicy  that this
+   *  commit operation is to be performed on. If, at the time of commit, the
+   *  etag for the Access Policy stored in Access Context Manager is different
+   *  from the specified etag, then the commit operation will not be performed
+   *  and the call will fail. This field is not required. If etag is not
+   *  provided, the operation will be performed as if a valid etag is provided.
+   */
+  // const etag = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callCommitServicePerimeters() {
+    // Construct request
+    const request = {
+      parent,
+    };
+
+    // Run request
+    const [operation] = await accesscontextmanagerClient.commitServicePerimeters(request);
+    const [response] = await operation.promise();
+    console.log(response);
+  }
+
+  callCommitServicePerimeters();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_CommitServicePerimeters_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.create_access_level.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.create_access_level.js
new file mode 100644
index 00000000000..689f3732bad
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.create_access_level.js
@@ -0,0 +1,73 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(parent, accessLevel) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_CreateAccessLevel_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Resource name for the access policy which owns this Access
+   *  Level google.identity.accesscontextmanager.v1.AccessLevel.
+   *  Format: `accessPolicies/{policy_id}`
+   */
+  // const parent = 'abc123'
+  /**
+   *  Required. The Access Level 
+   *  google.identity.accesscontextmanager.v1.AccessLevel  to create.
+   *  Syntactic correctness of the Access Level 
+   *  google.identity.accesscontextmanager.v1.AccessLevel  is a
+   *  precondition for creation.
+   */
+  // const accessLevel = {}
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callCreateAccessLevel() {
+    // Construct request
+    const request = {
+      parent,
+      accessLevel,
+    };
+
+    // Run request
+    const [operation] = await accesscontextmanagerClient.createAccessLevel(request);
+    const [response] = await operation.promise();
+    console.log(response);
+  }
+
+  callCreateAccessLevel();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_CreateAccessLevel_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.create_access_policy.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.create_access_policy.js
new file mode 100644
index 00000000000..ef3d3e2e08f
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.create_access_policy.js
@@ -0,0 +1,104 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main() {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_CreateAccessPolicy_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Output only. Resource name of the `AccessPolicy`. Format:
+   *  `accessPolicies/{access_policy}`
+   */
+  // const name = 'abc123'
+  /**
+   *  Required. The parent of this `AccessPolicy` in the Cloud Resource
+   *  Hierarchy. Currently immutable once created. Format:
+   *  `organizations/{organization_id}`
+   */
+  // const parent = 'abc123'
+  /**
+   *  Required. Human readable title. Does not affect behavior.
+   */
+  // const title = 'abc123'
+  /**
+   *  The scopes of a policy define which resources an ACM policy can restrict,
+   *  and where ACM resources can be referenced.
+   *  For example, a policy with scopes="folders/123"  has the following
+   *  behavior:
+   *  - vpcsc perimeters can only restrict projects within folders/123
+   *  - access levels can only be referenced by resources within folders/123.
+   *  If empty, there are no limitations on which resources can be restricted by
+   *  an ACM policy, and there are no limitations on where ACM resources can be
+   *  referenced.
+   *  Only one policy can include a given scope (attempting to create a second
+   *  policy which includes "folders/123" will result in an error).
+   *  Currently, scopes cannot be modified after a policy is created.
+   *  Currently, policies can only have a single scope.
+   *  Format: list of `folders/{folder_number}` or `projects/{project_number}`
+   */
+  // const scopes = 'abc123'
+  /**
+   *  Output only. Time the `AccessPolicy` was created in UTC.
+   */
+  // const createTime = {}
+  /**
+   *  Output only. Time the `AccessPolicy` was updated in UTC.
+   */
+  // const updateTime = {}
+  /**
+   *  Output only. An opaque identifier for the current version of the
+   *  `AccessPolicy`. This will always be a strongly validated etag, meaning that
+   *  two Access Polices will be identical if and only if their etags are
+   *  identical. Clients should not expect this to be in any specific format.
+   */
+  // const etag = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callCreateAccessPolicy() {
+    // Construct request
+    const request = {
+    };
+
+    // Run request
+    const [operation] = await accesscontextmanagerClient.createAccessPolicy(request);
+    const [response] = await operation.promise();
+    console.log(response);
+  }
+
+  callCreateAccessPolicy();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_CreateAccessPolicy_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.create_gcp_user_access_binding.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.create_gcp_user_access_binding.js
new file mode 100644
index 00000000000..54afc4cca5f
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.create_gcp_user_access_binding.js
@@ -0,0 +1,68 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(parent, gcpUserAccessBinding) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_CreateGcpUserAccessBinding_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Example: "organizations/256"
+   */
+  // const parent = 'abc123'
+  /**
+   *  Required. GcpUserAccessBinding 
+   *  google.identity.accesscontextmanager.v1.GcpUserAccessBinding 
+   */
+  // const gcpUserAccessBinding = {}
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callCreateGcpUserAccessBinding() {
+    // Construct request
+    const request = {
+      parent,
+      gcpUserAccessBinding,
+    };
+
+    // Run request
+    const [operation] = await accesscontextmanagerClient.createGcpUserAccessBinding(request);
+    const [response] = await operation.promise();
+    console.log(response);
+  }
+
+  callCreateGcpUserAccessBinding();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_CreateGcpUserAccessBinding_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.create_service_perimeter.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.create_service_perimeter.js
new file mode 100644
index 00000000000..653b93922fc
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.create_service_perimeter.js
@@ -0,0 +1,73 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(parent, servicePerimeter) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_CreateServicePerimeter_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Resource name for the access policy which owns this Service
+   *  Perimeter google.identity.accesscontextmanager.v1.ServicePerimeter.
+   *  Format: `accessPolicies/{policy_id}`
+   */
+  // const parent = 'abc123'
+  /**
+   *  Required. The Service Perimeter 
+   *  google.identity.accesscontextmanager.v1.ServicePerimeter  to create.
+   *  Syntactic correctness of the Service Perimeter 
+   *  google.identity.accesscontextmanager.v1.ServicePerimeter  is a
+   *  precondition for creation.
+   */
+  // const servicePerimeter = {}
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callCreateServicePerimeter() {
+    // Construct request
+    const request = {
+      parent,
+      servicePerimeter,
+    };
+
+    // Run request
+    const [operation] = await accesscontextmanagerClient.createServicePerimeter(request);
+    const [response] = await operation.promise();
+    console.log(response);
+  }
+
+  callCreateServicePerimeter();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_CreateServicePerimeter_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.delete_access_level.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.delete_access_level.js
new file mode 100644
index 00000000000..92f16010c72
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.delete_access_level.js
@@ -0,0 +1,65 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(name) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_DeleteAccessLevel_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Resource name for the Access Level 
+   *  google.identity.accesscontextmanager.v1.AccessLevel.
+   *  Format:
+   *  `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+   */
+  // const name = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callDeleteAccessLevel() {
+    // Construct request
+    const request = {
+      name,
+    };
+
+    // Run request
+    const [operation] = await accesscontextmanagerClient.deleteAccessLevel(request);
+    const [response] = await operation.promise();
+    console.log(response);
+  }
+
+  callDeleteAccessLevel();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_DeleteAccessLevel_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.delete_access_policy.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.delete_access_policy.js
new file mode 100644
index 00000000000..590619ab843
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.delete_access_policy.js
@@ -0,0 +1,63 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(name) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_DeleteAccessPolicy_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Resource name for the access policy to delete.
+   *  Format `accessPolicies/{policy_id}`
+   */
+  // const name = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callDeleteAccessPolicy() {
+    // Construct request
+    const request = {
+      name,
+    };
+
+    // Run request
+    const [operation] = await accesscontextmanagerClient.deleteAccessPolicy(request);
+    const [response] = await operation.promise();
+    console.log(response);
+  }
+
+  callDeleteAccessPolicy();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_DeleteAccessPolicy_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.delete_gcp_user_access_binding.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.delete_gcp_user_access_binding.js
new file mode 100644
index 00000000000..51d5204297b
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.delete_gcp_user_access_binding.js
@@ -0,0 +1,62 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(name) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_DeleteGcpUserAccessBinding_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
+   */
+  // const name = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callDeleteGcpUserAccessBinding() {
+    // Construct request
+    const request = {
+      name,
+    };
+
+    // Run request
+    const [operation] = await accesscontextmanagerClient.deleteGcpUserAccessBinding(request);
+    const [response] = await operation.promise();
+    console.log(response);
+  }
+
+  callDeleteGcpUserAccessBinding();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_DeleteGcpUserAccessBinding_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.delete_service_perimeter.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.delete_service_perimeter.js
new file mode 100644
index 00000000000..aca2edadb03
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.delete_service_perimeter.js
@@ -0,0 +1,65 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(name) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_DeleteServicePerimeter_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Resource name for the Service Perimeter 
+   *  google.identity.accesscontextmanager.v1.ServicePerimeter.
+   *  Format:
+   *  `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+   */
+  // const name = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callDeleteServicePerimeter() {
+    // Construct request
+    const request = {
+      name,
+    };
+
+    // Run request
+    const [operation] = await accesscontextmanagerClient.deleteServicePerimeter(request);
+    const [response] = await operation.promise();
+    console.log(response);
+  }
+
+  callDeleteServicePerimeter();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_DeleteServicePerimeter_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.get_access_level.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.get_access_level.js
new file mode 100644
index 00000000000..009af15328a
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.get_access_level.js
@@ -0,0 +1,75 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(name) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_GetAccessLevel_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Resource name for the Access Level 
+   *  google.identity.accesscontextmanager.v1.AccessLevel.
+   *  Format:
+   *  `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+   */
+  // const name = 'abc123'
+  /**
+   *  Whether to return `BasicLevels` in the Cloud Common Expression
+   *  Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where
+   *  Access Levels  google.identity.accesscontextmanager.v1.AccessLevel 
+   *  are returned as `BasicLevels` or `CustomLevels` based on how they were
+   *  created. If set to CEL, all Access Levels 
+   *  google.identity.accesscontextmanager.v1.AccessLevel  are returned as
+   *  `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
+   *  `CustomLevels`.
+   */
+  // const accessLevelFormat = {}
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callGetAccessLevel() {
+    // Construct request
+    const request = {
+      name,
+    };
+
+    // Run request
+    const response = await accesscontextmanagerClient.getAccessLevel(request);
+    console.log(response);
+  }
+
+  callGetAccessLevel();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_GetAccessLevel_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.get_access_policy.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.get_access_policy.js
new file mode 100644
index 00000000000..f4ab0ebcfad
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.get_access_policy.js
@@ -0,0 +1,62 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(name) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_GetAccessPolicy_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Resource name for the access policy to get.
+   *  Format `accessPolicies/{policy_id}`
+   */
+  // const name = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callGetAccessPolicy() {
+    // Construct request
+    const request = {
+      name,
+    };
+
+    // Run request
+    const response = await accesscontextmanagerClient.getAccessPolicy(request);
+    console.log(response);
+  }
+
+  callGetAccessPolicy();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_GetAccessPolicy_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.get_gcp_user_access_binding.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.get_gcp_user_access_binding.js
new file mode 100644
index 00000000000..87c7fbd1619
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.get_gcp_user_access_binding.js
@@ -0,0 +1,61 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(name) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_GetGcpUserAccessBinding_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
+   */
+  // const name = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callGetGcpUserAccessBinding() {
+    // Construct request
+    const request = {
+      name,
+    };
+
+    // Run request
+    const response = await accesscontextmanagerClient.getGcpUserAccessBinding(request);
+    console.log(response);
+  }
+
+  callGetGcpUserAccessBinding();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_GetGcpUserAccessBinding_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.get_iam_policy.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.get_iam_policy.js
new file mode 100644
index 00000000000..572e89358ae
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.get_iam_policy.js
@@ -0,0 +1,67 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(resource) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_GetIamPolicy_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  REQUIRED: The resource for which the policy is being requested.
+   *  See the operation documentation for the appropriate value for this field.
+   */
+  // const resource = 'abc123'
+  /**
+   *  OPTIONAL: A `GetPolicyOptions` object for specifying options to
+   *  `GetIamPolicy`.
+   */
+  // const options = {}
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callGetIamPolicy() {
+    // Construct request
+    const request = {
+      resource,
+    };
+
+    // Run request
+    const response = await accesscontextmanagerClient.getIamPolicy(request);
+    console.log(response);
+  }
+
+  callGetIamPolicy();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_GetIamPolicy_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.get_service_perimeter.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.get_service_perimeter.js
new file mode 100644
index 00000000000..bbd76439914
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.get_service_perimeter.js
@@ -0,0 +1,64 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(name) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_GetServicePerimeter_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Resource name for the Service Perimeter 
+   *  google.identity.accesscontextmanager.v1.ServicePerimeter.
+   *  Format:
+   *  `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+   */
+  // const name = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callGetServicePerimeter() {
+    // Construct request
+    const request = {
+      name,
+    };
+
+    // Run request
+    const response = await accesscontextmanagerClient.getServicePerimeter(request);
+    console.log(response);
+  }
+
+  callGetServicePerimeter();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_GetServicePerimeter_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.list_access_levels.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.list_access_levels.js
new file mode 100644
index 00000000000..be0a18c1e94
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.list_access_levels.js
@@ -0,0 +1,84 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(parent) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_ListAccessLevels_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Resource name for the access policy to list Access Levels 
+   *  google.identity.accesscontextmanager.v1.AccessLevel  from.
+   *  Format:
+   *  `accessPolicies/{policy_id}`
+   */
+  // const parent = 'abc123'
+  /**
+   *  Number of Access Levels 
+   *  google.identity.accesscontextmanager.v1.AccessLevel  to include in
+   *  the list. Default 100.
+   */
+  // const pageSize = 1234
+  /**
+   *  Next page token for the next batch of Access Level 
+   *  google.identity.accesscontextmanager.v1.AccessLevel  instances.
+   *  Defaults to the first page of results.
+   */
+  // const pageToken = 'abc123'
+  /**
+   *  Whether to return `BasicLevels` in the Cloud Common Expression language, as
+   *  `CustomLevels`, rather than as `BasicLevels`. Defaults to returning
+   *  `AccessLevels` in the format they were defined.
+   */
+  // const accessLevelFormat = {}
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callListAccessLevels() {
+    // Construct request
+    const request = {
+      parent,
+    };
+
+    // Run request
+    const iterable = await accesscontextmanagerClient.listAccessLevelsAsync(request);
+    for await (const response of iterable) {
+        console.log(response);
+    }
+  }
+
+  callListAccessLevels();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_ListAccessLevels_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.list_access_policies.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.list_access_policies.js
new file mode 100644
index 00000000000..db5f8fa18e2
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.list_access_policies.js
@@ -0,0 +1,75 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(parent) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_ListAccessPolicies_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Resource name for the container to list AccessPolicy instances
+   *  from.
+   *  Format:
+   *  `organizations/{org_id}`
+   */
+  // const parent = 'abc123'
+  /**
+   *  Number of AccessPolicy instances to include in the list. Default 100.
+   */
+  // const pageSize = 1234
+  /**
+   *  Next page token for the next batch of AccessPolicy instances. Defaults to
+   *  the first page of results.
+   */
+  // const pageToken = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callListAccessPolicies() {
+    // Construct request
+    const request = {
+      parent,
+    };
+
+    // Run request
+    const iterable = await accesscontextmanagerClient.listAccessPoliciesAsync(request);
+    for await (const response of iterable) {
+        console.log(response);
+    }
+  }
+
+  callListAccessPolicies();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_ListAccessPolicies_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.list_gcp_user_access_bindings.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.list_gcp_user_access_bindings.js
new file mode 100644
index 00000000000..b42097162c2
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.list_gcp_user_access_bindings.js
@@ -0,0 +1,75 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(parent) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_ListGcpUserAccessBindings_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Example: "organizations/256"
+   */
+  // const parent = 'abc123'
+  /**
+   *  Optional. Maximum number of items to return. The server may return fewer items.
+   *  If left blank, the server may return any number of items.
+   */
+  // const pageSize = 1234
+  /**
+   *  Optional. If left blank, returns the first page. To enumerate all items, use the
+   *  next_page_token 
+   *  google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse.next_page_token 
+   *  from your previous list operation.
+   */
+  // const pageToken = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callListGcpUserAccessBindings() {
+    // Construct request
+    const request = {
+      parent,
+    };
+
+    // Run request
+    const iterable = await accesscontextmanagerClient.listGcpUserAccessBindingsAsync(request);
+    for await (const response of iterable) {
+        console.log(response);
+    }
+  }
+
+  callListGcpUserAccessBindings();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_ListGcpUserAccessBindings_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.list_service_perimeters.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.list_service_perimeters.js
new file mode 100644
index 00000000000..c9a80875919
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.list_service_perimeters.js
@@ -0,0 +1,78 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(parent) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_ListServicePerimeters_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Resource name for the access policy to list Service Perimeters 
+   *  google.identity.accesscontextmanager.v1.ServicePerimeter  from.
+   *  Format:
+   *  `accessPolicies/{policy_id}`
+   */
+  // const parent = 'abc123'
+  /**
+   *  Number of Service Perimeters 
+   *  google.identity.accesscontextmanager.v1.ServicePerimeter  to include
+   *  in the list. Default 100.
+   */
+  // const pageSize = 1234
+  /**
+   *  Next page token for the next batch of Service Perimeter 
+   *  google.identity.accesscontextmanager.v1.ServicePerimeter  instances.
+   *  Defaults to the first page of results.
+   */
+  // const pageToken = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callListServicePerimeters() {
+    // Construct request
+    const request = {
+      parent,
+    };
+
+    // Run request
+    const iterable = await accesscontextmanagerClient.listServicePerimetersAsync(request);
+    for await (const response of iterable) {
+        console.log(response);
+    }
+  }
+
+  callListServicePerimeters();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_ListServicePerimeters_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.replace_access_levels.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.replace_access_levels.js
new file mode 100644
index 00000000000..2759f8942c3
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.replace_access_levels.js
@@ -0,0 +1,85 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(parent, accessLevels) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_ReplaceAccessLevels_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Resource name for the access policy which owns these
+   *  Access Levels 
+   *  google.identity.accesscontextmanager.v1.AccessLevel.
+   *  Format: `accessPolicies/{policy_id}`
+   */
+  // const parent = 'abc123'
+  /**
+   *  Required. The desired Access Levels 
+   *  google.identity.accesscontextmanager.v1.AccessLevel  that should
+   *  replace all existing Access Levels 
+   *  google.identity.accesscontextmanager.v1.AccessLevel  in the
+   *  Access Policy 
+   *  google.identity.accesscontextmanager.v1.AccessPolicy.
+   */
+  // const accessLevels = 1234
+  /**
+   *  Optional. The etag for the version of the Access Policy 
+   *  google.identity.accesscontextmanager.v1.AccessPolicy  that this
+   *  replace operation is to be performed on. If, at the time of replace, the
+   *  etag for the Access Policy stored in Access Context Manager is different
+   *  from the specified etag, then the replace operation will not be performed
+   *  and the call will fail. This field is not required. If etag is not
+   *  provided, the operation will be performed as if a valid etag is provided.
+   */
+  // const etag = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callReplaceAccessLevels() {
+    // Construct request
+    const request = {
+      parent,
+      accessLevels,
+    };
+
+    // Run request
+    const [operation] = await accesscontextmanagerClient.replaceAccessLevels(request);
+    const [response] = await operation.promise();
+    console.log(response);
+  }
+
+  callReplaceAccessLevels();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_ReplaceAccessLevels_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.replace_service_perimeters.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.replace_service_perimeters.js
new file mode 100644
index 00000000000..f542cd98f1f
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.replace_service_perimeters.js
@@ -0,0 +1,85 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(parent, servicePerimeters) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_ReplaceServicePerimeters_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Resource name for the access policy which owns these
+   *  Service Perimeters 
+   *  google.identity.accesscontextmanager.v1.ServicePerimeter.
+   *  Format: `accessPolicies/{policy_id}`
+   */
+  // const parent = 'abc123'
+  /**
+   *  Required. The desired Service Perimeters 
+   *  google.identity.accesscontextmanager.v1.ServicePerimeter  that should
+   *  replace all existing Service Perimeters 
+   *  google.identity.accesscontextmanager.v1.ServicePerimeter  in the
+   *  Access Policy 
+   *  google.identity.accesscontextmanager.v1.AccessPolicy.
+   */
+  // const servicePerimeters = 1234
+  /**
+   *  Optional. The etag for the version of the Access Policy 
+   *  google.identity.accesscontextmanager.v1.AccessPolicy  that this
+   *  replace operation is to be performed on. If, at the time of replace, the
+   *  etag for the Access Policy stored in Access Context Manager is different
+   *  from the specified etag, then the replace operation will not be performed
+   *  and the call will fail. This field is not required. If etag is not
+   *  provided, the operation will be performed as if a valid etag is provided.
+   */
+  // const etag = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callReplaceServicePerimeters() {
+    // Construct request
+    const request = {
+      parent,
+      servicePerimeters,
+    };
+
+    // Run request
+    const [operation] = await accesscontextmanagerClient.replaceServicePerimeters(request);
+    const [response] = await operation.promise();
+    console.log(response);
+  }
+
+  callReplaceServicePerimeters();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_ReplaceServicePerimeters_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.set_iam_policy.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.set_iam_policy.js
new file mode 100644
index 00000000000..e89b11c2d55
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.set_iam_policy.js
@@ -0,0 +1,77 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(resource, policy) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_SetIamPolicy_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  REQUIRED: The resource for which the policy is being specified.
+   *  See the operation documentation for the appropriate value for this field.
+   */
+  // const resource = 'abc123'
+  /**
+   *  REQUIRED: The complete policy to be applied to the `resource`. The size of
+   *  the policy is limited to a few 10s of KB. An empty policy is a
+   *  valid policy but certain Cloud Platform services (such as Projects)
+   *  might reject them.
+   */
+  // const policy = {}
+  /**
+   *  OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
+   *  the fields in the mask will be modified. If no mask is provided, the
+   *  following default mask is used:
+   *  `paths: "bindings, etag"`
+   */
+  // const updateMask = {}
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callSetIamPolicy() {
+    // Construct request
+    const request = {
+      resource,
+      policy,
+    };
+
+    // Run request
+    const response = await accesscontextmanagerClient.setIamPolicy(request);
+    console.log(response);
+  }
+
+  callSetIamPolicy();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_SetIamPolicy_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.test_iam_permissions.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.test_iam_permissions.js
new file mode 100644
index 00000000000..65d1417ce76
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.test_iam_permissions.js
@@ -0,0 +1,70 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(resource, permissions) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_TestIamPermissions_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  REQUIRED: The resource for which the policy detail is being requested.
+   *  See the operation documentation for the appropriate value for this field.
+   */
+  // const resource = 'abc123'
+  /**
+   *  The set of permissions to check for the `resource`. Permissions with
+   *  wildcards (such as '*' or 'storage.*') are not allowed. For more
+   *  information see
+   *  IAM Overview (https://cloud.google.com/iam/docs/overview#permissions).
+   */
+  // const permissions = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callTestIamPermissions() {
+    // Construct request
+    const request = {
+      resource,
+      permissions,
+    };
+
+    // Run request
+    const response = await accesscontextmanagerClient.testIamPermissions(request);
+    console.log(response);
+  }
+
+  callTestIamPermissions();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_TestIamPermissions_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.update_access_level.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.update_access_level.js
new file mode 100644
index 00000000000..33c31f64ffa
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.update_access_level.js
@@ -0,0 +1,71 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(accessLevel, updateMask) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_UpdateAccessLevel_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. The updated Access Level 
+   *  google.identity.accesscontextmanager.v1.AccessLevel. Syntactic
+   *  correctness of the Access Level 
+   *  google.identity.accesscontextmanager.v1.AccessLevel  is a
+   *  precondition for creation.
+   */
+  // const accessLevel = {}
+  /**
+   *  Required. Mask to control which fields get updated. Must be non-empty.
+   */
+  // const updateMask = {}
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callUpdateAccessLevel() {
+    // Construct request
+    const request = {
+      accessLevel,
+      updateMask,
+    };
+
+    // Run request
+    const [operation] = await accesscontextmanagerClient.updateAccessLevel(request);
+    const [response] = await operation.promise();
+    console.log(response);
+  }
+
+  callUpdateAccessLevel();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_UpdateAccessLevel_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.update_access_policy.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.update_access_policy.js
new file mode 100644
index 00000000000..3a3f7e3d9ee
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.update_access_policy.js
@@ -0,0 +1,67 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(policy, updateMask) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_UpdateAccessPolicy_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. The updated AccessPolicy.
+   */
+  // const policy = {}
+  /**
+   *  Required. Mask to control which fields get updated. Must be non-empty.
+   */
+  // const updateMask = {}
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callUpdateAccessPolicy() {
+    // Construct request
+    const request = {
+      policy,
+      updateMask,
+    };
+
+    // Run request
+    const [operation] = await accesscontextmanagerClient.updateAccessPolicy(request);
+    const [response] = await operation.promise();
+    console.log(response);
+  }
+
+  callUpdateAccessPolicy();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_UpdateAccessPolicy_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.update_gcp_user_access_binding.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.update_gcp_user_access_binding.js
new file mode 100644
index 00000000000..9ddf5cbb0af
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.update_gcp_user_access_binding.js
@@ -0,0 +1,72 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(gcpUserAccessBinding, updateMask) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_UpdateGcpUserAccessBinding_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. GcpUserAccessBinding 
+   *  google.identity.accesscontextmanager.v1.GcpUserAccessBinding 
+   */
+  // const gcpUserAccessBinding = {}
+  /**
+   *  Required. Only the fields specified in this mask are updated. Because name and
+   *  group_key cannot be changed, update_mask is required and must always be:
+   *  update_mask {
+   *  paths: "access_levels"
+   *  }
+   */
+  // const updateMask = {}
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callUpdateGcpUserAccessBinding() {
+    // Construct request
+    const request = {
+      gcpUserAccessBinding,
+      updateMask,
+    };
+
+    // Run request
+    const [operation] = await accesscontextmanagerClient.updateGcpUserAccessBinding(request);
+    const [response] = await operation.promise();
+    console.log(response);
+  }
+
+  callUpdateGcpUserAccessBinding();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_UpdateGcpUserAccessBinding_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.update_service_perimeter.js b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.update_service_perimeter.js
new file mode 100644
index 00000000000..98fbbf194fb
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/access_context_manager.update_service_perimeter.js
@@ -0,0 +1,68 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+
+
+'use strict';
+
+function main(servicePerimeter, updateMask) {
+  // [START accesscontextmanager_v1_generated_AccessContextManager_UpdateServicePerimeter_async]
+  /**
+   * This snippet has been automatically generated and should be regarded as a code template only.
+   * It will require modifications to work.
+   * It may require correct/in-range values for request initialization.
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. The updated `ServicePerimeter`. Syntactic correctness of the
+   *  `ServicePerimeter` is a precondition for creation.
+   */
+  // const servicePerimeter = {}
+  /**
+   *  Required. Mask to control which fields get updated. Must be non-empty.
