From 0a13a3cce8925841be79ed8dd1c03d8647bef60b Mon Sep 17 00:00:00 2001 From: Mridula <66699525+mpeddada1@users.noreply.github.com> Date: Thu, 25 May 2023 16:03:18 -0400 Subject: [PATCH] Revert "chore: [iam] upgrading Protobuf to 23.1 and gRPC to 1.55.0 in code generation (#1693)" This reverts commit ff3c1545acc8e439d6b4a3da70e368492d461500. --- .../clirr-ignored-differences.xml | 30 -- .../java/com/google/iam/v1/AuditConfig.java | 46 ++- .../com/google/iam/v1/AuditConfigDelta.java | 38 ++ .../com/google/iam/v1/AuditLogConfig.java | 83 +++-- .../main/java/com/google/iam/v1/Binding.java | 258 +++---------- .../java/com/google/iam/v1/BindingDelta.java | 38 ++ .../com/google/iam/v1/BindingOrBuilder.java | 53 --- .../google/iam/v1/GetIamPolicyRequest.java | 38 ++ .../com/google/iam/v1/GetPolicyOptions.java | 54 ++- .../iam/v1/GetPolicyOptionsOrBuilder.java | 4 - .../com/google/iam/v1/IamPolicyProto.java | 50 +-- .../main/java/com/google/iam/v1/Policy.java | 105 ++---- .../java/com/google/iam/v1/PolicyDelta.java | 38 ++ .../com/google/iam/v1/PolicyOrBuilder.java | 12 - .../google/iam/v1/SetIamPolicyRequest.java | 50 ++- .../iam/v1/SetIamPolicyRequestOrBuilder.java | 3 - .../iam/v1/TestIamPermissionsRequest.java | 79 ++-- .../iam/v1/TestIamPermissionsResponse.java | 79 ++-- .../clirr-ignored-differences.xml | 30 -- .../google/iam/v2/CreatePolicyRequest.java | 59 +-- .../iam/v2/CreatePolicyRequestOrBuilder.java | 6 - .../google/iam/v2/DeletePolicyRequest.java | 66 ++-- .../iam/v2/DeletePolicyRequestOrBuilder.java | 8 - .../main/java/com/google/iam/v2/DenyRule.java | 340 ++++++------------ .../com/google/iam/v2/DenyRuleOrBuilder.java | 46 --- .../com/google/iam/v2/GetPolicyRequest.java | 59 +-- .../iam/v2/GetPolicyRequestOrBuilder.java | 6 - .../google/iam/v2/ListPoliciesRequest.java | 59 +-- .../iam/v2/ListPoliciesRequestOrBuilder.java | 6 - .../google/iam/v2/ListPoliciesResponse.java | 38 ++ .../main/java/com/google/iam/v2/Policy.java | 66 ++-- .../iam/v2/PolicyOperationMetadata.java | 38 ++ .../com/google/iam/v2/PolicyOrBuilder.java | 8 - .../java/com/google/iam/v2/PolicyProto.java | 105 +++--- .../java/com/google/iam/v2/PolicyRule.java | 40 ++- .../google/iam/v2/PolicyRuleOrBuilder.java | 2 +- .../google/iam/v2/UpdatePolicyRequest.java | 50 ++- .../iam/v2/UpdatePolicyRequestOrBuilder.java | 3 - .../clirr-ignored-differences.xml | 30 -- .../iam/v2beta/CreatePolicyRequest.java | 59 +-- .../v2beta/CreatePolicyRequestOrBuilder.java | 6 - .../iam/v2beta/DeletePolicyRequest.java | 66 ++-- .../v2beta/DeletePolicyRequestOrBuilder.java | 8 - .../java/com/google/iam/v2beta/DenyRule.java | 340 ++++++------------ .../google/iam/v2beta/DenyRuleOrBuilder.java | 46 --- .../google/iam/v2beta/GetPolicyRequest.java | 59 +-- .../iam/v2beta/GetPolicyRequestOrBuilder.java | 6 - .../iam/v2beta/ListPoliciesRequest.java | 59 +-- .../v2beta/ListPoliciesRequestOrBuilder.java | 6 - .../iam/v2beta/ListPoliciesResponse.java | 38 ++ .../java/com/google/iam/v2beta/Policy.java | 66 ++-- .../iam/v2beta/PolicyOperationMetadata.java | 38 ++ .../google/iam/v2beta/PolicyOrBuilder.java | 8 - .../com/google/iam/v2beta/PolicyProto.java | 106 +++--- .../com/google/iam/v2beta/PolicyRule.java | 40 ++- .../iam/v2beta/PolicyRuleOrBuilder.java | 2 +- .../iam/v2beta/UpdatePolicyRequest.java | 50 ++- .../v2beta/UpdatePolicyRequestOrBuilder.java | 3 - 58 files changed, 1560 insertions(+), 1569 deletions(-) diff --git a/java-iam/proto-google-iam-v1/clirr-ignored-differences.xml b/java-iam/proto-google-iam-v1/clirr-ignored-differences.xml index f551ecf78f..ca6f8c1981 100644 --- a/java-iam/proto-google-iam-v1/clirr-ignored-differences.xml +++ b/java-iam/proto-google-iam-v1/clirr-ignored-differences.xml @@ -1,36 +1,6 @@ - - 7002 - com/google/iam/v1/*Builder - * addRepeatedField(*) - - - 7002 - com/google/iam/v1/*Builder - * clearField(*) - - - 7002 - com/google/iam/v1/*Builder - * clearOneof(*) - - - 7002 - com/google/iam/v1/*Builder - * clone() - - - 7002 - com/google/iam/v1/*Builder - * setField(*) - - - 7002 - com/google/iam/v1/*Builder - * setRepeatedField(*) - 7012 com/google/iam/v1/*OrBuilder diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/AuditConfig.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/AuditConfig.java index 3607c266a6..5414ae4c2c 100644 --- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/AuditConfig.java +++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/AuditConfig.java @@ -26,14 +26,11 @@ * The configuration determines which permission types are logged, and what * identities, if any, are exempted from logging. * An AuditConfig must have one or more AuditLogConfigs. - * * If there are AuditConfigs for both `allServices` and a specific service, * the union of the two AuditConfigs is used for that service: the log_types * specified in each AuditConfig are enabled, and the exempted_members in each * AuditLogConfig are exempted. - * * Example Policy with multiple AuditConfigs: - * * { * "audit_configs": [ * { @@ -69,7 +66,6 @@ * } * ] * } - * * For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ * logging. It also exempts jose@example.com from DATA_READ logging, and * aliya@example.com from DATA_WRITE logging. @@ -98,6 +94,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) { return new AuditConfig(); } + @java.lang.Override + public final com.google.protobuf.UnknownFieldSet getUnknownFields() { + return this.unknownFields; + } + public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { return com.google.iam.v1.PolicyProto.internal_static_google_iam_v1_AuditConfig_descriptor; } @@ -413,14 +414,11 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build * The configuration determines which permission types are logged, and what * identities, if any, are exempted from logging. * An AuditConfig must have one or more AuditLogConfigs. - * * If there are AuditConfigs for both `allServices` and a specific service, * the union of the two AuditConfigs is used for that service: the log_types * specified in each AuditConfig are enabled, and the exempted_members in each * AuditLogConfig are exempted. - * * Example Policy with multiple AuditConfigs: - * * { * "audit_configs": [ * { @@ -456,7 +454,6 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build * } * ] * } - * * For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ * logging. It also exempts jose@example.com from DATA_READ logging, and * aliya@example.com from DATA_WRITE logging. @@ -552,6 +549,39 @@ private void buildPartial0(com.google.iam.v1.AuditConfig result) { } } + @java.lang.Override + public Builder clone() { + return super.clone(); + } + + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.setField(field, value); + } + + @java.lang.Override + public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + + @java.lang.Override + public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override public Builder mergeFrom(com.google.protobuf.Message other) { if (other instanceof com.google.iam.v1.AuditConfig) { diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/AuditConfigDelta.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/AuditConfigDelta.java index b56b2552e6..9fc1f68b1d 100644 --- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/AuditConfigDelta.java +++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/AuditConfigDelta.java @@ -51,6 +51,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) { return new AuditConfigDelta(); } + @java.lang.Override + public final com.google.protobuf.UnknownFieldSet getUnknownFields() { + return this.unknownFields; + } + public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { return com.google.iam.v1.PolicyProto.internal_static_google_iam_v1_AuditConfigDelta_descriptor; } @@ -703,6 +708,39 @@ private void buildPartial0(com.google.iam.v1.AuditConfigDelta result) { } } + @java.lang.Override + public Builder clone() { + return super.clone(); + } + + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.setField(field, value); + } + + @java.lang.Override + public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + + @java.lang.Override + public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override public Builder mergeFrom(com.google.protobuf.Message other) { if (other instanceof com.google.iam.v1.AuditConfigDelta) { diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/AuditLogConfig.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/AuditLogConfig.java index 05f9e30d65..dbdb7e2c76 100644 --- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/AuditLogConfig.java +++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/AuditLogConfig.java @@ -24,7 +24,6 @@ * 
  * Provides the configuration for logging a type of permissions.
  * Example:
- *
  *     {
  *       "audit_log_configs": [
  *         {
@@ -38,7 +37,6 @@
  *         }
  *       ]
  *     }
- *
  * This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
  * jose@example.com from DATA_READ logging.
  *
@@ -57,7 +55,7 @@ private AuditLogConfig(com.google.protobuf.GeneratedMessageV3.Builder builder private AuditLogConfig() { logType_ = 0; - exemptedMembers_ = com.google.protobuf.LazyStringArrayList.emptyList(); + exemptedMembers_ = com.google.protobuf.LazyStringArrayList.EMPTY; } @java.lang.Override @@ -66,6 +64,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) { return new AuditLogConfig(); } + @java.lang.Override + public final com.google.protobuf.UnknownFieldSet getUnknownFields() { + return this.unknownFields; + } + public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { return com.google.iam.v1.PolicyProto.internal_static_google_iam_v1_AuditLogConfig_descriptor; } @@ -297,8 +300,7 @@ public com.google.iam.v1.AuditLogConfig.LogType getLogType() { public static final int EXEMPTED_MEMBERS_FIELD_NUMBER = 2; @SuppressWarnings("serial") - private com.google.protobuf.LazyStringArrayList exemptedMembers_ = - com.google.protobuf.LazyStringArrayList.emptyList(); + private com.google.protobuf.LazyStringList exemptedMembers_; /** * * @@ -549,7 +551,6 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build * 
    * Provides the configuration for logging a type of permissions.
    * Example:
-   *
    *     {
    *       "audit_log_configs": [
    *         {
@@ -563,7 +564,6 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build
    *         }
    *       ]
    *     }
-   *
    * This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
    * jose@example.com from DATA_READ logging.
    *
@@ -600,7 +600,8 @@ public Builder clear() { super.clear(); bitField0_ = 0; logType_ = 0; - exemptedMembers_ = com.google.protobuf.LazyStringArrayList.emptyList(); + exemptedMembers_ = com.google.protobuf.LazyStringArrayList.EMPTY; + bitField0_ = (bitField0_ & ~0x00000002); return this; } @@ -626,6 +627,7 @@ public com.google.iam.v1.AuditLogConfig build() { @java.lang.Override public com.google.iam.v1.AuditLogConfig buildPartial() { com.google.iam.v1.AuditLogConfig result = new com.google.iam.v1.AuditLogConfig(this); + buildPartialRepeatedFields(result); if (bitField0_ != 0) { buildPartial0(result); } @@ -633,15 +635,52 @@ public com.google.iam.v1.AuditLogConfig buildPartial() { return result; } + private void buildPartialRepeatedFields(com.google.iam.v1.AuditLogConfig result) { + if (((bitField0_ & 0x00000002) != 0)) { + exemptedMembers_ = exemptedMembers_.getUnmodifiableView(); + bitField0_ = (bitField0_ & ~0x00000002); + } + result.exemptedMembers_ = exemptedMembers_; + } + private void buildPartial0(com.google.iam.v1.AuditLogConfig result) { int from_bitField0_ = bitField0_; if (((from_bitField0_ & 0x00000001) != 0)) { result.logType_ = logType_; } - if (((from_bitField0_ & 0x00000002) != 0)) { - exemptedMembers_.makeImmutable(); - result.exemptedMembers_ = exemptedMembers_; - } + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.setField(field, value); + } + + @java.lang.Override + public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + + @java.lang.Override + public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.addRepeatedField(field, value); } @java.lang.Override @@ -662,7 +701,7 @@ public Builder mergeFrom(com.google.iam.v1.AuditLogConfig other) { if (!other.exemptedMembers_.isEmpty()) { if (exemptedMembers_.isEmpty()) { exemptedMembers_ = other.exemptedMembers_; - bitField0_ |= 0x00000002; + bitField0_ = (bitField0_ & ~0x00000002); } else { ensureExemptedMembersIsMutable(); exemptedMembers_.addAll(other.exemptedMembers_); @@ -817,14 +856,14 @@ public Builder clearLogType() { return this; } - private com.google.protobuf.LazyStringArrayList exemptedMembers_ = - com.google.protobuf.LazyStringArrayList.emptyList(); + private com.google.protobuf.LazyStringList exemptedMembers_ = + com.google.protobuf.LazyStringArrayList.EMPTY; private void ensureExemptedMembersIsMutable() { - if (!exemptedMembers_.isModifiable()) { + if (!((bitField0_ & 0x00000002) != 0)) { exemptedMembers_ = new com.google.protobuf.LazyStringArrayList(exemptedMembers_); + bitField0_ |= 0x00000002; } - bitField0_ |= 0x00000002; } /** * @@ -841,8 +880,7 @@ private void ensureExemptedMembersIsMutable() { * @return A list containing the exemptedMembers. */ public com.google.protobuf.ProtocolStringList getExemptedMembersList() { - exemptedMembers_.makeImmutable(); - return exemptedMembers_; + return exemptedMembers_.getUnmodifiableView(); } /** * @@ -919,7 +957,6 @@ public Builder setExemptedMembers(int index, java.lang.String value) { } ensureExemptedMembersIsMutable(); exemptedMembers_.set(index, value); - bitField0_ |= 0x00000002; onChanged(); return this; } @@ -944,7 +981,6 @@ public Builder addExemptedMembers(java.lang.String value) { } ensureExemptedMembersIsMutable(); exemptedMembers_.add(value); - bitField0_ |= 0x00000002; onChanged(); return this; } @@ -966,7 +1002,6 @@ public Builder addExemptedMembers(java.lang.String value) { public Builder addAllExemptedMembers(java.lang.Iterable values) { ensureExemptedMembersIsMutable(); com.google.protobuf.AbstractMessageLite.Builder.addAll(values, exemptedMembers_); - bitField0_ |= 0x00000002; onChanged(); return this; } @@ -985,9 +1020,8 @@ public Builder addAllExemptedMembers(java.lang.Iterable values * @return This builder for chaining. */ public Builder clearExemptedMembers() { - exemptedMembers_ = com.google.protobuf.LazyStringArrayList.emptyList(); + exemptedMembers_ = com.google.protobuf.LazyStringArrayList.EMPTY; bitField0_ = (bitField0_ & ~0x00000002); - ; onChanged(); return this; } @@ -1013,7 +1047,6 @@ public Builder addExemptedMembersBytes(com.google.protobuf.ByteString value) { checkByteStringIsUtf8(value); ensureExemptedMembersIsMutable(); exemptedMembers_.add(value); - bitField0_ |= 0x00000002; onChanged(); return this; } diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/Binding.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/Binding.java index 3784bda197..b24aa460af 100644 --- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/Binding.java +++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/Binding.java @@ -39,7 +39,7 @@ private Binding(com.google.protobuf.GeneratedMessageV3.Builder builder) { private Binding() { role_ = ""; - members_ = com.google.protobuf.LazyStringArrayList.emptyList(); + members_ = com.google.protobuf.LazyStringArrayList.EMPTY; } @java.lang.Override @@ -48,6 +48,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) { return new Binding(); } + @java.lang.Override + public final com.google.protobuf.UnknownFieldSet getUnknownFields() { + return this.unknownFields; + } + public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { return com.google.iam.v1.PolicyProto.internal_static_google_iam_v1_Binding_descriptor; } @@ -116,37 +121,28 @@ public com.google.protobuf.ByteString getRoleBytes() { public static final int MEMBERS_FIELD_NUMBER = 2; @SuppressWarnings("serial") - private com.google.protobuf.LazyStringArrayList members_ = - com.google.protobuf.LazyStringArrayList.emptyList(); + private com.google.protobuf.LazyStringList members_; /** * * * 
    * Specifies the principals requesting access for a Cloud Platform resource.
    * `members` can have the following values:
-   *
    * * `allUsers`: A special identifier that represents anyone who is
    *    on the internet; with or without a Google account.
-   *
    * * `allAuthenticatedUsers`: A special identifier that represents anyone
    *    who is authenticated with a Google account or a service account.
-   *
    * * `user:{emailid}`: An email address that represents a specific Google
    *    account. For example, `alice@example.com` .
-   *
-   *
    * * `serviceAccount:{emailid}`: An email address that represents a service
    *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-   *
    * * `group:{emailid}`: An email address that represents a Google group.
    *    For example, `admins@example.com`.
-   *
    * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a user that has been recently deleted. For
    *    example, `alice@example.com?uid=123456789012345678901`. If the user is
    *    recovered, this value reverts to `user:{emailid}` and the recovered user
    *    retains the role in the binding.
-   *
    * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
    *    unique identifier) representing a service account that has been recently
    *    deleted. For example,
@@ -154,14 +150,11 @@ public com.google.protobuf.ByteString getRoleBytes() {
    *    If the service account is undeleted, this value reverts to
    *    `serviceAccount:{emailid}` and the undeleted service account retains the
    *    role in the binding.
-   *
    * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a Google group that has been recently
    *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
    *    the group is recovered, this value reverts to `group:{emailid}` and the
    *    recovered group retains the role in the binding.
-   *
-   *
    * * `domain:{domain}`: The G Suite domain (primary) that represents all the
    *    users of that domain. For example, `google.com` or `example.com`.
    *
@@ -179,29 +172,21 @@ public com.google.protobuf.ProtocolStringList getMembersList() { * 
    * Specifies the principals requesting access for a Cloud Platform resource.
    * `members` can have the following values:
-   *
    * * `allUsers`: A special identifier that represents anyone who is
    *    on the internet; with or without a Google account.
-   *
    * * `allAuthenticatedUsers`: A special identifier that represents anyone
    *    who is authenticated with a Google account or a service account.
-   *
    * * `user:{emailid}`: An email address that represents a specific Google
    *    account. For example, `alice@example.com` .
-   *
-   *
    * * `serviceAccount:{emailid}`: An email address that represents a service
    *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-   *
    * * `group:{emailid}`: An email address that represents a Google group.
    *    For example, `admins@example.com`.
-   *
    * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a user that has been recently deleted. For
    *    example, `alice@example.com?uid=123456789012345678901`. If the user is
    *    recovered, this value reverts to `user:{emailid}` and the recovered user
    *    retains the role in the binding.
-   *
    * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
    *    unique identifier) representing a service account that has been recently
    *    deleted. For example,
@@ -209,14 +194,11 @@ public com.google.protobuf.ProtocolStringList getMembersList() {
    *    If the service account is undeleted, this value reverts to
    *    `serviceAccount:{emailid}` and the undeleted service account retains the
    *    role in the binding.
-   *
    * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a Google group that has been recently
    *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
    *    the group is recovered, this value reverts to `group:{emailid}` and the
    *    recovered group retains the role in the binding.
-   *
-   *
    * * `domain:{domain}`: The G Suite domain (primary) that represents all the
    *    users of that domain. For example, `google.com` or `example.com`.
    *
@@ -234,29 +216,21 @@ public int getMembersCount() { * 
    * Specifies the principals requesting access for a Cloud Platform resource.
    * `members` can have the following values:
-   *
    * * `allUsers`: A special identifier that represents anyone who is
    *    on the internet; with or without a Google account.
-   *
    * * `allAuthenticatedUsers`: A special identifier that represents anyone
    *    who is authenticated with a Google account or a service account.
-   *
    * * `user:{emailid}`: An email address that represents a specific Google
    *    account. For example, `alice@example.com` .
-   *
-   *
    * * `serviceAccount:{emailid}`: An email address that represents a service
    *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-   *
    * * `group:{emailid}`: An email address that represents a Google group.
    *    For example, `admins@example.com`.
-   *
    * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a user that has been recently deleted. For
    *    example, `alice@example.com?uid=123456789012345678901`. If the user is
    *    recovered, this value reverts to `user:{emailid}` and the recovered user
    *    retains the role in the binding.
-   *
    * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
    *    unique identifier) representing a service account that has been recently
    *    deleted. For example,
@@ -264,14 +238,11 @@ public int getMembersCount() {
    *    If the service account is undeleted, this value reverts to
    *    `serviceAccount:{emailid}` and the undeleted service account retains the
    *    role in the binding.
-   *
    * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a Google group that has been recently
    *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
    *    the group is recovered, this value reverts to `group:{emailid}` and the
    *    recovered group retains the role in the binding.
-   *
-   *
    * * `domain:{domain}`: The G Suite domain (primary) that represents all the
    *    users of that domain. For example, `google.com` or `example.com`.
    *
@@ -290,29 +261,21 @@ public java.lang.String getMembers(int index) { * 
    * Specifies the principals requesting access for a Cloud Platform resource.
    * `members` can have the following values:
-   *
    * * `allUsers`: A special identifier that represents anyone who is
    *    on the internet; with or without a Google account.
-   *
    * * `allAuthenticatedUsers`: A special identifier that represents anyone
    *    who is authenticated with a Google account or a service account.
-   *
    * * `user:{emailid}`: An email address that represents a specific Google
    *    account. For example, `alice@example.com` .
-   *
-   *
    * * `serviceAccount:{emailid}`: An email address that represents a service
    *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-   *
    * * `group:{emailid}`: An email address that represents a Google group.
    *    For example, `admins@example.com`.
-   *
    * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a user that has been recently deleted. For
    *    example, `alice@example.com?uid=123456789012345678901`. If the user is
    *    recovered, this value reverts to `user:{emailid}` and the recovered user
    *    retains the role in the binding.
-   *
    * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
    *    unique identifier) representing a service account that has been recently
    *    deleted. For example,
@@ -320,14 +283,11 @@ public java.lang.String getMembers(int index) {
    *    If the service account is undeleted, this value reverts to
    *    `serviceAccount:{emailid}` and the undeleted service account retains the
    *    role in the binding.
-   *
    * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a Google group that has been recently
    *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
    *    the group is recovered, this value reverts to `group:{emailid}` and the
    *    recovered group retains the role in the binding.
-   *
-   *
    * * `domain:{domain}`: The G Suite domain (primary) that represents all the
    *    users of that domain. For example, `google.com` or `example.com`.
    *
@@ -348,14 +308,11 @@ public com.google.protobuf.ByteString getMembersBytes(int index) { * * 
    * The condition that is associated with this binding.
-   *
    * If the condition evaluates to `true`, then this binding applies to the
    * current request.
-   *
    * If the condition evaluates to `false`, then this binding does not apply to
    * the current request. However, a different role binding might grant the same
    * role to one or more of the principals in this binding.
-   *
    * To learn which resources support conditions in their IAM policies, see the
    * [IAM
    * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -374,14 +331,11 @@ public boolean hasCondition() {
    *
    * 
    * The condition that is associated with this binding.
-   *
    * If the condition evaluates to `true`, then this binding applies to the
    * current request.
-   *
    * If the condition evaluates to `false`, then this binding does not apply to
    * the current request. However, a different role binding might grant the same
    * role to one or more of the principals in this binding.
-   *
    * To learn which resources support conditions in their IAM policies, see the
    * [IAM
    * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -400,14 +354,11 @@ public com.google.type.Expr getCondition() {
    *
    * 
    * The condition that is associated with this binding.
-   *
    * If the condition evaluates to `true`, then this binding applies to the
    * current request.
-   *
    * If the condition evaluates to `false`, then this binding does not apply to
    * the current request. However, a different role binding might grant the same
    * role to one or more of the principals in this binding.
-   *
    * To learn which resources support conditions in their IAM policies, see the
    * [IAM
    * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -644,7 +595,8 @@ public Builder clear() {
       super.clear();
       bitField0_ = 0;
       role_ = "";
-      members_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      members_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
       condition_ = null;
       if (conditionBuilder_ != null) {
         conditionBuilder_.dispose();
@@ -675,6 +627,7 @@ public com.google.iam.v1.Binding build() {
     @java.lang.Override
     public com.google.iam.v1.Binding buildPartial() {
       com.google.iam.v1.Binding result = new com.google.iam.v1.Binding(this);
+      buildPartialRepeatedFields(result);
       if (bitField0_ != 0) {
         buildPartial0(result);
       }
@@ -682,20 +635,57 @@ public com.google.iam.v1.Binding buildPartial() {
       return result;
     }
 