+   */
+  // const updateMask = {}
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} = require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function callUpdateServicePerimeter() {
+    // Construct request
+    const request = {
+      servicePerimeter,
+      updateMask,
+    };
+
+    // Run request
+    const [operation] = await accesscontextmanagerClient.updateServicePerimeter(request);
+    const [response] = await operation.promise();
+    console.log(response);
+  }
+
+  callUpdateServicePerimeter();
+  // [END accesscontextmanager_v1_generated_AccessContextManager_UpdateServicePerimeter_async]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/generated/v1/snippet_metadata.google.identity.accesscontextmanager.v1.json b/packages/google-identity-accesscontextmanager/samples/generated/v1/snippet_metadata.google.identity.accesscontextmanager.v1.json
new file mode 100644
index 00000000000..7401a39080d
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/generated/v1/snippet_metadata.google.identity.accesscontextmanager.v1.json
@@ -0,0 +1,1183 @@
+{
+    "clientLibrary": {
+        "name": "nodejs-accesscontextmanager",
+        "version": "2.2.0",
+        "language": "TYPESCRIPT",
+        "apis": [
+            {
+                "id": "google.identity.accesscontextmanager.v1",
+                "version": "v1"
+            }
+        ]
+    },
+    "snippets": [
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_ListAccessPolicies_async",
+            "title": "AccessContextManager listAccessPolicies Sample",
+            "origin": "API_DEFINITION",
+            "description": " Lists all [access policies] [google.identity.accesscontextmanager.v1.AccessPolicy] in an organization.",
+            "canonical": true,
+            "file": "access_context_manager.list_access_policies.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 67,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "ListAccessPolicies",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.ListAccessPolicies",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "parent",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "page_size",
+                        "type": "TYPE_INT32"
+                    },
+                    {
+                        "name": "page_token",
+                        "type": "TYPE_STRING"
+                    }
+                ],
+                "resultType": ".google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "ListAccessPolicies",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.ListAccessPolicies",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_GetAccessPolicy_async",
+            "title": "AccessContextManager getAccessPolicy Sample",
+            "origin": "API_DEFINITION",
+            "description": " Returns an [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.",
+            "canonical": true,
+            "file": "access_context_manager.get_access_policy.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 54,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "GetAccessPolicy",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.GetAccessPolicy",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "name",
+                        "type": "TYPE_STRING"
+                    }
+                ],
+                "resultType": ".google.identity.accesscontextmanager.v1.AccessPolicy",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "GetAccessPolicy",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.GetAccessPolicy",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_CreateAccessPolicy_async",
+            "title": "AccessContextManager createAccessPolicy Sample",
+            "origin": "API_DEFINITION",
+            "description": " Creates an access policy. This method fails if the organization already has an access policy. The long-running operation has a successful status after the access policy propagates to long-lasting storage. Syntactic and basic semantic errors are returned in `metadata` as a BadRequest proto.",
+            "canonical": true,
+            "file": "access_context_manager.create_access_policy.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 96,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "CreateAccessPolicy",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.CreateAccessPolicy",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "name",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "parent",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "title",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "scopes",
+                        "type": "TYPE_STRING[]"
+                    },
+                    {
+                        "name": "create_time",
+                        "type": ".google.protobuf.Timestamp"
+                    },
+                    {
+                        "name": "update_time",
+                        "type": ".google.protobuf.Timestamp"
+                    },
+                    {
+                        "name": "etag",
+                        "type": "TYPE_STRING"
+                    }
+                ],
+                "resultType": ".google.longrunning.Operation",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "CreateAccessPolicy",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.CreateAccessPolicy",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_UpdateAccessPolicy_async",
+            "title": "AccessContextManager updateAccessPolicy Sample",
+            "origin": "API_DEFINITION",
+            "description": " Updates an [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]. The long-running operation from this RPC has a successful status after the changes to the [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] propagate to long-lasting storage.",
+            "canonical": true,
+            "file": "access_context_manager.update_access_policy.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 59,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "UpdateAccessPolicy",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.UpdateAccessPolicy",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "policy",
+                        "type": ".google.identity.accesscontextmanager.v1.AccessPolicy"
+                    },
+                    {
+                        "name": "update_mask",
+                        "type": ".google.protobuf.FieldMask"
+                    }
+                ],
+                "resultType": ".google.longrunning.Operation",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "UpdateAccessPolicy",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.UpdateAccessPolicy",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_DeleteAccessPolicy_async",
+            "title": "AccessContextManager deleteAccessPolicy Sample",
+            "origin": "API_DEFINITION",
+            "description": " Deletes an [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] based on the resource name. The long-running operation has a successful status after the [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is removed from long-lasting storage.",
+            "canonical": true,
+            "file": "access_context_manager.delete_access_policy.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 55,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "DeleteAccessPolicy",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.DeleteAccessPolicy",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "name",
+                        "type": "TYPE_STRING"
+                    }
+                ],
+                "resultType": ".google.longrunning.Operation",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "DeleteAccessPolicy",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.DeleteAccessPolicy",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_ListAccessLevels_async",
+            "title": "AccessContextManager listAccessLevels Sample",
+            "origin": "API_DEFINITION",
+            "description": " Lists all [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] for an access policy.",
+            "canonical": true,
+            "file": "access_context_manager.list_access_levels.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 76,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "ListAccessLevels",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.ListAccessLevels",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "parent",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "page_size",
+                        "type": "TYPE_INT32"
+                    },
+                    {
+                        "name": "page_token",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "access_level_format",
+                        "type": ".google.identity.accesscontextmanager.v1.LevelFormat"
+                    }
+                ],
+                "resultType": ".google.identity.accesscontextmanager.v1.ListAccessLevelsResponse",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "ListAccessLevels",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.ListAccessLevels",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_GetAccessLevel_async",
+            "title": "AccessContextManager getAccessLevel Sample",
+            "origin": "API_DEFINITION",
+            "description": " Gets an [access level] [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource name.",
+            "canonical": true,
+            "file": "access_context_manager.get_access_level.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 67,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "GetAccessLevel",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.GetAccessLevel",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "name",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "access_level_format",
+                        "type": ".google.identity.accesscontextmanager.v1.LevelFormat"
+                    }
+                ],
+                "resultType": ".google.identity.accesscontextmanager.v1.AccessLevel",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "GetAccessLevel",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.GetAccessLevel",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_CreateAccessLevel_async",
+            "title": "AccessContextManager createAccessLevel Sample",
+            "origin": "API_DEFINITION",
+            "description": " Creates an [access level] [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running operation from this RPC has a successful status after the [access level] [google.identity.accesscontextmanager.v1.AccessLevel] propagates to long-lasting storage. If [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] contain errors, an error response is returned for the first error encountered.",
+            "canonical": true,
+            "file": "access_context_manager.create_access_level.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 65,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "CreateAccessLevel",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.CreateAccessLevel",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "parent",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "access_level",
+                        "type": ".google.identity.accesscontextmanager.v1.AccessLevel"
+                    }
+                ],
+                "resultType": ".google.longrunning.Operation",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "CreateAccessLevel",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.CreateAccessLevel",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_UpdateAccessLevel_async",
+            "title": "AccessContextManager updateAccessLevel Sample",
+            "origin": "API_DEFINITION",
+            "description": " Updates an [access level] [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running operation from this RPC has a successful status after the changes to the [access level] [google.identity.accesscontextmanager.v1.AccessLevel] propagate to long-lasting storage. If [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] contain errors, an error response is returned for the first error encountered.",
+            "canonical": true,
+            "file": "access_context_manager.update_access_level.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 63,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "UpdateAccessLevel",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.UpdateAccessLevel",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "access_level",
+                        "type": ".google.identity.accesscontextmanager.v1.AccessLevel"
+                    },
+                    {
+                        "name": "update_mask",
+                        "type": ".google.protobuf.FieldMask"
+                    }
+                ],
+                "resultType": ".google.longrunning.Operation",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "UpdateAccessLevel",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.UpdateAccessLevel",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_DeleteAccessLevel_async",
+            "title": "AccessContextManager deleteAccessLevel Sample",
+            "origin": "API_DEFINITION",
+            "description": " Deletes an [access level] [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource name. The long-running operation from this RPC has a successful status after the [access level] [google.identity.accesscontextmanager.v1.AccessLevel] has been removed from long-lasting storage.",
+            "canonical": true,
+            "file": "access_context_manager.delete_access_level.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 57,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "DeleteAccessLevel",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.DeleteAccessLevel",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "name",
+                        "type": "TYPE_STRING"
+                    }
+                ],
+                "resultType": ".google.longrunning.Operation",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "DeleteAccessLevel",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.DeleteAccessLevel",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_ReplaceAccessLevels_async",
+            "title": "AccessContextManager replaceAccessLevels Sample",
+            "origin": "API_DEFINITION",
+            "description": " Replaces all existing [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] in an [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage. If the replacement contains errors, an error response is returned for the first error encountered.  Upon error, the replacement is cancelled, and existing [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] are not affected. The Operation.response field contains ReplaceAccessLevelsResponse. Removing [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an error.",
+            "canonical": true,
+            "file": "access_context_manager.replace_access_levels.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 77,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "ReplaceAccessLevels",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.ReplaceAccessLevels",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "parent",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "access_levels",
+                        "type": "TYPE_MESSAGE[]"
+                    },
+                    {
+                        "name": "etag",
+                        "type": "TYPE_STRING"
+                    }
+                ],
+                "resultType": ".google.longrunning.Operation",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "ReplaceAccessLevels",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.ReplaceAccessLevels",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_ListServicePerimeters_async",
+            "title": "AccessContextManager listServicePerimeters Sample",
+            "origin": "API_DEFINITION",
+            "description": " Lists all [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for an access policy.",
+            "canonical": true,
+            "file": "access_context_manager.list_service_perimeters.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 70,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "ListServicePerimeters",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.ListServicePerimeters",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "parent",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "page_size",
+                        "type": "TYPE_INT32"
+                    },
+                    {
+                        "name": "page_token",
+                        "type": "TYPE_STRING"
+                    }
+                ],
+                "resultType": ".google.identity.accesscontextmanager.v1.ListServicePerimetersResponse",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "ListServicePerimeters",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.ListServicePerimeters",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_GetServicePerimeter_async",
+            "title": "AccessContextManager getServicePerimeter Sample",
+            "origin": "API_DEFINITION",
+            "description": " Gets a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the resource name.",
+            "canonical": true,
+            "file": "access_context_manager.get_service_perimeter.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 56,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "GetServicePerimeter",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.GetServicePerimeter",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "name",
+                        "type": "TYPE_STRING"
+                    }
+                ],
+                "resultType": ".google.identity.accesscontextmanager.v1.ServicePerimeter",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "GetServicePerimeter",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.GetServicePerimeter",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_CreateServicePerimeter_async",
+            "title": "AccessContextManager createServicePerimeter Sample",
+            "origin": "API_DEFINITION",
+            "description": " Creates a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The long-running operation from this RPC has a successful status after the [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] propagates to long-lasting storage. If a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] contains errors, an error response is returned for the first error encountered.",
+            "canonical": true,
+            "file": "access_context_manager.create_service_perimeter.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 65,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "CreateServicePerimeter",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.CreateServicePerimeter",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "parent",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "service_perimeter",
+                        "type": ".google.identity.accesscontextmanager.v1.ServicePerimeter"
+                    }
+                ],
+                "resultType": ".google.longrunning.Operation",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "CreateServicePerimeter",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.CreateServicePerimeter",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_UpdateServicePerimeter_async",
+            "title": "AccessContextManager updateServicePerimeter Sample",
+            "origin": "API_DEFINITION",
+            "description": " Updates a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The long-running operation from this RPC has a successful status after the [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] propagates to long-lasting storage. If a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] contains errors, an error response is returned for the first error encountered.",
+            "canonical": true,
+            "file": "access_context_manager.update_service_perimeter.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 60,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "UpdateServicePerimeter",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.UpdateServicePerimeter",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "service_perimeter",
+                        "type": ".google.identity.accesscontextmanager.v1.ServicePerimeter"
+                    },
+                    {
+                        "name": "update_mask",
+                        "type": ".google.protobuf.FieldMask"
+                    }
+                ],
+                "resultType": ".google.longrunning.Operation",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "UpdateServicePerimeter",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.UpdateServicePerimeter",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_DeleteServicePerimeter_async",
+            "title": "AccessContextManager deleteServicePerimeter Sample",
+            "origin": "API_DEFINITION",
+            "description": " Deletes a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the resource name. The long-running operation from this RPC has a successful status after the [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from long-lasting storage.",
+            "canonical": true,
+            "file": "access_context_manager.delete_service_perimeter.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 57,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "DeleteServicePerimeter",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.DeleteServicePerimeter",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "name",
+                        "type": "TYPE_STRING"
+                    }
+                ],
+                "resultType": ".google.longrunning.Operation",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "DeleteServicePerimeter",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.DeleteServicePerimeter",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_ReplaceServicePerimeters_async",
+            "title": "AccessContextManager replaceServicePerimeters Sample",
+            "origin": "API_DEFINITION",
+            "description": " Replace all existing [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage. Replacements containing errors result in an error response for the first error encountered. Upon an error, replacement are cancelled and existing [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] are not affected. The Operation.response field contains ReplaceServicePerimetersResponse.",
+            "canonical": true,
+            "file": "access_context_manager.replace_service_perimeters.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 77,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "ReplaceServicePerimeters",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.ReplaceServicePerimeters",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "parent",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "service_perimeters",
+                        "type": "TYPE_MESSAGE[]"
+                    },
+                    {
+                        "name": "etag",
+                        "type": "TYPE_STRING"
+                    }
+                ],
+                "resultType": ".google.longrunning.Operation",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "ReplaceServicePerimeters",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.ReplaceServicePerimeters",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_CommitServicePerimeters_async",
+            "title": "AccessContextManager commitServicePerimeters Sample",
+            "origin": "API_DEFINITION",
+            "description": " Commits the dry-run specification for all the [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access policy][google.identity.accesscontextmanager.v1.AccessPolicy]. A commit operation on a service perimeter involves copying its `spec` field to the `status` field of the service perimeter. Only [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] with `use_explicit_dry_run_spec` field set to true are affected by a commit operation. The long-running operation from this RPC has a successful status after the dry-run specifications for all the [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] have been committed. If a commit fails, it causes the long-running operation to return an error response and the entire commit operation is cancelled. When successful, the Operation.response field contains CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are cleared after a successful commit operation.",
+            "canonical": true,
+            "file": "access_context_manager.commit_service_perimeters.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 69,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "CommitServicePerimeters",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.CommitServicePerimeters",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "parent",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "etag",
+                        "type": "TYPE_STRING"
+                    }
+                ],
+                "resultType": ".google.longrunning.Operation",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "CommitServicePerimeters",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.CommitServicePerimeters",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_ListGcpUserAccessBindings_async",
+            "title": "AccessContextManager listGcpUserAccessBindings Sample",
+            "origin": "API_DEFINITION",
+            "description": " Lists all [GcpUserAccessBindings] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] for a Google Cloud organization.",
+            "canonical": true,
+            "file": "access_context_manager.list_gcp_user_access_bindings.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 67,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "ListGcpUserAccessBindings",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "parent",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "page_size",
+                        "type": "TYPE_INT32"
+                    },
+                    {
+                        "name": "page_token",
+                        "type": "TYPE_STRING"
+                    }
+                ],
+                "resultType": ".google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "ListGcpUserAccessBindings",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_GetGcpUserAccessBinding_async",
+            "title": "AccessContextManager getGcpUserAccessBinding Sample",
+            "origin": "API_DEFINITION",
+            "description": " Gets the [GcpUserAccessBinding] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] with the given name.",
+            "canonical": true,
+            "file": "access_context_manager.get_gcp_user_access_binding.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 53,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "GetGcpUserAccessBinding",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.GetGcpUserAccessBinding",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "name",
+                        "type": "TYPE_STRING"
+                    }
+                ],
+                "resultType": ".google.identity.accesscontextmanager.v1.GcpUserAccessBinding",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "GetGcpUserAccessBinding",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.GetGcpUserAccessBinding",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_CreateGcpUserAccessBinding_async",
+            "title": "AccessContextManager createGcpUserAccessBinding Sample",
+            "origin": "API_DEFINITION",
+            "description": " Creates a [GcpUserAccessBinding] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the client specifies a [name] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name], the server ignores it. Fails if a resource already exists with the same [group_key] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key]. Completion of this long-running operation does not necessarily signify that the new binding is deployed onto all affected users, which may take more time.",
+            "canonical": true,
+            "file": "access_context_manager.create_gcp_user_access_binding.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 60,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "CreateGcpUserAccessBinding",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.CreateGcpUserAccessBinding",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "parent",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "gcp_user_access_binding",
+                        "type": ".google.identity.accesscontextmanager.v1.GcpUserAccessBinding"
+                    }
+                ],
+                "resultType": ".google.longrunning.Operation",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "CreateGcpUserAccessBinding",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.CreateGcpUserAccessBinding",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_UpdateGcpUserAccessBinding_async",
+            "title": "AccessContextManager updateGcpUserAccessBinding Sample",
+            "origin": "API_DEFINITION",
+            "description": " Updates a [GcpUserAccessBinding] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. Completion of this long-running operation does not necessarily signify that the changed binding is deployed onto all affected users, which may take more time.",
+            "canonical": true,
+            "file": "access_context_manager.update_gcp_user_access_binding.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 64,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "UpdateGcpUserAccessBinding",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.UpdateGcpUserAccessBinding",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "gcp_user_access_binding",
+                        "type": ".google.identity.accesscontextmanager.v1.GcpUserAccessBinding"
+                    },
+                    {
+                        "name": "update_mask",
+                        "type": ".google.protobuf.FieldMask"
+                    }
+                ],
+                "resultType": ".google.longrunning.Operation",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "UpdateGcpUserAccessBinding",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.UpdateGcpUserAccessBinding",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_DeleteGcpUserAccessBinding_async",
+            "title": "AccessContextManager deleteGcpUserAccessBinding Sample",
+            "origin": "API_DEFINITION",
+            "description": " Deletes a [GcpUserAccessBinding] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. Completion of this long-running operation does not necessarily signify that the binding deletion is deployed onto all affected users, which may take more time.",
+            "canonical": true,
+            "file": "access_context_manager.delete_gcp_user_access_binding.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 54,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "DeleteGcpUserAccessBinding",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.DeleteGcpUserAccessBinding",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "name",
+                        "type": "TYPE_STRING"
+                    }
+                ],
+                "resultType": ".google.longrunning.Operation",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "DeleteGcpUserAccessBinding",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.DeleteGcpUserAccessBinding",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_SetIamPolicy_async",
+            "title": "AccessContextManager setIamPolicy Sample",
+            "origin": "API_DEFINITION",
+            "description": " Sets the IAM policy for the specified Access Context Manager [access policy][google.identity.accesscontextmanager.v1.AccessPolicy]. This method replaces the existing IAM policy on the access policy. The IAM policy controls the set of users who can perform specific operations on the Access Context Manager [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].",
+            "canonical": true,
+            "file": "access_context_manager.set_iam_policy.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 69,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "SetIamPolicy",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.SetIamPolicy",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "resource",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "policy",
+                        "type": ".google.iam.v1.Policy"
+                    },
+                    {
+                        "name": "update_mask",
+                        "type": ".google.protobuf.FieldMask"
+                    }
+                ],
+                "resultType": ".google.iam.v1.Policy",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "SetIamPolicy",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.SetIamPolicy",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_GetIamPolicy_async",
+            "title": "AccessContextManager getIamPolicy Sample",
+            "origin": "API_DEFINITION",
+            "description": " Gets the IAM policy for the specified Access Context Manager [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].",
+            "canonical": true,
+            "file": "access_context_manager.get_iam_policy.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 59,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "GetIamPolicy",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.GetIamPolicy",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "resource",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "options",
+                        "type": ".google.iam.v1.GetPolicyOptions"
+                    }
+                ],
+                "resultType": ".google.iam.v1.Policy",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "GetIamPolicy",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.GetIamPolicy",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        },
+        {
+            "regionTag": "accesscontextmanager_v1_generated_AccessContextManager_TestIamPermissions_async",
+            "title": "AccessContextManager testIamPermissions Sample",
+            "origin": "API_DEFINITION",
+            "description": " Returns the IAM permissions that the caller has on the specified Access Context Manager resource. The resource can be an [AccessPolicy][google.identity.accesscontextmanager.v1.AccessPolicy], [AccessLevel][google.identity.accesscontextmanager.v1.AccessLevel], or [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter ]. This method does not support other resources.",
+            "canonical": true,
+            "file": "access_context_manager.test_iam_permissions.js",
+            "language": "JAVASCRIPT",
+            "segments": [
+                {
+                    "start": 25,
+                    "end": 62,
+                    "type": "FULL"
+                }
+            ],
+            "clientMethod": {
+                "shortName": "TestIamPermissions",
+                "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.TestIamPermissions",
+                "async": true,
+                "parameters": [
+                    {
+                        "name": "resource",
+                        "type": "TYPE_STRING"
+                    },
+                    {
+                        "name": "permissions",
+                        "type": "TYPE_STRING[]"
+                    }
+                ],
+                "resultType": ".google.iam.v1.TestIamPermissionsResponse",
+                "client": {
+                    "shortName": "AccessContextManagerClient",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManagerClient"
+                },
+                "method": {
+                    "shortName": "TestIamPermissions",
+                    "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager.TestIamPermissions",
+                    "service": {
+                        "shortName": "AccessContextManager",
+                        "fullName": "google.identity.accesscontextmanager.v1.AccessContextManager"
+                    }
+                }
+            }
+        }
+    ]
+}
\ No newline at end of file
diff --git a/packages/google-identity-accesscontextmanager/samples/package.json b/packages/google-identity-accesscontextmanager/samples/package.json
new file mode 100644
index 00000000000..bb9a8c8b512
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/package.json
@@ -0,0 +1,23 @@
+{
+  "name": "nodejs-access-context-manager",
+  "private": true,
+  "license": "Apache-2.0",
+  "author": "Google LLC",
+  "engines": {
+    "node": ">=12.0.0"
+  },
+  "files": [
+    "*.js"
+  ],
+  "scripts": {
+    "test": "c8 mocha --timeout 600000 test/*.js"
+  },
+  "dependencies": {
+    "@google-cloud/access-context-manager": "^2.2.0"
+  },
+  "devDependencies": {
+    "c8": "^7.1.0",
+    "chai": "^4.2.0",
+    "mocha": "^9.0.0"
+  }
+}
diff --git a/packages/google-identity-accesscontextmanager/samples/quickstart.js b/packages/google-identity-accesscontextmanager/samples/quickstart.js
new file mode 100644
index 00000000000..96182cdf1e1
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/quickstart.js
@@ -0,0 +1,69 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+function main(parent) {
+  // [START accesscontextmanager_quickstart]
+  /**
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  /**
+   *  Required. Resource name for the container to list AccessPolicy instances
+   *  from.
+   *  Format:
+   *  `organizations/{org_id}`
+   */
+  // const parent = 'abc123'
+  /**
+   *  Number of AccessPolicy instances to include in the list. Default 100.
+   */
+  // const pageSize = 1234
+  /**
+   *  Next page token for the next batch of AccessPolicy instances. Defaults to
+   *  the first page of results.
+   */
+  // const pageToken = 'abc123'
+
+  // Imports the Accesscontextmanager library
+  const {AccessContextManagerClient} =
+    require('@google-cloud/access-context-manager').v1;
+
+  // Instantiates a client
+  const accesscontextmanagerClient = new AccessContextManagerClient();
+
+  async function listAccessPolicies() {
+    // Construct request
+    const request = {
+      parent,
+    };
+
+    // Run request
+    const iterable = await accesscontextmanagerClient.listAccessPoliciesAsync(
+      request
+    );
+    for await (const response of iterable) {
+      console.log(response);
+    }
+  }
+
+  listAccessPolicies();
+  // [END accesscontextmanager_quickstart]
+}
+
+process.on('unhandledRejection', err => {
+  console.error(err.message);
+  process.exitCode = 1;
+});
+main(...process.argv.slice(2));
diff --git a/packages/google-identity-accesscontextmanager/samples/test/quickstart.js b/packages/google-identity-accesscontextmanager/samples/test/quickstart.js
new file mode 100644
index 00000000000..bddcd2a9cb3
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/samples/test/quickstart.js
@@ -0,0 +1,26 @@
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+'use strict';
+
+const {describe, it} = require('mocha');
+
+describe('Quickstart', () => {
+  it('should run quickstart', async () => {
+    // TODO: add test.
+  });
+});
diff --git a/packages/google-identity-accesscontextmanager/src/index.ts b/packages/google-identity-accesscontextmanager/src/index.ts
new file mode 100644
index 00000000000..958e6b351d6
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/src/index.ts
@@ -0,0 +1,27 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by synthtool. **
+// ** https://github.com/googleapis/synthtool **
+// ** All changes to this file may be overwritten. **
+
+import * as v1 from './v1';
+
+const AccessContextManagerClient = v1.AccessContextManagerClient;
+type AccessContextManagerClient = v1.AccessContextManagerClient;
+
+export {v1, AccessContextManagerClient};
+export default {v1, AccessContextManagerClient};
+import * as protos from '../protos/protos';
+export {protos};
diff --git a/packages/google-identity-accesscontextmanager/src/v1/access_context_manager_client.ts b/packages/google-identity-accesscontextmanager/src/v1/access_context_manager_client.ts
new file mode 100644
index 00000000000..5afb07e715d
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/src/v1/access_context_manager_client.ts
@@ -0,0 +1,4870 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+/* global window */
+import type * as gax from 'google-gax';
+import type {
+  Callback,
+  CallOptions,
+  Descriptors,
+  ClientOptions,
+  GrpcClientOptions,
+  LROperation,
+  PaginationCallback,
+  GaxCall,
+} from 'google-gax';
+import {Transform} from 'stream';
+import * as protos from '../../protos/protos';
+import jsonProtos = require('../../protos/protos.json');
+/**
+ * Client JSON configuration object, loaded from
+ * `src/v1/access_context_manager_client_config.json`.
+ * This file defines retry strategy and timeouts for all API methods in this library.
+ */
+import * as gapicConfig from './access_context_manager_client_config.json';
+const version = require('../../../package.json').version;
+
+/**
+ *  API for setting [access levels]
+ *  [google.identity.accesscontextmanager.v1.AccessLevel] and [service
+ *  perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ *  for Google Cloud projects. Each organization has one [access policy]
+ *  [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
+ *  [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+ *  and [service perimeters]
+ *  [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
+ *  [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
+ *  applicable to all resources in the organization.
+ *  AccessPolicies
+ * @class
+ * @memberof v1
+ */
+export class AccessContextManagerClient {
+  private _terminated = false;
+  private _opts: ClientOptions;
+  private _providedCustomServicePath: boolean;
+  private _gaxModule: typeof gax | typeof gax.fallback;
+  private _gaxGrpc: gax.GrpcClient | gax.fallback.GrpcClient;
+  private _protos: {};
+  private _defaults: {[method: string]: gax.CallSettings};
+  auth: gax.GoogleAuth;
+  descriptors: Descriptors = {
+    page: {},
+    stream: {},
+    longrunning: {},
+    batching: {},
+  };
+  warn: (code: string, message: string, warnType?: string) => void;
+  innerApiCalls: {[name: string]: Function};
+  pathTemplates: {[name: string]: gax.PathTemplate};
+  operationsClient: gax.OperationsClient;
+  accessContextManagerStub?: Promise<{[name: string]: Function}>;
+
+  /**
+   * Construct an instance of AccessContextManagerClient.
+   *
+   * @param {object} [options] - The configuration object.
+   * The options accepted by the constructor are described in detail
+   * in [this document](https://github.com/googleapis/gax-nodejs/blob/main/client-libraries.md#creating-the-client-instance).
+   * The common options are:
+   * @param {object} [options.credentials] - Credentials object.
+   * @param {string} [options.credentials.client_email]
+   * @param {string} [options.credentials.private_key]
+   * @param {string} [options.email] - Account email address. Required when
+   *     using a .pem or .p12 keyFilename.
+   * @param {string} [options.keyFilename] - Full path to the a .json, .pem, or
+   *     .p12 key downloaded from the Google Developers Console. If you provide
+   *     a path to a JSON file, the projectId option below is not necessary.
+   *     NOTE: .pem and .p12 require you to specify options.email as well.
+   * @param {number} [options.port] - The port on which to connect to
+   *     the remote host.
+   * @param {string} [options.projectId] - The project ID from the Google
+   *     Developer's Console, e.g. 'grape-spaceship-123'. We will also check
+   *     the environment variable GCLOUD_PROJECT for your project ID. If your
+   *     app is running in an environment which supports
+   *     {@link https://developers.google.com/identity/protocols/application-default-credentials Application Default Credentials},
+   *     your project ID will be detected automatically.
+   * @param {string} [options.apiEndpoint] - The domain name of the
+   *     API remote host.
+   * @param {gax.ClientConfig} [options.clientConfig] - Client configuration override.
+   *     Follows the structure of {@link gapicConfig}.
+   * @param {boolean | "rest"} [options.fallback] - Use HTTP fallback mode.
+   *     Pass "rest" to use HTTP/1.1 REST API instead of gRPC.
+   *     For more information, please check the
+   *     {@link https://github.com/googleapis/gax-nodejs/blob/main/client-libraries.md#http11-rest-api-mode documentation}.
+   * @param {gax} [gaxInstance]: loaded instance of `google-gax`. Useful if you
+   *     need to avoid loading the default gRPC version and want to use the fallback
+   *     HTTP implementation. Load only fallback version and pass it to the constructor:
+   *     ```
+   *     const gax = require('google-gax/build/src/fallback'); // avoids loading google-gax with gRPC
+   *     const client = new AccessContextManagerClient({fallback: 'rest'}, gax);
+   *     ```
+   */
+  constructor(
+    opts?: ClientOptions,
+    gaxInstance?: typeof gax | typeof gax.fallback
+  ) {
+    // Ensure that options include all the required fields.
+    const staticMembers = this.constructor as typeof AccessContextManagerClient;
+    const servicePath =
+      opts?.servicePath || opts?.apiEndpoint || staticMembers.servicePath;
+    this._providedCustomServicePath = !!(
+      opts?.servicePath || opts?.apiEndpoint
+    );
+    const port = opts?.port || staticMembers.port;
+    const clientConfig = opts?.clientConfig ?? {};
+    const fallback =
+      opts?.fallback ??
+      (typeof window !== 'undefined' && typeof window?.fetch === 'function');
+    opts = Object.assign({servicePath, port, clientConfig, fallback}, opts);
+
+    // If scopes are unset in options and we're connecting to a non-default endpoint, set scopes just in case.
+    if (servicePath !== staticMembers.servicePath && !('scopes' in opts)) {
+      opts['scopes'] = staticMembers.scopes;
+    }
+
+    // Load google-gax module synchronously if needed
+    if (!gaxInstance) {
+      gaxInstance = require('google-gax') as typeof gax;
+    }
+
+    // Choose either gRPC or proto-over-HTTP implementation of google-gax.
+    this._gaxModule = opts.fallback ? gaxInstance.fallback : gaxInstance;
+
+    // Create a `gaxGrpc` object, with any grpc-specific options sent to the client.
+    this._gaxGrpc = new this._gaxModule.GrpcClient(opts);
+
+    // Save options to use in initialize() method.
+    this._opts = opts;
+
+    // Save the auth object to the client, for use by other methods.
+    this.auth = this._gaxGrpc.auth as gax.GoogleAuth;
+
+    // Set useJWTAccessWithScope on the auth object.
+    this.auth.useJWTAccessWithScope = true;
+
+    // Set defaultServicePath on the auth object.
+    this.auth.defaultServicePath = staticMembers.servicePath;
+
+    // Set the default scopes in auth client if needed.
+    if (servicePath === staticMembers.servicePath) {
+      this.auth.defaultScopes = staticMembers.scopes;
+    }
+
+    // Determine the client header string.
+    const clientHeader = [`gax/${this._gaxModule.version}`, `gapic/${version}`];
+    if (typeof process !== 'undefined' && 'versions' in process) {
+      clientHeader.push(`gl-node/${process.versions.node}`);
+    } else {
+      clientHeader.push(`gl-web/${this._gaxModule.version}`);
+    }
+    if (!opts.fallback) {
+      clientHeader.push(`grpc/${this._gaxGrpc.grpcVersion}`);
+    } else if (opts.fallback === 'rest') {
+      clientHeader.push(`rest/${this._gaxGrpc.grpcVersion}`);
+    }
+    if (opts.libName && opts.libVersion) {
+      clientHeader.push(`${opts.libName}/${opts.libVersion}`);
+    }
+    // Load the applicable protos.
+    this._protos = this._gaxGrpc.loadProtoJSON(jsonProtos);
+
+    // This API contains "path templates"; forward-slash-separated
+    // identifiers to uniquely identify resources within the API.
+    // Create useful helper objects for these.
+    this.pathTemplates = {
+      accessLevelPathTemplate: new this._gaxModule.PathTemplate(
+        'accessPolicies/{access_policy}/accessLevels/{access_level}'
+      ),
+      accessPolicyPathTemplate: new this._gaxModule.PathTemplate(
+        'accessPolicies/{access_policy}'
+      ),
+      gcpUserAccessBindingPathTemplate: new this._gaxModule.PathTemplate(
+        'organizations/{organization}/gcpUserAccessBindings/{gcp_user_access_binding}'
+      ),
+      organizationPathTemplate: new this._gaxModule.PathTemplate(
+        'organizations/{organization}'
+      ),
+      servicePerimeterPathTemplate: new this._gaxModule.PathTemplate(
+        'accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}'
+      ),
+    };
+
+    // Some of the methods on this service return "paged" results,
+    // (e.g. 50 results at a time, with tokens to get subsequent
+    // pages). Denote the keys used for pagination and results.
+    this.descriptors.page = {
+      listAccessPolicies: new this._gaxModule.PageDescriptor(
+        'pageToken',
+        'nextPageToken',
+        'accessPolicies'
+      ),
+      listAccessLevels: new this._gaxModule.PageDescriptor(
+        'pageToken',
+        'nextPageToken',
+        'accessLevels'
+      ),
+      listServicePerimeters: new this._gaxModule.PageDescriptor(
+        'pageToken',
+        'nextPageToken',
+        'servicePerimeters'
+      ),
+      listGcpUserAccessBindings: new this._gaxModule.PageDescriptor(
+        'pageToken',
+        'nextPageToken',
+        'gcpUserAccessBindings'
+      ),
+    };
+
+    const protoFilesRoot = this._gaxModule.protobuf.Root.fromJSON(jsonProtos);
+    // This API contains "long-running operations", which return a
+    // an Operation object that allows for tracking of the operation,
+    // rather than holding a request open.
+    const lroOptions: GrpcClientOptions = {
+      auth: this.auth,
+      grpc: 'grpc' in this._gaxGrpc ? this._gaxGrpc.grpc : undefined,
+    };
+    if (opts.fallback === 'rest') {
+      lroOptions.protoJson = protoFilesRoot;
+      lroOptions.httpRules = [
+        {
+          selector: 'google.longrunning.Operations.GetOperation',
+          get: '/v1/{name=operations/**}',
+        },
+      ];
+    }
+    this.operationsClient = this._gaxModule
+      .lro(lroOptions)
+      .operationsClient(opts);
+    const createAccessPolicyResponse = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessPolicy'
+    ) as gax.protobuf.Type;
+    const createAccessPolicyMetadata = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata'
+    ) as gax.protobuf.Type;
+    const updateAccessPolicyResponse = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessPolicy'
+    ) as gax.protobuf.Type;
+    const updateAccessPolicyMetadata = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata'
+    ) as gax.protobuf.Type;
+    const deleteAccessPolicyResponse = protoFilesRoot.lookup(
+      '.google.protobuf.Empty'
+    ) as gax.protobuf.Type;
+    const deleteAccessPolicyMetadata = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata'
+    ) as gax.protobuf.Type;
+    const createAccessLevelResponse = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessLevel'
+    ) as gax.protobuf.Type;
+    const createAccessLevelMetadata = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata'
+    ) as gax.protobuf.Type;
+    const updateAccessLevelResponse = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessLevel'
+    ) as gax.protobuf.Type;
+    const updateAccessLevelMetadata = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata'
+    ) as gax.protobuf.Type;
+    const deleteAccessLevelResponse = protoFilesRoot.lookup(
+      '.google.protobuf.Empty'
+    ) as gax.protobuf.Type;
+    const deleteAccessLevelMetadata = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata'
+    ) as gax.protobuf.Type;
+    const replaceAccessLevelsResponse = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse'
+    ) as gax.protobuf.Type;
+    const replaceAccessLevelsMetadata = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata'
+    ) as gax.protobuf.Type;
+    const createServicePerimeterResponse = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.ServicePerimeter'
+    ) as gax.protobuf.Type;
+    const createServicePerimeterMetadata = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata'
+    ) as gax.protobuf.Type;
+    const updateServicePerimeterResponse = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.ServicePerimeter'
+    ) as gax.protobuf.Type;
+    const updateServicePerimeterMetadata = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata'
+    ) as gax.protobuf.Type;
+    const deleteServicePerimeterResponse = protoFilesRoot.lookup(
+      '.google.protobuf.Empty'
+    ) as gax.protobuf.Type;
+    const deleteServicePerimeterMetadata = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata'
+    ) as gax.protobuf.Type;
+    const replaceServicePerimetersResponse = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse'
+    ) as gax.protobuf.Type;
+    const replaceServicePerimetersMetadata = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata'
+    ) as gax.protobuf.Type;
+    const commitServicePerimetersResponse = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse'
+    ) as gax.protobuf.Type;
+    const commitServicePerimetersMetadata = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata'
+    ) as gax.protobuf.Type;
+    const createGcpUserAccessBindingResponse = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.GcpUserAccessBinding'
+    ) as gax.protobuf.Type;
+    const createGcpUserAccessBindingMetadata = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata'
+    ) as gax.protobuf.Type;
+    const updateGcpUserAccessBindingResponse = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.GcpUserAccessBinding'
+    ) as gax.protobuf.Type;
+    const updateGcpUserAccessBindingMetadata = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata'
+    ) as gax.protobuf.Type;
+    const deleteGcpUserAccessBindingResponse = protoFilesRoot.lookup(
+      '.google.protobuf.Empty'
+    ) as gax.protobuf.Type;
+    const deleteGcpUserAccessBindingMetadata = protoFilesRoot.lookup(
+      '.google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata'
+    ) as gax.protobuf.Type;
+
+    this.descriptors.longrunning = {
+      createAccessPolicy: new this._gaxModule.LongrunningDescriptor(
+        this.operationsClient,
+        createAccessPolicyResponse.decode.bind(createAccessPolicyResponse),
+        createAccessPolicyMetadata.decode.bind(createAccessPolicyMetadata)
+      ),
+      updateAccessPolicy: new this._gaxModule.LongrunningDescriptor(
+        this.operationsClient,
+        updateAccessPolicyResponse.decode.bind(updateAccessPolicyResponse),
+        updateAccessPolicyMetadata.decode.bind(updateAccessPolicyMetadata)
+      ),
+      deleteAccessPolicy: new this._gaxModule.LongrunningDescriptor(
+        this.operationsClient,
+        deleteAccessPolicyResponse.decode.bind(deleteAccessPolicyResponse),
+        deleteAccessPolicyMetadata.decode.bind(deleteAccessPolicyMetadata)
+      ),
+      createAccessLevel: new this._gaxModule.LongrunningDescriptor(
+        this.operationsClient,
+        createAccessLevelResponse.decode.bind(createAccessLevelResponse),
+        createAccessLevelMetadata.decode.bind(createAccessLevelMetadata)
+      ),
+      updateAccessLevel: new this._gaxModule.LongrunningDescriptor(
+        this.operationsClient,
+        updateAccessLevelResponse.decode.bind(updateAccessLevelResponse),
+        updateAccessLevelMetadata.decode.bind(updateAccessLevelMetadata)
+      ),
+      deleteAccessLevel: new this._gaxModule.LongrunningDescriptor(
+        this.operationsClient,
+        deleteAccessLevelResponse.decode.bind(deleteAccessLevelResponse),
+        deleteAccessLevelMetadata.decode.bind(deleteAccessLevelMetadata)
+      ),
+      replaceAccessLevels: new this._gaxModule.LongrunningDescriptor(
+        this.operationsClient,
+        replaceAccessLevelsResponse.decode.bind(replaceAccessLevelsResponse),
+        replaceAccessLevelsMetadata.decode.bind(replaceAccessLevelsMetadata)
+      ),
+      createServicePerimeter: new this._gaxModule.LongrunningDescriptor(
+        this.operationsClient,
+        createServicePerimeterResponse.decode.bind(
+          createServicePerimeterResponse
+        ),
+        createServicePerimeterMetadata.decode.bind(
+          createServicePerimeterMetadata
+        )
+      ),
+      updateServicePerimeter: new this._gaxModule.LongrunningDescriptor(
+        this.operationsClient,
+        updateServicePerimeterResponse.decode.bind(
+          updateServicePerimeterResponse
+        ),
+        updateServicePerimeterMetadata.decode.bind(
+          updateServicePerimeterMetadata
+        )
+      ),
+      deleteServicePerimeter: new this._gaxModule.LongrunningDescriptor(
+        this.operationsClient,
+        deleteServicePerimeterResponse.decode.bind(
+          deleteServicePerimeterResponse
+        ),
+        deleteServicePerimeterMetadata.decode.bind(
+          deleteServicePerimeterMetadata
+        )
+      ),
+      replaceServicePerimeters: new this._gaxModule.LongrunningDescriptor(
+        this.operationsClient,
+        replaceServicePerimetersResponse.decode.bind(
+          replaceServicePerimetersResponse
+        ),
+        replaceServicePerimetersMetadata.decode.bind(
+          replaceServicePerimetersMetadata
+        )
+      ),
+      commitServicePerimeters: new this._gaxModule.LongrunningDescriptor(
+        this.operationsClient,
+        commitServicePerimetersResponse.decode.bind(
+          commitServicePerimetersResponse
+        ),
+        commitServicePerimetersMetadata.decode.bind(
+          commitServicePerimetersMetadata
+        )
+      ),
+      createGcpUserAccessBinding: new this._gaxModule.LongrunningDescriptor(
+        this.operationsClient,
+        createGcpUserAccessBindingResponse.decode.bind(
+          createGcpUserAccessBindingResponse
+        ),
+        createGcpUserAccessBindingMetadata.decode.bind(
+          createGcpUserAccessBindingMetadata
+        )
+      ),
+      updateGcpUserAccessBinding: new this._gaxModule.LongrunningDescriptor(
+        this.operationsClient,
+        updateGcpUserAccessBindingResponse.decode.bind(
+          updateGcpUserAccessBindingResponse
+        ),
+        updateGcpUserAccessBindingMetadata.decode.bind(
+          updateGcpUserAccessBindingMetadata
+        )
+      ),
+      deleteGcpUserAccessBinding: new this._gaxModule.LongrunningDescriptor(
+        this.operationsClient,
+        deleteGcpUserAccessBindingResponse.decode.bind(
+          deleteGcpUserAccessBindingResponse
+        ),
+        deleteGcpUserAccessBindingMetadata.decode.bind(
+          deleteGcpUserAccessBindingMetadata
+        )
+      ),
+    };
+
+    // Put together the default options sent with requests.
+    this._defaults = this._gaxGrpc.constructSettings(
+      'google.identity.accesscontextmanager.v1.AccessContextManager',
+      gapicConfig as gax.ClientConfig,
+      opts.clientConfig || {},
+      {'x-goog-api-client': clientHeader.join(' ')}
+    );
+
+    // Set up a dictionary of "inner API calls"; the core implementation
+    // of calling the API is handled in `google-gax`, with this code
+    // merely providing the destination and request information.
+    this.innerApiCalls = {};
+
+    // Add a warn function to the client constructor so it can be easily tested.
+    this.warn = this._gaxModule.warn;
+  }
+
+  /**
+   * Initialize the client.
+   * Performs asynchronous operations (such as authentication) and prepares the client.
+   * This function will be called automatically when any class method is called for the
+   * first time, but if you need to initialize it before calling an actual method,
+   * feel free to call initialize() directly.
+   *
+   * You can await on this method if you want to make sure the client is initialized.
+   *
+   * @returns {Promise} A promise that resolves to an authenticated service stub.
+   */
+  initialize() {
+    // If the client stub promise is already initialized, return immediately.
+    if (this.accessContextManagerStub) {
+      return this.accessContextManagerStub;
+    }
+
+    // Put together the "service stub" for
+    // google.identity.accesscontextmanager.v1.AccessContextManager.
+    this.accessContextManagerStub = this._gaxGrpc.createStub(
+      this._opts.fallback
+        ? (this._protos as protobuf.Root).lookupService(
+            'google.identity.accesscontextmanager.v1.AccessContextManager'
+          )
+        : // eslint-disable-next-line @typescript-eslint/no-explicit-any
+          (this._protos as any).google.identity.accesscontextmanager.v1
+            .AccessContextManager,
+      this._opts,
+      this._providedCustomServicePath
+    ) as Promise<{[method: string]: Function}>;
+
+    // Iterate over each of the methods that the service provides
+    // and create an API call method for each.
+    const accessContextManagerStubMethods = [
+      'listAccessPolicies',
+      'getAccessPolicy',
+      'createAccessPolicy',
+      'updateAccessPolicy',
+      'deleteAccessPolicy',
+      'listAccessLevels',
+      'getAccessLevel',
+      'createAccessLevel',
+      'updateAccessLevel',
+      'deleteAccessLevel',
+      'replaceAccessLevels',
+      'listServicePerimeters',
+      'getServicePerimeter',
+      'createServicePerimeter',
+      'updateServicePerimeter',
+      'deleteServicePerimeter',
+      'replaceServicePerimeters',
+      'commitServicePerimeters',
+      'listGcpUserAccessBindings',
+      'getGcpUserAccessBinding',
+      'createGcpUserAccessBinding',
+      'updateGcpUserAccessBinding',
+      'deleteGcpUserAccessBinding',
+      'setIamPolicy',
+      'getIamPolicy',
+      'testIamPermissions',
+    ];
+    for (const methodName of accessContextManagerStubMethods) {
+      const callPromise = this.accessContextManagerStub.then(
+        stub =>
+          (...args: Array<{}>) => {
+            if (this._terminated) {
+              return Promise.reject('The client has already been closed.');
+            }
+            const func = stub[methodName];
+            return func.apply(stub, args);
+          },
+        (err: Error | null | undefined) => () => {
+          throw err;
+        }
+      );
+
+      const descriptor =
+        this.descriptors.page[methodName] ||
+        this.descriptors.longrunning[methodName] ||
+        undefined;
+      const apiCall = this._gaxModule.createApiCall(
+        callPromise,
+        this._defaults[methodName],
+        descriptor,
+        this._opts.fallback
+      );
+
+      this.innerApiCalls[methodName] = apiCall;
+    }
+
+    return this.accessContextManagerStub;
+  }
+
+  /**
+   * The DNS address for this API service.
+   * @returns {string} The DNS address for this service.
+   */
+  static get servicePath() {
+    return 'accesscontextmanager.googleapis.com';
+  }
+
+  /**
+   * The DNS address for this API service - same as servicePath(),
+   * exists for compatibility reasons.
+   * @returns {string} The DNS address for this service.
+   */
+  static get apiEndpoint() {
+    return 'accesscontextmanager.googleapis.com';
+  }
+
+  /**
+   * The port for this API service.
+   * @returns {number} The default port for this service.
+   */
+  static get port() {
+    return 443;
+  }
+
+  /**
+   * The scopes needed to make gRPC calls for every method defined
+   * in this service.
+   * @returns {string[]} List of default scopes.
+   */
+  static get scopes() {
+    return ['https://www.googleapis.com/auth/cloud-platform'];
+  }
+
+  getProjectId(): Promise<string>;
+  getProjectId(callback: Callback<string, undefined, undefined>): void;
+  /**
+   * Return the project ID used by this class.
+   * @returns {Promise} A promise that resolves to string containing the project ID.
+   */
+  getProjectId(
+    callback?: Callback<string, undefined, undefined>
+  ): Promise<string> | void {
+    if (callback) {
+      this.auth.getProjectId(callback);
+      return;
+    }
+    return this.auth.getProjectId();
+  }
+
+  // -------------------
+  // -- Service calls --
+  // -------------------
+  /**
+   * Returns an [access policy]
+   * [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.name
+   *   Required. Resource name for the access policy to get.
+   *
+   *   Format `accessPolicies/{policy_id}`
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing [AccessPolicy]{@link google.identity.accesscontextmanager.v1.AccessPolicy}.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.get_access_policy.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_GetAccessPolicy_async
+   */
+  getAccessPolicy(
+    request?: protos.google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+      (
+        | protos.google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest
+        | undefined
+      ),
+      {} | undefined
+    ]
+  >;
+  getAccessPolicy(
+    request: protos.google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest,
+    options: CallOptions,
+    callback: Callback<
+      protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+      | protos.google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest
+      | null
+      | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  getAccessPolicy(
+    request: protos.google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest,
+    callback: Callback<
+      protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+      | protos.google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest
+      | null
+      | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  getAccessPolicy(
+    request?: protos.google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+          | protos.google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest
+          | null
+          | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+      | protos.google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest
+      | null
+      | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+      (
+        | protos.google.identity.accesscontextmanager.v1.IGetAccessPolicyRequest
+        | undefined
+      ),
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        name: request.name ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.getAccessPolicy(request, options, callback);
+  }
+  /**
+   * Gets an [access level]
+   * [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
+   * name.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.name
+   *   Required. Resource name for the [Access Level]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel].
+   *
+   *   Format:
+   *   `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+   * @param {google.identity.accesscontextmanager.v1.LevelFormat} request.accessLevelFormat
+   *   Whether to return `BasicLevels` in the Cloud Common Expression
+   *   Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where
+   *   [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+   *   are returned as `BasicLevels` or `CustomLevels` based on how they were
+   *   created. If set to CEL, all [Access Levels]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel] are returned as
+   *   `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
+   *   `CustomLevels`.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing [AccessLevel]{@link google.identity.accesscontextmanager.v1.AccessLevel}.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.get_access_level.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_GetAccessLevel_async
+   */
+  getAccessLevel(
+    request?: protos.google.identity.accesscontextmanager.v1.IGetAccessLevelRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+      (
+        | protos.google.identity.accesscontextmanager.v1.IGetAccessLevelRequest
+        | undefined
+      ),
+      {} | undefined
+    ]
+  >;
+  getAccessLevel(
+    request: protos.google.identity.accesscontextmanager.v1.IGetAccessLevelRequest,
+    options: CallOptions,
+    callback: Callback<
+      protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+      | protos.google.identity.accesscontextmanager.v1.IGetAccessLevelRequest
+      | null
+      | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  getAccessLevel(
+    request: protos.google.identity.accesscontextmanager.v1.IGetAccessLevelRequest,
+    callback: Callback<
+      protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+      | protos.google.identity.accesscontextmanager.v1.IGetAccessLevelRequest
+      | null
+      | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  getAccessLevel(
+    request?: protos.google.identity.accesscontextmanager.v1.IGetAccessLevelRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+          | protos.google.identity.accesscontextmanager.v1.IGetAccessLevelRequest
+          | null
+          | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+      | protos.google.identity.accesscontextmanager.v1.IGetAccessLevelRequest
+      | null
+      | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+      (
+        | protos.google.identity.accesscontextmanager.v1.IGetAccessLevelRequest
+        | undefined
+      ),
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        name: request.name ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.getAccessLevel(request, options, callback);
+  }
+  /**
+   * Gets a [service perimeter]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+   * resource name.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.name
+   *   Required. Resource name for the [Service Perimeter]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter].
+   *
+   *   Format:
+   *   `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing [ServicePerimeter]{@link google.identity.accesscontextmanager.v1.ServicePerimeter}.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.get_service_perimeter.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_GetServicePerimeter_async
+   */
+  getServicePerimeter(
+    request?: protos.google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+      (
+        | protos.google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest
+        | undefined
+      ),
+      {} | undefined
+    ]
+  >;
+  getServicePerimeter(
+    request: protos.google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest,
+    options: CallOptions,
+    callback: Callback<
+      protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+      | protos.google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest
+      | null
+      | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  getServicePerimeter(
+    request: protos.google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest,
+    callback: Callback<
+      protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+      | protos.google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest
+      | null
+      | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  getServicePerimeter(
+    request?: protos.google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+          | protos.google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest
+          | null
+          | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+      | protos.google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest
+      | null
+      | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+      (
+        | protos.google.identity.accesscontextmanager.v1.IGetServicePerimeterRequest
+        | undefined
+      ),
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        name: request.name ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.getServicePerimeter(request, options, callback);
+  }
+  /**
+   * Gets the [GcpUserAccessBinding]
+   * [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] with
+   * the given name.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.name
+   *   Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing [GcpUserAccessBinding]{@link google.identity.accesscontextmanager.v1.GcpUserAccessBinding}.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.get_gcp_user_access_binding.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_GetGcpUserAccessBinding_async
+   */
+  getGcpUserAccessBinding(
+    request?: protos.google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+      (
+        | protos.google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest
+        | undefined
+      ),
+      {} | undefined
+    ]
+  >;
+  getGcpUserAccessBinding(
+    request: protos.google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest,
+    options: CallOptions,
+    callback: Callback<
+      protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+      | protos.google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest
+      | null
+      | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  getGcpUserAccessBinding(
+    request: protos.google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest,
+    callback: Callback<
+      protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+      | protos.google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest
+      | null
+      | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  getGcpUserAccessBinding(
+    request?: protos.google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+          | protos.google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest
+          | null
+          | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+      | protos.google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest
+      | null
+      | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+      (
+        | protos.google.identity.accesscontextmanager.v1.IGetGcpUserAccessBindingRequest
+        | undefined
+      ),
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        name: request.name ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.getGcpUserAccessBinding(
+      request,
+      options,
+      callback
+    );
+  }
+  /**
+   * Sets the IAM policy for the specified Access Context Manager
+   * {@link google.identity.accesscontextmanager.v1.AccessPolicy|access policy}.
+   * This method replaces the existing IAM policy on the access policy. The IAM
+   * policy controls the set of users who can perform specific operations on the
+   * Access Context Manager [access
+   * policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.resource
+   *   REQUIRED: The resource for which the policy is being specified.
+   *   See the operation documentation for the appropriate value for this field.
+   * @param {google.iam.v1.Policy} request.policy
+   *   REQUIRED: The complete policy to be applied to the `resource`. The size of
+   *   the policy is limited to a few 10s of KB. An empty policy is a
+   *   valid policy but certain Cloud Platform services (such as Projects)
+   *   might reject them.
+   * @param {google.protobuf.FieldMask} request.updateMask
+   *   OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
+   *   the fields in the mask will be modified. If no mask is provided, the
+   *   following default mask is used:
+   *
+   *   `paths: "bindings, etag"`
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing [Policy]{@link google.iam.v1.Policy}.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.set_iam_policy.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_SetIamPolicy_async
+   */
+  setIamPolicy(
+    request?: protos.google.iam.v1.ISetIamPolicyRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      protos.google.iam.v1.IPolicy,
+      protos.google.iam.v1.ISetIamPolicyRequest | undefined,
+      {} | undefined
+    ]
+  >;
+  setIamPolicy(
+    request: protos.google.iam.v1.ISetIamPolicyRequest,
+    options: CallOptions,
+    callback: Callback<
+      protos.google.iam.v1.IPolicy,
+      protos.google.iam.v1.ISetIamPolicyRequest | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  setIamPolicy(
+    request: protos.google.iam.v1.ISetIamPolicyRequest,
+    callback: Callback<
+      protos.google.iam.v1.IPolicy,
+      protos.google.iam.v1.ISetIamPolicyRequest | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  setIamPolicy(
+    request?: protos.google.iam.v1.ISetIamPolicyRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          protos.google.iam.v1.IPolicy,
+          protos.google.iam.v1.ISetIamPolicyRequest | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      protos.google.iam.v1.IPolicy,
+      protos.google.iam.v1.ISetIamPolicyRequest | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      protos.google.iam.v1.IPolicy,
+      protos.google.iam.v1.ISetIamPolicyRequest | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        resource: request.resource ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.setIamPolicy(request, options, callback);
+  }
+  /**
+   * Gets the IAM policy for the specified Access Context Manager
+   * {@link google.identity.accesscontextmanager.v1.AccessPolicy|access policy}.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.resource
+   *   REQUIRED: The resource for which the policy is being requested.
+   *   See the operation documentation for the appropriate value for this field.
+   * @param {google.iam.v1.GetPolicyOptions} request.options
+   *   OPTIONAL: A `GetPolicyOptions` object for specifying options to
+   *   `GetIamPolicy`.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing [Policy]{@link google.iam.v1.Policy}.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.get_iam_policy.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_GetIamPolicy_async
+   */
+  getIamPolicy(
+    request?: protos.google.iam.v1.IGetIamPolicyRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      protos.google.iam.v1.IPolicy,
+      protos.google.iam.v1.IGetIamPolicyRequest | undefined,
+      {} | undefined
+    ]
+  >;
+  getIamPolicy(
+    request: protos.google.iam.v1.IGetIamPolicyRequest,
+    options: CallOptions,
+    callback: Callback<
+      protos.google.iam.v1.IPolicy,
+      protos.google.iam.v1.IGetIamPolicyRequest | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  getIamPolicy(
+    request: protos.google.iam.v1.IGetIamPolicyRequest,
+    callback: Callback<
+      protos.google.iam.v1.IPolicy,
+      protos.google.iam.v1.IGetIamPolicyRequest | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  getIamPolicy(
+    request?: protos.google.iam.v1.IGetIamPolicyRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          protos.google.iam.v1.IPolicy,
+          protos.google.iam.v1.IGetIamPolicyRequest | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      protos.google.iam.v1.IPolicy,
+      protos.google.iam.v1.IGetIamPolicyRequest | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      protos.google.iam.v1.IPolicy,
+      protos.google.iam.v1.IGetIamPolicyRequest | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        resource: request.resource ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.getIamPolicy(request, options, callback);
+  }
+  /**
+   * Returns the IAM permissions that the caller has on the specified Access
+   * Context Manager resource. The resource can be an
+   * {@link google.identity.accesscontextmanager.v1.AccessPolicy|AccessPolicy},
+   * {@link google.identity.accesscontextmanager.v1.AccessLevel|AccessLevel}, or
+   * [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
+   * ]. This method does not support other resources.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.resource
+   *   REQUIRED: The resource for which the policy detail is being requested.
+   *   See the operation documentation for the appropriate value for this field.
+   * @param {string[]} request.permissions
+   *   The set of permissions to check for the `resource`. Permissions with
+   *   wildcards (such as '*' or 'storage.*') are not allowed. For more
+   *   information see
+   *   [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing [TestIamPermissionsResponse]{@link google.iam.v1.TestIamPermissionsResponse}.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.test_iam_permissions.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_TestIamPermissions_async
+   */
+  testIamPermissions(
+    request?: protos.google.iam.v1.ITestIamPermissionsRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      protos.google.iam.v1.ITestIamPermissionsResponse,
+      protos.google.iam.v1.ITestIamPermissionsRequest | undefined,
+      {} | undefined
+    ]
+  >;
+  testIamPermissions(
+    request: protos.google.iam.v1.ITestIamPermissionsRequest,
+    options: CallOptions,
+    callback: Callback<
+      protos.google.iam.v1.ITestIamPermissionsResponse,
+      protos.google.iam.v1.ITestIamPermissionsRequest | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  testIamPermissions(
+    request: protos.google.iam.v1.ITestIamPermissionsRequest,
+    callback: Callback<
+      protos.google.iam.v1.ITestIamPermissionsResponse,
+      protos.google.iam.v1.ITestIamPermissionsRequest | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  testIamPermissions(
+    request?: protos.google.iam.v1.ITestIamPermissionsRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          protos.google.iam.v1.ITestIamPermissionsResponse,
+          protos.google.iam.v1.ITestIamPermissionsRequest | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      protos.google.iam.v1.ITestIamPermissionsResponse,
+      protos.google.iam.v1.ITestIamPermissionsRequest | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      protos.google.iam.v1.ITestIamPermissionsResponse,
+      protos.google.iam.v1.ITestIamPermissionsRequest | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        resource: request.resource ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.testIamPermissions(request, options, callback);
+  }
+
+  /**
+   * Creates an access policy. This method fails if the organization already has
+   * an access policy. The long-running operation has a successful status
+   * after the access policy propagates to long-lasting storage.
+   * Syntactic and basic semantic errors are returned in `metadata` as a
+   * BadRequest proto.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.name
+   *   Output only. Resource name of the `AccessPolicy`. Format:
+   *   `accessPolicies/{access_policy}`
+   * @param {string} request.parent
+   *   Required. The parent of this `AccessPolicy` in the Cloud Resource
+   *   Hierarchy. Currently immutable once created. Format:
+   *   `organizations/{organization_id}`
+   * @param {string} request.title
+   *   Required. Human readable title. Does not affect behavior.
+   * @param {string[]} request.scopes
+   *   The scopes of a policy define which resources an ACM policy can restrict,
+   *   and where ACM resources can be referenced.
+   *   For example, a policy with scopes=["folders/123"] has the following
+   *   behavior:
+   *   - vpcsc perimeters can only restrict projects within folders/123
+   *   - access levels can only be referenced by resources within folders/123.
+   *   If empty, there are no limitations on which resources can be restricted by
+   *   an ACM policy, and there are no limitations on where ACM resources can be
+   *   referenced.
+   *   Only one policy can include a given scope (attempting to create a second
+   *   policy which includes "folders/123" will result in an error).
+   *   Currently, scopes cannot be modified after a policy is created.
+   *   Currently, policies can only have a single scope.
+   *   Format: list of `folders/{folder_number}` or `projects/{project_number}`
+   * @param {google.protobuf.Timestamp} request.createTime
+   *   Output only. Time the `AccessPolicy` was created in UTC.
+   * @param {google.protobuf.Timestamp} request.updateTime
+   *   Output only. Time the `AccessPolicy` was updated in UTC.
+   * @param {string} request.etag
+   *   Output only. An opaque identifier for the current version of the
+   *   `AccessPolicy`. This will always be a strongly validated etag, meaning that
+   *   two Access Polices will be identical if and only if their etags are
+   *   identical. Clients should not expect this to be in any specific format.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   *   a long running operation. Its `promise()` method returns a promise
+   *   you can `await` for.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.create_access_policy.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_CreateAccessPolicy_async
+   */
+  createAccessPolicy(
+    request?: protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+    options?: CallOptions
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  >;
+  createAccessPolicy(
+    request: protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+    options: CallOptions,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  createAccessPolicy(
+    request: protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  createAccessPolicy(
+    request?: protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          LROperation<
+            protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+            protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+          >,
+          protos.google.longrunning.IOperation | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    this.initialize();
+    return this.innerApiCalls.createAccessPolicy(request, options, callback);
+  }
+  /**
+   * Check the status of the long running operation returned by `createAccessPolicy()`.
+   * @param {String} name
+   *   The operation name that will be passed.
+   * @returns {Promise} - The promise which resolves to an object.
+   *   The decoded operation object has result and metadata field to get information from.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.create_access_policy.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_CreateAccessPolicy_async
+   */
+  async checkCreateAccessPolicyProgress(
+    name: string
+  ): Promise<
+    LROperation<
+      protos.google.identity.accesscontextmanager.v1.AccessPolicy,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >
+  > {
+    const request =
+      new this._gaxModule.operationsProtos.google.longrunning.GetOperationRequest(
+        {name}
+      );
+    const [operation] = await this.operationsClient.getOperation(request);
+    const decodeOperation = new this._gaxModule.Operation(
+      operation,
+      this.descriptors.longrunning.createAccessPolicy,
+      this._gaxModule.createDefaultBackoffSettings()
+    );
+    return decodeOperation as LROperation<
+      protos.google.identity.accesscontextmanager.v1.AccessPolicy,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >;
+  }
+  /**
+   * Updates an [access policy]
+   * [google.identity.accesscontextmanager.v1.AccessPolicy]. The
+   * long-running operation from this RPC has a successful status after the
+   * changes to the [access policy]
+   * [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
+   * to long-lasting storage.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {google.identity.accesscontextmanager.v1.AccessPolicy} request.policy
+   *   Required. The updated AccessPolicy.
+   * @param {google.protobuf.FieldMask} request.updateMask
+   *   Required. Mask to control which fields get updated. Must be non-empty.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   *   a long running operation. Its `promise()` method returns a promise
+   *   you can `await` for.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.update_access_policy.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_UpdateAccessPolicy_async
+   */
+  updateAccessPolicy(
+    request?: protos.google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  >;
+  updateAccessPolicy(
+    request: protos.google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest,
+    options: CallOptions,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  updateAccessPolicy(
+    request: protos.google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  updateAccessPolicy(
+    request?: protos.google.identity.accesscontextmanager.v1.IUpdateAccessPolicyRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          LROperation<
+            protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+            protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+          >,
+          protos.google.longrunning.IOperation | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        'policy.name': request.policy!.name ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.updateAccessPolicy(request, options, callback);
+  }
+  /**
+   * Check the status of the long running operation returned by `updateAccessPolicy()`.
+   * @param {String} name
+   *   The operation name that will be passed.
+   * @returns {Promise} - The promise which resolves to an object.
+   *   The decoded operation object has result and metadata field to get information from.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.update_access_policy.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_UpdateAccessPolicy_async
+   */
+  async checkUpdateAccessPolicyProgress(
+    name: string
+  ): Promise<
+    LROperation<
+      protos.google.identity.accesscontextmanager.v1.AccessPolicy,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >
+  > {
+    const request =
+      new this._gaxModule.operationsProtos.google.longrunning.GetOperationRequest(
+        {name}
+      );
+    const [operation] = await this.operationsClient.getOperation(request);
+    const decodeOperation = new this._gaxModule.Operation(
+      operation,
+      this.descriptors.longrunning.updateAccessPolicy,
+      this._gaxModule.createDefaultBackoffSettings()
+    );
+    return decodeOperation as LROperation<
+      protos.google.identity.accesscontextmanager.v1.AccessPolicy,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >;
+  }
+  /**
+   * Deletes an [access policy]
+   * [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
+   * resource name. The long-running operation has a successful status after the
+   * [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
+   * is removed from long-lasting storage.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.name
+   *   Required. Resource name for the access policy to delete.
+   *
+   *   Format `accessPolicies/{policy_id}`
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   *   a long running operation. Its `promise()` method returns a promise
+   *   you can `await` for.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.delete_access_policy.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_DeleteAccessPolicy_async
+   */
+  deleteAccessPolicy(
+    request?: protos.google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  >;
+  deleteAccessPolicy(
+    request: protos.google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest,
+    options: CallOptions,
+    callback: Callback<
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  deleteAccessPolicy(
+    request: protos.google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest,
+    callback: Callback<
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  deleteAccessPolicy(
+    request?: protos.google.identity.accesscontextmanager.v1.IDeleteAccessPolicyRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          LROperation<
+            protos.google.protobuf.IEmpty,
+            protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+          >,
+          protos.google.longrunning.IOperation | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        name: request.name ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.deleteAccessPolicy(request, options, callback);
+  }
+  /**
+   * Check the status of the long running operation returned by `deleteAccessPolicy()`.
+   * @param {String} name
+   *   The operation name that will be passed.
+   * @returns {Promise} - The promise which resolves to an object.
+   *   The decoded operation object has result and metadata field to get information from.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.delete_access_policy.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_DeleteAccessPolicy_async
+   */
+  async checkDeleteAccessPolicyProgress(
+    name: string
+  ): Promise<
+    LROperation<
+      protos.google.protobuf.Empty,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >
+  > {
+    const request =
+      new this._gaxModule.operationsProtos.google.longrunning.GetOperationRequest(
+        {name}
+      );
+    const [operation] = await this.operationsClient.getOperation(request);
+    const decodeOperation = new this._gaxModule.Operation(
+      operation,
+      this.descriptors.longrunning.deleteAccessPolicy,
+      this._gaxModule.createDefaultBackoffSettings()
+    );
+    return decodeOperation as LROperation<
+      protos.google.protobuf.Empty,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >;
+  }
+  /**
+   * Creates an [access level]
+   * [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+   * operation from this RPC has a successful status after the [access
+   * level] [google.identity.accesscontextmanager.v1.AccessLevel]
+   * propagates to long-lasting storage. If [access levels]
+   * [google.identity.accesscontextmanager.v1.AccessLevel] contain
+   * errors, an error response is returned for the first error encountered.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Resource name for the access policy which owns this [Access
+   *   Level] [google.identity.accesscontextmanager.v1.AccessLevel].
+   *
+   *   Format: `accessPolicies/{policy_id}`
+   * @param {google.identity.accesscontextmanager.v1.AccessLevel} request.accessLevel
+   *   Required. The [Access Level]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel] to create.
+   *   Syntactic correctness of the [Access Level]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel] is a
+   *   precondition for creation.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   *   a long running operation. Its `promise()` method returns a promise
+   *   you can `await` for.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.create_access_level.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_CreateAccessLevel_async
+   */
+  createAccessLevel(
+    request?: protos.google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  >;
+  createAccessLevel(
+    request: protos.google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest,
+    options: CallOptions,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  createAccessLevel(
+    request: protos.google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  createAccessLevel(
+    request?: protos.google.identity.accesscontextmanager.v1.ICreateAccessLevelRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          LROperation<
+            protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+            protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+          >,
+          protos.google.longrunning.IOperation | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        parent: request.parent ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.createAccessLevel(request, options, callback);
+  }
+  /**
+   * Check the status of the long running operation returned by `createAccessLevel()`.
+   * @param {String} name
+   *   The operation name that will be passed.
+   * @returns {Promise} - The promise which resolves to an object.
+   *   The decoded operation object has result and metadata field to get information from.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.create_access_level.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_CreateAccessLevel_async
+   */
+  async checkCreateAccessLevelProgress(
+    name: string
+  ): Promise<
+    LROperation<
+      protos.google.identity.accesscontextmanager.v1.AccessLevel,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >
+  > {
+    const request =
+      new this._gaxModule.operationsProtos.google.longrunning.GetOperationRequest(
+        {name}
+      );
+    const [operation] = await this.operationsClient.getOperation(request);
+    const decodeOperation = new this._gaxModule.Operation(
+      operation,
+      this.descriptors.longrunning.createAccessLevel,
+      this._gaxModule.createDefaultBackoffSettings()
+    );
+    return decodeOperation as LROperation<
+      protos.google.identity.accesscontextmanager.v1.AccessLevel,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >;
+  }
+  /**
+   * Updates an [access level]
+   * [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+   * operation from this RPC has a successful status after the changes to
+   * the [access level]
+   * [google.identity.accesscontextmanager.v1.AccessLevel] propagate
+   * to long-lasting storage. If [access levels]
+   * [google.identity.accesscontextmanager.v1.AccessLevel] contain
+   * errors, an error response is returned for the first error encountered.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {google.identity.accesscontextmanager.v1.AccessLevel} request.accessLevel
+   *   Required. The updated [Access Level]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel]. Syntactic
+   *   correctness of the [Access Level]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel] is a
+   *   precondition for creation.
+   * @param {google.protobuf.FieldMask} request.updateMask
+   *   Required. Mask to control which fields get updated. Must be non-empty.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   *   a long running operation. Its `promise()` method returns a promise
+   *   you can `await` for.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.update_access_level.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_UpdateAccessLevel_async
+   */
+  updateAccessLevel(
+    request?: protos.google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  >;
+  updateAccessLevel(
+    request: protos.google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest,
+    options: CallOptions,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  updateAccessLevel(
+    request: protos.google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  updateAccessLevel(
+    request?: protos.google.identity.accesscontextmanager.v1.IUpdateAccessLevelRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          LROperation<
+            protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+            protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+          >,
+          protos.google.longrunning.IOperation | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        'access_level.name': request.accessLevel!.name ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.updateAccessLevel(request, options, callback);
+  }
+  /**
+   * Check the status of the long running operation returned by `updateAccessLevel()`.
+   * @param {String} name
+   *   The operation name that will be passed.
+   * @returns {Promise} - The promise which resolves to an object.