+    private void buildPartialRepeatedFields(com.google.iam.v1.Binding result) {
+      if (((bitField0_ & 0x00000002) != 0)) {
+        members_ = members_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      }
+      result.members_ = members_;
+    }
+
     private void buildPartial0(com.google.iam.v1.Binding result) {
       int from_bitField0_ = bitField0_;
       if (((from_bitField0_ & 0x00000001) != 0)) {
         result.role_ = role_;
       }
-      if (((from_bitField0_ & 0x00000002) != 0)) {
-        members_.makeImmutable();
-        result.members_ = members_;
-      }
       if (((from_bitField0_ & 0x00000004) != 0)) {
         result.condition_ = conditionBuilder_ == null ? condition_ : conditionBuilder_.build();
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v1.Binding) {
@@ -716,7 +706,7 @@ public Builder mergeFrom(com.google.iam.v1.Binding other) {
       if (!other.members_.isEmpty()) {
         if (members_.isEmpty()) {
           members_ = other.members_;
-          bitField0_ |= 0x00000002;
+          bitField0_ = (bitField0_ & ~0x00000002);
         } else {
           ensureMembersIsMutable();
           members_.addAll(other.members_);
@@ -901,14 +891,14 @@ public Builder setRoleBytes(com.google.protobuf.ByteString value) {
       return this;
     }
 