+   *   The decoded operation object has result and metadata field to get information from.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.update_access_level.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_UpdateAccessLevel_async
+   */
+  async checkUpdateAccessLevelProgress(
+    name: string
+  ): Promise<
+    LROperation<
+      protos.google.identity.accesscontextmanager.v1.AccessLevel,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >
+  > {
+    const request =
+      new this._gaxModule.operationsProtos.google.longrunning.GetOperationRequest(
+        {name}
+      );
+    const [operation] = await this.operationsClient.getOperation(request);
+    const decodeOperation = new this._gaxModule.Operation(
+      operation,
+      this.descriptors.longrunning.updateAccessLevel,
+      this._gaxModule.createDefaultBackoffSettings()
+    );
+    return decodeOperation as LROperation<
+      protos.google.identity.accesscontextmanager.v1.AccessLevel,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >;
+  }
+  /**
+   * Deletes an [access level]
+   * [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
+   * name. The long-running operation from this RPC has a successful status
+   * after the [access level]
+   * [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
+   * from long-lasting storage.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.name
+   *   Required. Resource name for the [Access Level]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel].
+   *
+   *   Format:
+   *   `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   *   a long running operation. Its `promise()` method returns a promise
+   *   you can `await` for.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.delete_access_level.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_DeleteAccessLevel_async
+   */
+  deleteAccessLevel(
+    request?: protos.google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  >;
+  deleteAccessLevel(
+    request: protos.google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest,
+    options: CallOptions,
+    callback: Callback<
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  deleteAccessLevel(
+    request: protos.google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest,
+    callback: Callback<
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  deleteAccessLevel(
+    request?: protos.google.identity.accesscontextmanager.v1.IDeleteAccessLevelRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          LROperation<
+            protos.google.protobuf.IEmpty,
+            protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+          >,
+          protos.google.longrunning.IOperation | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        name: request.name ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.deleteAccessLevel(request, options, callback);
+  }
+  /**
+   * Check the status of the long running operation returned by `deleteAccessLevel()`.
+   * @param {String} name
+   *   The operation name that will be passed.
+   * @returns {Promise} - The promise which resolves to an object.
+   *   The decoded operation object has result and metadata field to get information from.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.delete_access_level.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_DeleteAccessLevel_async
+   */
+  async checkDeleteAccessLevelProgress(
+    name: string
+  ): Promise<
+    LROperation<
+      protos.google.protobuf.Empty,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >
+  > {
+    const request =
+      new this._gaxModule.operationsProtos.google.longrunning.GetOperationRequest(
+        {name}
+      );
+    const [operation] = await this.operationsClient.getOperation(request);
+    const decodeOperation = new this._gaxModule.Operation(
+      operation,
+      this.descriptors.longrunning.deleteAccessLevel,
+      this._gaxModule.createDefaultBackoffSettings()
+    );
+    return decodeOperation as LROperation<
+      protos.google.protobuf.Empty,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >;
+  }
+  /**
+   * Replaces all existing [access levels]
+   * [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
+   * policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
+   * the [access levels]
+   * [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
+   * is done atomically. The long-running operation from this RPC has a
+   * successful status after all replacements propagate to long-lasting
+   * storage. If the replacement contains errors, an error response is returned
+   * for the first error encountered.  Upon error, the replacement is cancelled,
+   * and existing [access levels]
+   * [google.identity.accesscontextmanager.v1.AccessLevel] are not
+   * affected. The Operation.response field contains
+   * ReplaceAccessLevelsResponse. Removing [access levels]
+   * [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
+   * [service perimeters]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
+   * error.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Resource name for the access policy which owns these
+   *   [Access Levels]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel].
+   *
+   *   Format: `accessPolicies/{policy_id}`
+   * @param {number[]} request.accessLevels
+   *   Required. The desired [Access Levels]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel] that should
+   *   replace all existing [Access Levels]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel] in the
+   *   [Access Policy]
+   *   [google.identity.accesscontextmanager.v1.AccessPolicy].
+   * @param {string} request.etag
+   *   Optional. The etag for the version of the [Access Policy]
+   *   [google.identity.accesscontextmanager.v1.AccessPolicy] that this
+   *   replace operation is to be performed on. If, at the time of replace, the
+   *   etag for the Access Policy stored in Access Context Manager is different
+   *   from the specified etag, then the replace operation will not be performed
+   *   and the call will fail. This field is not required. If etag is not
+   *   provided, the operation will be performed as if a valid etag is provided.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   *   a long running operation. Its `promise()` method returns a promise
+   *   you can `await` for.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.replace_access_levels.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_ReplaceAccessLevels_async
+   */
+  replaceAccessLevels(
+    request?: protos.google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  >;
+  replaceAccessLevels(
+    request: protos.google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest,
+    options: CallOptions,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  replaceAccessLevels(
+    request: protos.google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  replaceAccessLevels(
+    request?: protos.google.identity.accesscontextmanager.v1.IReplaceAccessLevelsRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          LROperation<
+            protos.google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse,
+            protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+          >,
+          protos.google.longrunning.IOperation | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        parent: request.parent ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.replaceAccessLevels(request, options, callback);
+  }
+  /**
+   * Check the status of the long running operation returned by `replaceAccessLevels()`.
+   * @param {String} name
+   *   The operation name that will be passed.
+   * @returns {Promise} - The promise which resolves to an object.
+   *   The decoded operation object has result and metadata field to get information from.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.replace_access_levels.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_ReplaceAccessLevels_async
+   */
+  async checkReplaceAccessLevelsProgress(
+    name: string
+  ): Promise<
+    LROperation<
+      protos.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >
+  > {
+    const request =
+      new this._gaxModule.operationsProtos.google.longrunning.GetOperationRequest(
+        {name}
+      );
+    const [operation] = await this.operationsClient.getOperation(request);
+    const decodeOperation = new this._gaxModule.Operation(
+      operation,
+      this.descriptors.longrunning.replaceAccessLevels,
+      this._gaxModule.createDefaultBackoffSettings()
+    );
+    return decodeOperation as LROperation<
+      protos.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >;
+  }
+  /**
+   * Creates a [service perimeter]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+   * long-running operation from this RPC has a successful status after the
+   * [service perimeter]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter]
+   * propagates to long-lasting storage. If a [service perimeter]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+   * errors, an error response is returned for the first error encountered.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Resource name for the access policy which owns this [Service
+   *   Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter].
+   *
+   *   Format: `accessPolicies/{policy_id}`
+   * @param {google.identity.accesscontextmanager.v1.ServicePerimeter} request.servicePerimeter
+   *   Required. The [Service Perimeter]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter] to create.
+   *   Syntactic correctness of the [Service Perimeter]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter] is a
+   *   precondition for creation.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   *   a long running operation. Its `promise()` method returns a promise
+   *   you can `await` for.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.create_service_perimeter.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_CreateServicePerimeter_async
+   */
+  createServicePerimeter(
+    request?: protos.google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  >;
+  createServicePerimeter(
+    request: protos.google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest,
+    options: CallOptions,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  createServicePerimeter(
+    request: protos.google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  createServicePerimeter(
+    request?: protos.google.identity.accesscontextmanager.v1.ICreateServicePerimeterRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          LROperation<
+            protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+            protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+          >,
+          protos.google.longrunning.IOperation | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        parent: request.parent ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.createServicePerimeter(
+      request,
+      options,
+      callback
+    );
+  }
+  /**
+   * Check the status of the long running operation returned by `createServicePerimeter()`.
+   * @param {String} name
+   *   The operation name that will be passed.
+   * @returns {Promise} - The promise which resolves to an object.
+   *   The decoded operation object has result and metadata field to get information from.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.create_service_perimeter.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_CreateServicePerimeter_async
+   */
+  async checkCreateServicePerimeterProgress(
+    name: string
+  ): Promise<
+    LROperation<
+      protos.google.identity.accesscontextmanager.v1.ServicePerimeter,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >
+  > {
+    const request =
+      new this._gaxModule.operationsProtos.google.longrunning.GetOperationRequest(
+        {name}
+      );
+    const [operation] = await this.operationsClient.getOperation(request);
+    const decodeOperation = new this._gaxModule.Operation(
+      operation,
+      this.descriptors.longrunning.createServicePerimeter,
+      this._gaxModule.createDefaultBackoffSettings()
+    );
+    return decodeOperation as LROperation<
+      protos.google.identity.accesscontextmanager.v1.ServicePerimeter,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >;
+  }
+  /**
+   * Updates a [service perimeter]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+   * long-running operation from this RPC has a successful status after the
+   * [service perimeter]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter]
+   * propagates to long-lasting storage. If a [service perimeter]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+   * errors, an error response is returned for the first error encountered.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {google.identity.accesscontextmanager.v1.ServicePerimeter} request.servicePerimeter
+   *   Required. The updated `ServicePerimeter`. Syntactic correctness of the
+   *   `ServicePerimeter` is a precondition for creation.
+   * @param {google.protobuf.FieldMask} request.updateMask
+   *   Required. Mask to control which fields get updated. Must be non-empty.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   *   a long running operation. Its `promise()` method returns a promise
+   *   you can `await` for.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.update_service_perimeter.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_UpdateServicePerimeter_async
+   */
+  updateServicePerimeter(
+    request?: protos.google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  >;
+  updateServicePerimeter(
+    request: protos.google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest,
+    options: CallOptions,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  updateServicePerimeter(
+    request: protos.google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  updateServicePerimeter(
+    request?: protos.google.identity.accesscontextmanager.v1.IUpdateServicePerimeterRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          LROperation<
+            protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+            protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+          >,
+          protos.google.longrunning.IOperation | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        'service_perimeter.name': request.servicePerimeter!.name ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.updateServicePerimeter(
+      request,
+      options,
+      callback
+    );
+  }
+  /**
+   * Check the status of the long running operation returned by `updateServicePerimeter()`.
+   * @param {String} name
+   *   The operation name that will be passed.
+   * @returns {Promise} - The promise which resolves to an object.
+   *   The decoded operation object has result and metadata field to get information from.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.update_service_perimeter.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_UpdateServicePerimeter_async
+   */
+  async checkUpdateServicePerimeterProgress(
+    name: string
+  ): Promise<
+    LROperation<
+      protos.google.identity.accesscontextmanager.v1.ServicePerimeter,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >
+  > {
+    const request =
+      new this._gaxModule.operationsProtos.google.longrunning.GetOperationRequest(
+        {name}
+      );
+    const [operation] = await this.operationsClient.getOperation(request);
+    const decodeOperation = new this._gaxModule.Operation(
+      operation,
+      this.descriptors.longrunning.updateServicePerimeter,
+      this._gaxModule.createDefaultBackoffSettings()
+    );
+    return decodeOperation as LROperation<
+      protos.google.identity.accesscontextmanager.v1.ServicePerimeter,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >;
+  }
+  /**
+   * Deletes a [service perimeter]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+   * resource name. The long-running operation from this RPC has a successful
+   * status after the [service perimeter]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
+   * long-lasting storage.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.name
+   *   Required. Resource name for the [Service Perimeter]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter].
+   *
+   *   Format:
+   *   `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   *   a long running operation. Its `promise()` method returns a promise
+   *   you can `await` for.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.delete_service_perimeter.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_DeleteServicePerimeter_async
+   */
+  deleteServicePerimeter(
+    request?: protos.google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  >;
+  deleteServicePerimeter(
+    request: protos.google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest,
+    options: CallOptions,
+    callback: Callback<
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  deleteServicePerimeter(
+    request: protos.google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest,
+    callback: Callback<
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  deleteServicePerimeter(
+    request?: protos.google.identity.accesscontextmanager.v1.IDeleteServicePerimeterRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          LROperation<
+            protos.google.protobuf.IEmpty,
+            protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+          >,
+          protos.google.longrunning.IOperation | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        name: request.name ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.deleteServicePerimeter(
+      request,
+      options,
+      callback
+    );
+  }
+  /**
+   * Check the status of the long running operation returned by `deleteServicePerimeter()`.
+   * @param {String} name
+   *   The operation name that will be passed.
+   * @returns {Promise} - The promise which resolves to an object.
+   *   The decoded operation object has result and metadata field to get information from.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.delete_service_perimeter.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_DeleteServicePerimeter_async
+   */
+  async checkDeleteServicePerimeterProgress(
+    name: string
+  ): Promise<
+    LROperation<
+      protos.google.protobuf.Empty,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >
+  > {
+    const request =
+      new this._gaxModule.operationsProtos.google.longrunning.GetOperationRequest(
+        {name}
+      );
+    const [operation] = await this.operationsClient.getOperation(request);
+    const decodeOperation = new this._gaxModule.Operation(
+      operation,
+      this.descriptors.longrunning.deleteServicePerimeter,
+      this._gaxModule.createDefaultBackoffSettings()
+    );
+    return decodeOperation as LROperation<
+      protos.google.protobuf.Empty,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >;
+  }
+  /**
+   * Replace all existing [service perimeters]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
+   * policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
+   * [service perimeters]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
+   * is done atomically. The long-running operation from this RPC has a
+   * successful status after all replacements propagate to long-lasting storage.
+   * Replacements containing errors result in an error response for the first
+   * error encountered. Upon an error, replacement are cancelled and existing
+   * [service perimeters]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
+   * affected. The Operation.response field contains
+   * ReplaceServicePerimetersResponse.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Resource name for the access policy which owns these
+   *   [Service Perimeters]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter].
+   *
+   *   Format: `accessPolicies/{policy_id}`
+   * @param {number[]} request.servicePerimeters
+   *   Required. The desired [Service Perimeters]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter] that should
+   *   replace all existing [Service Perimeters]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter] in the
+   *   [Access Policy]
+   *   [google.identity.accesscontextmanager.v1.AccessPolicy].
+   * @param {string} request.etag
+   *   Optional. The etag for the version of the [Access Policy]
+   *   [google.identity.accesscontextmanager.v1.AccessPolicy] that this
+   *   replace operation is to be performed on. If, at the time of replace, the
+   *   etag for the Access Policy stored in Access Context Manager is different
+   *   from the specified etag, then the replace operation will not be performed
+   *   and the call will fail. This field is not required. If etag is not
+   *   provided, the operation will be performed as if a valid etag is provided.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   *   a long running operation. Its `promise()` method returns a promise
+   *   you can `await` for.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.replace_service_perimeters.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_ReplaceServicePerimeters_async
+   */
+  replaceServicePerimeters(
+    request?: protos.google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  >;
+  replaceServicePerimeters(
+    request: protos.google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest,
+    options: CallOptions,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  replaceServicePerimeters(
+    request: protos.google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  replaceServicePerimeters(
+    request?: protos.google.identity.accesscontextmanager.v1.IReplaceServicePerimetersRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          LROperation<
+            protos.google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse,
+            protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+          >,
+          protos.google.longrunning.IOperation | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        parent: request.parent ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.replaceServicePerimeters(
+      request,
+      options,
+      callback
+    );
+  }
+  /**
+   * Check the status of the long running operation returned by `replaceServicePerimeters()`.
+   * @param {String} name
+   *   The operation name that will be passed.
+   * @returns {Promise} - The promise which resolves to an object.
+   *   The decoded operation object has result and metadata field to get information from.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.replace_service_perimeters.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_ReplaceServicePerimeters_async
+   */
+  async checkReplaceServicePerimetersProgress(
+    name: string
+  ): Promise<
+    LROperation<
+      protos.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >
+  > {
+    const request =
+      new this._gaxModule.operationsProtos.google.longrunning.GetOperationRequest(
+        {name}
+      );
+    const [operation] = await this.operationsClient.getOperation(request);
+    const decodeOperation = new this._gaxModule.Operation(
+      operation,
+      this.descriptors.longrunning.replaceServicePerimeters,
+      this._gaxModule.createDefaultBackoffSettings()
+    );
+    return decodeOperation as LROperation<
+      protos.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >;
+  }
+  /**
+   * Commits the dry-run specification for all the [service perimeters]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
+   * {@link google.identity.accesscontextmanager.v1.AccessPolicy|access policy}.
+   * A commit operation on a service perimeter involves copying its `spec` field
+   * to the `status` field of the service perimeter. Only [service perimeters]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter] with
+   * `use_explicit_dry_run_spec` field set to true are affected by a commit
+   * operation. The long-running operation from this RPC has a successful
+   * status after the dry-run specifications for all the [service perimeters]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
+   * committed. If a commit fails, it causes the long-running operation to
+   * return an error response and the entire commit operation is cancelled.
+   * When successful, the Operation.response field contains
+   * CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
+   * cleared after a successful commit operation.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Resource name for the parent [Access Policy]
+   *   [google.identity.accesscontextmanager.v1.AccessPolicy] which owns all
+   *   [Service Perimeters]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter] in scope for
+   *   the commit operation.
+   *
+   *   Format: `accessPolicies/{policy_id}`
+   * @param {string} request.etag
+   *   Optional. The etag for the version of the [Access Policy]
+   *   [google.identity.accesscontextmanager.v1.AccessPolicy] that this
+   *   commit operation is to be performed on. If, at the time of commit, the
+   *   etag for the Access Policy stored in Access Context Manager is different
+   *   from the specified etag, then the commit operation will not be performed
+   *   and the call will fail. This field is not required. If etag is not
+   *   provided, the operation will be performed as if a valid etag is provided.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   *   a long running operation. Its `promise()` method returns a promise
+   *   you can `await` for.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.commit_service_perimeters.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_CommitServicePerimeters_async
+   */
+  commitServicePerimeters(
+    request?: protos.google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  >;
+  commitServicePerimeters(
+    request: protos.google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest,
+    options: CallOptions,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  commitServicePerimeters(
+    request: protos.google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  commitServicePerimeters(
+    request?: protos.google.identity.accesscontextmanager.v1.ICommitServicePerimetersRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          LROperation<
+            protos.google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse,
+            protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+          >,
+          protos.google.longrunning.IOperation | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        parent: request.parent ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.commitServicePerimeters(
+      request,
+      options,
+      callback
+    );
+  }
+  /**
+   * Check the status of the long running operation returned by `commitServicePerimeters()`.
+   * @param {String} name
+   *   The operation name that will be passed.
+   * @returns {Promise} - The promise which resolves to an object.
+   *   The decoded operation object has result and metadata field to get information from.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.commit_service_perimeters.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_CommitServicePerimeters_async
+   */
+  async checkCommitServicePerimetersProgress(
+    name: string
+  ): Promise<
+    LROperation<
+      protos.google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >
+  > {
+    const request =
+      new this._gaxModule.operationsProtos.google.longrunning.GetOperationRequest(
+        {name}
+      );
+    const [operation] = await this.operationsClient.getOperation(request);
+    const decodeOperation = new this._gaxModule.Operation(
+      operation,
+      this.descriptors.longrunning.commitServicePerimeters,
+      this._gaxModule.createDefaultBackoffSettings()
+    );
+    return decodeOperation as LROperation<
+      protos.google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse,
+      protos.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
+    >;
+  }
+  /**
+   * Creates a [GcpUserAccessBinding]
+   * [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
+   * client specifies a [name]
+   * [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
+   * the server ignores it. Fails if a resource already exists with the same
+   * [group_key]
+   * [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
+   * Completion of this long-running operation does not necessarily signify that
+   * the new binding is deployed onto all affected users, which may take more
+   * time.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Example: "organizations/256"
+   * @param {google.identity.accesscontextmanager.v1.GcpUserAccessBinding} request.gcpUserAccessBinding
+   *   Required. [GcpUserAccessBinding]
+   *   [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   *   a long running operation. Its `promise()` method returns a promise
+   *   you can `await` for.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.create_gcp_user_access_binding.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_CreateGcpUserAccessBinding_async
+   */
+  createGcpUserAccessBinding(
+    request?: protos.google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  >;
+  createGcpUserAccessBinding(
+    request: protos.google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest,
+    options: CallOptions,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  createGcpUserAccessBinding(
+    request: protos.google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  createGcpUserAccessBinding(
+    request?: protos.google.identity.accesscontextmanager.v1.ICreateGcpUserAccessBindingRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          LROperation<
+            protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+            protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+          >,
+          protos.google.longrunning.IOperation | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        parent: request.parent ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.createGcpUserAccessBinding(
+      request,
+      options,
+      callback
+    );
+  }
+  /**
+   * Check the status of the long running operation returned by `createGcpUserAccessBinding()`.
+   * @param {String} name
+   *   The operation name that will be passed.
+   * @returns {Promise} - The promise which resolves to an object.
+   *   The decoded operation object has result and metadata field to get information from.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.create_gcp_user_access_binding.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_CreateGcpUserAccessBinding_async
+   */
+  async checkCreateGcpUserAccessBindingProgress(
+    name: string
+  ): Promise<
+    LROperation<
+      protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding,
+      protos.google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+    >
+  > {
+    const request =
+      new this._gaxModule.operationsProtos.google.longrunning.GetOperationRequest(
+        {name}
+      );
+    const [operation] = await this.operationsClient.getOperation(request);
+    const decodeOperation = new this._gaxModule.Operation(
+      operation,
+      this.descriptors.longrunning.createGcpUserAccessBinding,
+      this._gaxModule.createDefaultBackoffSettings()
+    );
+    return decodeOperation as LROperation<
+      protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding,
+      protos.google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+    >;
+  }
+  /**
+   * Updates a [GcpUserAccessBinding]
+   * [google.identity.accesscontextmanager.v1.GcpUserAccessBinding].
+   * Completion of this long-running operation does not necessarily signify that
+   * the changed binding is deployed onto all affected users, which may take
+   * more time.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {google.identity.accesscontextmanager.v1.GcpUserAccessBinding} request.gcpUserAccessBinding
+   *   Required. [GcpUserAccessBinding]
+   *   [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
+   * @param {google.protobuf.FieldMask} request.updateMask
+   *   Required. Only the fields specified in this mask are updated. Because name and
+   *   group_key cannot be changed, update_mask is required and must always be:
+   *
+   *   update_mask {
+   *   paths: "access_levels"
+   *   }
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   *   a long running operation. Its `promise()` method returns a promise
+   *   you can `await` for.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.update_gcp_user_access_binding.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_UpdateGcpUserAccessBinding_async
+   */
+  updateGcpUserAccessBinding(
+    request?: protos.google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  >;
+  updateGcpUserAccessBinding(
+    request: protos.google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest,
+    options: CallOptions,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  updateGcpUserAccessBinding(
+    request: protos.google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest,
+    callback: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  updateGcpUserAccessBinding(
+    request?: protos.google.identity.accesscontextmanager.v1.IUpdateGcpUserAccessBindingRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          LROperation<
+            protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+            protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+          >,
+          protos.google.longrunning.IOperation | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      LROperation<
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        'gcp_user_access_binding.name':
+          request.gcpUserAccessBinding!.name ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.updateGcpUserAccessBinding(
+      request,
+      options,
+      callback
+    );
+  }
+  /**
+   * Check the status of the long running operation returned by `updateGcpUserAccessBinding()`.
+   * @param {String} name
+   *   The operation name that will be passed.
+   * @returns {Promise} - The promise which resolves to an object.
+   *   The decoded operation object has result and metadata field to get information from.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.update_gcp_user_access_binding.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_UpdateGcpUserAccessBinding_async
+   */
+  async checkUpdateGcpUserAccessBindingProgress(
+    name: string
+  ): Promise<
+    LROperation<
+      protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding,
+      protos.google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+    >
+  > {
+    const request =
+      new this._gaxModule.operationsProtos.google.longrunning.GetOperationRequest(
+        {name}
+      );
+    const [operation] = await this.operationsClient.getOperation(request);
+    const decodeOperation = new this._gaxModule.Operation(
+      operation,
+      this.descriptors.longrunning.updateGcpUserAccessBinding,
+      this._gaxModule.createDefaultBackoffSettings()
+    );
+    return decodeOperation as LROperation<
+      protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding,
+      protos.google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+    >;
+  }
+  /**
+   * Deletes a [GcpUserAccessBinding]
+   * [google.identity.accesscontextmanager.v1.GcpUserAccessBinding].
+   * Completion of this long-running operation does not necessarily signify that
+   * the binding deletion is deployed onto all affected users, which may take
+   * more time.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.name
+   *   Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   *   a long running operation. Its `promise()` method returns a promise
+   *   you can `await` for.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.delete_gcp_user_access_binding.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_DeleteGcpUserAccessBinding_async
+   */
+  deleteGcpUserAccessBinding(
+    request?: protos.google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  >;
+  deleteGcpUserAccessBinding(
+    request: protos.google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest,
+    options: CallOptions,
+    callback: Callback<
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  deleteGcpUserAccessBinding(
+    request: protos.google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest,
+    callback: Callback<
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): void;
+  deleteGcpUserAccessBinding(
+    request?: protos.google.identity.accesscontextmanager.v1.IDeleteGcpUserAccessBindingRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | Callback<
+          LROperation<
+            protos.google.protobuf.IEmpty,
+            protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+          >,
+          protos.google.longrunning.IOperation | null | undefined,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | null | undefined,
+      {} | null | undefined
+    >
+  ): Promise<
+    [
+      LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >,
+      protos.google.longrunning.IOperation | undefined,
+      {} | undefined
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        name: request.name ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.deleteGcpUserAccessBinding(
+      request,
+      options,
+      callback
+    );
+  }
+  /**
+   * Check the status of the long running operation returned by `deleteGcpUserAccessBinding()`.
+   * @param {String} name
+   *   The operation name that will be passed.
+   * @returns {Promise} - The promise which resolves to an object.
+   *   The decoded operation object has result and metadata field to get information from.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#long-running-operations)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.delete_gcp_user_access_binding.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_DeleteGcpUserAccessBinding_async
+   */
+  async checkDeleteGcpUserAccessBindingProgress(
+    name: string
+  ): Promise<
+    LROperation<
+      protos.google.protobuf.Empty,
+      protos.google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+    >
+  > {
+    const request =
+      new this._gaxModule.operationsProtos.google.longrunning.GetOperationRequest(
+        {name}
+      );
+    const [operation] = await this.operationsClient.getOperation(request);
+    const decodeOperation = new this._gaxModule.Operation(
+      operation,
+      this.descriptors.longrunning.deleteGcpUserAccessBinding,
+      this._gaxModule.createDefaultBackoffSettings()
+    );
+    return decodeOperation as LROperation<
+      protos.google.protobuf.Empty,
+      protos.google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
+    >;
+  }
+  /**
+   * Lists all [access policies]
+   * [google.identity.accesscontextmanager.v1.AccessPolicy] in an
+   * organization.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Resource name for the container to list AccessPolicy instances
+   *   from.
+   *
+   *   Format:
+   *   `organizations/{org_id}`
+   * @param {number} request.pageSize
+   *   Number of AccessPolicy instances to include in the list. Default 100.
+   * @param {string} request.pageToken
+   *   Next page token for the next batch of AccessPolicy instances. Defaults to
+   *   the first page of results.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is Array of [AccessPolicy]{@link google.identity.accesscontextmanager.v1.AccessPolicy}.
+   *   The client library will perform auto-pagination by default: it will call the API as many
+   *   times as needed and will merge results from all the pages into this array.
+   *   Note that it can affect your quota.
+   *   We recommend using `listAccessPoliciesAsync()`
+   *   method described below for async iteration which you can stop as needed.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination)
+   *   for more details and examples.
+   */
+  listAccessPolicies(
+    request?: protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IAccessPolicy[],
+      protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest | null,
+      protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesResponse
+    ]
+  >;
+  listAccessPolicies(
+    request: protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest,
+    options: CallOptions,
+    callback: PaginationCallback<
+      protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest,
+      | protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesResponse
+      | null
+      | undefined,
+      protos.google.identity.accesscontextmanager.v1.IAccessPolicy
+    >
+  ): void;
+  listAccessPolicies(
+    request: protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest,
+    callback: PaginationCallback<
+      protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest,
+      | protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesResponse
+      | null
+      | undefined,
+      protos.google.identity.accesscontextmanager.v1.IAccessPolicy
+    >
+  ): void;
+  listAccessPolicies(
+    request?: protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | PaginationCallback<
+          protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest,
+          | protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesResponse
+          | null
+          | undefined,
+          protos.google.identity.accesscontextmanager.v1.IAccessPolicy
+        >,
+    callback?: PaginationCallback<
+      protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest,
+      | protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesResponse
+      | null
+      | undefined,
+      protos.google.identity.accesscontextmanager.v1.IAccessPolicy
+    >
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IAccessPolicy[],
+      protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest | null,
+      protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesResponse
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    this.initialize();
+    return this.innerApiCalls.listAccessPolicies(request, options, callback);
+  }
+
+  /**
+   * Equivalent to `method.name.toCamelCase()`, but returns a NodeJS Stream object.
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Resource name for the container to list AccessPolicy instances
+   *   from.
+   *
+   *   Format:
+   *   `organizations/{org_id}`
+   * @param {number} request.pageSize
+   *   Number of AccessPolicy instances to include in the list. Default 100.
+   * @param {string} request.pageToken
+   *   Next page token for the next batch of AccessPolicy instances. Defaults to
+   *   the first page of results.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Stream}
+   *   An object stream which emits an object representing [AccessPolicy]{@link google.identity.accesscontextmanager.v1.AccessPolicy} on 'data' event.
+   *   The client library will perform auto-pagination by default: it will call the API as many
+   *   times as needed. Note that it can affect your quota.
+   *   We recommend using `listAccessPoliciesAsync()`
+   *   method described below for async iteration which you can stop as needed.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination)
+   *   for more details and examples.
+   */
+  listAccessPoliciesStream(
+    request?: protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest,
+    options?: CallOptions
+  ): Transform {
+    request = request || {};
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    const defaultCallSettings = this._defaults['listAccessPolicies'];
+    const callSettings = defaultCallSettings.merge(options);
+    this.initialize();
+    return this.descriptors.page.listAccessPolicies.createStream(
+      this.innerApiCalls.listAccessPolicies as GaxCall,
+      request,
+      callSettings
+    );
+  }
+
+  /**
+   * Equivalent to `listAccessPolicies`, but returns an iterable object.
+   *
+   * `for`-`await`-`of` syntax is used with the iterable to get response elements on-demand.
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Resource name for the container to list AccessPolicy instances
+   *   from.
+   *
+   *   Format:
+   *   `organizations/{org_id}`
+   * @param {number} request.pageSize
+   *   Number of AccessPolicy instances to include in the list. Default 100.
+   * @param {string} request.pageToken
+   *   Next page token for the next batch of AccessPolicy instances. Defaults to
+   *   the first page of results.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Object}
+   *   An iterable Object that allows [async iteration](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Iteration_protocols).
+   *   When you iterate the returned iterable, each element will be an object representing
+   *   [AccessPolicy]{@link google.identity.accesscontextmanager.v1.AccessPolicy}. The API will be called under the hood as needed, once per the page,
+   *   so you can stop the iteration when you don't need more results.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.list_access_policies.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_ListAccessPolicies_async
+   */
+  listAccessPoliciesAsync(
+    request?: protos.google.identity.accesscontextmanager.v1.IListAccessPoliciesRequest,
+    options?: CallOptions
+  ): AsyncIterable<protos.google.identity.accesscontextmanager.v1.IAccessPolicy> {
+    request = request || {};
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    const defaultCallSettings = this._defaults['listAccessPolicies'];
+    const callSettings = defaultCallSettings.merge(options);
+    this.initialize();
+    return this.descriptors.page.listAccessPolicies.asyncIterate(
+      this.innerApiCalls['listAccessPolicies'] as GaxCall,
+      request as {},
+      callSettings
+    ) as AsyncIterable<protos.google.identity.accesscontextmanager.v1.IAccessPolicy>;
+  }
+  /**
+   * Lists all [access levels]
+   * [google.identity.accesscontextmanager.v1.AccessLevel] for an access
+   * policy.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Resource name for the access policy to list [Access Levels]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel] from.
+   *
+   *   Format:
+   *   `accessPolicies/{policy_id}`
+   * @param {number} request.pageSize
+   *   Number of [Access Levels]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel] to include in
+   *   the list. Default 100.
+   * @param {string} request.pageToken
+   *   Next page token for the next batch of [Access Level]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel] instances.
+   *   Defaults to the first page of results.
+   * @param {google.identity.accesscontextmanager.v1.LevelFormat} request.accessLevelFormat
+   *   Whether to return `BasicLevels` in the Cloud Common Expression language, as
+   *   `CustomLevels`, rather than as `BasicLevels`. Defaults to returning
+   *   `AccessLevels` in the format they were defined.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is Array of [AccessLevel]{@link google.identity.accesscontextmanager.v1.AccessLevel}.
+   *   The client library will perform auto-pagination by default: it will call the API as many
+   *   times as needed and will merge results from all the pages into this array.
+   *   Note that it can affect your quota.
+   *   We recommend using `listAccessLevelsAsync()`
+   *   method described below for async iteration which you can stop as needed.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination)
+   *   for more details and examples.