-    private com.google.protobuf.LazyStringArrayList members_ =
-        com.google.protobuf.LazyStringArrayList.emptyList();
+    private com.google.protobuf.LazyStringList members_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
 
     private void ensureMembersIsMutable() {
-      if (!members_.isModifiable()) {
+      if (!((bitField0_ & 0x00000002) != 0)) {
         members_ = new com.google.protobuf.LazyStringArrayList(members_);
+        bitField0_ |= 0x00000002;
       }
-      bitField0_ |= 0x00000002;
     }
     /**
      *
@@ -916,29 +906,21 @@ private void ensureMembersIsMutable() {
      * 
      * Specifies the principals requesting access for a Cloud Platform resource.
      * `members` can have the following values:
-     *
      * * `allUsers`: A special identifier that represents anyone who is
      *    on the internet; with or without a Google account.
-     *
      * * `allAuthenticatedUsers`: A special identifier that represents anyone
      *    who is authenticated with a Google account or a service account.
-     *
      * * `user:{emailid}`: An email address that represents a specific Google
      *    account. For example, `alice@example.com` .
-     *
-     *
      * * `serviceAccount:{emailid}`: An email address that represents a service
      *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-     *
      * * `group:{emailid}`: An email address that represents a Google group.
      *    For example, `admins@example.com`.
-     *
      * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a user that has been recently deleted. For
      *    example, `alice@example.com?uid=123456789012345678901`. If the user is
      *    recovered, this value reverts to `user:{emailid}` and the recovered user
      *    retains the role in the binding.
-     *
      * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
      *    unique identifier) representing a service account that has been recently
      *    deleted. For example,
@@ -946,14 +928,11 @@ private void ensureMembersIsMutable() {
      *    If the service account is undeleted, this value reverts to
      *    `serviceAccount:{emailid}` and the undeleted service account retains the
      *    role in the binding.
-     *
      * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a Google group that has been recently
      *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
      *    the group is recovered, this value reverts to `group:{emailid}` and the
      *    recovered group retains the role in the binding.
-     *
-     *
      * * `domain:{domain}`: The G Suite domain (primary) that represents all the
      *    users of that domain. For example, `google.com` or `example.com`.
      * 