+   */
+  listAccessLevels(
+    request?: protos.google.identity.accesscontextmanager.v1.IListAccessLevelsRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IAccessLevel[],
+      protos.google.identity.accesscontextmanager.v1.IListAccessLevelsRequest | null,
+      protos.google.identity.accesscontextmanager.v1.IListAccessLevelsResponse
+    ]
+  >;
+  listAccessLevels(
+    request: protos.google.identity.accesscontextmanager.v1.IListAccessLevelsRequest,
+    options: CallOptions,
+    callback: PaginationCallback<
+      protos.google.identity.accesscontextmanager.v1.IListAccessLevelsRequest,
+      | protos.google.identity.accesscontextmanager.v1.IListAccessLevelsResponse
+      | null
+      | undefined,
+      protos.google.identity.accesscontextmanager.v1.IAccessLevel
+    >
+  ): void;
+  listAccessLevels(
+    request: protos.google.identity.accesscontextmanager.v1.IListAccessLevelsRequest,
+    callback: PaginationCallback<
+      protos.google.identity.accesscontextmanager.v1.IListAccessLevelsRequest,
+      | protos.google.identity.accesscontextmanager.v1.IListAccessLevelsResponse
+      | null
+      | undefined,
+      protos.google.identity.accesscontextmanager.v1.IAccessLevel
+    >
+  ): void;
+  listAccessLevels(
+    request?: protos.google.identity.accesscontextmanager.v1.IListAccessLevelsRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | PaginationCallback<
+          protos.google.identity.accesscontextmanager.v1.IListAccessLevelsRequest,
+          | protos.google.identity.accesscontextmanager.v1.IListAccessLevelsResponse
+          | null
+          | undefined,
+          protos.google.identity.accesscontextmanager.v1.IAccessLevel
+        >,
+    callback?: PaginationCallback<
+      protos.google.identity.accesscontextmanager.v1.IListAccessLevelsRequest,
+      | protos.google.identity.accesscontextmanager.v1.IListAccessLevelsResponse
+      | null
+      | undefined,
+      protos.google.identity.accesscontextmanager.v1.IAccessLevel
+    >
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IAccessLevel[],
+      protos.google.identity.accesscontextmanager.v1.IListAccessLevelsRequest | null,
+      protos.google.identity.accesscontextmanager.v1.IListAccessLevelsResponse
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        parent: request.parent ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.listAccessLevels(request, options, callback);
+  }
+
+  /**
+   * Equivalent to `method.name.toCamelCase()`, but returns a NodeJS Stream object.
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Resource name for the access policy to list [Access Levels]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel] from.
+   *
+   *   Format:
+   *   `accessPolicies/{policy_id}`
+   * @param {number} request.pageSize
+   *   Number of [Access Levels]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel] to include in
+   *   the list. Default 100.
+   * @param {string} request.pageToken
+   *   Next page token for the next batch of [Access Level]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel] instances.
+   *   Defaults to the first page of results.
+   * @param {google.identity.accesscontextmanager.v1.LevelFormat} request.accessLevelFormat
+   *   Whether to return `BasicLevels` in the Cloud Common Expression language, as
+   *   `CustomLevels`, rather than as `BasicLevels`. Defaults to returning
+   *   `AccessLevels` in the format they were defined.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Stream}
+   *   An object stream which emits an object representing [AccessLevel]{@link google.identity.accesscontextmanager.v1.AccessLevel} on 'data' event.
+   *   The client library will perform auto-pagination by default: it will call the API as many
+   *   times as needed. Note that it can affect your quota.
+   *   We recommend using `listAccessLevelsAsync()`
+   *   method described below for async iteration which you can stop as needed.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination)
+   *   for more details and examples.
+   */
+  listAccessLevelsStream(
+    request?: protos.google.identity.accesscontextmanager.v1.IListAccessLevelsRequest,
+    options?: CallOptions
+  ): Transform {
+    request = request || {};
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        parent: request.parent ?? '',
+      });
+    const defaultCallSettings = this._defaults['listAccessLevels'];
+    const callSettings = defaultCallSettings.merge(options);
+    this.initialize();
+    return this.descriptors.page.listAccessLevels.createStream(
+      this.innerApiCalls.listAccessLevels as GaxCall,
+      request,
+      callSettings
+    );
+  }
+
+  /**
+   * Equivalent to `listAccessLevels`, but returns an iterable object.
+   *
+   * `for`-`await`-`of` syntax is used with the iterable to get response elements on-demand.
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Resource name for the access policy to list [Access Levels]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel] from.
+   *
+   *   Format:
+   *   `accessPolicies/{policy_id}`
+   * @param {number} request.pageSize
+   *   Number of [Access Levels]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel] to include in
+   *   the list. Default 100.
+   * @param {string} request.pageToken
+   *   Next page token for the next batch of [Access Level]
+   *   [google.identity.accesscontextmanager.v1.AccessLevel] instances.
+   *   Defaults to the first page of results.
+   * @param {google.identity.accesscontextmanager.v1.LevelFormat} request.accessLevelFormat
+   *   Whether to return `BasicLevels` in the Cloud Common Expression language, as
+   *   `CustomLevels`, rather than as `BasicLevels`. Defaults to returning
+   *   `AccessLevels` in the format they were defined.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Object}
+   *   An iterable Object that allows [async iteration](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Iteration_protocols).
+   *   When you iterate the returned iterable, each element will be an object representing
+   *   [AccessLevel]{@link google.identity.accesscontextmanager.v1.AccessLevel}. The API will be called under the hood as needed, once per the page,
+   *   so you can stop the iteration when you don't need more results.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.list_access_levels.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_ListAccessLevels_async
+   */
+  listAccessLevelsAsync(
+    request?: protos.google.identity.accesscontextmanager.v1.IListAccessLevelsRequest,
+    options?: CallOptions
+  ): AsyncIterable<protos.google.identity.accesscontextmanager.v1.IAccessLevel> {
+    request = request || {};
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        parent: request.parent ?? '',
+      });
+    const defaultCallSettings = this._defaults['listAccessLevels'];
+    const callSettings = defaultCallSettings.merge(options);
+    this.initialize();
+    return this.descriptors.page.listAccessLevels.asyncIterate(
+      this.innerApiCalls['listAccessLevels'] as GaxCall,
+      request as {},
+      callSettings
+    ) as AsyncIterable<protos.google.identity.accesscontextmanager.v1.IAccessLevel>;
+  }
+  /**
+   * Lists all [service perimeters]
+   * [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
+   * access policy.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Resource name for the access policy to list [Service Perimeters]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter] from.
+   *
+   *   Format:
+   *   `accessPolicies/{policy_id}`
+   * @param {number} request.pageSize
+   *   Number of [Service Perimeters]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter] to include
+   *   in the list. Default 100.
+   * @param {string} request.pageToken
+   *   Next page token for the next batch of [Service Perimeter]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter] instances.
+   *   Defaults to the first page of results.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is Array of [ServicePerimeter]{@link google.identity.accesscontextmanager.v1.ServicePerimeter}.
+   *   The client library will perform auto-pagination by default: it will call the API as many
+   *   times as needed and will merge results from all the pages into this array.
+   *   Note that it can affect your quota.
+   *   We recommend using `listServicePerimetersAsync()`
+   *   method described below for async iteration which you can stop as needed.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination)
+   *   for more details and examples.
+   */
+  listServicePerimeters(
+    request?: protos.google.identity.accesscontextmanager.v1.IListServicePerimetersRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IServicePerimeter[],
+      protos.google.identity.accesscontextmanager.v1.IListServicePerimetersRequest | null,
+      protos.google.identity.accesscontextmanager.v1.IListServicePerimetersResponse
+    ]
+  >;
+  listServicePerimeters(
+    request: protos.google.identity.accesscontextmanager.v1.IListServicePerimetersRequest,
+    options: CallOptions,
+    callback: PaginationCallback<
+      protos.google.identity.accesscontextmanager.v1.IListServicePerimetersRequest,
+      | protos.google.identity.accesscontextmanager.v1.IListServicePerimetersResponse
+      | null
+      | undefined,
+      protos.google.identity.accesscontextmanager.v1.IServicePerimeter
+    >
+  ): void;
+  listServicePerimeters(
+    request: protos.google.identity.accesscontextmanager.v1.IListServicePerimetersRequest,
+    callback: PaginationCallback<
+      protos.google.identity.accesscontextmanager.v1.IListServicePerimetersRequest,
+      | protos.google.identity.accesscontextmanager.v1.IListServicePerimetersResponse
+      | null
+      | undefined,
+      protos.google.identity.accesscontextmanager.v1.IServicePerimeter
+    >
+  ): void;
+  listServicePerimeters(
+    request?: protos.google.identity.accesscontextmanager.v1.IListServicePerimetersRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | PaginationCallback<
+          protos.google.identity.accesscontextmanager.v1.IListServicePerimetersRequest,
+          | protos.google.identity.accesscontextmanager.v1.IListServicePerimetersResponse
+          | null
+          | undefined,
+          protos.google.identity.accesscontextmanager.v1.IServicePerimeter
+        >,
+    callback?: PaginationCallback<
+      protos.google.identity.accesscontextmanager.v1.IListServicePerimetersRequest,
+      | protos.google.identity.accesscontextmanager.v1.IListServicePerimetersResponse
+      | null
+      | undefined,
+      protos.google.identity.accesscontextmanager.v1.IServicePerimeter
+    >
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IServicePerimeter[],
+      protos.google.identity.accesscontextmanager.v1.IListServicePerimetersRequest | null,
+      protos.google.identity.accesscontextmanager.v1.IListServicePerimetersResponse
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        parent: request.parent ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.listServicePerimeters(request, options, callback);
+  }
+
+  /**
+   * Equivalent to `method.name.toCamelCase()`, but returns a NodeJS Stream object.
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Resource name for the access policy to list [Service Perimeters]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter] from.
+   *
+   *   Format:
+   *   `accessPolicies/{policy_id}`
+   * @param {number} request.pageSize
+   *   Number of [Service Perimeters]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter] to include
+   *   in the list. Default 100.
+   * @param {string} request.pageToken
+   *   Next page token for the next batch of [Service Perimeter]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter] instances.
+   *   Defaults to the first page of results.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Stream}
+   *   An object stream which emits an object representing [ServicePerimeter]{@link google.identity.accesscontextmanager.v1.ServicePerimeter} on 'data' event.
+   *   The client library will perform auto-pagination by default: it will call the API as many
+   *   times as needed. Note that it can affect your quota.
+   *   We recommend using `listServicePerimetersAsync()`
+   *   method described below for async iteration which you can stop as needed.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination)
+   *   for more details and examples.
+   */
+  listServicePerimetersStream(
+    request?: protos.google.identity.accesscontextmanager.v1.IListServicePerimetersRequest,
+    options?: CallOptions
+  ): Transform {
+    request = request || {};
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        parent: request.parent ?? '',
+      });
+    const defaultCallSettings = this._defaults['listServicePerimeters'];
+    const callSettings = defaultCallSettings.merge(options);
+    this.initialize();
+    return this.descriptors.page.listServicePerimeters.createStream(
+      this.innerApiCalls.listServicePerimeters as GaxCall,
+      request,
+      callSettings
+    );
+  }
+
+  /**
+   * Equivalent to `listServicePerimeters`, but returns an iterable object.
+   *
+   * `for`-`await`-`of` syntax is used with the iterable to get response elements on-demand.
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Resource name for the access policy to list [Service Perimeters]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter] from.
+   *
+   *   Format:
+   *   `accessPolicies/{policy_id}`
+   * @param {number} request.pageSize
+   *   Number of [Service Perimeters]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter] to include
+   *   in the list. Default 100.
+   * @param {string} request.pageToken
+   *   Next page token for the next batch of [Service Perimeter]
+   *   [google.identity.accesscontextmanager.v1.ServicePerimeter] instances.
+   *   Defaults to the first page of results.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Object}
+   *   An iterable Object that allows [async iteration](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Iteration_protocols).
+   *   When you iterate the returned iterable, each element will be an object representing
+   *   [ServicePerimeter]{@link google.identity.accesscontextmanager.v1.ServicePerimeter}. The API will be called under the hood as needed, once per the page,
+   *   so you can stop the iteration when you don't need more results.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.list_service_perimeters.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_ListServicePerimeters_async
+   */
+  listServicePerimetersAsync(
+    request?: protos.google.identity.accesscontextmanager.v1.IListServicePerimetersRequest,
+    options?: CallOptions
+  ): AsyncIterable<protos.google.identity.accesscontextmanager.v1.IServicePerimeter> {
+    request = request || {};
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        parent: request.parent ?? '',
+      });
+    const defaultCallSettings = this._defaults['listServicePerimeters'];
+    const callSettings = defaultCallSettings.merge(options);
+    this.initialize();
+    return this.descriptors.page.listServicePerimeters.asyncIterate(
+      this.innerApiCalls['listServicePerimeters'] as GaxCall,
+      request as {},
+      callSettings
+    ) as AsyncIterable<protos.google.identity.accesscontextmanager.v1.IServicePerimeter>;
+  }
+  /**
+   * Lists all [GcpUserAccessBindings]
+   * [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] for a
+   * Google Cloud organization.
+   *
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Example: "organizations/256"
+   * @param {number} [request.pageSize]
+   *   Optional. Maximum number of items to return. The server may return fewer items.
+   *   If left blank, the server may return any number of items.
+   * @param {string} [request.pageToken]
+   *   Optional. If left blank, returns the first page. To enumerate all items, use the
+   *   [next_page_token]
+   *   [google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse.next_page_token]
+   *   from your previous list operation.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Promise} - The promise which resolves to an array.
+   *   The first element of the array is Array of [GcpUserAccessBinding]{@link google.identity.accesscontextmanager.v1.GcpUserAccessBinding}.
+   *   The client library will perform auto-pagination by default: it will call the API as many
+   *   times as needed and will merge results from all the pages into this array.
+   *   Note that it can affect your quota.
+   *   We recommend using `listGcpUserAccessBindingsAsync()`
+   *   method described below for async iteration which you can stop as needed.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination)
+   *   for more details and examples.
+   */
+  listGcpUserAccessBindings(
+    request?: protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest,
+    options?: CallOptions
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding[],
+      protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest | null,
+      protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsResponse
+    ]
+  >;
+  listGcpUserAccessBindings(
+    request: protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest,
+    options: CallOptions,
+    callback: PaginationCallback<
+      protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest,
+      | protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsResponse
+      | null
+      | undefined,
+      protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding
+    >
+  ): void;
+  listGcpUserAccessBindings(
+    request: protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest,
+    callback: PaginationCallback<
+      protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest,
+      | protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsResponse
+      | null
+      | undefined,
+      protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding
+    >
+  ): void;
+  listGcpUserAccessBindings(
+    request?: protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest,
+    optionsOrCallback?:
+      | CallOptions
+      | PaginationCallback<
+          protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest,
+          | protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsResponse
+          | null
+          | undefined,
+          protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding
+        >,
+    callback?: PaginationCallback<
+      protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest,
+      | protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsResponse
+      | null
+      | undefined,
+      protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding
+    >
+  ): Promise<
+    [
+      protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding[],
+      protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest | null,
+      protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsResponse
+    ]
+  > | void {
+    request = request || {};
+    let options: CallOptions;
+    if (typeof optionsOrCallback === 'function' && callback === undefined) {
+      callback = optionsOrCallback;
+      options = {};
+    } else {
+      options = optionsOrCallback as CallOptions;
+    }
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        parent: request.parent ?? '',
+      });
+    this.initialize();
+    return this.innerApiCalls.listGcpUserAccessBindings(
+      request,
+      options,
+      callback
+    );
+  }
+
+  /**
+   * Equivalent to `method.name.toCamelCase()`, but returns a NodeJS Stream object.
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Example: "organizations/256"
+   * @param {number} [request.pageSize]
+   *   Optional. Maximum number of items to return. The server may return fewer items.
+   *   If left blank, the server may return any number of items.
+   * @param {string} [request.pageToken]
+   *   Optional. If left blank, returns the first page. To enumerate all items, use the
+   *   [next_page_token]
+   *   [google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse.next_page_token]
+   *   from your previous list operation.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Stream}
+   *   An object stream which emits an object representing [GcpUserAccessBinding]{@link google.identity.accesscontextmanager.v1.GcpUserAccessBinding} on 'data' event.
+   *   The client library will perform auto-pagination by default: it will call the API as many
+   *   times as needed. Note that it can affect your quota.
+   *   We recommend using `listGcpUserAccessBindingsAsync()`
+   *   method described below for async iteration which you can stop as needed.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination)
+   *   for more details and examples.
+   */
+  listGcpUserAccessBindingsStream(
+    request?: protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest,
+    options?: CallOptions
+  ): Transform {
+    request = request || {};
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        parent: request.parent ?? '',
+      });
+    const defaultCallSettings = this._defaults['listGcpUserAccessBindings'];
+    const callSettings = defaultCallSettings.merge(options);
+    this.initialize();
+    return this.descriptors.page.listGcpUserAccessBindings.createStream(
+      this.innerApiCalls.listGcpUserAccessBindings as GaxCall,
+      request,
+      callSettings
+    );
+  }
+
+  /**
+   * Equivalent to `listGcpUserAccessBindings`, but returns an iterable object.
+   *
+   * `for`-`await`-`of` syntax is used with the iterable to get response elements on-demand.
+   * @param {Object} request
+   *   The request object that will be sent.
+   * @param {string} request.parent
+   *   Required. Example: "organizations/256"
+   * @param {number} [request.pageSize]
+   *   Optional. Maximum number of items to return. The server may return fewer items.
+   *   If left blank, the server may return any number of items.
+   * @param {string} [request.pageToken]
+   *   Optional. If left blank, returns the first page. To enumerate all items, use the
+   *   [next_page_token]
+   *   [google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse.next_page_token]
+   *   from your previous list operation.
+   * @param {object} [options]
+   *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
+   * @returns {Object}
+   *   An iterable Object that allows [async iteration](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Iteration_protocols).
+   *   When you iterate the returned iterable, each element will be an object representing
+   *   [GcpUserAccessBinding]{@link google.identity.accesscontextmanager.v1.GcpUserAccessBinding}. The API will be called under the hood as needed, once per the page,
+   *   so you can stop the iteration when you don't need more results.
+   *   Please see the
+   *   [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination)
+   *   for more details and examples.
+   * @example <caption>include:samples/generated/v1/access_context_manager.list_gcp_user_access_bindings.js</caption>
+   * region_tag:accesscontextmanager_v1_generated_AccessContextManager_ListGcpUserAccessBindings_async
+   */
+  listGcpUserAccessBindingsAsync(
+    request?: protos.google.identity.accesscontextmanager.v1.IListGcpUserAccessBindingsRequest,
+    options?: CallOptions
+  ): AsyncIterable<protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding> {
+    request = request || {};
+    options = options || {};
+    options.otherArgs = options.otherArgs || {};
+    options.otherArgs.headers = options.otherArgs.headers || {};
+    options.otherArgs.headers['x-goog-request-params'] =
+      this._gaxModule.routingHeader.fromParams({
+        parent: request.parent ?? '',
+      });
+    const defaultCallSettings = this._defaults['listGcpUserAccessBindings'];
+    const callSettings = defaultCallSettings.merge(options);
+    this.initialize();
+    return this.descriptors.page.listGcpUserAccessBindings.asyncIterate(
+      this.innerApiCalls['listGcpUserAccessBindings'] as GaxCall,
+      request as {},
+      callSettings
+    ) as AsyncIterable<protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding>;
+  }
+  /**
+   * Gets the latest state of a long-running operation.  Clients can use this
+   * method to poll the operation result at intervals as recommended by the API
+   * service.
+   *
+   * @param {Object} request - The request object that will be sent.
+   * @param {string} request.name - The name of the operation resource.
+   * @param {Object=} options
+   *   Optional parameters. You can override the default settings for this call,
+   *   e.g, timeout, retries, paginations, etc. See [gax.CallOptions]{@link
+   *   https://googleapis.github.io/gax-nodejs/global.html#CallOptions} for the
+   *   details.
+   * @param {function(?Error, ?Object)=} callback
+   *   The function which will be called with the result of the API call.
+   *
+   *   The second parameter to the callback is an object representing
+   * [google.longrunning.Operation]{@link
+   * external:"google.longrunning.Operation"}.
+   * @return {Promise} - The promise which resolves to an array.
+   *   The first element of the array is an object representing
+   * [google.longrunning.Operation]{@link
+   * external:"google.longrunning.Operation"}. The promise has a method named
+   * "cancel" which cancels the ongoing API call.
+   *
+   * @example
+   * ```
+   * const client = longrunning.operationsClient();
+   * const name = '';
+   * const [response] = await client.getOperation({name});
+   * // doThingsWith(response)
+   * ```
+   */
+  getOperation(
+    request: protos.google.longrunning.GetOperationRequest,
+    options?:
+      | gax.CallOptions
+      | Callback<
+          protos.google.longrunning.Operation,
+          protos.google.longrunning.GetOperationRequest,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      protos.google.longrunning.Operation,
+      protos.google.longrunning.GetOperationRequest,
+      {} | null | undefined
+    >
+  ): Promise<[protos.google.longrunning.Operation]> {
+    return this.operationsClient.getOperation(request, options, callback);
+  }
+  /**
+   * Lists operations that match the specified filter in the request. If the
+   * server doesn't support this method, it returns `UNIMPLEMENTED`. Returns an iterable object.
+   *
+   * For-await-of syntax is used with the iterable to recursively get response element on-demand.
+   *
+   * @param {Object} request - The request object that will be sent.
+   * @param {string} request.name - The name of the operation collection.
+   * @param {string} request.filter - The standard list filter.
+   * @param {number=} request.pageSize -
+   *   The maximum number of resources contained in the underlying API
+   *   response. If page streaming is performed per-resource, this
+   *   parameter does not affect the return value. If page streaming is
+   *   performed per-page, this determines the maximum number of
+   *   resources in a page.
+   * @param {Object=} options
+   *   Optional parameters. You can override the default settings for this call,
+   *   e.g, timeout, retries, paginations, etc. See [gax.CallOptions]{@link
+   *   https://googleapis.github.io/gax-nodejs/global.html#CallOptions} for the
+   *   details.
+   * @returns {Object}
+   *   An iterable Object that conforms to @link https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Iteration_protocols.
+   *
+   * @example
+   * ```
+   * const client = longrunning.operationsClient();
+   * for await (const response of client.listOperationsAsync(request));
+   * // doThingsWith(response)
+   * ```
+   */
+  listOperationsAsync(
+    request: protos.google.longrunning.ListOperationsRequest,
+    options?: gax.CallOptions
+  ): AsyncIterable<protos.google.longrunning.ListOperationsResponse> {
+    return this.operationsClient.listOperationsAsync(request, options);
+  }
+  /**
+   * Starts asynchronous cancellation on a long-running operation.  The server
+   * makes a best effort to cancel the operation, but success is not
+   * guaranteed.  If the server doesn't support this method, it returns
+   * `google.rpc.Code.UNIMPLEMENTED`.  Clients can use
+   * {@link Operations.GetOperation} or
+   * other methods to check whether the cancellation succeeded or whether the
+   * operation completed despite cancellation. On successful cancellation,
+   * the operation is not deleted; instead, it becomes an operation with
+   * an {@link Operation.error} value with a {@link google.rpc.Status.code} of
+   * 1, corresponding to `Code.CANCELLED`.
+   *
+   * @param {Object} request - The request object that will be sent.
+   * @param {string} request.name - The name of the operation resource to be cancelled.
+   * @param {Object=} options
+   *   Optional parameters. You can override the default settings for this call,
+   * e.g, timeout, retries, paginations, etc. See [gax.CallOptions]{@link
+   * https://googleapis.github.io/gax-nodejs/global.html#CallOptions} for the
+   * details.
+   * @param {function(?Error)=} callback
+   *   The function which will be called with the result of the API call.
+   * @return {Promise} - The promise which resolves when API call finishes.
+   *   The promise has a method named "cancel" which cancels the ongoing API
+   * call.
+   *
+   * @example
+   * ```
+   * const client = longrunning.operationsClient();
+   * await client.cancelOperation({name: ''});
+   * ```
+   */
+  cancelOperation(
+    request: protos.google.longrunning.CancelOperationRequest,
+    options?:
+      | gax.CallOptions
+      | Callback<
+          protos.google.protobuf.Empty,
+          protos.google.longrunning.CancelOperationRequest,
+          {} | undefined | null
+        >,
+    callback?: Callback<
+      protos.google.longrunning.CancelOperationRequest,
+      protos.google.protobuf.Empty,
+      {} | undefined | null
+    >
+  ): Promise<protos.google.protobuf.Empty> {
+    return this.operationsClient.cancelOperation(request, options, callback);
+  }
+
+  /**
+   * Deletes a long-running operation. This method indicates that the client is
+   * no longer interested in the operation result. It does not cancel the
+   * operation. If the server doesn't support this method, it returns
+   * `google.rpc.Code.UNIMPLEMENTED`.
+   *
+   * @param {Object} request - The request object that will be sent.
+   * @param {string} request.name - The name of the operation resource to be deleted.
+   * @param {Object=} options
+   *   Optional parameters. You can override the default settings for this call,
+   * e.g, timeout, retries, paginations, etc. See [gax.CallOptions]{@link
+   * https://googleapis.github.io/gax-nodejs/global.html#CallOptions} for the
+   * details.
+   * @param {function(?Error)=} callback
+   *   The function which will be called with the result of the API call.
+   * @return {Promise} - The promise which resolves when API call finishes.
+   *   The promise has a method named "cancel" which cancels the ongoing API
+   * call.
+   *
+   * @example
+   * ```
+   * const client = longrunning.operationsClient();
+   * await client.deleteOperation({name: ''});
+   * ```
+   */
+  deleteOperation(
+    request: protos.google.longrunning.DeleteOperationRequest,
+    options?:
+      | gax.CallOptions
+      | Callback<
+          protos.google.protobuf.Empty,
+          protos.google.longrunning.DeleteOperationRequest,
+          {} | null | undefined
+        >,
+    callback?: Callback<
+      protos.google.protobuf.Empty,
+      protos.google.longrunning.DeleteOperationRequest,
+      {} | null | undefined
+    >
+  ): Promise<protos.google.protobuf.Empty> {
+    return this.operationsClient.deleteOperation(request, options, callback);
+  }
+
+  // --------------------
+  // -- Path templates --
+  // --------------------
+
+  /**
+   * Return a fully-qualified accessLevel resource name string.
+   *
+   * @param {string} access_policy
+   * @param {string} access_level
+   * @returns {string} Resource name string.
+   */
+  accessLevelPath(accessPolicy: string, accessLevel: string) {
+    return this.pathTemplates.accessLevelPathTemplate.render({
+      access_policy: accessPolicy,
+      access_level: accessLevel,
+    });
+  }
+
+  /**
+   * Parse the access_policy from AccessLevel resource.
+   *
+   * @param {string} accessLevelName
+   *   A fully-qualified path representing AccessLevel resource.
+   * @returns {string} A string representing the access_policy.
+   */
+  matchAccessPolicyFromAccessLevelName(accessLevelName: string) {
+    return this.pathTemplates.accessLevelPathTemplate.match(accessLevelName)
+      .access_policy;
+  }
+
+  /**
+   * Parse the access_level from AccessLevel resource.
+   *
+   * @param {string} accessLevelName
+   *   A fully-qualified path representing AccessLevel resource.
+   * @returns {string} A string representing the access_level.
+   */
+  matchAccessLevelFromAccessLevelName(accessLevelName: string) {
+    return this.pathTemplates.accessLevelPathTemplate.match(accessLevelName)
+      .access_level;
+  }
+
+  /**
+   * Return a fully-qualified accessPolicy resource name string.
+   *
+   * @param {string} access_policy
+   * @returns {string} Resource name string.
+   */
+  accessPolicyPath(accessPolicy: string) {
+    return this.pathTemplates.accessPolicyPathTemplate.render({
+      access_policy: accessPolicy,
+    });
+  }
+
+  /**
+   * Parse the access_policy from AccessPolicy resource.
+   *
+   * @param {string} accessPolicyName
+   *   A fully-qualified path representing AccessPolicy resource.
+   * @returns {string} A string representing the access_policy.
+   */
+  matchAccessPolicyFromAccessPolicyName(accessPolicyName: string) {
+    return this.pathTemplates.accessPolicyPathTemplate.match(accessPolicyName)
+      .access_policy;
+  }
+
+  /**
+   * Return a fully-qualified gcpUserAccessBinding resource name string.
+   *
+   * @param {string} organization
+   * @param {string} gcp_user_access_binding
+   * @returns {string} Resource name string.
+   */
+  gcpUserAccessBindingPath(organization: string, gcpUserAccessBinding: string) {
+    return this.pathTemplates.gcpUserAccessBindingPathTemplate.render({
+      organization: organization,
+      gcp_user_access_binding: gcpUserAccessBinding,
+    });
+  }
+
+  /**
+   * Parse the organization from GcpUserAccessBinding resource.
+   *
+   * @param {string} gcpUserAccessBindingName
+   *   A fully-qualified path representing GcpUserAccessBinding resource.
+   * @returns {string} A string representing the organization.
+   */
+  matchOrganizationFromGcpUserAccessBindingName(
+    gcpUserAccessBindingName: string
+  ) {
+    return this.pathTemplates.gcpUserAccessBindingPathTemplate.match(
+      gcpUserAccessBindingName
+    ).organization;
+  }
+
+  /**
+   * Parse the gcp_user_access_binding from GcpUserAccessBinding resource.
+   *
+   * @param {string} gcpUserAccessBindingName
+   *   A fully-qualified path representing GcpUserAccessBinding resource.
+   * @returns {string} A string representing the gcp_user_access_binding.
+   */
+  matchGcpUserAccessBindingFromGcpUserAccessBindingName(
+    gcpUserAccessBindingName: string
+  ) {
+    return this.pathTemplates.gcpUserAccessBindingPathTemplate.match(
+      gcpUserAccessBindingName
+    ).gcp_user_access_binding;
+  }
+
+  /**
+   * Return a fully-qualified organization resource name string.
+   *
+   * @param {string} organization
+   * @returns {string} Resource name string.
+   */
+  organizationPath(organization: string) {
+    return this.pathTemplates.organizationPathTemplate.render({
+      organization: organization,
+    });
+  }
+
+  /**
+   * Parse the organization from Organization resource.
+   *
+   * @param {string} organizationName
+   *   A fully-qualified path representing Organization resource.
+   * @returns {string} A string representing the organization.
+   */
+  matchOrganizationFromOrganizationName(organizationName: string) {
+    return this.pathTemplates.organizationPathTemplate.match(organizationName)
+      .organization;
+  }
+
+  /**
+   * Return a fully-qualified servicePerimeter resource name string.
+   *
+   * @param {string} access_policy
+   * @param {string} service_perimeter
+   * @returns {string} Resource name string.
+   */
+  servicePerimeterPath(accessPolicy: string, servicePerimeter: string) {
+    return this.pathTemplates.servicePerimeterPathTemplate.render({
+      access_policy: accessPolicy,
+      service_perimeter: servicePerimeter,
+    });
+  }
+
+  /**
+   * Parse the access_policy from ServicePerimeter resource.
+   *
+   * @param {string} servicePerimeterName
+   *   A fully-qualified path representing ServicePerimeter resource.
+   * @returns {string} A string representing the access_policy.
+   */
+  matchAccessPolicyFromServicePerimeterName(servicePerimeterName: string) {
+    return this.pathTemplates.servicePerimeterPathTemplate.match(
+      servicePerimeterName
+    ).access_policy;
+  }
+
+  /**
+   * Parse the service_perimeter from ServicePerimeter resource.
+   *
+   * @param {string} servicePerimeterName
+   *   A fully-qualified path representing ServicePerimeter resource.
+   * @returns {string} A string representing the service_perimeter.
+   */
+  matchServicePerimeterFromServicePerimeterName(servicePerimeterName: string) {
+    return this.pathTemplates.servicePerimeterPathTemplate.match(
+      servicePerimeterName
+    ).service_perimeter;
+  }
+
+  /**
+   * Terminate the gRPC channel and close the client.
+   *
+   * The client will no longer be usable and all future behavior is undefined.
+   * @returns {Promise} A promise that resolves when the client is closed.