@@ -963,8 +942,7 @@ private void ensureMembersIsMutable() {
      * @return A list containing the members.
      */
     public com.google.protobuf.ProtocolStringList getMembersList() {
-      members_.makeImmutable();
-      return members_;
+      return members_.getUnmodifiableView();
     }
     /**
      *
@@ -972,29 +950,21 @@ public com.google.protobuf.ProtocolStringList getMembersList() {
      * 
      * Specifies the principals requesting access for a Cloud Platform resource.
      * `members` can have the following values:
-     *
      * * `allUsers`: A special identifier that represents anyone who is
      *    on the internet; with or without a Google account.
-     *
      * * `allAuthenticatedUsers`: A special identifier that represents anyone
      *    who is authenticated with a Google account or a service account.
-     *
      * * `user:{emailid}`: An email address that represents a specific Google
      *    account. For example, `alice@example.com` .
-     *
-     *
      * * `serviceAccount:{emailid}`: An email address that represents a service
      *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-     *
      * * `group:{emailid}`: An email address that represents a Google group.
      *    For example, `admins@example.com`.
-     *
      * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a user that has been recently deleted. For
      *    example, `alice@example.com?uid=123456789012345678901`. If the user is
      *    recovered, this value reverts to `user:{emailid}` and the recovered user
      *    retains the role in the binding.
-     *
      * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
      *    unique identifier) representing a service account that has been recently
      *    deleted. For example,
@@ -1002,14 +972,11 @@ public com.google.protobuf.ProtocolStringList getMembersList() {
      *    If the service account is undeleted, this value reverts to
      *    `serviceAccount:{emailid}` and the undeleted service account retains the
      *    role in the binding.
-     *
      * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a Google group that has been recently
      *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
      *    the group is recovered, this value reverts to `group:{emailid}` and the
      *    recovered group retains the role in the binding.
-     *
-     *
      * * `domain:{domain}`: The G Suite domain (primary) that represents all the
      *    users of that domain. For example, `google.com` or `example.com`.
      * 

@@ -1027,29 +994,21 @@ public int getMembersCount() {
      * 
      * Specifies the principals requesting access for a Cloud Platform resource.
      * `members` can have the following values:
-     *
      * * `allUsers`: A special identifier that represents anyone who is
      *    on the internet; with or without a Google account.
-     *
      * * `allAuthenticatedUsers`: A special identifier that represents anyone
      *    who is authenticated with a Google account or a service account.
-     *
      * * `user:{emailid}`: An email address that represents a specific Google
      *    account. For example, `alice@example.com` .
-     *
-     *
      * * `serviceAccount:{emailid}`: An email address that represents a service
      *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-     *
      * * `group:{emailid}`: An email address that represents a Google group.
      *    For example, `admins@example.com`.
-     *
      * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a user that has been recently deleted. For
      *    example, `alice@example.com?uid=123456789012345678901`. If the user is
      *    recovered, this value reverts to `user:{emailid}` and the recovered user
      *    retains the role in the binding.
-     *
      * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
      *    unique identifier) representing a service account that has been recently
      *    deleted. For example,
@@ -1057,14 +1016,11 @@ public int getMembersCount() {
      *    If the service account is undeleted, this value reverts to
      *    `serviceAccount:{emailid}` and the undeleted service account retains the
      *    role in the binding.
-     *
      * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a Google group that has been recently
      *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
      *    the group is recovered, this value reverts to `group:{emailid}` and the
      *    recovered group retains the role in the binding.
-     *
-     *
      * * `domain:{domain}`: The G Suite domain (primary) that represents all the
      *    users of that domain. For example, `google.com` or `example.com`.
      * 

@@ -1083,29 +1039,21 @@ public java.lang.String getMembers(int index) {
      * 
      * Specifies the principals requesting access for a Cloud Platform resource.
      * `members` can have the following values:
-     *
      * * `allUsers`: A special identifier that represents anyone who is
      *    on the internet; with or without a Google account.
-     *
      * * `allAuthenticatedUsers`: A special identifier that represents anyone
      *    who is authenticated with a Google account or a service account.
-     *
      * * `user:{emailid}`: An email address that represents a specific Google
      *    account. For example, `alice@example.com` .
-     *
-     *
      * * `serviceAccount:{emailid}`: An email address that represents a service
      *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-     *
      * * `group:{emailid}`: An email address that represents a Google group.
      *    For example, `admins@example.com`.
-     *
      * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a user that has been recently deleted. For
      *    example, `alice@example.com?uid=123456789012345678901`. If the user is
      *    recovered, this value reverts to `user:{emailid}` and the recovered user
      *    retains the role in the binding.
-     *
      * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
      *    unique identifier) representing a service account that has been recently
      *    deleted. For example,
@@ -1113,14 +1061,11 @@ public java.lang.String getMembers(int index) {
      *    If the service account is undeleted, this value reverts to
      *    `serviceAccount:{emailid}` and the undeleted service account retains the
      *    role in the binding.
-     *
      * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a Google group that has been recently
      *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
      *    the group is recovered, this value reverts to `group:{emailid}` and the
      *    recovered group retains the role in the binding.
-     *
-     *
      * * `domain:{domain}`: The G Suite domain (primary) that represents all the
      *    users of that domain. For example, `google.com` or `example.com`.
      * 

@@ -1139,29 +1084,21 @@ public com.google.protobuf.ByteString getMembersBytes(int index) {
      * 
      * Specifies the principals requesting access for a Cloud Platform resource.
      * `members` can have the following values:
-     *
      * * `allUsers`: A special identifier that represents anyone who is
      *    on the internet; with or without a Google account.
-     *
      * * `allAuthenticatedUsers`: A special identifier that represents anyone
      *    who is authenticated with a Google account or a service account.
-     *
      * * `user:{emailid}`: An email address that represents a specific Google
      *    account. For example, `alice@example.com` .
-     *
-     *
      * * `serviceAccount:{emailid}`: An email address that represents a service
      *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-     *
      * * `group:{emailid}`: An email address that represents a Google group.
      *    For example, `admins@example.com`.
-     *
      * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a user that has been recently deleted. For
      *    example, `alice@example.com?uid=123456789012345678901`. If the user is
      *    recovered, this value reverts to `user:{emailid}` and the recovered user
      *    retains the role in the binding.
-     *
      * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
      *    unique identifier) representing a service account that has been recently
      *    deleted. For example,
@@ -1169,14 +1106,11 @@ public com.google.protobuf.ByteString getMembersBytes(int index) {
      *    If the service account is undeleted, this value reverts to
      *    `serviceAccount:{emailid}` and the undeleted service account retains the
      *    role in the binding.
-     *
      * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a Google group that has been recently
      *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
      *    the group is recovered, this value reverts to `group:{emailid}` and the
      *    recovered group retains the role in the binding.
-     *
-     *
      * * `domain:{domain}`: The G Suite domain (primary) that represents all the
      *    users of that domain. For example, `google.com` or `example.com`.
      * 

@@ -1193,7 +1127,6 @@ public Builder setMembers(int index, java.lang.String value) {
       }
       ensureMembersIsMutable();
       members_.set(index, value);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
@@ -1203,29 +1136,21 @@ public Builder setMembers(int index, java.lang.String value) {
      * 
      * Specifies the principals requesting access for a Cloud Platform resource.
      * `members` can have the following values:
-     *
      * * `allUsers`: A special identifier that represents anyone who is
      *    on the internet; with or without a Google account.
-     *
      * * `allAuthenticatedUsers`: A special identifier that represents anyone
      *    who is authenticated with a Google account or a service account.
-     *
      * * `user:{emailid}`: An email address that represents a specific Google
      *    account. For example, `alice@example.com` .
-     *
-     *
      * * `serviceAccount:{emailid}`: An email address that represents a service
      *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-     *
      * * `group:{emailid}`: An email address that represents a Google group.
      *    For example, `admins@example.com`.
-     *
      * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a user that has been recently deleted. For
      *    example, `alice@example.com?uid=123456789012345678901`. If the user is
      *    recovered, this value reverts to `user:{emailid}` and the recovered user
      *    retains the role in the binding.
-     *
      * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
      *    unique identifier) representing a service account that has been recently
      *    deleted. For example,
@@ -1233,14 +1158,11 @@ public Builder setMembers(int index, java.lang.String value) {
      *    If the service account is undeleted, this value reverts to
      *    `serviceAccount:{emailid}` and the undeleted service account retains the
      *    role in the binding.
-     *
      * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a Google group that has been recently
      *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
      *    the group is recovered, this value reverts to `group:{emailid}` and the
      *    recovered group retains the role in the binding.
-     *
-     *
      * * `domain:{domain}`: The G Suite domain (primary) that represents all the
      *    users of that domain. For example, `google.com` or `example.com`.
      * 

@@ -1256,7 +1178,6 @@ public Builder addMembers(java.lang.String value) {
       }
       ensureMembersIsMutable();
       members_.add(value);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
@@ -1266,29 +1187,21 @@ public Builder addMembers(java.lang.String value) {
      * 
      * Specifies the principals requesting access for a Cloud Platform resource.
      * `members` can have the following values:
-     *
      * * `allUsers`: A special identifier that represents anyone who is
      *    on the internet; with or without a Google account.
-     *
      * * `allAuthenticatedUsers`: A special identifier that represents anyone
      *    who is authenticated with a Google account or a service account.
-     *
      * * `user:{emailid}`: An email address that represents a specific Google
      *    account. For example, `alice@example.com` .
-     *
-     *
      * * `serviceAccount:{emailid}`: An email address that represents a service
      *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-     *
      * * `group:{emailid}`: An email address that represents a Google group.
      *    For example, `admins@example.com`.
-     *
      * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a user that has been recently deleted. For
      *    example, `alice@example.com?uid=123456789012345678901`. If the user is
      *    recovered, this value reverts to `user:{emailid}` and the recovered user
      *    retains the role in the binding.
-     *
      * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
      *    unique identifier) representing a service account that has been recently
      *    deleted. For example,
@@ -1296,14 +1209,11 @@ public Builder addMembers(java.lang.String value) {
      *    If the service account is undeleted, this value reverts to
      *    `serviceAccount:{emailid}` and the undeleted service account retains the
      *    role in the binding.
-     *
      * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a Google group that has been recently
      *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
      *    the group is recovered, this value reverts to `group:{emailid}` and the
      *    recovered group retains the role in the binding.
-     *
-     *
      * * `domain:{domain}`: The G Suite domain (primary) that represents all the
      *    users of that domain. For example, `google.com` or `example.com`.
      * 