+   */
+  close(): Promise<void> {
+    if (this.accessContextManagerStub && !this._terminated) {
+      return this.accessContextManagerStub.then(stub => {
+        this._terminated = true;
+        stub.close();
+        this.operationsClient.close();
+      });
+    }
+    return Promise.resolve();
+  }
+}
diff --git a/packages/google-identity-accesscontextmanager/src/v1/access_context_manager_client_config.json b/packages/google-identity-accesscontextmanager/src/v1/access_context_manager_client_config.json
new file mode 100644
index 00000000000..ac86647c705
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/src/v1/access_context_manager_client_config.json
@@ -0,0 +1,156 @@
+{
+  "interfaces": {
+    "google.identity.accesscontextmanager.v1.AccessContextManager": {
+      "retry_codes": {
+        "non_idempotent": [],
+        "idempotent": [
+          "DEADLINE_EXCEEDED",
+          "UNAVAILABLE"
+        ]
+      },
+      "retry_params": {
+        "default": {
+          "initial_retry_delay_millis": 100,
+          "retry_delay_multiplier": 1.3,
+          "max_retry_delay_millis": 60000,
+          "initial_rpc_timeout_millis": 60000,
+          "rpc_timeout_multiplier": 1,
+          "max_rpc_timeout_millis": 60000,
+          "total_timeout_millis": 600000
+        }
+      },
+      "methods": {
+        "ListAccessPolicies": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "GetAccessPolicy": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "CreateAccessPolicy": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "UpdateAccessPolicy": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "DeleteAccessPolicy": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "ListAccessLevels": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "GetAccessLevel": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "CreateAccessLevel": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "UpdateAccessLevel": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "DeleteAccessLevel": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "ReplaceAccessLevels": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "ListServicePerimeters": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "GetServicePerimeter": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "CreateServicePerimeter": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "UpdateServicePerimeter": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "DeleteServicePerimeter": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "ReplaceServicePerimeters": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "CommitServicePerimeters": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "ListGcpUserAccessBindings": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "GetGcpUserAccessBinding": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "CreateGcpUserAccessBinding": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "UpdateGcpUserAccessBinding": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "DeleteGcpUserAccessBinding": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "SetIamPolicy": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "GetIamPolicy": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        },
+        "TestIamPermissions": {
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "default"
+        }
+      }
+    }
+  }
+}
diff --git a/packages/google-identity-accesscontextmanager/src/v1/access_context_manager_proto_list.json b/packages/google-identity-accesscontextmanager/src/v1/access_context_manager_proto_list.json
new file mode 100644
index 00000000000..7ac8f3e0fd9
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/src/v1/access_context_manager_proto_list.json
@@ -0,0 +1,8 @@
+[
+  "../../protos/google/identity/accesscontextmanager/type/device_resources.proto",
+  "../../protos/google/identity/accesscontextmanager/v1/access_context_manager.proto",
+  "../../protos/google/identity/accesscontextmanager/v1/access_level.proto",
+  "../../protos/google/identity/accesscontextmanager/v1/access_policy.proto",
+  "../../protos/google/identity/accesscontextmanager/v1/gcp_user_access_binding.proto",
+  "../../protos/google/identity/accesscontextmanager/v1/service_perimeter.proto"
+]
diff --git a/packages/google-identity-accesscontextmanager/src/v1/gapic_metadata.json b/packages/google-identity-accesscontextmanager/src/v1/gapic_metadata.json
new file mode 100644
index 00000000000..9a97f9b98ed
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/src/v1/gapic_metadata.json
@@ -0,0 +1,299 @@
+{
+  "schema": "1.0",
+  "comment": "This file maps proto services/RPCs to the corresponding library clients/methods",
+  "language": "typescript",
+  "protoPackage": "google.identity.accesscontextmanager.v1",
+  "libraryPackage": "@google-cloud/access-context-manager",
+  "services": {
+    "AccessContextManager": {
+      "clients": {
+        "grpc": {
+          "libraryClient": "AccessContextManagerClient",
+          "rpcs": {
+            "GetAccessPolicy": {
+              "methods": [
+                "getAccessPolicy"
+              ]
+            },
+            "GetAccessLevel": {
+              "methods": [
+                "getAccessLevel"
+              ]
+            },
+            "GetServicePerimeter": {
+              "methods": [
+                "getServicePerimeter"
+              ]
+            },
+            "GetGcpUserAccessBinding": {
+              "methods": [
+                "getGcpUserAccessBinding"
+              ]
+            },
+            "SetIamPolicy": {
+              "methods": [
+                "setIamPolicy"
+              ]
+            },
+            "GetIamPolicy": {
+              "methods": [
+                "getIamPolicy"
+              ]
+            },
+            "TestIamPermissions": {
+              "methods": [
+                "testIamPermissions"
+              ]
+            },
+            "CreateAccessPolicy": {
+              "methods": [
+                "createAccessPolicy"
+              ]
+            },
+            "UpdateAccessPolicy": {
+              "methods": [
+                "updateAccessPolicy"
+              ]
+            },
+            "DeleteAccessPolicy": {
+              "methods": [
+                "deleteAccessPolicy"
+              ]
+            },
+            "CreateAccessLevel": {
+              "methods": [
+                "createAccessLevel"
+              ]
+            },
+            "UpdateAccessLevel": {
+              "methods": [
+                "updateAccessLevel"
+              ]
+            },
+            "DeleteAccessLevel": {
+              "methods": [
+                "deleteAccessLevel"
+              ]
+            },
+            "ReplaceAccessLevels": {
+              "methods": [
+                "replaceAccessLevels"
+              ]
+            },
+            "CreateServicePerimeter": {
+              "methods": [
+                "createServicePerimeter"
+              ]
+            },
+            "UpdateServicePerimeter": {
+              "methods": [
+                "updateServicePerimeter"
+              ]
+            },
+            "DeleteServicePerimeter": {
+              "methods": [
+                "deleteServicePerimeter"
+              ]
+            },
+            "ReplaceServicePerimeters": {
+              "methods": [
+                "replaceServicePerimeters"
+              ]
+            },
+            "CommitServicePerimeters": {
+              "methods": [
+                "commitServicePerimeters"
+              ]
+            },
+            "CreateGcpUserAccessBinding": {
+              "methods": [
+                "createGcpUserAccessBinding"
+              ]
+            },
+            "UpdateGcpUserAccessBinding": {
+              "methods": [
+                "updateGcpUserAccessBinding"
+              ]
+            },
+            "DeleteGcpUserAccessBinding": {
+              "methods": [
+                "deleteGcpUserAccessBinding"
+              ]
+            },
+            "ListAccessPolicies": {
+              "methods": [
+                "listAccessPolicies",
+                "listAccessPoliciesStream",
+                "listAccessPoliciesAsync"
+              ]
+            },
+            "ListAccessLevels": {
+              "methods": [
+                "listAccessLevels",
+                "listAccessLevelsStream",
+                "listAccessLevelsAsync"
+              ]
+            },
+            "ListServicePerimeters": {
+              "methods": [
+                "listServicePerimeters",
+                "listServicePerimetersStream",
+                "listServicePerimetersAsync"
+              ]
+            },
+            "ListGcpUserAccessBindings": {
+              "methods": [
+                "listGcpUserAccessBindings",
+                "listGcpUserAccessBindingsStream",
+                "listGcpUserAccessBindingsAsync"
+              ]
+            }
+          }
+        },
+        "grpc-fallback": {
+          "libraryClient": "AccessContextManagerClient",
+          "rpcs": {
+            "GetAccessPolicy": {
+              "methods": [
+                "getAccessPolicy"
+              ]
+            },
+            "GetAccessLevel": {
+              "methods": [
+                "getAccessLevel"
+              ]
+            },
+            "GetServicePerimeter": {
+              "methods": [
+                "getServicePerimeter"
+              ]
+            },
+            "GetGcpUserAccessBinding": {
+              "methods": [
+                "getGcpUserAccessBinding"
+              ]
+            },
+            "SetIamPolicy": {
+              "methods": [
+                "setIamPolicy"
+              ]
+            },
+            "GetIamPolicy": {
+              "methods": [
+                "getIamPolicy"
+              ]
+            },
+            "TestIamPermissions": {
+              "methods": [
+                "testIamPermissions"
+              ]
+            },
+            "CreateAccessPolicy": {
+              "methods": [
+                "createAccessPolicy"
+              ]
+            },
+            "UpdateAccessPolicy": {
+              "methods": [
+                "updateAccessPolicy"
+              ]
+            },
+            "DeleteAccessPolicy": {
+              "methods": [
+                "deleteAccessPolicy"
+              ]
+            },
+            "CreateAccessLevel": {
+              "methods": [
+                "createAccessLevel"
+              ]
+            },
+            "UpdateAccessLevel": {
+              "methods": [
+                "updateAccessLevel"
+              ]
+            },
+            "DeleteAccessLevel": {
+              "methods": [
+                "deleteAccessLevel"
+              ]
+            },
+            "ReplaceAccessLevels": {
+              "methods": [
+                "replaceAccessLevels"
+              ]
+            },
+            "CreateServicePerimeter": {
+              "methods": [
+                "createServicePerimeter"
+              ]
+            },
+            "UpdateServicePerimeter": {
+              "methods": [
+                "updateServicePerimeter"
+              ]
+            },
+            "DeleteServicePerimeter": {
+              "methods": [
+                "deleteServicePerimeter"
+              ]
+            },
+            "ReplaceServicePerimeters": {
+              "methods": [
+                "replaceServicePerimeters"
+              ]
+            },
+            "CommitServicePerimeters": {
+              "methods": [
+                "commitServicePerimeters"
+              ]
+            },
+            "CreateGcpUserAccessBinding": {
+              "methods": [
+                "createGcpUserAccessBinding"
+              ]
+            },
+            "UpdateGcpUserAccessBinding": {
+              "methods": [
+                "updateGcpUserAccessBinding"
+              ]
+            },
+            "DeleteGcpUserAccessBinding": {
+              "methods": [
+                "deleteGcpUserAccessBinding"
+              ]
+            },
+            "ListAccessPolicies": {
+              "methods": [
+                "listAccessPolicies",
+                "listAccessPoliciesStream",
+                "listAccessPoliciesAsync"
+              ]
+            },
+            "ListAccessLevels": {
+              "methods": [
+                "listAccessLevels",
+                "listAccessLevelsStream",
+                "listAccessLevelsAsync"
+              ]
+            },
+            "ListServicePerimeters": {
+              "methods": [
+                "listServicePerimeters",
+                "listServicePerimetersStream",
+                "listServicePerimetersAsync"
+              ]
+            },
+            "ListGcpUserAccessBindings": {
+              "methods": [
+                "listGcpUserAccessBindings",
+                "listGcpUserAccessBindingsStream",
+                "listGcpUserAccessBindingsAsync"
+              ]
+            }
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/packages/google-identity-accesscontextmanager/src/v1/index.ts b/packages/google-identity-accesscontextmanager/src/v1/index.ts
new file mode 100644
index 00000000000..2a4f63b3449
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/src/v1/index.ts
@@ -0,0 +1,19 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+export {AccessContextManagerClient} from './access_context_manager_client';
diff --git a/packages/google-identity-accesscontextmanager/system-test/fixtures/sample/src/index.js b/packages/google-identity-accesscontextmanager/system-test/fixtures/sample/src/index.js
new file mode 100644
index 00000000000..2a24895bdd1
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/system-test/fixtures/sample/src/index.js
@@ -0,0 +1,27 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+/* eslint-disable node/no-missing-require, no-unused-vars */
+const accesscontextmanager = require('@google-cloud/access-context-manager');
+
+function main() {
+  const accessContextManagerClient =
+    new accesscontextmanager.AccessContextManagerClient();
+}
+
+main();
diff --git a/packages/google-identity-accesscontextmanager/system-test/fixtures/sample/src/index.ts b/packages/google-identity-accesscontextmanager/system-test/fixtures/sample/src/index.ts
new file mode 100644
index 00000000000..84190e91dcd
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/system-test/fixtures/sample/src/index.ts
@@ -0,0 +1,34 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+import {AccessContextManagerClient} from '@google-cloud/access-context-manager';
+
+// check that the client class type name can be used
+function doStuffWithAccessContextManagerClient(
+  client: AccessContextManagerClient
+) {
+  client.close();
+}
+
+function main() {
+  // check that the client instance can be created
+  const accessContextManagerClient = new AccessContextManagerClient();
+  doStuffWithAccessContextManagerClient(accessContextManagerClient);
+}
+
+main();
diff --git a/packages/google-identity-accesscontextmanager/system-test/install.ts b/packages/google-identity-accesscontextmanager/system-test/install.ts
new file mode 100644
index 00000000000..6dd1eaadafa
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/system-test/install.ts
@@ -0,0 +1,51 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+import {packNTest} from 'pack-n-play';
+import {readFileSync} from 'fs';
+import {describe, it} from 'mocha';
+
+describe('📦 pack-n-play test', () => {
+  it('TypeScript code', async function () {
+    this.timeout(300000);
+    const options = {
+      packageDir: process.cwd(),
+      sample: {
+        description: 'TypeScript user can use the type definitions',
+        ts: readFileSync(
+          './system-test/fixtures/sample/src/index.ts'
+        ).toString(),
+      },
+    };
+    await packNTest(options);
+  });
+
+  it('JavaScript code', async function () {
+    this.timeout(300000);
+    const options = {
+      packageDir: process.cwd(),
+      sample: {
+        description: 'JavaScript user can use the library',
+        ts: readFileSync(
+          './system-test/fixtures/sample/src/index.js'
+        ).toString(),
+      },
+    };
+    await packNTest(options);
+  });
+});
diff --git a/packages/google-identity-accesscontextmanager/test/gapic_access_context_manager_v1.ts b/packages/google-identity-accesscontextmanager/test/gapic_access_context_manager_v1.ts
new file mode 100644
index 00000000000..683cef24490
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/test/gapic_access_context_manager_v1.ts
@@ -0,0 +1,6101 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// ** This file is automatically generated by gapic-generator-typescript. **
+// ** https://github.com/googleapis/gapic-generator-typescript **
+// ** All changes to this file may be overwritten. **
+
+import * as protos from '../protos/protos';
+import * as assert from 'assert';
+import * as sinon from 'sinon';
+import {SinonStub} from 'sinon';
+import {describe, it} from 'mocha';
+import * as accesscontextmanagerModule from '../src';
+
+import {PassThrough} from 'stream';
+
+import {protobuf, LROperation, operationsProtos} from 'google-gax';
+
+// Dynamically loaded proto JSON is needed to get the type information
+// to fill in default values for request objects
+const root = protobuf.Root.fromJSON(
+  require('../protos/protos.json')
+).resolveAll();
+
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+function getTypeDefaultValue(typeName: string, fields: string[]) {
+  let type = root.lookupType(typeName) as protobuf.Type;
+  for (const field of fields.slice(0, -1)) {
+    type = type.fields[field]?.resolvedType as protobuf.Type;
+  }
+  return type.fields[fields[fields.length - 1]]?.defaultValue;
+}
+
+function generateSampleMessage<T extends object>(instance: T) {
+  const filledObject = (
+    instance.constructor as typeof protobuf.Message
+  ).toObject(instance as protobuf.Message<T>, {defaults: true});
+  return (instance.constructor as typeof protobuf.Message).fromObject(
+    filledObject
+  ) as T;
+}
+
+function stubSimpleCall<ResponseType>(response?: ResponseType, error?: Error) {
+  return error
+    ? sinon.stub().rejects(error)
+    : sinon.stub().resolves([response]);
+}
+
+function stubSimpleCallWithCallback<ResponseType>(
+  response?: ResponseType,
+  error?: Error
+) {
+  return error
+    ? sinon.stub().callsArgWith(2, error)
+    : sinon.stub().callsArgWith(2, null, response);
+}
+
+function stubLongRunningCall<ResponseType>(
+  response?: ResponseType,
+  callError?: Error,
+  lroError?: Error
+) {
+  const innerStub = lroError
+    ? sinon.stub().rejects(lroError)
+    : sinon.stub().resolves([response]);
+  const mockOperation = {
+    promise: innerStub,
+  };
+  return callError
+    ? sinon.stub().rejects(callError)
+    : sinon.stub().resolves([mockOperation]);
+}
+
+function stubLongRunningCallWithCallback<ResponseType>(
+  response?: ResponseType,
+  callError?: Error,
+  lroError?: Error
+) {
+  const innerStub = lroError
+    ? sinon.stub().rejects(lroError)
+    : sinon.stub().resolves([response]);
+  const mockOperation = {
+    promise: innerStub,
+  };
+  return callError
+    ? sinon.stub().callsArgWith(2, callError)
+    : sinon.stub().callsArgWith(2, null, mockOperation);
+}
+
+function stubPageStreamingCall<ResponseType>(
+  responses?: ResponseType[],
+  error?: Error
+) {
+  const pagingStub = sinon.stub();
+  if (responses) {
+    for (let i = 0; i < responses.length; ++i) {
+      pagingStub.onCall(i).callsArgWith(2, null, responses[i]);
+    }
+  }
+  const transformStub = error
+    ? sinon.stub().callsArgWith(2, error)
+    : pagingStub;
+  const mockStream = new PassThrough({
+    objectMode: true,
+    transform: transformStub,
+  });
+  // trigger as many responses as needed
+  if (responses) {
+    for (let i = 0; i < responses.length; ++i) {
+      setImmediate(() => {
+        mockStream.write({});
+      });
+    }
+    setImmediate(() => {
+      mockStream.end();
+    });
+  } else {
+    setImmediate(() => {
+      mockStream.write({});
+    });
+    setImmediate(() => {
+      mockStream.end();
+    });
+  }
+  return sinon.stub().returns(mockStream);
+}
+
+function stubAsyncIterationCall<ResponseType>(
+  responses?: ResponseType[],
+  error?: Error
+) {
+  let counter = 0;
+  const asyncIterable = {
+    [Symbol.asyncIterator]() {
+      return {
+        async next() {
+          if (error) {
+            return Promise.reject(error);
+          }
+          if (counter >= responses!.length) {
+            return Promise.resolve({done: true, value: undefined});
+          }
+          return Promise.resolve({done: false, value: responses![counter++]});
+        },
+      };
+    },
+  };
+  return sinon.stub().returns(asyncIterable);
+}
+
+describe('v1.AccessContextManagerClient', () => {
+  describe('Common methods', () => {
+    it('has servicePath', () => {
+      const servicePath =
+        accesscontextmanagerModule.v1.AccessContextManagerClient.servicePath;
+      assert(servicePath);
+    });
+
+    it('has apiEndpoint', () => {
+      const apiEndpoint =
+        accesscontextmanagerModule.v1.AccessContextManagerClient.apiEndpoint;
+      assert(apiEndpoint);
+    });
+
+    it('has port', () => {
+      const port =
+        accesscontextmanagerModule.v1.AccessContextManagerClient.port;
+      assert(port);
+      assert(typeof port === 'number');
+    });
+
+    it('should create a client with no option', () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient();
+      assert(client);
+    });
+
+    it('should create a client with gRPC fallback', () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          fallback: true,
+        });
+      assert(client);
+    });
+
+    it('has initialize method and supports deferred initialization', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      assert.strictEqual(client.accessContextManagerStub, undefined);
+      await client.initialize();
+      assert(client.accessContextManagerStub);
+    });
+
+    it('has close method for the initialized client', done => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      assert(client.accessContextManagerStub);
+      client.close().then(() => {
+        done();
+      });
+    });
+
+    it('has close method for the non-initialized client', done => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      assert.strictEqual(client.accessContextManagerStub, undefined);
+      client.close().then(() => {
+        done();
+      });
+    });
+
+    it('has getProjectId method', async () => {
+      const fakeProjectId = 'fake-project-id';
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.auth.getProjectId = sinon.stub().resolves(fakeProjectId);
+      const result = await client.getProjectId();
+      assert.strictEqual(result, fakeProjectId);
+      assert((client.auth.getProjectId as SinonStub).calledWithExactly());
+    });
+
+    it('has getProjectId method with callback', async () => {
+      const fakeProjectId = 'fake-project-id';
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.auth.getProjectId = sinon
+        .stub()
+        .callsArgWith(0, null, fakeProjectId);
+      const promise = new Promise((resolve, reject) => {
+        client.getProjectId((err?: Error | null, projectId?: string | null) => {
+          if (err) {
+            reject(err);
+          } else {
+            resolve(projectId);
+          }
+        });
+      });
+      const result = await promise;
+      assert.strictEqual(result, fakeProjectId);
+    });
+  });
+
+  describe('getAccessPolicy', () => {
+    it('invokes getAccessPolicy without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetAccessPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetAccessPolicyRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+      );
+      client.innerApiCalls.getAccessPolicy = stubSimpleCall(expectedResponse);
+      const [response] = await client.getAccessPolicy(request);
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.getAccessPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.getAccessPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes getAccessPolicy without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetAccessPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetAccessPolicyRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+      );
+      client.innerApiCalls.getAccessPolicy =
+        stubSimpleCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.getAccessPolicy(
+          request,
+          (
+            err?: Error | null,
+            result?: protos.google.identity.accesscontextmanager.v1.IAccessPolicy | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const response = await promise;
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.getAccessPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.getAccessPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes getAccessPolicy with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetAccessPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetAccessPolicyRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.getAccessPolicy = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(client.getAccessPolicy(request), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.getAccessPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.getAccessPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes getAccessPolicy with closed client', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetAccessPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetAccessPolicyRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedError = new Error('The client has already been closed.');
+      client.close();
+      await assert.rejects(client.getAccessPolicy(request), expectedError);
+    });
+  });
+
+  describe('getAccessLevel', () => {
+    it('invokes getAccessLevel without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetAccessLevelRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetAccessLevelRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.AccessLevel()
+      );
+      client.innerApiCalls.getAccessLevel = stubSimpleCall(expectedResponse);
+      const [response] = await client.getAccessLevel(request);
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.getAccessLevel as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.getAccessLevel as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes getAccessLevel without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetAccessLevelRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetAccessLevelRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.AccessLevel()
+      );
+      client.innerApiCalls.getAccessLevel =
+        stubSimpleCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.getAccessLevel(
+          request,
+          (
+            err?: Error | null,
+            result?: protos.google.identity.accesscontextmanager.v1.IAccessLevel | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const response = await promise;
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.getAccessLevel as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.getAccessLevel as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes getAccessLevel with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetAccessLevelRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetAccessLevelRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.getAccessLevel = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(client.getAccessLevel(request), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.getAccessLevel as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.getAccessLevel as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes getAccessLevel with closed client', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetAccessLevelRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetAccessLevelRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedError = new Error('The client has already been closed.');
+      client.close();
+      await assert.rejects(client.getAccessLevel(request), expectedError);
+    });
+  });
+
+  describe('getServicePerimeter', () => {
+    it('invokes getServicePerimeter without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetServicePerimeterRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetServicePerimeterRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ServicePerimeter()
+      );
+      client.innerApiCalls.getServicePerimeter =
+        stubSimpleCall(expectedResponse);
+      const [response] = await client.getServicePerimeter(request);
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.getServicePerimeter as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.getServicePerimeter as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes getServicePerimeter without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetServicePerimeterRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetServicePerimeterRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ServicePerimeter()
+      );
+      client.innerApiCalls.getServicePerimeter =
+        stubSimpleCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.getServicePerimeter(
+          request,
+          (
+            err?: Error | null,
+            result?: protos.google.identity.accesscontextmanager.v1.IServicePerimeter | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const response = await promise;
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.getServicePerimeter as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.getServicePerimeter as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes getServicePerimeter with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetServicePerimeterRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetServicePerimeterRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.getServicePerimeter = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(client.getServicePerimeter(request), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.getServicePerimeter as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.getServicePerimeter as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes getServicePerimeter with closed client', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetServicePerimeterRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetServicePerimeterRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedError = new Error('The client has already been closed.');
+      client.close();
+      await assert.rejects(client.getServicePerimeter(request), expectedError);
+    });
+  });
+
+  describe('getGcpUserAccessBinding', () => {
+    it('invokes getGcpUserAccessBinding without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding()
+      );
+      client.innerApiCalls.getGcpUserAccessBinding =
+        stubSimpleCall(expectedResponse);
+      const [response] = await client.getGcpUserAccessBinding(request);
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.getGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.getGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes getGcpUserAccessBinding without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding()
+      );
+      client.innerApiCalls.getGcpUserAccessBinding =
+        stubSimpleCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.getGcpUserAccessBinding(
+          request,
+          (
+            err?: Error | null,
+            result?: protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const response = await promise;
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.getGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.getGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes getGcpUserAccessBinding with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.getGcpUserAccessBinding = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.getGcpUserAccessBinding(request),
+        expectedError
+      );
+      const actualRequest = (
+        client.innerApiCalls.getGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.getGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes getGcpUserAccessBinding with closed client', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedError = new Error('The client has already been closed.');
+      client.close();
+      await assert.rejects(
+        client.getGcpUserAccessBinding(request),
+        expectedError
+      );
+    });
+  });
+
+  describe('setIamPolicy', () => {
+    it('invokes setIamPolicy without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.iam.v1.SetIamPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.iam.v1.SetIamPolicyRequest',
+        ['resource']
+      );
+      request.resource = defaultValue1;
+      const expectedHeaderRequestParams = `resource=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.iam.v1.Policy()
+      );
+      client.innerApiCalls.setIamPolicy = stubSimpleCall(expectedResponse);
+      const [response] = await client.setIamPolicy(request);
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.setIamPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.setIamPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes setIamPolicy without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.iam.v1.SetIamPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.iam.v1.SetIamPolicyRequest',
+        ['resource']
+      );
+      request.resource = defaultValue1;
+      const expectedHeaderRequestParams = `resource=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.iam.v1.Policy()
+      );
+      client.innerApiCalls.setIamPolicy =
+        stubSimpleCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.setIamPolicy(
+          request,
+          (
+            err?: Error | null,
+            result?: protos.google.iam.v1.IPolicy | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const response = await promise;
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.setIamPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.setIamPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes setIamPolicy with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.iam.v1.SetIamPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.iam.v1.SetIamPolicyRequest',
+        ['resource']
+      );
+      request.resource = defaultValue1;
+      const expectedHeaderRequestParams = `resource=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.setIamPolicy = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(client.setIamPolicy(request), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.setIamPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.setIamPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes setIamPolicy with closed client', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.iam.v1.SetIamPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.iam.v1.SetIamPolicyRequest',
+        ['resource']
+      );
+      request.resource = defaultValue1;
+      const expectedError = new Error('The client has already been closed.');
+      client.close();
+      await assert.rejects(client.setIamPolicy(request), expectedError);
+    });
+  });
+
+  describe('getIamPolicy', () => {
+    it('invokes getIamPolicy without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.iam.v1.GetIamPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.iam.v1.GetIamPolicyRequest',
+        ['resource']
+      );
+      request.resource = defaultValue1;
+      const expectedHeaderRequestParams = `resource=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.iam.v1.Policy()
+      );
+      client.innerApiCalls.getIamPolicy = stubSimpleCall(expectedResponse);
+      const [response] = await client.getIamPolicy(request);
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.getIamPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.getIamPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes getIamPolicy without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.iam.v1.GetIamPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.iam.v1.GetIamPolicyRequest',
+        ['resource']
+      );
+      request.resource = defaultValue1;
+      const expectedHeaderRequestParams = `resource=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.iam.v1.Policy()
+      );
+      client.innerApiCalls.getIamPolicy =
+        stubSimpleCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.getIamPolicy(
+          request,
+          (
+            err?: Error | null,
+            result?: protos.google.iam.v1.IPolicy | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const response = await promise;
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.getIamPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.getIamPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes getIamPolicy with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.iam.v1.GetIamPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.iam.v1.GetIamPolicyRequest',
+        ['resource']
+      );
+      request.resource = defaultValue1;
+      const expectedHeaderRequestParams = `resource=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.getIamPolicy = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(client.getIamPolicy(request), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.getIamPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.getIamPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes getIamPolicy with closed client', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.iam.v1.GetIamPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.iam.v1.GetIamPolicyRequest',
+        ['resource']
+      );
+      request.resource = defaultValue1;
+      const expectedError = new Error('The client has already been closed.');
+      client.close();
+      await assert.rejects(client.getIamPolicy(request), expectedError);
+    });
+  });
+
+  describe('testIamPermissions', () => {
+    it('invokes testIamPermissions without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.iam.v1.TestIamPermissionsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.iam.v1.TestIamPermissionsRequest',
+        ['resource']
+      );
+      request.resource = defaultValue1;
+      const expectedHeaderRequestParams = `resource=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.iam.v1.TestIamPermissionsResponse()
+      );
+      client.innerApiCalls.testIamPermissions =
+        stubSimpleCall(expectedResponse);
+      const [response] = await client.testIamPermissions(request);
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.testIamPermissions as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.testIamPermissions as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes testIamPermissions without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.iam.v1.TestIamPermissionsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.iam.v1.TestIamPermissionsRequest',
+        ['resource']
+      );
+      request.resource = defaultValue1;
+      const expectedHeaderRequestParams = `resource=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.iam.v1.TestIamPermissionsResponse()
+      );
+      client.innerApiCalls.testIamPermissions =
+        stubSimpleCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.testIamPermissions(
+          request,
+          (
+            err?: Error | null,
+            result?: protos.google.iam.v1.ITestIamPermissionsResponse | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const response = await promise;
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.testIamPermissions as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.testIamPermissions as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes testIamPermissions with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.iam.v1.TestIamPermissionsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.iam.v1.TestIamPermissionsRequest',
+        ['resource']
+      );
+      request.resource = defaultValue1;
+      const expectedHeaderRequestParams = `resource=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.testIamPermissions = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(client.testIamPermissions(request), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.testIamPermissions as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.testIamPermissions as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes testIamPermissions with closed client', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.iam.v1.TestIamPermissionsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.iam.v1.TestIamPermissionsRequest',
+        ['resource']
+      );
+      request.resource = defaultValue1;
+      const expectedError = new Error('The client has already been closed.');
+      client.close();
+      await assert.rejects(client.testIamPermissions(request), expectedError);
+    });
+  });
+
+  describe('createAccessPolicy', () => {
+    it('invokes createAccessPolicy without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+      );
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.createAccessPolicy =
+        stubLongRunningCall(expectedResponse);
+      const [operation] = await client.createAccessPolicy(request);
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+    });
+
+    it('invokes createAccessPolicy without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+      );
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.createAccessPolicy =
+        stubLongRunningCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.createAccessPolicy(
+          request,
+          (
+            err?: Error | null,
+            result?: LROperation<
+              protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+              protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+            > | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const operation = (await promise) as LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >;
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+    });
+
+    it('invokes createAccessPolicy with call error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+      );
+      const expectedError = new Error('expected');
+      client.innerApiCalls.createAccessPolicy = stubLongRunningCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(client.createAccessPolicy(request), expectedError);
+    });
+
+    it('invokes createAccessPolicy with LRO error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+      );
+      const expectedError = new Error('expected');
+      client.innerApiCalls.createAccessPolicy = stubLongRunningCall(
+        undefined,
+        undefined,
+        expectedError
+      );
+      const [operation] = await client.createAccessPolicy(request);
+      await assert.rejects(operation.promise(), expectedError);
+    });
+
+    it('invokes checkCreateAccessPolicyProgress without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      expectedResponse.name = 'test';
+      expectedResponse.response = {type_url: 'url', value: Buffer.from('')};
+      expectedResponse.metadata = {type_url: 'url', value: Buffer.from('')};
+
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const decodedOperation = await client.checkCreateAccessPolicyProgress(
+        expectedResponse.name
+      );
+      assert.deepStrictEqual(decodedOperation.name, expectedResponse.name);
+      assert(decodedOperation.metadata);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+
+    it('invokes checkCreateAccessPolicyProgress with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedError = new Error('expected');
+
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.checkCreateAccessPolicyProgress(''),
+        expectedError
+      );
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+  });
+
+  describe('updateAccessPolicy', () => {
+    it('invokes updateAccessPolicy without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest()
+      );
+      request.policy ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest',
+        ['policy', 'name']
+      );
+      request.policy.name = defaultValue1;
+      const expectedHeaderRequestParams = `policy.name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.updateAccessPolicy =
+        stubLongRunningCall(expectedResponse);
+      const [operation] = await client.updateAccessPolicy(request);
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.updateAccessPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateAccessPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes updateAccessPolicy without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest()
+      );
+      request.policy ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest',
+        ['policy', 'name']
+      );
+      request.policy.name = defaultValue1;
+      const expectedHeaderRequestParams = `policy.name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.updateAccessPolicy =
+        stubLongRunningCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.updateAccessPolicy(
+          request,
+          (
+            err?: Error | null,
+            result?: LROperation<
+              protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+              protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+            > | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const operation = (await promise) as LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessPolicy,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >;
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.updateAccessPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateAccessPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes updateAccessPolicy with call error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest()
+      );
+      request.policy ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest',
+        ['policy', 'name']
+      );
+      request.policy.name = defaultValue1;
+      const expectedHeaderRequestParams = `policy.name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.updateAccessPolicy = stubLongRunningCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(client.updateAccessPolicy(request), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.updateAccessPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateAccessPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes updateAccessPolicy with LRO error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest()
+      );
+      request.policy ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest',
+        ['policy', 'name']
+      );
+      request.policy.name = defaultValue1;
+      const expectedHeaderRequestParams = `policy.name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.updateAccessPolicy = stubLongRunningCall(
+        undefined,
+        undefined,
+        expectedError
+      );
+      const [operation] = await client.updateAccessPolicy(request);
+      await assert.rejects(operation.promise(), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.updateAccessPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateAccessPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes checkUpdateAccessPolicyProgress without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      expectedResponse.name = 'test';
+      expectedResponse.response = {type_url: 'url', value: Buffer.from('')};
+      expectedResponse.metadata = {type_url: 'url', value: Buffer.from('')};
+
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const decodedOperation = await client.checkUpdateAccessPolicyProgress(
+        expectedResponse.name
+      );
+      assert.deepStrictEqual(decodedOperation.name, expectedResponse.name);
+      assert(decodedOperation.metadata);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+
+    it('invokes checkUpdateAccessPolicyProgress with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedError = new Error('expected');
+
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.checkUpdateAccessPolicyProgress(''),
+        expectedError
+      );
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+  });
+
+  describe('deleteAccessPolicy', () => {
+    it('invokes deleteAccessPolicy without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.deleteAccessPolicy =
+        stubLongRunningCall(expectedResponse);
+      const [operation] = await client.deleteAccessPolicy(request);
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.deleteAccessPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteAccessPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes deleteAccessPolicy without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.deleteAccessPolicy =
+        stubLongRunningCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.deleteAccessPolicy(
+          request,
+          (
+            err?: Error | null,
+            result?: LROperation<
+              protos.google.protobuf.IEmpty,
+              protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+            > | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const operation = (await promise) as LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >;
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.deleteAccessPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteAccessPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes deleteAccessPolicy with call error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.deleteAccessPolicy = stubLongRunningCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(client.deleteAccessPolicy(request), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.deleteAccessPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteAccessPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes deleteAccessPolicy with LRO error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.deleteAccessPolicy = stubLongRunningCall(
+        undefined,
+        undefined,
+        expectedError
+      );
+      const [operation] = await client.deleteAccessPolicy(request);
+      await assert.rejects(operation.promise(), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.deleteAccessPolicy as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteAccessPolicy as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes checkDeleteAccessPolicyProgress without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      expectedResponse.name = 'test';
+      expectedResponse.response = {type_url: 'url', value: Buffer.from('')};
+      expectedResponse.metadata = {type_url: 'url', value: Buffer.from('')};
+
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const decodedOperation = await client.checkDeleteAccessPolicyProgress(
+        expectedResponse.name
+      );
+      assert.deepStrictEqual(decodedOperation.name, expectedResponse.name);
+      assert(decodedOperation.metadata);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+
+    it('invokes checkDeleteAccessPolicyProgress with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedError = new Error('expected');
+
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.checkDeleteAccessPolicyProgress(''),
+        expectedError
+      );
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+  });
+
+  describe('createAccessLevel', () => {
+    it('invokes createAccessLevel without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CreateAccessLevelRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CreateAccessLevelRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.createAccessLevel =
+        stubLongRunningCall(expectedResponse);
+      const [operation] = await client.createAccessLevel(request);
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.createAccessLevel as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.createAccessLevel as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes createAccessLevel without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CreateAccessLevelRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CreateAccessLevelRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.createAccessLevel =
+        stubLongRunningCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.createAccessLevel(
+          request,
+          (
+            err?: Error | null,
+            result?: LROperation<
+              protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+              protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+            > | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const operation = (await promise) as LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >;
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.createAccessLevel as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.createAccessLevel as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes createAccessLevel with call error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CreateAccessLevelRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CreateAccessLevelRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.createAccessLevel = stubLongRunningCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(client.createAccessLevel(request), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.createAccessLevel as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.createAccessLevel as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes createAccessLevel with LRO error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CreateAccessLevelRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CreateAccessLevelRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.createAccessLevel = stubLongRunningCall(
+        undefined,
+        undefined,
+        expectedError
+      );
+      const [operation] = await client.createAccessLevel(request);
+      await assert.rejects(operation.promise(), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.createAccessLevel as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.createAccessLevel as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes checkCreateAccessLevelProgress without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      expectedResponse.name = 'test';
+      expectedResponse.response = {type_url: 'url', value: Buffer.from('')};
+      expectedResponse.metadata = {type_url: 'url', value: Buffer.from('')};
+
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const decodedOperation = await client.checkCreateAccessLevelProgress(
+        expectedResponse.name
+      );
+      assert.deepStrictEqual(decodedOperation.name, expectedResponse.name);
+      assert(decodedOperation.metadata);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+
+    it('invokes checkCreateAccessLevelProgress with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedError = new Error('expected');
+
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.checkCreateAccessLevelProgress(''),
+        expectedError
+      );
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+  });
+
+  describe('updateAccessLevel', () => {
+    it('invokes updateAccessLevel without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest()
+      );
+      request.accessLevel ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest',
+        ['accessLevel', 'name']
+      );
+      request.accessLevel.name = defaultValue1;
+      const expectedHeaderRequestParams = `access_level.name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.updateAccessLevel =
+        stubLongRunningCall(expectedResponse);
+      const [operation] = await client.updateAccessLevel(request);
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.updateAccessLevel as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateAccessLevel as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes updateAccessLevel without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest()
+      );
+      request.accessLevel ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest',
+        ['accessLevel', 'name']
+      );
+      request.accessLevel.name = defaultValue1;
+      const expectedHeaderRequestParams = `access_level.name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.updateAccessLevel =
+        stubLongRunningCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.updateAccessLevel(
+          request,
+          (
+            err?: Error | null,
+            result?: LROperation<
+              protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+              protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+            > | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const operation = (await promise) as LROperation<
+        protos.google.identity.accesscontextmanager.v1.IAccessLevel,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >;
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.updateAccessLevel as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateAccessLevel as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes updateAccessLevel with call error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest()
+      );
+      request.accessLevel ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest',
+        ['accessLevel', 'name']
+      );
+      request.accessLevel.name = defaultValue1;
+      const expectedHeaderRequestParams = `access_level.name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.updateAccessLevel = stubLongRunningCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(client.updateAccessLevel(request), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.updateAccessLevel as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateAccessLevel as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes updateAccessLevel with LRO error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest()
+      );
+      request.accessLevel ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest',
+        ['accessLevel', 'name']
+      );
+      request.accessLevel.name = defaultValue1;
+      const expectedHeaderRequestParams = `access_level.name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.updateAccessLevel = stubLongRunningCall(
+        undefined,
+        undefined,
+        expectedError
+      );
+      const [operation] = await client.updateAccessLevel(request);
+      await assert.rejects(operation.promise(), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.updateAccessLevel as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateAccessLevel as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes checkUpdateAccessLevelProgress without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      expectedResponse.name = 'test';
+      expectedResponse.response = {type_url: 'url', value: Buffer.from('')};
+      expectedResponse.metadata = {type_url: 'url', value: Buffer.from('')};
+
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const decodedOperation = await client.checkUpdateAccessLevelProgress(
+        expectedResponse.name
+      );
+      assert.deepStrictEqual(decodedOperation.name, expectedResponse.name);
+      assert(decodedOperation.metadata);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+
+    it('invokes checkUpdateAccessLevelProgress with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedError = new Error('expected');
+
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.checkUpdateAccessLevelProgress(''),
+        expectedError
+      );
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+  });
+
+  describe('deleteAccessLevel', () => {
+    it('invokes deleteAccessLevel without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.deleteAccessLevel =
+        stubLongRunningCall(expectedResponse);
+      const [operation] = await client.deleteAccessLevel(request);
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.deleteAccessLevel as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteAccessLevel as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes deleteAccessLevel without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.deleteAccessLevel =
+        stubLongRunningCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.deleteAccessLevel(
+          request,
+          (
+            err?: Error | null,
+            result?: LROperation<
+              protos.google.protobuf.IEmpty,
+              protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+            > | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const operation = (await promise) as LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >;
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.deleteAccessLevel as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteAccessLevel as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes deleteAccessLevel with call error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.deleteAccessLevel = stubLongRunningCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(client.deleteAccessLevel(request), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.deleteAccessLevel as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteAccessLevel as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes deleteAccessLevel with LRO error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.deleteAccessLevel = stubLongRunningCall(
+        undefined,
+        undefined,
+        expectedError
+      );
+      const [operation] = await client.deleteAccessLevel(request);
+      await assert.rejects(operation.promise(), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.deleteAccessLevel as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteAccessLevel as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes checkDeleteAccessLevelProgress without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      expectedResponse.name = 'test';
+      expectedResponse.response = {type_url: 'url', value: Buffer.from('')};
+      expectedResponse.metadata = {type_url: 'url', value: Buffer.from('')};
+
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const decodedOperation = await client.checkDeleteAccessLevelProgress(
+        expectedResponse.name
+      );
+      assert.deepStrictEqual(decodedOperation.name, expectedResponse.name);
+      assert(decodedOperation.metadata);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+
+    it('invokes checkDeleteAccessLevelProgress with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedError = new Error('expected');
+
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.checkDeleteAccessLevelProgress(''),
+        expectedError
+      );
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+  });
+
+  describe('replaceAccessLevels', () => {
+    it('invokes replaceAccessLevels without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.replaceAccessLevels =
+        stubLongRunningCall(expectedResponse);
+      const [operation] = await client.replaceAccessLevels(request);
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.replaceAccessLevels as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.replaceAccessLevels as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes replaceAccessLevels without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.replaceAccessLevels =
+        stubLongRunningCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.replaceAccessLevels(
+          request,
+          (
+            err?: Error | null,
+            result?: LROperation<
+              protos.google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse,
+              protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+            > | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const operation = (await promise) as LROperation<
+        protos.google.identity.accesscontextmanager.v1.IReplaceAccessLevelsResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >;
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.replaceAccessLevels as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.replaceAccessLevels as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes replaceAccessLevels with call error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.replaceAccessLevels = stubLongRunningCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(client.replaceAccessLevels(request), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.replaceAccessLevels as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.replaceAccessLevels as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes replaceAccessLevels with LRO error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.replaceAccessLevels = stubLongRunningCall(
+        undefined,
+        undefined,
+        expectedError
+      );
+      const [operation] = await client.replaceAccessLevels(request);
+      await assert.rejects(operation.promise(), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.replaceAccessLevels as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.replaceAccessLevels as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes checkReplaceAccessLevelsProgress without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      expectedResponse.name = 'test';
+      expectedResponse.response = {type_url: 'url', value: Buffer.from('')};
+      expectedResponse.metadata = {type_url: 'url', value: Buffer.from('')};
+
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const decodedOperation = await client.checkReplaceAccessLevelsProgress(
+        expectedResponse.name
+      );
+      assert.deepStrictEqual(decodedOperation.name, expectedResponse.name);
+      assert(decodedOperation.metadata);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+
+    it('invokes checkReplaceAccessLevelsProgress with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedError = new Error('expected');
+
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.checkReplaceAccessLevelsProgress(''),
+        expectedError
+      );
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+  });
+
+  describe('createServicePerimeter', () => {
+    it('invokes createServicePerimeter without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.createServicePerimeter =
+        stubLongRunningCall(expectedResponse);
+      const [operation] = await client.createServicePerimeter(request);
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.createServicePerimeter as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.createServicePerimeter as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes createServicePerimeter without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.createServicePerimeter =
+        stubLongRunningCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.createServicePerimeter(
+          request,
+          (
+            err?: Error | null,
+            result?: LROperation<
+              protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+              protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+            > | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const operation = (await promise) as LROperation<
+        protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >;
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.createServicePerimeter as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.createServicePerimeter as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes createServicePerimeter with call error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.createServicePerimeter = stubLongRunningCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.createServicePerimeter(request),
+        expectedError
+      );
+      const actualRequest = (
+        client.innerApiCalls.createServicePerimeter as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.createServicePerimeter as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes createServicePerimeter with LRO error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.createServicePerimeter = stubLongRunningCall(
+        undefined,
+        undefined,
+        expectedError
+      );
+      const [operation] = await client.createServicePerimeter(request);
+      await assert.rejects(operation.promise(), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.createServicePerimeter as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.createServicePerimeter as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes checkCreateServicePerimeterProgress without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      expectedResponse.name = 'test';
+      expectedResponse.response = {type_url: 'url', value: Buffer.from('')};
+      expectedResponse.metadata = {type_url: 'url', value: Buffer.from('')};
+
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const decodedOperation = await client.checkCreateServicePerimeterProgress(
+        expectedResponse.name
+      );
+      assert.deepStrictEqual(decodedOperation.name, expectedResponse.name);
+      assert(decodedOperation.metadata);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+
+    it('invokes checkCreateServicePerimeterProgress with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedError = new Error('expected');
+
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.checkCreateServicePerimeterProgress(''),
+        expectedError
+      );
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+  });
+
+  describe('updateServicePerimeter', () => {
+    it('invokes updateServicePerimeter without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest()
+      );
+      request.servicePerimeter ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest',
+        ['servicePerimeter', 'name']
+      );
+      request.servicePerimeter.name = defaultValue1;
+      const expectedHeaderRequestParams = `service_perimeter.name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.updateServicePerimeter =
+        stubLongRunningCall(expectedResponse);
+      const [operation] = await client.updateServicePerimeter(request);
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.updateServicePerimeter as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateServicePerimeter as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes updateServicePerimeter without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest()
+      );
+      request.servicePerimeter ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest',
+        ['servicePerimeter', 'name']
+      );
+      request.servicePerimeter.name = defaultValue1;
+      const expectedHeaderRequestParams = `service_perimeter.name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.updateServicePerimeter =
+        stubLongRunningCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.updateServicePerimeter(
+          request,
+          (
+            err?: Error | null,
+            result?: LROperation<
+              protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+              protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+            > | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const operation = (await promise) as LROperation<
+        protos.google.identity.accesscontextmanager.v1.IServicePerimeter,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >;
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.updateServicePerimeter as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateServicePerimeter as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes updateServicePerimeter with call error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest()
+      );
+      request.servicePerimeter ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest',
+        ['servicePerimeter', 'name']
+      );
+      request.servicePerimeter.name = defaultValue1;
+      const expectedHeaderRequestParams = `service_perimeter.name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.updateServicePerimeter = stubLongRunningCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.updateServicePerimeter(request),
+        expectedError
+      );
+      const actualRequest = (
+        client.innerApiCalls.updateServicePerimeter as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateServicePerimeter as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes updateServicePerimeter with LRO error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest()
+      );
+      request.servicePerimeter ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest',
+        ['servicePerimeter', 'name']
+      );
+      request.servicePerimeter.name = defaultValue1;
+      const expectedHeaderRequestParams = `service_perimeter.name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.updateServicePerimeter = stubLongRunningCall(
+        undefined,
+        undefined,
+        expectedError
+      );
+      const [operation] = await client.updateServicePerimeter(request);
+      await assert.rejects(operation.promise(), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.updateServicePerimeter as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateServicePerimeter as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes checkUpdateServicePerimeterProgress without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      expectedResponse.name = 'test';
+      expectedResponse.response = {type_url: 'url', value: Buffer.from('')};
+      expectedResponse.metadata = {type_url: 'url', value: Buffer.from('')};
+
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const decodedOperation = await client.checkUpdateServicePerimeterProgress(
+        expectedResponse.name
+      );
+      assert.deepStrictEqual(decodedOperation.name, expectedResponse.name);
+      assert(decodedOperation.metadata);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+
+    it('invokes checkUpdateServicePerimeterProgress with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedError = new Error('expected');
+
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.checkUpdateServicePerimeterProgress(''),
+        expectedError
+      );
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+  });
+
+  describe('deleteServicePerimeter', () => {
+    it('invokes deleteServicePerimeter without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.deleteServicePerimeter =
+        stubLongRunningCall(expectedResponse);
+      const [operation] = await client.deleteServicePerimeter(request);
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.deleteServicePerimeter as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteServicePerimeter as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes deleteServicePerimeter without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.deleteServicePerimeter =
+        stubLongRunningCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.deleteServicePerimeter(
+          request,
+          (
+            err?: Error | null,
+            result?: LROperation<
+              protos.google.protobuf.IEmpty,
+              protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+            > | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const operation = (await promise) as LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >;
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.deleteServicePerimeter as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteServicePerimeter as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes deleteServicePerimeter with call error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.deleteServicePerimeter = stubLongRunningCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.deleteServicePerimeter(request),
+        expectedError
+      );
+      const actualRequest = (
+        client.innerApiCalls.deleteServicePerimeter as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteServicePerimeter as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes deleteServicePerimeter with LRO error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.deleteServicePerimeter = stubLongRunningCall(
+        undefined,
+        undefined,
+        expectedError
+      );
+      const [operation] = await client.deleteServicePerimeter(request);
+      await assert.rejects(operation.promise(), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.deleteServicePerimeter as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteServicePerimeter as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes checkDeleteServicePerimeterProgress without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      expectedResponse.name = 'test';
+      expectedResponse.response = {type_url: 'url', value: Buffer.from('')};
+      expectedResponse.metadata = {type_url: 'url', value: Buffer.from('')};
+
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const decodedOperation = await client.checkDeleteServicePerimeterProgress(
+        expectedResponse.name
+      );
+      assert.deepStrictEqual(decodedOperation.name, expectedResponse.name);
+      assert(decodedOperation.metadata);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+
+    it('invokes checkDeleteServicePerimeterProgress with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedError = new Error('expected');
+
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.checkDeleteServicePerimeterProgress(''),
+        expectedError
+      );
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+  });
+
+  describe('replaceServicePerimeters', () => {
+    it('invokes replaceServicePerimeters without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.replaceServicePerimeters =
+        stubLongRunningCall(expectedResponse);
+      const [operation] = await client.replaceServicePerimeters(request);
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.replaceServicePerimeters as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.replaceServicePerimeters as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes replaceServicePerimeters without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.replaceServicePerimeters =
+        stubLongRunningCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.replaceServicePerimeters(
+          request,
+          (
+            err?: Error | null,
+            result?: LROperation<
+              protos.google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse,
+              protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+            > | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const operation = (await promise) as LROperation<
+        protos.google.identity.accesscontextmanager.v1.IReplaceServicePerimetersResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >;
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.replaceServicePerimeters as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.replaceServicePerimeters as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes replaceServicePerimeters with call error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.replaceServicePerimeters = stubLongRunningCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.replaceServicePerimeters(request),
+        expectedError
+      );
+      const actualRequest = (
+        client.innerApiCalls.replaceServicePerimeters as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.replaceServicePerimeters as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes replaceServicePerimeters with LRO error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.replaceServicePerimeters = stubLongRunningCall(
+        undefined,
+        undefined,
+        expectedError
+      );
+      const [operation] = await client.replaceServicePerimeters(request);
+      await assert.rejects(operation.promise(), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.replaceServicePerimeters as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.replaceServicePerimeters as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes checkReplaceServicePerimetersProgress without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      expectedResponse.name = 'test';
+      expectedResponse.response = {type_url: 'url', value: Buffer.from('')};
+      expectedResponse.metadata = {type_url: 'url', value: Buffer.from('')};
+
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const decodedOperation =
+        await client.checkReplaceServicePerimetersProgress(
+          expectedResponse.name
+        );
+      assert.deepStrictEqual(decodedOperation.name, expectedResponse.name);
+      assert(decodedOperation.metadata);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+
+    it('invokes checkReplaceServicePerimetersProgress with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedError = new Error('expected');
+
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.checkReplaceServicePerimetersProgress(''),
+        expectedError
+      );
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+  });
+
+  describe('commitServicePerimeters', () => {
+    it('invokes commitServicePerimeters without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.commitServicePerimeters =
+        stubLongRunningCall(expectedResponse);
+      const [operation] = await client.commitServicePerimeters(request);
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.commitServicePerimeters as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.commitServicePerimeters as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes commitServicePerimeters without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.commitServicePerimeters =
+        stubLongRunningCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.commitServicePerimeters(
+          request,
+          (
+            err?: Error | null,
+            result?: LROperation<
+              protos.google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse,
+              protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+            > | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const operation = (await promise) as LROperation<
+        protos.google.identity.accesscontextmanager.v1.ICommitServicePerimetersResponse,
+        protos.google.identity.accesscontextmanager.v1.IAccessContextManagerOperationMetadata
+      >;
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.commitServicePerimeters as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.commitServicePerimeters as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes commitServicePerimeters with call error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.commitServicePerimeters = stubLongRunningCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.commitServicePerimeters(request),
+        expectedError
+      );
+      const actualRequest = (
+        client.innerApiCalls.commitServicePerimeters as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.commitServicePerimeters as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes commitServicePerimeters with LRO error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.commitServicePerimeters = stubLongRunningCall(
+        undefined,
+        undefined,
+        expectedError
+      );
+      const [operation] = await client.commitServicePerimeters(request);
+      await assert.rejects(operation.promise(), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.commitServicePerimeters as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.commitServicePerimeters as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes checkCommitServicePerimetersProgress without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      expectedResponse.name = 'test';
+      expectedResponse.response = {type_url: 'url', value: Buffer.from('')};
+      expectedResponse.metadata = {type_url: 'url', value: Buffer.from('')};
+
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const decodedOperation =
+        await client.checkCommitServicePerimetersProgress(
+          expectedResponse.name
+        );
+      assert.deepStrictEqual(decodedOperation.name, expectedResponse.name);
+      assert(decodedOperation.metadata);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+
+    it('invokes checkCommitServicePerimetersProgress with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedError = new Error('expected');
+
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.checkCommitServicePerimetersProgress(''),
+        expectedError
+      );
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+  });
+
+  describe('createGcpUserAccessBinding', () => {
+    it('invokes createGcpUserAccessBinding without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.createGcpUserAccessBinding =
+        stubLongRunningCall(expectedResponse);
+      const [operation] = await client.createGcpUserAccessBinding(request);
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.createGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.createGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes createGcpUserAccessBinding without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.createGcpUserAccessBinding =
+        stubLongRunningCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.createGcpUserAccessBinding(
+          request,
+          (
+            err?: Error | null,
+            result?: LROperation<
+              protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+              protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+            > | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const operation = (await promise) as LROperation<
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >;
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.createGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.createGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes createGcpUserAccessBinding with call error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.createGcpUserAccessBinding = stubLongRunningCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.createGcpUserAccessBinding(request),
+        expectedError
+      );
+      const actualRequest = (
+        client.innerApiCalls.createGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.createGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes createGcpUserAccessBinding with LRO error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.createGcpUserAccessBinding = stubLongRunningCall(
+        undefined,
+        undefined,
+        expectedError
+      );
+      const [operation] = await client.createGcpUserAccessBinding(request);
+      await assert.rejects(operation.promise(), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.createGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.createGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes checkCreateGcpUserAccessBindingProgress without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      expectedResponse.name = 'test';
+      expectedResponse.response = {type_url: 'url', value: Buffer.from('')};
+      expectedResponse.metadata = {type_url: 'url', value: Buffer.from('')};
+
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const decodedOperation =
+        await client.checkCreateGcpUserAccessBindingProgress(
+          expectedResponse.name
+        );
+      assert.deepStrictEqual(decodedOperation.name, expectedResponse.name);
+      assert(decodedOperation.metadata);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+
+    it('invokes checkCreateGcpUserAccessBindingProgress with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedError = new Error('expected');
+
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.checkCreateGcpUserAccessBindingProgress(''),
+        expectedError
+      );
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+  });
+
+  describe('updateGcpUserAccessBinding', () => {
+    it('invokes updateGcpUserAccessBinding without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest()
+      );
+      request.gcpUserAccessBinding ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest',
+        ['gcpUserAccessBinding', 'name']
+      );
+      request.gcpUserAccessBinding.name = defaultValue1;
+      const expectedHeaderRequestParams = `gcp_user_access_binding.name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.updateGcpUserAccessBinding =
+        stubLongRunningCall(expectedResponse);
+      const [operation] = await client.updateGcpUserAccessBinding(request);
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.updateGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes updateGcpUserAccessBinding without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest()
+      );
+      request.gcpUserAccessBinding ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest',
+        ['gcpUserAccessBinding', 'name']
+      );
+      request.gcpUserAccessBinding.name = defaultValue1;
+      const expectedHeaderRequestParams = `gcp_user_access_binding.name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.updateGcpUserAccessBinding =
+        stubLongRunningCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.updateGcpUserAccessBinding(
+          request,
+          (
+            err?: Error | null,
+            result?: LROperation<
+              protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+              protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+            > | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const operation = (await promise) as LROperation<
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >;
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.updateGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes updateGcpUserAccessBinding with call error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest()
+      );
+      request.gcpUserAccessBinding ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest',
+        ['gcpUserAccessBinding', 'name']
+      );
+      request.gcpUserAccessBinding.name = defaultValue1;
+      const expectedHeaderRequestParams = `gcp_user_access_binding.name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.updateGcpUserAccessBinding = stubLongRunningCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.updateGcpUserAccessBinding(request),
+        expectedError
+      );
+      const actualRequest = (
+        client.innerApiCalls.updateGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes updateGcpUserAccessBinding with LRO error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest()
+      );
+      request.gcpUserAccessBinding ??= {};
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest',
+        ['gcpUserAccessBinding', 'name']
+      );
+      request.gcpUserAccessBinding.name = defaultValue1;
+      const expectedHeaderRequestParams = `gcp_user_access_binding.name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.updateGcpUserAccessBinding = stubLongRunningCall(
+        undefined,
+        undefined,
+        expectedError
+      );
+      const [operation] = await client.updateGcpUserAccessBinding(request);
+      await assert.rejects(operation.promise(), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.updateGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.updateGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes checkUpdateGcpUserAccessBindingProgress without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      expectedResponse.name = 'test';
+      expectedResponse.response = {type_url: 'url', value: Buffer.from('')};
+      expectedResponse.metadata = {type_url: 'url', value: Buffer.from('')};
+
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const decodedOperation =
+        await client.checkUpdateGcpUserAccessBindingProgress(
+          expectedResponse.name
+        );
+      assert.deepStrictEqual(decodedOperation.name, expectedResponse.name);
+      assert(decodedOperation.metadata);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+
+    it('invokes checkUpdateGcpUserAccessBindingProgress with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedError = new Error('expected');
+
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.checkUpdateGcpUserAccessBindingProgress(''),
+        expectedError
+      );
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+  });
+
+  describe('deleteGcpUserAccessBinding', () => {
+    it('invokes deleteGcpUserAccessBinding without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.deleteGcpUserAccessBinding =
+        stubLongRunningCall(expectedResponse);
+      const [operation] = await client.deleteGcpUserAccessBinding(request);
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.deleteGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes deleteGcpUserAccessBinding without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedResponse = generateSampleMessage(
+        new protos.google.longrunning.Operation()
+      );
+      client.innerApiCalls.deleteGcpUserAccessBinding =
+        stubLongRunningCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.deleteGcpUserAccessBinding(
+          request,
+          (
+            err?: Error | null,
+            result?: LROperation<
+              protos.google.protobuf.IEmpty,
+              protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+            > | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const operation = (await promise) as LROperation<
+        protos.google.protobuf.IEmpty,
+        protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBindingOperationMetadata
+      >;
+      const [response] = await operation.promise();
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.deleteGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes deleteGcpUserAccessBinding with call error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.deleteGcpUserAccessBinding = stubLongRunningCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.deleteGcpUserAccessBinding(request),
+        expectedError
+      );
+      const actualRequest = (
+        client.innerApiCalls.deleteGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes deleteGcpUserAccessBinding with LRO error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest',
+        ['name']
+      );
+      request.name = defaultValue1;
+      const expectedHeaderRequestParams = `name=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.deleteGcpUserAccessBinding = stubLongRunningCall(
+        undefined,
+        undefined,
+        expectedError
+      );
+      const [operation] = await client.deleteGcpUserAccessBinding(request);
+      await assert.rejects(operation.promise(), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.deleteGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.deleteGcpUserAccessBinding as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes checkDeleteGcpUserAccessBindingProgress without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      expectedResponse.name = 'test';
+      expectedResponse.response = {type_url: 'url', value: Buffer.from('')};
+      expectedResponse.metadata = {type_url: 'url', value: Buffer.from('')};
+
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const decodedOperation =
+        await client.checkDeleteGcpUserAccessBindingProgress(
+          expectedResponse.name
+        );
+      assert.deepStrictEqual(decodedOperation.name, expectedResponse.name);