@@ -1316,7 +1226,6 @@ public Builder addMembers(java.lang.String value) {
     public Builder addAllMembers(java.lang.Iterable values) {
       ensureMembersIsMutable();
       com.google.protobuf.AbstractMessageLite.Builder.addAll(values, members_);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
@@ -1326,29 +1235,21 @@ public Builder addAllMembers(java.lang.Iterable values) {
      * 
      * Specifies the principals requesting access for a Cloud Platform resource.
      * `members` can have the following values:
-     *
      * * `allUsers`: A special identifier that represents anyone who is
      *    on the internet; with or without a Google account.
-     *
      * * `allAuthenticatedUsers`: A special identifier that represents anyone
      *    who is authenticated with a Google account or a service account.
-     *
      * * `user:{emailid}`: An email address that represents a specific Google
      *    account. For example, `alice@example.com` .
-     *
-     *
      * * `serviceAccount:{emailid}`: An email address that represents a service
      *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-     *
      * * `group:{emailid}`: An email address that represents a Google group.
      *    For example, `admins@example.com`.
-     *
      * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a user that has been recently deleted. For
      *    example, `alice@example.com?uid=123456789012345678901`. If the user is
      *    recovered, this value reverts to `user:{emailid}` and the recovered user
      *    retains the role in the binding.
-     *
      * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
      *    unique identifier) representing a service account that has been recently
      *    deleted. For example,
@@ -1356,14 +1257,11 @@ public Builder addAllMembers(java.lang.Iterable values) {
      *    If the service account is undeleted, this value reverts to
      *    `serviceAccount:{emailid}` and the undeleted service account retains the
      *    role in the binding.
-     *
      * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a Google group that has been recently
      *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
      *    the group is recovered, this value reverts to `group:{emailid}` and the
      *    recovered group retains the role in the binding.
-     *
-     *
      * * `domain:{domain}`: The G Suite domain (primary) that represents all the
      *    users of that domain. For example, `google.com` or `example.com`.
      * 

@@ -1373,9 +1271,8 @@ public Builder addAllMembers(java.lang.Iterable values) {
      * @return This builder for chaining.
      */
     public Builder clearMembers() {
-      members_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      members_ = com.google.protobuf.LazyStringArrayList.EMPTY;
       bitField0_ = (bitField0_ & ~0x00000002);
-      ;
       onChanged();
       return this;
     }
@@ -1385,29 +1282,21 @@ public Builder clearMembers() {
      * 
      * Specifies the principals requesting access for a Cloud Platform resource.
      * `members` can have the following values:
-     *
      * * `allUsers`: A special identifier that represents anyone who is
      *    on the internet; with or without a Google account.
-     *
      * * `allAuthenticatedUsers`: A special identifier that represents anyone
      *    who is authenticated with a Google account or a service account.
-     *
      * * `user:{emailid}`: An email address that represents a specific Google
      *    account. For example, `alice@example.com` .
-     *
-     *
      * * `serviceAccount:{emailid}`: An email address that represents a service
      *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-     *
      * * `group:{emailid}`: An email address that represents a Google group.
      *    For example, `admins@example.com`.
-     *
      * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a user that has been recently deleted. For
      *    example, `alice@example.com?uid=123456789012345678901`. If the user is
      *    recovered, this value reverts to `user:{emailid}` and the recovered user
      *    retains the role in the binding.
-     *
      * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
      *    unique identifier) representing a service account that has been recently
      *    deleted. For example,
@@ -1415,14 +1304,11 @@ public Builder clearMembers() {
      *    If the service account is undeleted, this value reverts to
      *    `serviceAccount:{emailid}` and the undeleted service account retains the
      *    role in the binding.
-     *
      * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
      *    identifier) representing a Google group that has been recently
      *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
      *    the group is recovered, this value reverts to `group:{emailid}` and the
      *    recovered group retains the role in the binding.
-     *
-     *
      * * `domain:{domain}`: The G Suite domain (primary) that represents all the
      *    users of that domain. For example, `google.com` or `example.com`.
      * 

@@ -1439,7 +1325,6 @@ public Builder addMembersBytes(com.google.protobuf.ByteString value) {
       checkByteStringIsUtf8(value);
       ensureMembersIsMutable();
       members_.add(value);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
@@ -1453,14 +1338,11 @@ public Builder addMembersBytes(com.google.protobuf.ByteString value) {
      *
      * 
      * The condition that is associated with this binding.
-     *
      * If the condition evaluates to `true`, then this binding applies to the
      * current request.
-     *
      * If the condition evaluates to `false`, then this binding does not apply to
      * the current request. However, a different role binding might grant the same
      * role to one or more of the principals in this binding.
-     *
      * To learn which resources support conditions in their IAM policies, see the
      * [IAM
      * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -1478,14 +1360,11 @@ public boolean hasCondition() {
      *
      * 
      * The condition that is associated with this binding.
-     *
      * If the condition evaluates to `true`, then this binding applies to the
      * current request.
-     *
      * If the condition evaluates to `false`, then this binding does not apply to
      * the current request. However, a different role binding might grant the same
      * role to one or more of the principals in this binding.
-     *
      * To learn which resources support conditions in their IAM policies, see the
      * [IAM
      * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -1507,14 +1386,11 @@ public com.google.type.Expr getCondition() {
      *
      * 
      * The condition that is associated with this binding.
-     *
      * If the condition evaluates to `true`, then this binding applies to the
      * current request.
-     *
      * If the condition evaluates to `false`, then this binding does not apply to
      * the current request. However, a different role binding might grant the same
      * role to one or more of the principals in this binding.
-     *
      * To learn which resources support conditions in their IAM policies, see the
      * [IAM
      * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -1540,14 +1416,11 @@ public Builder setCondition(com.google.type.Expr value) {
      *
      * 
      * The condition that is associated with this binding.
-     *
      * If the condition evaluates to `true`, then this binding applies to the
      * current request.
-     *
      * If the condition evaluates to `false`, then this binding does not apply to
      * the current request. However, a different role binding might grant the same
      * role to one or more of the principals in this binding.
-     *
      * To learn which resources support conditions in their IAM policies, see the
      * [IAM
      * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -1570,14 +1443,11 @@ public Builder setCondition(com.google.type.Expr.Builder builderForValue) {
      *
      * 
      * The condition that is associated with this binding.
-     *
      * If the condition evaluates to `true`, then this binding applies to the
      * current request.
-     *
      * If the condition evaluates to `false`, then this binding does not apply to
      * the current request. However, a different role binding might grant the same
      * role to one or more of the principals in this binding.
-     *
      * To learn which resources support conditions in their IAM policies, see the
      * [IAM
      * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -1606,14 +1476,11 @@ public Builder mergeCondition(com.google.type.Expr value) {
      *
      * 
      * The condition that is associated with this binding.
-     *
      * If the condition evaluates to `true`, then this binding applies to the
      * current request.
-     *
      * If the condition evaluates to `false`, then this binding does not apply to
      * the current request. However, a different role binding might grant the same
      * role to one or more of the principals in this binding.
-     *
      * To learn which resources support conditions in their IAM policies, see the
      * [IAM
      * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -1636,14 +1503,11 @@ public Builder clearCondition() {
      *
      * 
      * The condition that is associated with this binding.
-     *
      * If the condition evaluates to `true`, then this binding applies to the
      * current request.
-     *
      * If the condition evaluates to `false`, then this binding does not apply to
      * the current request. However, a different role binding might grant the same
      * role to one or more of the principals in this binding.
-     *
      * To learn which resources support conditions in their IAM policies, see the
      * [IAM
      * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -1661,14 +1525,11 @@ public com.google.type.Expr.Builder getConditionBuilder() {
      *
      * 
      * The condition that is associated with this binding.
-     *
      * If the condition evaluates to `true`, then this binding applies to the
      * current request.
-     *
      * If the condition evaluates to `false`, then this binding does not apply to
      * the current request. However, a different role binding might grant the same
      * role to one or more of the principals in this binding.
-     *
      * To learn which resources support conditions in their IAM policies, see the
      * [IAM
      * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -1688,14 +1549,11 @@ public com.google.type.ExprOrBuilder getConditionOrBuilder() {
      *
      * 
      * The condition that is associated with this binding.
-     *
      * If the condition evaluates to `true`, then this binding applies to the
      * current request.
-     *
      * If the condition evaluates to `false`, then this binding does not apply to
      * the current request. However, a different role binding might grant the same
      * role to one or more of the principals in this binding.
-     *
      * To learn which resources support conditions in their IAM policies, see the
      * [IAM
      * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/BindingDelta.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/BindingDelta.java
index 49334ca531..340980bdfc 100644
--- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/BindingDelta.java
+++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/BindingDelta.java
@@ -50,6 +50,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new BindingDelta();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v1.PolicyProto.internal_static_google_iam_v1_BindingDelta_descriptor;
   }
@@ -696,6 +701,39 @@ private void buildPartial0(com.google.iam.v1.BindingDelta result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v1.BindingDelta) {
diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/BindingOrBuilder.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/BindingOrBuilder.java
index db97e10030..b5e660fa3a 100644
--- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/BindingOrBuilder.java
+++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/BindingOrBuilder.java
@@ -56,29 +56,21 @@ public interface BindingOrBuilder
    * 
    * Specifies the principals requesting access for a Cloud Platform resource.
    * `members` can have the following values:
-   *
    * * `allUsers`: A special identifier that represents anyone who is
    *    on the internet; with or without a Google account.
-   *
    * * `allAuthenticatedUsers`: A special identifier that represents anyone
    *    who is authenticated with a Google account or a service account.
-   *
    * * `user:{emailid}`: An email address that represents a specific Google
    *    account. For example, `alice@example.com` .
-   *
-   *
    * * `serviceAccount:{emailid}`: An email address that represents a service
    *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-   *
    * * `group:{emailid}`: An email address that represents a Google group.
    *    For example, `admins@example.com`.
-   *
    * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a user that has been recently deleted. For
    *    example, `alice@example.com?uid=123456789012345678901`. If the user is
    *    recovered, this value reverts to `user:{emailid}` and the recovered user
    *    retains the role in the binding.
-   *
    * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
    *    unique identifier) representing a service account that has been recently
    *    deleted. For example,
@@ -86,14 +78,11 @@ public interface BindingOrBuilder
    *    If the service account is undeleted, this value reverts to
    *    `serviceAccount:{emailid}` and the undeleted service account retains the
    *    role in the binding.
-   *
    * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a Google group that has been recently
    *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
    *    the group is recovered, this value reverts to `group:{emailid}` and the
    *    recovered group retains the role in the binding.
-   *
-   *
    * * `domain:{domain}`: The G Suite domain (primary) that represents all the
    *    users of that domain. For example, `google.com` or `example.com`.
    * 

@@ -109,29 +98,21 @@ public interface BindingOrBuilder
    * 
    * Specifies the principals requesting access for a Cloud Platform resource.
    * `members` can have the following values:
-   *
    * * `allUsers`: A special identifier that represents anyone who is
    *    on the internet; with or without a Google account.
-   *
    * * `allAuthenticatedUsers`: A special identifier that represents anyone
    *    who is authenticated with a Google account or a service account.
-   *
    * * `user:{emailid}`: An email address that represents a specific Google
    *    account. For example, `alice@example.com` .
-   *
-   *
    * * `serviceAccount:{emailid}`: An email address that represents a service
    *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-   *
    * * `group:{emailid}`: An email address that represents a Google group.
    *    For example, `admins@example.com`.
-   *
    * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a user that has been recently deleted. For
    *    example, `alice@example.com?uid=123456789012345678901`. If the user is
    *    recovered, this value reverts to `user:{emailid}` and the recovered user
    *    retains the role in the binding.
-   *
    * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
    *    unique identifier) representing a service account that has been recently
    *    deleted. For example,
@@ -139,14 +120,11 @@ public interface BindingOrBuilder
    *    If the service account is undeleted, this value reverts to
    *    `serviceAccount:{emailid}` and the undeleted service account retains the
    *    role in the binding.
-   *
    * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a Google group that has been recently
    *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
    *    the group is recovered, this value reverts to `group:{emailid}` and the
    *    recovered group retains the role in the binding.
-   *
-   *
    * * `domain:{domain}`: The G Suite domain (primary) that represents all the
    *    users of that domain. For example, `google.com` or `example.com`.
    * 

@@ -162,29 +140,21 @@ public interface BindingOrBuilder
    * 
    * Specifies the principals requesting access for a Cloud Platform resource.
    * `members` can have the following values:
-   *
    * * `allUsers`: A special identifier that represents anyone who is
    *    on the internet; with or without a Google account.
-   *
    * * `allAuthenticatedUsers`: A special identifier that represents anyone
    *    who is authenticated with a Google account or a service account.
-   *
    * * `user:{emailid}`: An email address that represents a specific Google
    *    account. For example, `alice@example.com` .
-   *
-   *
    * * `serviceAccount:{emailid}`: An email address that represents a service
    *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-   *
    * * `group:{emailid}`: An email address that represents a Google group.
    *    For example, `admins@example.com`.
-   *
    * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a user that has been recently deleted. For
    *    example, `alice@example.com?uid=123456789012345678901`. If the user is
    *    recovered, this value reverts to `user:{emailid}` and the recovered user
    *    retains the role in the binding.
-   *
    * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
    *    unique identifier) representing a service account that has been recently
    *    deleted. For example,
@@ -192,14 +162,11 @@ public interface BindingOrBuilder
    *    If the service account is undeleted, this value reverts to
    *    `serviceAccount:{emailid}` and the undeleted service account retains the
    *    role in the binding.
-   *
    * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a Google group that has been recently
    *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
    *    the group is recovered, this value reverts to `group:{emailid}` and the
    *    recovered group retains the role in the binding.
-   *
-   *
    * * `domain:{domain}`: The G Suite domain (primary) that represents all the
    *    users of that domain. For example, `google.com` or `example.com`.
    * 

@@ -216,29 +183,21 @@ public interface BindingOrBuilder
    * 
    * Specifies the principals requesting access for a Cloud Platform resource.
    * `members` can have the following values:
-   *
    * * `allUsers`: A special identifier that represents anyone who is
    *    on the internet; with or without a Google account.
-   *
    * * `allAuthenticatedUsers`: A special identifier that represents anyone
    *    who is authenticated with a Google account or a service account.
-   *
    * * `user:{emailid}`: An email address that represents a specific Google
    *    account. For example, `alice@example.com` .
-   *
-   *
    * * `serviceAccount:{emailid}`: An email address that represents a service
    *    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-   *
    * * `group:{emailid}`: An email address that represents a Google group.
    *    For example, `admins@example.com`.
-   *
    * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a user that has been recently deleted. For
    *    example, `alice@example.com?uid=123456789012345678901`. If the user is
    *    recovered, this value reverts to `user:{emailid}` and the recovered user
    *    retains the role in the binding.
-   *
    * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
    *    unique identifier) representing a service account that has been recently
    *    deleted. For example,
@@ -246,14 +205,11 @@ public interface BindingOrBuilder
    *    If the service account is undeleted, this value reverts to
    *    `serviceAccount:{emailid}` and the undeleted service account retains the
    *    role in the binding.
-   *
    * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
    *    identifier) representing a Google group that has been recently
    *    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
    *    the group is recovered, this value reverts to `group:{emailid}` and the
    *    recovered group retains the role in the binding.
-   *
-   *
    * * `domain:{domain}`: The G Suite domain (primary) that represents all the
    *    users of that domain. For example, `google.com` or `example.com`.
    * 