+      assert(decodedOperation.metadata);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+
+    it('invokes checkDeleteGcpUserAccessBindingProgress with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const expectedError = new Error('expected');
+
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.checkDeleteGcpUserAccessBindingProgress(''),
+        expectedError
+      );
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+  });
+
+  describe('listAccessPolicies', () => {
+    it('invokes listAccessPolicies without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest()
+      );
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+        ),
+      ];
+      client.innerApiCalls.listAccessPolicies =
+        stubSimpleCall(expectedResponse);
+      const [response] = await client.listAccessPolicies(request);
+      assert.deepStrictEqual(response, expectedResponse);
+    });
+
+    it('invokes listAccessPolicies without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest()
+      );
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+        ),
+      ];
+      client.innerApiCalls.listAccessPolicies =
+        stubSimpleCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.listAccessPolicies(
+          request,
+          (
+            err?: Error | null,
+            result?:
+              | protos.google.identity.accesscontextmanager.v1.IAccessPolicy[]
+              | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const response = await promise;
+      assert.deepStrictEqual(response, expectedResponse);
+    });
+
+    it('invokes listAccessPolicies with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest()
+      );
+      const expectedError = new Error('expected');
+      client.innerApiCalls.listAccessPolicies = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(client.listAccessPolicies(request), expectedError);
+    });
+
+    it('invokes listAccessPoliciesStream without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest()
+      );
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+        ),
+      ];
+      client.descriptors.page.listAccessPolicies.createStream =
+        stubPageStreamingCall(expectedResponse);
+      const stream = client.listAccessPoliciesStream(request);
+      const promise = new Promise((resolve, reject) => {
+        const responses: protos.google.identity.accesscontextmanager.v1.AccessPolicy[] =
+          [];
+        stream.on(
+          'data',
+          (
+            response: protos.google.identity.accesscontextmanager.v1.AccessPolicy
+          ) => {
+            responses.push(response);
+          }
+        );
+        stream.on('end', () => {
+          resolve(responses);
+        });
+        stream.on('error', (err: Error) => {
+          reject(err);
+        });
+      });
+      const responses = await promise;
+      assert.deepStrictEqual(responses, expectedResponse);
+      assert(
+        (client.descriptors.page.listAccessPolicies.createStream as SinonStub)
+          .getCall(0)
+          .calledWith(client.innerApiCalls.listAccessPolicies, request)
+      );
+    });
+
+    it('invokes listAccessPoliciesStream with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest()
+      );
+      const expectedError = new Error('expected');
+      client.descriptors.page.listAccessPolicies.createStream =
+        stubPageStreamingCall(undefined, expectedError);
+      const stream = client.listAccessPoliciesStream(request);
+      const promise = new Promise((resolve, reject) => {
+        const responses: protos.google.identity.accesscontextmanager.v1.AccessPolicy[] =
+          [];
+        stream.on(
+          'data',
+          (
+            response: protos.google.identity.accesscontextmanager.v1.AccessPolicy
+          ) => {
+            responses.push(response);
+          }
+        );
+        stream.on('end', () => {
+          resolve(responses);
+        });
+        stream.on('error', (err: Error) => {
+          reject(err);
+        });
+      });
+      await assert.rejects(promise, expectedError);
+      assert(
+        (client.descriptors.page.listAccessPolicies.createStream as SinonStub)
+          .getCall(0)
+          .calledWith(client.innerApiCalls.listAccessPolicies, request)
+      );
+    });
+
+    it('uses async iteration with listAccessPolicies without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest()
+      );
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessPolicy()
+        ),
+      ];
+      client.descriptors.page.listAccessPolicies.asyncIterate =
+        stubAsyncIterationCall(expectedResponse);
+      const responses: protos.google.identity.accesscontextmanager.v1.IAccessPolicy[] =
+        [];
+      const iterable = client.listAccessPoliciesAsync(request);
+      for await (const resource of iterable) {
+        responses.push(resource!);
+      }
+      assert.deepStrictEqual(responses, expectedResponse);
+      assert.deepStrictEqual(
+        (
+          client.descriptors.page.listAccessPolicies.asyncIterate as SinonStub
+        ).getCall(0).args[1],
+        request
+      );
+    });
+
+    it('uses async iteration with listAccessPolicies with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest()
+      );
+      const expectedError = new Error('expected');
+      client.descriptors.page.listAccessPolicies.asyncIterate =
+        stubAsyncIterationCall(undefined, expectedError);
+      const iterable = client.listAccessPoliciesAsync(request);
+      await assert.rejects(async () => {
+        const responses: protos.google.identity.accesscontextmanager.v1.IAccessPolicy[] =
+          [];
+        for await (const resource of iterable) {
+          responses.push(resource!);
+        }
+      });
+      assert.deepStrictEqual(
+        (
+          client.descriptors.page.listAccessPolicies.asyncIterate as SinonStub
+        ).getCall(0).args[1],
+        request
+      );
+    });
+  });
+
+  describe('listAccessLevels', () => {
+    it('invokes listAccessLevels without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessLevel()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessLevel()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessLevel()
+        ),
+      ];
+      client.innerApiCalls.listAccessLevels = stubSimpleCall(expectedResponse);
+      const [response] = await client.listAccessLevels(request);
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.listAccessLevels as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.listAccessLevels as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes listAccessLevels without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessLevel()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessLevel()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessLevel()
+        ),
+      ];
+      client.innerApiCalls.listAccessLevels =
+        stubSimpleCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.listAccessLevels(
+          request,
+          (
+            err?: Error | null,
+            result?:
+              | protos.google.identity.accesscontextmanager.v1.IAccessLevel[]
+              | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const response = await promise;
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.listAccessLevels as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.listAccessLevels as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes listAccessLevels with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.listAccessLevels = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(client.listAccessLevels(request), expectedError);
+      const actualRequest = (
+        client.innerApiCalls.listAccessLevels as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.listAccessLevels as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes listAccessLevelsStream without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessLevel()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessLevel()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessLevel()
+        ),
+      ];
+      client.descriptors.page.listAccessLevels.createStream =
+        stubPageStreamingCall(expectedResponse);
+      const stream = client.listAccessLevelsStream(request);
+      const promise = new Promise((resolve, reject) => {
+        const responses: protos.google.identity.accesscontextmanager.v1.AccessLevel[] =
+          [];
+        stream.on(
+          'data',
+          (
+            response: protos.google.identity.accesscontextmanager.v1.AccessLevel
+          ) => {
+            responses.push(response);
+          }
+        );
+        stream.on('end', () => {
+          resolve(responses);
+        });
+        stream.on('error', (err: Error) => {
+          reject(err);
+        });
+      });
+      const responses = await promise;
+      assert.deepStrictEqual(responses, expectedResponse);
+      assert(
+        (client.descriptors.page.listAccessLevels.createStream as SinonStub)
+          .getCall(0)
+          .calledWith(client.innerApiCalls.listAccessLevels, request)
+      );
+      assert(
+        (client.descriptors.page.listAccessLevels.createStream as SinonStub)
+          .getCall(0)
+          .args[2].otherArgs.headers['x-goog-request-params'].includes(
+            expectedHeaderRequestParams
+          )
+      );
+    });
+
+    it('invokes listAccessLevelsStream with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.descriptors.page.listAccessLevels.createStream =
+        stubPageStreamingCall(undefined, expectedError);
+      const stream = client.listAccessLevelsStream(request);
+      const promise = new Promise((resolve, reject) => {
+        const responses: protos.google.identity.accesscontextmanager.v1.AccessLevel[] =
+          [];
+        stream.on(
+          'data',
+          (
+            response: protos.google.identity.accesscontextmanager.v1.AccessLevel
+          ) => {
+            responses.push(response);
+          }
+        );
+        stream.on('end', () => {
+          resolve(responses);
+        });
+        stream.on('error', (err: Error) => {
+          reject(err);
+        });
+      });
+      await assert.rejects(promise, expectedError);
+      assert(
+        (client.descriptors.page.listAccessLevels.createStream as SinonStub)
+          .getCall(0)
+          .calledWith(client.innerApiCalls.listAccessLevels, request)
+      );
+      assert(
+        (client.descriptors.page.listAccessLevels.createStream as SinonStub)
+          .getCall(0)
+          .args[2].otherArgs.headers['x-goog-request-params'].includes(
+            expectedHeaderRequestParams
+          )
+      );
+    });
+
+    it('uses async iteration with listAccessLevels without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessLevel()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessLevel()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.AccessLevel()
+        ),
+      ];
+      client.descriptors.page.listAccessLevels.asyncIterate =
+        stubAsyncIterationCall(expectedResponse);
+      const responses: protos.google.identity.accesscontextmanager.v1.IAccessLevel[] =
+        [];
+      const iterable = client.listAccessLevelsAsync(request);
+      for await (const resource of iterable) {
+        responses.push(resource!);
+      }
+      assert.deepStrictEqual(responses, expectedResponse);
+      assert.deepStrictEqual(
+        (
+          client.descriptors.page.listAccessLevels.asyncIterate as SinonStub
+        ).getCall(0).args[1],
+        request
+      );
+      assert(
+        (client.descriptors.page.listAccessLevels.asyncIterate as SinonStub)
+          .getCall(0)
+          .args[2].otherArgs.headers['x-goog-request-params'].includes(
+            expectedHeaderRequestParams
+          )
+      );
+    });
+
+    it('uses async iteration with listAccessLevels with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.descriptors.page.listAccessLevels.asyncIterate =
+        stubAsyncIterationCall(undefined, expectedError);
+      const iterable = client.listAccessLevelsAsync(request);
+      await assert.rejects(async () => {
+        const responses: protos.google.identity.accesscontextmanager.v1.IAccessLevel[] =
+          [];
+        for await (const resource of iterable) {
+          responses.push(resource!);
+        }
+      });
+      assert.deepStrictEqual(
+        (
+          client.descriptors.page.listAccessLevels.asyncIterate as SinonStub
+        ).getCall(0).args[1],
+        request
+      );
+      assert(
+        (client.descriptors.page.listAccessLevels.asyncIterate as SinonStub)
+          .getCall(0)
+          .args[2].otherArgs.headers['x-goog-request-params'].includes(
+            expectedHeaderRequestParams
+          )
+      );
+    });
+  });
+
+  describe('listServicePerimeters', () => {
+    it('invokes listServicePerimeters without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.ServicePerimeter()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.ServicePerimeter()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.ServicePerimeter()
+        ),
+      ];
+      client.innerApiCalls.listServicePerimeters =
+        stubSimpleCall(expectedResponse);
+      const [response] = await client.listServicePerimeters(request);
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.listServicePerimeters as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.listServicePerimeters as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes listServicePerimeters without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.ServicePerimeter()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.ServicePerimeter()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.ServicePerimeter()
+        ),
+      ];
+      client.innerApiCalls.listServicePerimeters =
+        stubSimpleCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.listServicePerimeters(
+          request,
+          (
+            err?: Error | null,
+            result?:
+              | protos.google.identity.accesscontextmanager.v1.IServicePerimeter[]
+              | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const response = await promise;
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.listServicePerimeters as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.listServicePerimeters as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes listServicePerimeters with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.listServicePerimeters = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.listServicePerimeters(request),
+        expectedError
+      );
+      const actualRequest = (
+        client.innerApiCalls.listServicePerimeters as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.listServicePerimeters as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes listServicePerimetersStream without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.ServicePerimeter()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.ServicePerimeter()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.ServicePerimeter()
+        ),
+      ];
+      client.descriptors.page.listServicePerimeters.createStream =
+        stubPageStreamingCall(expectedResponse);
+      const stream = client.listServicePerimetersStream(request);
+      const promise = new Promise((resolve, reject) => {
+        const responses: protos.google.identity.accesscontextmanager.v1.ServicePerimeter[] =
+          [];
+        stream.on(
+          'data',
+          (
+            response: protos.google.identity.accesscontextmanager.v1.ServicePerimeter
+          ) => {
+            responses.push(response);
+          }
+        );
+        stream.on('end', () => {
+          resolve(responses);
+        });
+        stream.on('error', (err: Error) => {
+          reject(err);
+        });
+      });
+      const responses = await promise;
+      assert.deepStrictEqual(responses, expectedResponse);
+      assert(
+        (
+          client.descriptors.page.listServicePerimeters
+            .createStream as SinonStub
+        )
+          .getCall(0)
+          .calledWith(client.innerApiCalls.listServicePerimeters, request)
+      );
+      assert(
+        (
+          client.descriptors.page.listServicePerimeters
+            .createStream as SinonStub
+        )
+          .getCall(0)
+          .args[2].otherArgs.headers['x-goog-request-params'].includes(
+            expectedHeaderRequestParams
+          )
+      );
+    });
+
+    it('invokes listServicePerimetersStream with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.descriptors.page.listServicePerimeters.createStream =
+        stubPageStreamingCall(undefined, expectedError);
+      const stream = client.listServicePerimetersStream(request);
+      const promise = new Promise((resolve, reject) => {
+        const responses: protos.google.identity.accesscontextmanager.v1.ServicePerimeter[] =
+          [];
+        stream.on(
+          'data',
+          (
+            response: protos.google.identity.accesscontextmanager.v1.ServicePerimeter
+          ) => {
+            responses.push(response);
+          }
+        );
+        stream.on('end', () => {
+          resolve(responses);
+        });
+        stream.on('error', (err: Error) => {
+          reject(err);
+        });
+      });
+      await assert.rejects(promise, expectedError);
+      assert(
+        (
+          client.descriptors.page.listServicePerimeters
+            .createStream as SinonStub
+        )
+          .getCall(0)
+          .calledWith(client.innerApiCalls.listServicePerimeters, request)
+      );
+      assert(
+        (
+          client.descriptors.page.listServicePerimeters
+            .createStream as SinonStub
+        )
+          .getCall(0)
+          .args[2].otherArgs.headers['x-goog-request-params'].includes(
+            expectedHeaderRequestParams
+          )
+      );
+    });
+
+    it('uses async iteration with listServicePerimeters without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.ServicePerimeter()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.ServicePerimeter()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.ServicePerimeter()
+        ),
+      ];
+      client.descriptors.page.listServicePerimeters.asyncIterate =
+        stubAsyncIterationCall(expectedResponse);
+      const responses: protos.google.identity.accesscontextmanager.v1.IServicePerimeter[] =
+        [];
+      const iterable = client.listServicePerimetersAsync(request);
+      for await (const resource of iterable) {
+        responses.push(resource!);
+      }
+      assert.deepStrictEqual(responses, expectedResponse);
+      assert.deepStrictEqual(
+        (
+          client.descriptors.page.listServicePerimeters
+            .asyncIterate as SinonStub
+        ).getCall(0).args[1],
+        request
+      );
+      assert(
+        (
+          client.descriptors.page.listServicePerimeters
+            .asyncIterate as SinonStub
+        )
+          .getCall(0)
+          .args[2].otherArgs.headers['x-goog-request-params'].includes(
+            expectedHeaderRequestParams
+          )
+      );
+    });
+
+    it('uses async iteration with listServicePerimeters with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.descriptors.page.listServicePerimeters.asyncIterate =
+        stubAsyncIterationCall(undefined, expectedError);
+      const iterable = client.listServicePerimetersAsync(request);
+      await assert.rejects(async () => {
+        const responses: protos.google.identity.accesscontextmanager.v1.IServicePerimeter[] =
+          [];
+        for await (const resource of iterable) {
+          responses.push(resource!);
+        }
+      });
+      assert.deepStrictEqual(
+        (
+          client.descriptors.page.listServicePerimeters
+            .asyncIterate as SinonStub
+        ).getCall(0).args[1],
+        request
+      );
+      assert(
+        (
+          client.descriptors.page.listServicePerimeters
+            .asyncIterate as SinonStub
+        )
+          .getCall(0)
+          .args[2].otherArgs.headers['x-goog-request-params'].includes(
+            expectedHeaderRequestParams
+          )
+      );
+    });
+  });
+
+  describe('listGcpUserAccessBindings', () => {
+    it('invokes listGcpUserAccessBindings without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding()
+        ),
+      ];
+      client.innerApiCalls.listGcpUserAccessBindings =
+        stubSimpleCall(expectedResponse);
+      const [response] = await client.listGcpUserAccessBindings(request);
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.listGcpUserAccessBindings as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.listGcpUserAccessBindings as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes listGcpUserAccessBindings without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding()
+        ),
+      ];
+      client.innerApiCalls.listGcpUserAccessBindings =
+        stubSimpleCallWithCallback(expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.listGcpUserAccessBindings(
+          request,
+          (
+            err?: Error | null,
+            result?:
+              | protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding[]
+              | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const response = await promise;
+      assert.deepStrictEqual(response, expectedResponse);
+      const actualRequest = (
+        client.innerApiCalls.listGcpUserAccessBindings as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.listGcpUserAccessBindings as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes listGcpUserAccessBindings with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.innerApiCalls.listGcpUserAccessBindings = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(
+        client.listGcpUserAccessBindings(request),
+        expectedError
+      );
+      const actualRequest = (
+        client.innerApiCalls.listGcpUserAccessBindings as SinonStub
+      ).getCall(0).args[0];
+      assert.deepStrictEqual(actualRequest, request);
+      const actualHeaderRequestParams = (
+        client.innerApiCalls.listGcpUserAccessBindings as SinonStub
+      ).getCall(0).args[1].otherArgs.headers['x-goog-request-params'];
+      assert(actualHeaderRequestParams.includes(expectedHeaderRequestParams));
+    });
+
+    it('invokes listGcpUserAccessBindingsStream without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding()
+        ),
+      ];
+      client.descriptors.page.listGcpUserAccessBindings.createStream =
+        stubPageStreamingCall(expectedResponse);
+      const stream = client.listGcpUserAccessBindingsStream(request);
+      const promise = new Promise((resolve, reject) => {
+        const responses: protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding[] =
+          [];
+        stream.on(
+          'data',
+          (
+            response: protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding
+          ) => {
+            responses.push(response);
+          }
+        );
+        stream.on('end', () => {
+          resolve(responses);
+        });
+        stream.on('error', (err: Error) => {
+          reject(err);
+        });
+      });
+      const responses = await promise;
+      assert.deepStrictEqual(responses, expectedResponse);
+      assert(
+        (
+          client.descriptors.page.listGcpUserAccessBindings
+            .createStream as SinonStub
+        )
+          .getCall(0)
+          .calledWith(client.innerApiCalls.listGcpUserAccessBindings, request)
+      );
+      assert(
+        (
+          client.descriptors.page.listGcpUserAccessBindings
+            .createStream as SinonStub
+        )
+          .getCall(0)
+          .args[2].otherArgs.headers['x-goog-request-params'].includes(
+            expectedHeaderRequestParams
+          )
+      );
+    });
+
+    it('invokes listGcpUserAccessBindingsStream with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.descriptors.page.listGcpUserAccessBindings.createStream =
+        stubPageStreamingCall(undefined, expectedError);
+      const stream = client.listGcpUserAccessBindingsStream(request);
+      const promise = new Promise((resolve, reject) => {
+        const responses: protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding[] =
+          [];
+        stream.on(
+          'data',
+          (
+            response: protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding
+          ) => {
+            responses.push(response);
+          }
+        );
+        stream.on('end', () => {
+          resolve(responses);
+        });
+        stream.on('error', (err: Error) => {
+          reject(err);
+        });
+      });
+      await assert.rejects(promise, expectedError);
+      assert(
+        (
+          client.descriptors.page.listGcpUserAccessBindings
+            .createStream as SinonStub
+        )
+          .getCall(0)
+          .calledWith(client.innerApiCalls.listGcpUserAccessBindings, request)
+      );
+      assert(
+        (
+          client.descriptors.page.listGcpUserAccessBindings
+            .createStream as SinonStub
+        )
+          .getCall(0)
+          .args[2].otherArgs.headers['x-goog-request-params'].includes(
+            expectedHeaderRequestParams
+          )
+      );
+    });
+
+    it('uses async iteration with listGcpUserAccessBindings without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedResponse = [
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding()
+        ),
+        generateSampleMessage(
+          new protos.google.identity.accesscontextmanager.v1.GcpUserAccessBinding()
+        ),
+      ];
+      client.descriptors.page.listGcpUserAccessBindings.asyncIterate =
+        stubAsyncIterationCall(expectedResponse);
+      const responses: protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding[] =
+        [];
+      const iterable = client.listGcpUserAccessBindingsAsync(request);
+      for await (const resource of iterable) {
+        responses.push(resource!);
+      }
+      assert.deepStrictEqual(responses, expectedResponse);
+      assert.deepStrictEqual(
+        (
+          client.descriptors.page.listGcpUserAccessBindings
+            .asyncIterate as SinonStub
+        ).getCall(0).args[1],
+        request
+      );
+      assert(
+        (
+          client.descriptors.page.listGcpUserAccessBindings
+            .asyncIterate as SinonStub
+        )
+          .getCall(0)
+          .args[2].otherArgs.headers['x-goog-request-params'].includes(
+            expectedHeaderRequestParams
+          )
+      );
+    });
+
+    it('uses async iteration with listGcpUserAccessBindings with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new protos.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest()
+      );
+      const defaultValue1 = getTypeDefaultValue(
+        '.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest',
+        ['parent']
+      );
+      request.parent = defaultValue1;
+      const expectedHeaderRequestParams = `parent=${defaultValue1}`;
+      const expectedError = new Error('expected');
+      client.descriptors.page.listGcpUserAccessBindings.asyncIterate =
+        stubAsyncIterationCall(undefined, expectedError);
+      const iterable = client.listGcpUserAccessBindingsAsync(request);
+      await assert.rejects(async () => {
+        const responses: protos.google.identity.accesscontextmanager.v1.IGcpUserAccessBinding[] =
+          [];
+        for await (const resource of iterable) {
+          responses.push(resource!);
+        }
+      });
+      assert.deepStrictEqual(
+        (
+          client.descriptors.page.listGcpUserAccessBindings
+            .asyncIterate as SinonStub
+        ).getCall(0).args[1],
+        request
+      );
+      assert(
+        (
+          client.descriptors.page.listGcpUserAccessBindings
+            .asyncIterate as SinonStub
+        )
+          .getCall(0)
+          .args[2].otherArgs.headers['x-goog-request-params'].includes(
+            expectedHeaderRequestParams
+          )
+      );
+    });
+  });
+  describe('getOperation', () => {
+    it('invokes getOperation without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new operationsProtos.google.longrunning.GetOperationRequest()
+      );
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      client.operationsClient.getOperation = stubSimpleCall(expectedResponse);
+      const response = await client.getOperation(request);
+      assert.deepStrictEqual(response, [expectedResponse]);
+      assert(
+        (client.operationsClient.getOperation as SinonStub)
+          .getCall(0)
+          .calledWith(request)
+      );
+    });
+    it('invokes getOperation without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      const request = generateSampleMessage(
+        new operationsProtos.google.longrunning.GetOperationRequest()
+      );
+      const expectedResponse = generateSampleMessage(
+        new operationsProtos.google.longrunning.Operation()
+      );
+      client.operationsClient.getOperation = sinon
+        .stub()
+        .callsArgWith(2, null, expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.operationsClient.getOperation(
+          request,
+          undefined,
+          (
+            err?: Error | null,
+            result?: operationsProtos.google.longrunning.Operation | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const response = await promise;
+      assert.deepStrictEqual(response, expectedResponse);
+      assert((client.operationsClient.getOperation as SinonStub).getCall(0));
+    });
+    it('invokes getOperation with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      const request = generateSampleMessage(
+        new operationsProtos.google.longrunning.GetOperationRequest()
+      );
+      const expectedError = new Error('expected');
+      client.operationsClient.getOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(async () => {
+        await client.getOperation(request);
+      }, expectedError);
+      assert(
+        (client.operationsClient.getOperation as SinonStub)
+          .getCall(0)
+          .calledWith(request)
+      );
+    });
+  });
+  describe('cancelOperation', () => {
+    it('invokes cancelOperation without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new operationsProtos.google.longrunning.CancelOperationRequest()
+      );
+      const expectedResponse = generateSampleMessage(
+        new protos.google.protobuf.Empty()
+      );
+      client.operationsClient.cancelOperation =
+        stubSimpleCall(expectedResponse);
+      const response = await client.cancelOperation(request);
+      assert.deepStrictEqual(response, [expectedResponse]);
+      assert(
+        (client.operationsClient.cancelOperation as SinonStub)
+          .getCall(0)
+          .calledWith(request)
+      );
+    });
+    it('invokes cancelOperation without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      const request = generateSampleMessage(
+        new operationsProtos.google.longrunning.CancelOperationRequest()
+      );
+      const expectedResponse = generateSampleMessage(
+        new protos.google.protobuf.Empty()
+      );
+      client.operationsClient.cancelOperation = sinon
+        .stub()
+        .callsArgWith(2, null, expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.operationsClient.cancelOperation(
+          request,
+          undefined,
+          (
+            err?: Error | null,
+            result?: protos.google.protobuf.Empty | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const response = await promise;
+      assert.deepStrictEqual(response, expectedResponse);
+      assert((client.operationsClient.cancelOperation as SinonStub).getCall(0));
+    });
+    it('invokes cancelOperation with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      const request = generateSampleMessage(
+        new operationsProtos.google.longrunning.CancelOperationRequest()
+      );
+      const expectedError = new Error('expected');
+      client.operationsClient.cancelOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(async () => {
+        await client.cancelOperation(request);
+      }, expectedError);
+      assert(
+        (client.operationsClient.cancelOperation as SinonStub)
+          .getCall(0)
+          .calledWith(request)
+      );
+    });
+  });
+  describe('deleteOperation', () => {
+    it('invokes deleteOperation without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new operationsProtos.google.longrunning.DeleteOperationRequest()
+      );
+      const expectedResponse = generateSampleMessage(
+        new protos.google.protobuf.Empty()
+      );
+      client.operationsClient.deleteOperation =
+        stubSimpleCall(expectedResponse);
+      const response = await client.deleteOperation(request);
+      assert.deepStrictEqual(response, [expectedResponse]);
+      assert(
+        (client.operationsClient.deleteOperation as SinonStub)
+          .getCall(0)
+          .calledWith(request)
+      );
+    });
+    it('invokes deleteOperation without error using callback', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      const request = generateSampleMessage(
+        new operationsProtos.google.longrunning.DeleteOperationRequest()
+      );
+      const expectedResponse = generateSampleMessage(
+        new protos.google.protobuf.Empty()
+      );
+      client.operationsClient.deleteOperation = sinon
+        .stub()
+        .callsArgWith(2, null, expectedResponse);
+      const promise = new Promise((resolve, reject) => {
+        client.operationsClient.deleteOperation(
+          request,
+          undefined,
+          (
+            err?: Error | null,
+            result?: protos.google.protobuf.Empty | null
+          ) => {
+            if (err) {
+              reject(err);
+            } else {
+              resolve(result);
+            }
+          }
+        );
+      });
+      const response = await promise;
+      assert.deepStrictEqual(response, expectedResponse);
+      assert((client.operationsClient.deleteOperation as SinonStub).getCall(0));
+    });
+    it('invokes deleteOperation with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      const request = generateSampleMessage(
+        new operationsProtos.google.longrunning.DeleteOperationRequest()
+      );
+      const expectedError = new Error('expected');
+      client.operationsClient.deleteOperation = stubSimpleCall(
+        undefined,
+        expectedError
+      );
+      await assert.rejects(async () => {
+        await client.deleteOperation(request);
+      }, expectedError);
+      assert(
+        (client.operationsClient.deleteOperation as SinonStub)
+          .getCall(0)
+          .calledWith(request)
+      );
+    });
+  });
+  describe('listOperationsAsync', () => {
+    it('uses async iteration with listOperations without error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      const request = generateSampleMessage(
+        new operationsProtos.google.longrunning.ListOperationsRequest()
+      );
+      const expectedResponse = [
+        generateSampleMessage(
+          new operationsProtos.google.longrunning.ListOperationsResponse()
+        ),
+        generateSampleMessage(
+          new operationsProtos.google.longrunning.ListOperationsResponse()
+        ),
+        generateSampleMessage(
+          new operationsProtos.google.longrunning.ListOperationsResponse()
+        ),
+      ];
+      client.operationsClient.descriptor.listOperations.asyncIterate =
+        stubAsyncIterationCall(expectedResponse);
+      const responses: operationsProtos.google.longrunning.ListOperationsResponse[] =
+        [];
+      const iterable = client.operationsClient.listOperationsAsync(request);
+      for await (const resource of iterable) {
+        responses.push(resource!);
+      }
+      assert.deepStrictEqual(responses, expectedResponse);
+      assert.deepStrictEqual(
+        (
+          client.operationsClient.descriptor.listOperations
+            .asyncIterate as SinonStub
+        ).getCall(0).args[1],
+        request
+      );
+    });
+    it('uses async iteration with listOperations with error', async () => {
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      const request = generateSampleMessage(
+        new operationsProtos.google.longrunning.ListOperationsRequest()
+      );
+      const expectedError = new Error('expected');
+      client.operationsClient.descriptor.listOperations.asyncIterate =
+        stubAsyncIterationCall(undefined, expectedError);
+      const iterable = client.operationsClient.listOperationsAsync(request);
+      await assert.rejects(async () => {
+        const responses: operationsProtos.google.longrunning.ListOperationsResponse[] =
+          [];
+        for await (const resource of iterable) {
+          responses.push(resource!);
+        }
+      });
+      assert.deepStrictEqual(
+        (
+          client.operationsClient.descriptor.listOperations
+            .asyncIterate as SinonStub
+        ).getCall(0).args[1],
+        request
+      );
+    });
+  });
+
+  describe('Path templates', () => {
+    describe('accessLevel', () => {
+      const fakePath = '/rendered/path/accessLevel';
+      const expectedParameters = {
+        access_policy: 'accessPolicyValue',
+        access_level: 'accessLevelValue',
+      };
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      client.pathTemplates.accessLevelPathTemplate.render = sinon
+        .stub()
+        .returns(fakePath);
+      client.pathTemplates.accessLevelPathTemplate.match = sinon
+        .stub()
+        .returns(expectedParameters);
+
+      it('accessLevelPath', () => {
+        const result = client.accessLevelPath(
+          'accessPolicyValue',
+          'accessLevelValue'
+        );
+        assert.strictEqual(result, fakePath);
+        assert(
+          (client.pathTemplates.accessLevelPathTemplate.render as SinonStub)
+            .getCall(-1)
+            .calledWith(expectedParameters)
+        );
+      });
+
+      it('matchAccessPolicyFromAccessLevelName', () => {
+        const result = client.matchAccessPolicyFromAccessLevelName(fakePath);
+        assert.strictEqual(result, 'accessPolicyValue');
+        assert(
+          (client.pathTemplates.accessLevelPathTemplate.match as SinonStub)
+            .getCall(-1)
+            .calledWith(fakePath)
+        );
+      });
+
+      it('matchAccessLevelFromAccessLevelName', () => {
+        const result = client.matchAccessLevelFromAccessLevelName(fakePath);
+        assert.strictEqual(result, 'accessLevelValue');
+        assert(
+          (client.pathTemplates.accessLevelPathTemplate.match as SinonStub)
+            .getCall(-1)
+            .calledWith(fakePath)
+        );
+      });
+    });
+
+    describe('accessPolicy', () => {
+      const fakePath = '/rendered/path/accessPolicy';
+      const expectedParameters = {
+        access_policy: 'accessPolicyValue',
+      };
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      client.pathTemplates.accessPolicyPathTemplate.render = sinon
+        .stub()
+        .returns(fakePath);
+      client.pathTemplates.accessPolicyPathTemplate.match = sinon
+        .stub()
+        .returns(expectedParameters);
+
+      it('accessPolicyPath', () => {
+        const result = client.accessPolicyPath('accessPolicyValue');
+        assert.strictEqual(result, fakePath);
+        assert(
+          (client.pathTemplates.accessPolicyPathTemplate.render as SinonStub)
+            .getCall(-1)
+            .calledWith(expectedParameters)
+        );
+      });
+
+      it('matchAccessPolicyFromAccessPolicyName', () => {
+        const result = client.matchAccessPolicyFromAccessPolicyName(fakePath);
+        assert.strictEqual(result, 'accessPolicyValue');
+        assert(
+          (client.pathTemplates.accessPolicyPathTemplate.match as SinonStub)
+            .getCall(-1)
+            .calledWith(fakePath)
+        );
+      });
+    });
+
+    describe('gcpUserAccessBinding', () => {
+      const fakePath = '/rendered/path/gcpUserAccessBinding';
+      const expectedParameters = {
+        organization: 'organizationValue',
+        gcp_user_access_binding: 'gcpUserAccessBindingValue',
+      };
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      client.pathTemplates.gcpUserAccessBindingPathTemplate.render = sinon
+        .stub()
+        .returns(fakePath);
+      client.pathTemplates.gcpUserAccessBindingPathTemplate.match = sinon
+        .stub()
+        .returns(expectedParameters);
+
+      it('gcpUserAccessBindingPath', () => {
+        const result = client.gcpUserAccessBindingPath(
+          'organizationValue',
+          'gcpUserAccessBindingValue'
+        );
+        assert.strictEqual(result, fakePath);
+        assert(
+          (
+            client.pathTemplates.gcpUserAccessBindingPathTemplate
+              .render as SinonStub
+          )
+            .getCall(-1)
+            .calledWith(expectedParameters)
+        );
+      });
+
+      it('matchOrganizationFromGcpUserAccessBindingName', () => {
+        const result =
+          client.matchOrganizationFromGcpUserAccessBindingName(fakePath);
+        assert.strictEqual(result, 'organizationValue');
+        assert(
+          (
+            client.pathTemplates.gcpUserAccessBindingPathTemplate
+              .match as SinonStub
+          )
+            .getCall(-1)
+            .calledWith(fakePath)
+        );
+      });
+
+      it('matchGcpUserAccessBindingFromGcpUserAccessBindingName', () => {
+        const result =
+          client.matchGcpUserAccessBindingFromGcpUserAccessBindingName(
+            fakePath
+          );
+        assert.strictEqual(result, 'gcpUserAccessBindingValue');
+        assert(
+          (
+            client.pathTemplates.gcpUserAccessBindingPathTemplate
+              .match as SinonStub
+          )
+            .getCall(-1)
+            .calledWith(fakePath)
+        );
+      });
+    });
+
+    describe('organization', () => {
+      const fakePath = '/rendered/path/organization';
+      const expectedParameters = {
+        organization: 'organizationValue',
+      };
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      client.pathTemplates.organizationPathTemplate.render = sinon
+        .stub()
+        .returns(fakePath);
+      client.pathTemplates.organizationPathTemplate.match = sinon
+        .stub()
+        .returns(expectedParameters);
+
+      it('organizationPath', () => {
+        const result = client.organizationPath('organizationValue');
+        assert.strictEqual(result, fakePath);
+        assert(
+          (client.pathTemplates.organizationPathTemplate.render as SinonStub)
+            .getCall(-1)
+            .calledWith(expectedParameters)
+        );
+      });
+
+      it('matchOrganizationFromOrganizationName', () => {
+        const result = client.matchOrganizationFromOrganizationName(fakePath);
+        assert.strictEqual(result, 'organizationValue');
+        assert(
+          (client.pathTemplates.organizationPathTemplate.match as SinonStub)
+            .getCall(-1)
+            .calledWith(fakePath)
+        );
+      });
+    });
+
+    describe('servicePerimeter', () => {
+      const fakePath = '/rendered/path/servicePerimeter';
+      const expectedParameters = {
+        access_policy: 'accessPolicyValue',
+        service_perimeter: 'servicePerimeterValue',
+      };
+      const client =
+        new accesscontextmanagerModule.v1.AccessContextManagerClient({
+          credentials: {client_email: 'bogus', private_key: 'bogus'},
+          projectId: 'bogus',
+        });
+      client.initialize();
+      client.pathTemplates.servicePerimeterPathTemplate.render = sinon
+        .stub()
+        .returns(fakePath);
+      client.pathTemplates.servicePerimeterPathTemplate.match = sinon
+        .stub()
+        .returns(expectedParameters);
+
+      it('servicePerimeterPath', () => {
+        const result = client.servicePerimeterPath(
+          'accessPolicyValue',
+          'servicePerimeterValue'
+        );
+        assert.strictEqual(result, fakePath);
+        assert(
+          (
+            client.pathTemplates.servicePerimeterPathTemplate
+              .render as SinonStub
+          )
+            .getCall(-1)
+            .calledWith(expectedParameters)
+        );
+      });
+
+      it('matchAccessPolicyFromServicePerimeterName', () => {
+        const result =
+          client.matchAccessPolicyFromServicePerimeterName(fakePath);
+        assert.strictEqual(result, 'accessPolicyValue');
+        assert(
+          (client.pathTemplates.servicePerimeterPathTemplate.match as SinonStub)
+            .getCall(-1)
+            .calledWith(fakePath)
+        );
+      });
+
+      it('matchServicePerimeterFromServicePerimeterName', () => {
+        const result =
+          client.matchServicePerimeterFromServicePerimeterName(fakePath);
+        assert.strictEqual(result, 'servicePerimeterValue');
+        assert(
+          (client.pathTemplates.servicePerimeterPathTemplate.match as SinonStub)
+            .getCall(-1)
+            .calledWith(fakePath)
+        );
+      });
+    });
+  });
+});
diff --git a/packages/google-identity-accesscontextmanager/tsconfig.json b/packages/google-identity-accesscontextmanager/tsconfig.json
new file mode 100644
index 00000000000..c78f1c884ef
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/tsconfig.json
@@ -0,0 +1,19 @@
+{
+  "extends": "./node_modules/gts/tsconfig-google.json",
+  "compilerOptions": {
+    "rootDir": ".",
+    "outDir": "build",
+    "resolveJsonModule": true,
+    "lib": [
+      "es2018",
+      "dom"
+    ]
+  },
+  "include": [
+    "src/*.ts",
+    "src/**/*.ts",
+    "test/*.ts",
+    "test/**/*.ts",
+    "system-test/*.ts"
+  ]
+}
diff --git a/packages/google-identity-accesscontextmanager/webpack.config.js b/packages/google-identity-accesscontextmanager/webpack.config.js
new file mode 100644
index 00000000000..cbbd5572394
--- /dev/null
+++ b/packages/google-identity-accesscontextmanager/webpack.config.js
@@ -0,0 +1,64 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+const path = require('path');
+
+module.exports = {
+  entry: './src/index.ts',
+  output: {
+    library: 'AccessContextManager',
+    filename: './access-context-manager.js',
+  },
+  node: {
+    child_process: 'empty',
+    fs: 'empty',
+    crypto: 'empty',
+  },
+  resolve: {
+    alias: {
+      '../../../package.json': path.resolve(__dirname, 'package.json'),
+    },
+    extensions: ['.js', '.json', '.ts'],
+  },
+  module: {
+    rules: [
+      {
+        test: /\.tsx?$/,
+        use: 'ts-loader',
+        exclude: /node_modules/,
+      },
+      {
+        test: /node_modules[\\/]@grpc[\\/]grpc-js/,
+        use: 'null-loader',
+      },
+      {
+        test: /node_modules[\\/]grpc/,
+        use: 'null-loader',
+      },
+      {
+        test: /node_modules[\\/]retry-request/,
+        use: 'null-loader',
+      },
+      {
+        test: /node_modules[\\/]https?-proxy-agent/,
+        use: 'null-loader',
+      },
+      {
+        test: /node_modules[\\/]gtoken/,
+        use: 'null-loader',
+      },
+    ],
+  },
+  mode: 'production',
+};