@@ -270,14 +226,11 @@ public interface BindingOrBuilder
    *
    * 
    * The condition that is associated with this binding.
-   *
    * If the condition evaluates to `true`, then this binding applies to the
    * current request.
-   *
    * If the condition evaluates to `false`, then this binding does not apply to
    * the current request. However, a different role binding might grant the same
    * role to one or more of the principals in this binding.
-   *
    * To learn which resources support conditions in their IAM policies, see the
    * [IAM
    * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -293,14 +246,11 @@ public interface BindingOrBuilder
    *
    * 
    * The condition that is associated with this binding.
-   *
    * If the condition evaluates to `true`, then this binding applies to the
    * current request.
-   *
    * If the condition evaluates to `false`, then this binding does not apply to
    * the current request. However, a different role binding might grant the same
    * role to one or more of the principals in this binding.
-   *
    * To learn which resources support conditions in their IAM policies, see the
    * [IAM
    * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -316,14 +266,11 @@ public interface BindingOrBuilder
    *
    * 
    * The condition that is associated with this binding.
-   *
    * If the condition evaluates to `true`, then this binding applies to the
    * current request.
-   *
    * If the condition evaluates to `false`, then this binding does not apply to
    * the current request. However, a different role binding might grant the same
    * role to one or more of the principals in this binding.
-   *
    * To learn which resources support conditions in their IAM policies, see the
    * [IAM
    * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/GetIamPolicyRequest.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/GetIamPolicyRequest.java
index 7a3fb09423..532f56549c 100644
--- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/GetIamPolicyRequest.java
+++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/GetIamPolicyRequest.java
@@ -47,6 +47,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new GetIamPolicyRequest();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v1.IamPolicyProto
         .internal_static_google_iam_v1_GetIamPolicyRequest_descriptor;
@@ -428,6 +433,39 @@ private void buildPartial0(com.google.iam.v1.GetIamPolicyRequest result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v1.GetIamPolicyRequest) {
diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/GetPolicyOptions.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/GetPolicyOptions.java
index b4e03b62c7..9484d8801c 100644
--- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/GetPolicyOptions.java
+++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/GetPolicyOptions.java
@@ -45,6 +45,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new GetPolicyOptions();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v1.OptionsProto.internal_static_google_iam_v1_GetPolicyOptions_descriptor;
   }
@@ -67,19 +72,15 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    * 
    * Optional. The maximum policy version that will be used to format the
    * policy.
-   *
    * Valid values are 0, 1, and 3. Requests specifying an invalid value will be
    * rejected.
-   *
    * Requests for policies with any conditional role bindings must specify
    * version 3. Policies with no conditional role bindings may specify any valid
    * value or leave the field unset.
-   *
    * The policy in the response might use the policy version that you specified,
    * or it might use a lower policy version. For example, if you specify version
    * 3, but the policy has no conditional role bindings, the response uses
    * version 1.
-   *
    * To learn which resources support conditions in their IAM policies, see the
    * [IAM
    * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -331,6 +332,39 @@ private void buildPartial0(com.google.iam.v1.GetPolicyOptions result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v1.GetPolicyOptions) {
@@ -404,19 +438,15 @@ public Builder mergeFrom(
      * 
      * Optional. The maximum policy version that will be used to format the
      * policy.
-     *
      * Valid values are 0, 1, and 3. Requests specifying an invalid value will be
      * rejected.
-     *
      * Requests for policies with any conditional role bindings must specify
      * version 3. Policies with no conditional role bindings may specify any valid
      * value or leave the field unset.
-     *
      * The policy in the response might use the policy version that you specified,
      * or it might use a lower policy version. For example, if you specify version
      * 3, but the policy has no conditional role bindings, the response uses
      * version 1.
-     *
      * To learn which resources support conditions in their IAM policies, see the
      * [IAM
      * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -436,19 +466,15 @@ public int getRequestedPolicyVersion() {
      * 
      * Optional. The maximum policy version that will be used to format the
      * policy.
-     *
      * Valid values are 0, 1, and 3. Requests specifying an invalid value will be
      * rejected.
-     *
      * Requests for policies with any conditional role bindings must specify
      * version 3. Policies with no conditional role bindings may specify any valid
      * value or leave the field unset.
-     *
      * The policy in the response might use the policy version that you specified,
      * or it might use a lower policy version. For example, if you specify version
      * 3, but the policy has no conditional role bindings, the response uses
      * version 1.
-     *
      * To learn which resources support conditions in their IAM policies, see the
      * [IAM
      * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -472,19 +498,15 @@ public Builder setRequestedPolicyVersion(int value) {
      * 
      * Optional. The maximum policy version that will be used to format the
      * policy.
-     *
      * Valid values are 0, 1, and 3. Requests specifying an invalid value will be
      * rejected.
-     *
      * Requests for policies with any conditional role bindings must specify
      * version 3. Policies with no conditional role bindings may specify any valid
      * value or leave the field unset.
-     *
      * The policy in the response might use the policy version that you specified,
      * or it might use a lower policy version. For example, if you specify version
      * 3, but the policy has no conditional role bindings, the response uses
      * version 1.
-     *
      * To learn which resources support conditions in their IAM policies, see the
      * [IAM
      * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/GetPolicyOptionsOrBuilder.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/GetPolicyOptionsOrBuilder.java
index e93425ad57..1cd51a9971 100644
--- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/GetPolicyOptionsOrBuilder.java
+++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/GetPolicyOptionsOrBuilder.java
@@ -29,19 +29,15 @@ public interface GetPolicyOptionsOrBuilder
    * 
    * Optional. The maximum policy version that will be used to format the
    * policy.
-   *
    * Valid values are 0, 1, and 3. Requests specifying an invalid value will be
    * rejected.
-   *
    * Requests for policies with any conditional role bindings must specify
    * version 3. Policies with no conditional role bindings may specify any valid
    * value or leave the field unset.
-   *
    * The policy in the response might use the policy version that you specified,
    * or it might use a lower policy version. For example, if you specify version
    * 3, but the policy has no conditional role bindings, the response uses
    * version 1.
-   *
    * To learn which resources support conditions in their IAM policies, see the
    * [IAM
    * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/IamPolicyProto.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/IamPolicyProto.java
index a61d0e275d..e1a3a44398 100644
--- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/IamPolicyProto.java
+++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/IamPolicyProto.java
@@ -58,31 +58,31 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
           + "_behavior.proto\032\031google/api/resource.pro"
           + "to\032\033google/iam/v1/options.proto\032\032google/"
           + "iam/v1/policy.proto\032 google/protobuf/fie"
-          + "ld_mask.proto\"\221\001\n\023SetIamPolicyRequest\022\034\n"
-          + "\010resource\030\001 \001(\tB\n\342A\001\002\372A\003\n\001*\022+\n\006policy\030\002 "
-          + "\001(\0132\025.google.iam.v1.PolicyB\004\342A\001\002\022/\n\013upda"
-          + "te_mask\030\003 \001(\0132\032.google.protobuf.FieldMas"
-          + "k\"e\n\023GetIamPolicyRequest\022\034\n\010resource\030\001 \001"
-          + "(\tB\n\342A\001\002\372A\003\n\001*\0220\n\007options\030\002 \001(\0132\037.google"
-          + ".iam.v1.GetPolicyOptions\"T\n\031TestIamPermi"
-          + "ssionsRequest\022\034\n\010resource\030\001 \001(\tB\n\342A\001\002\372A\003"
-          + "\n\001*\022\031\n\013permissions\030\002 \003(\tB\004\342A\001\002\"1\n\032TestIa"
-          + "mPermissionsResponse\022\023\n\013permissions\030\001 \003("
-          + "\t2\264\003\n\tIAMPolicy\022t\n\014SetIamPolicy\022\".google"
-          + ".iam.v1.SetIamPolicyRequest\032\025.google.iam"
-          + ".v1.Policy\")\202\323\344\223\002#\"\036/v1/{resource=**}:se"
-          + "tIamPolicy:\001*\022t\n\014GetIamPolicy\022\".google.i"
-          + "am.v1.GetIamPolicyRequest\032\025.google.iam.v"
-          + "1.Policy\")\202\323\344\223\002#\"\036/v1/{resource=**}:getI"
-          + "amPolicy:\001*\022\232\001\n\022TestIamPermissions\022(.goo"
-          + "gle.iam.v1.TestIamPermissionsRequest\032).g"
-          + "oogle.iam.v1.TestIamPermissionsResponse\""
-          + "/\202\323\344\223\002)\"$/v1/{resource=**}:testIamPermis"
-          + "sions:\001*\032\036\312A\033iam-meta-api.googleapis.com"
-          + "B\177\n\021com.google.iam.v1B\016IamPolicyProtoP\001Z"
-          + ")cloud.google.com/go/iam/apiv1/iampb;iam"
-          + "pb\370\001\001\252\002\023Google.Cloud.Iam.V1\312\002\023Google\\Clo"
-          + "ud\\Iam\\V1b\006proto3"
+          + "ld_mask.proto\"\217\001\n\023SetIamPolicyRequest\022\033\n"
+          + "\010resource\030\001 \001(\tB\t\340A\002\372A\003\n\001*\022*\n\006policy\030\002 \001"
+          + "(\0132\025.google.iam.v1.PolicyB\003\340A\002\022/\n\013update"
+          + "_mask\030\003 \001(\0132\032.google.protobuf.FieldMask\""
+          + "d\n\023GetIamPolicyRequest\022\033\n\010resource\030\001 \001(\t"
+          + "B\t\340A\002\372A\003\n\001*\0220\n\007options\030\002 \001(\0132\037.google.ia"
+          + "m.v1.GetPolicyOptions\"R\n\031TestIamPermissi"
+          + "onsRequest\022\033\n\010resource\030\001 \001(\tB\t\340A\002\372A\003\n\001*\022"
+          + "\030\n\013permissions\030\002 \003(\tB\003\340A\002\"1\n\032TestIamPerm"
+          + "issionsResponse\022\023\n\013permissions\030\001 \003(\t2\264\003\n"
+          + "\tIAMPolicy\022t\n\014SetIamPolicy\022\".google.iam."
+          + "v1.SetIamPolicyRequest\032\025.google.iam.v1.P"
+          + "olicy\")\202\323\344\223\002#\"\036/v1/{resource=**}:setIamP"
+          + "olicy:\001*\022t\n\014GetIamPolicy\022\".google.iam.v1"
+          + ".GetIamPolicyRequest\032\025.google.iam.v1.Pol"
+          + "icy\")\202\323\344\223\002#\"\036/v1/{resource=**}:getIamPol"
+          + "icy:\001*\022\232\001\n\022TestIamPermissions\022(.google.i"
+          + "am.v1.TestIamPermissionsRequest\032).google"
+          + ".iam.v1.TestIamPermissionsResponse\"/\202\323\344\223"
+          + "\002)\"$/v1/{resource=**}:testIamPermissions"
+          + ":\001*\032\036\312A\033iam-meta-api.googleapis.comB\177\n\021c"
+          + "om.google.iam.v1B\016IamPolicyProtoP\001Z)clou"
+          + "d.google.com/go/iam/apiv1/iampb;iampb\370\001\001"
+          + "\252\002\023Google.Cloud.Iam.V1\312\002\023Google\\Cloud\\Ia"
+          + "m\\V1b\006proto3"
     };
     descriptor =
         com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/Policy.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/Policy.java
index 07c896a20e..7f658f2af0 100644
--- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/Policy.java
+++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/Policy.java
@@ -24,14 +24,11 @@
  * 
  * An Identity and Access Management (IAM) policy, which specifies access
  * controls for Google Cloud resources.
- *
- *
  * A `Policy` is a collection of `bindings`. A `binding` binds one or more
  * `members`, or principals, to a single `role`. Principals can be user
  * accounts, service accounts, Google groups, and domains (such as G Suite). A
  * `role` is a named list of permissions; each `role` can be an IAM predefined
  * role or a user-created custom role.
- *
  * For some types of Google Cloud resources, a `binding` can also specify a
  * `condition`, which is a logical expression that allows access to a resource
  * only if the expression evaluates to `true`. A condition can add constraints
@@ -39,9 +36,7 @@
  * resources support conditions in their IAM policies, see the
  * [IAM
  * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
- *
  * **JSON example:**
- *
  *     {
  *       "bindings": [
  *         {
@@ -69,9 +64,7 @@
  *       "etag": "BwWWja0YfJA=",
  *       "version": 3
  *     }
- *
  * **YAML example:**
- *
  *     bindings:
  *     - members:
  *       - user:mike@example.com
@@ -88,7 +81,6 @@
  *         expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
  *     etag: BwWWja0YfJA=
  *     version: 3
- *
  * For a description of IAM and its features, see the
  * [IAM documentation](https://cloud.google.com/iam/docs/).
  * 

@@ -117,6 +109,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new Policy();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v1.PolicyProto.internal_static_google_iam_v1_Policy_descriptor;
   }
@@ -136,27 +133,21 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    * 
    * Specifies the format of the policy.
-   *
    * Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
    * are rejected.
-   *
    * Any operation that affects conditional role bindings must specify version
    * `3`. This requirement applies to the following operations:
-   *
    * * Getting a policy that includes a conditional role binding
    * * Adding a conditional role binding to a policy
    * * Changing a conditional role binding in a policy
    * * Removing any role binding, with or without a condition, from a policy
    *   that includes conditions
-   *
    * **Important:** If you use IAM Conditions, you must include the `etag` field
    * whenever you call `setIamPolicy`. If you omit this field, then IAM allows
    * you to overwrite a version `3` policy with a version `1` policy, and all of
    * the conditions in the version `3` policy are lost.
-   *
    * If a policy does not include any conditions, operations on that policy may
    * specify any valid version or leave the field unset.
-   *
    * To learn which resources support conditions in their IAM policies, see the
    * [IAM
    * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -182,7 +173,6 @@ public int getVersion() {
    * Associates a list of `members`, or principals, with a `role`. Optionally,
    * may specify a `condition` that determines how and when the `bindings` are
    * applied. Each of the `bindings` must contain at least one principal.
-   *
    * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
    * of these principals can be Google groups. Each occurrence of a principal
    * counts towards these limits. For example, if the `bindings` grant 50
@@ -204,7 +194,6 @@ public java.util.List getBindingsList() {
    * Associates a list of `members`, or principals, with a `role`. Optionally,
    * may specify a `condition` that determines how and when the `bindings` are
    * applied. Each of the `bindings` must contain at least one principal.
-   *
    * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
    * of these principals can be Google groups. Each occurrence of a principal
    * counts towards these limits. For example, if the `bindings` grant 50
@@ -226,7 +215,6 @@ public java.util.List getBindingsO
    * Associates a list of `members`, or principals, with a `role`. Optionally,
    * may specify a `condition` that determines how and when the `bindings` are
    * applied. Each of the `bindings` must contain at least one principal.
-   *
    * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
    * of these principals can be Google groups. Each occurrence of a principal
    * counts towards these limits. For example, if the `bindings` grant 50
@@ -248,7 +236,6 @@ public int getBindingsCount() {
    * Associates a list of `members`, or principals, with a `role`. Optionally,
    * may specify a `condition` that determines how and when the `bindings` are
    * applied. Each of the `bindings` must contain at least one principal.
-   *
    * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
    * of these principals can be Google groups. Each occurrence of a principal
    * counts towards these limits. For example, if the `bindings` grant 50
@@ -270,7 +257,6 @@ public com.google.iam.v1.Binding getBindings(int index) {
    * Associates a list of `members`, or principals, with a `role`. Optionally,
    * may specify a `condition` that determines how and when the `bindings` are
    * applied. Each of the `bindings` must contain at least one principal.
-   *
    * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
    * of these principals can be Google groups. Each occurrence of a principal
    * counts towards these limits. For example, if the `bindings` grant 50
@@ -370,7 +356,6 @@ public com.google.iam.v1.AuditConfigOrBuilder getAuditConfigsOrBuilder(int index
    * conditions: An `etag` is returned in the response to `getIamPolicy`, and
    * systems are expected to put that etag in the request to `setIamPolicy` to
    * ensure that their change will be applied to the same version of the policy.
-   *
    * **Important:** If you use IAM Conditions, you must include the `etag` field
    * whenever you call `setIamPolicy`. If you omit this field, then IAM allows
    * you to overwrite a version `3` policy with a version `1` policy, and all of
@@ -580,14 +565,11 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build
    * 
    * An Identity and Access Management (IAM) policy, which specifies access
    * controls for Google Cloud resources.
-   *
-   *
    * A `Policy` is a collection of `bindings`. A `binding` binds one or more
    * `members`, or principals, to a single `role`. Principals can be user
    * accounts, service accounts, Google groups, and domains (such as G Suite). A
    * `role` is a named list of permissions; each `role` can be an IAM predefined
    * role or a user-created custom role.
-   *
    * For some types of Google Cloud resources, a `binding` can also specify a
    * `condition`, which is a logical expression that allows access to a resource
    * only if the expression evaluates to `true`. A condition can add constraints
@@ -595,9 +577,7 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build
    * resources support conditions in their IAM policies, see the
    * [IAM
    * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
-   *
    * **JSON example:**
-   *
    *     {
    *       "bindings": [
    *         {
@@ -625,9 +605,7 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build
    *       "etag": "BwWWja0YfJA=",
    *       "version": 3
    *     }
-   *
    * **YAML example:**
-   *
    *     bindings:
    *     - members:
    *       - user:mike@example.com
@@ -644,7 +622,6 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build
    *         expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
    *     etag: BwWWja0YfJA=
    *     version: 3
-   *
    * For a description of IAM and its features, see the
    * [IAM documentation](https://cloud.google.com/iam/docs/).
    * 

@@ -758,6 +735,39 @@ private void buildPartial0(com.google.iam.v1.Policy result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v1.Policy) {
@@ -917,27 +927,21 @@ public Builder mergeFrom(
      *
      * 
      * Specifies the format of the policy.
-     *
      * Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
      * are rejected.
-     *
      * Any operation that affects conditional role bindings must specify version
      * `3`. This requirement applies to the following operations:
-     *
      * * Getting a policy that includes a conditional role binding
      * * Adding a conditional role binding to a policy
      * * Changing a conditional role binding in a policy
      * * Removing any role binding, with or without a condition, from a policy
      *   that includes conditions
-     *
      * **Important:** If you use IAM Conditions, you must include the `etag` field
      * whenever you call `setIamPolicy`. If you omit this field, then IAM allows
      * you to overwrite a version `3` policy with a version `1` policy, and all of
      * the conditions in the version `3` policy are lost.
-     *
      * If a policy does not include any conditions, operations on that policy may
      * specify any valid version or leave the field unset.
-     *
      * To learn which resources support conditions in their IAM policies, see the
      * [IAM
      * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -956,27 +960,21 @@ public int getVersion() {
      *
      * 
      * Specifies the format of the policy.
-     *
      * Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
      * are rejected.
-     *
      * Any operation that affects conditional role bindings must specify version
      * `3`. This requirement applies to the following operations:
-     *
      * * Getting a policy that includes a conditional role binding
      * * Adding a conditional role binding to a policy
      * * Changing a conditional role binding in a policy
      * * Removing any role binding, with or without a condition, from a policy
      *   that includes conditions
-     *
      * **Important:** If you use IAM Conditions, you must include the `etag` field
      * whenever you call `setIamPolicy`. If you omit this field, then IAM allows
      * you to overwrite a version `3` policy with a version `1` policy, and all of
      * the conditions in the version `3` policy are lost.
-     *
      * If a policy does not include any conditions, operations on that policy may
      * specify any valid version or leave the field unset.
-     *
      * To learn which resources support conditions in their IAM policies, see the
      * [IAM
      * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -999,27 +997,21 @@ public Builder setVersion(int value) {
      *
      * 
      * Specifies the format of the policy.
-     *
      * Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
      * are rejected.
-     *
      * Any operation that affects conditional role bindings must specify version
      * `3`. This requirement applies to the following operations:
-     *
      * * Getting a policy that includes a conditional role binding
      * * Adding a conditional role binding to a policy
      * * Changing a conditional role binding in a policy
      * * Removing any role binding, with or without a condition, from a policy
      *   that includes conditions
-     *
      * **Important:** If you use IAM Conditions, you must include the `etag` field
      * whenever you call `setIamPolicy`. If you omit this field, then IAM allows
      * you to overwrite a version `3` policy with a version `1` policy, and all of
      * the conditions in the version `3` policy are lost.
-     *
      * If a policy does not include any conditions, operations on that policy may
      * specify any valid version or leave the field unset.
-     *
      * To learn which resources support conditions in their IAM policies, see the
      * [IAM
      * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -1058,7 +1050,6 @@ private void ensureBindingsIsMutable() {
      * Associates a list of `members`, or principals, with a `role`. Optionally,
      * may specify a `condition` that determines how and when the `bindings` are
      * applied. Each of the `bindings` must contain at least one principal.
-     *
      * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
      * of these principals can be Google groups. Each occurrence of a principal
      * counts towards these limits. For example, if the `bindings` grant 50
@@ -1083,7 +1074,6 @@ public java.util.List getBindingsList() {
      * Associates a list of `members`, or principals, with a `role`. Optionally,
      * may specify a `condition` that determines how and when the `bindings` are
      * applied. Each of the `bindings` must contain at least one principal.
-     *
      * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
      * of these principals can be Google groups. Each occurrence of a principal
      * counts towards these limits. For example, if the `bindings` grant 50
@@ -1108,7 +1098,6 @@ public int getBindingsCount() {
      * Associates a list of `members`, or principals, with a `role`. Optionally,
      * may specify a `condition` that determines how and when the `bindings` are
      * applied. Each of the `bindings` must contain at least one principal.
-     *
      * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
      * of these principals can be Google groups. Each occurrence of a principal
      * counts towards these limits. For example, if the `bindings` grant 50
@@ -1133,7 +1122,6 @@ public com.google.iam.v1.Binding getBindings(int index) {
      * Associates a list of `members`, or principals, with a `role`. Optionally,
      * may specify a `condition` that determines how and when the `bindings` are
      * applied. Each of the `bindings` must contain at least one principal.
-     *
      * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
      * of these principals can be Google groups. Each occurrence of a principal
      * counts towards these limits. For example, if the `bindings` grant 50
@@ -1164,7 +1152,6 @@ public Builder setBindings(int index, com.google.iam.v1.Binding value) {
      * Associates a list of `members`, or principals, with a `role`. Optionally,
      * may specify a `condition` that determines how and when the `bindings` are
      * applied. Each of the `bindings` must contain at least one principal.
-     *
      * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
      * of these principals can be Google groups. Each occurrence of a principal
      * counts towards these limits. For example, if the `bindings` grant 50
@@ -1192,7 +1179,6 @@ public Builder setBindings(int index, com.google.iam.v1.Binding.Builder builderF
      * Associates a list of `members`, or principals, with a `role`. Optionally,
      * may specify a `condition` that determines how and when the `bindings` are
      * applied. Each of the `bindings` must contain at least one principal.
-     *
      * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
      * of these principals can be Google groups. Each occurrence of a principal
      * counts towards these limits. For example, if the `bindings` grant 50
@@ -1223,7 +1209,6 @@ public Builder addBindings(com.google.iam.v1.Binding value) {
      * Associates a list of `members`, or principals, with a `role`. Optionally,
      * may specify a `condition` that determines how and when the `bindings` are
      * applied. Each of the `bindings` must contain at least one principal.
-     *
      * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
      * of these principals can be Google groups. Each occurrence of a principal
      * counts towards these limits. For example, if the `bindings` grant 50
@@ -1254,7 +1239,6 @@ public Builder addBindings(int index, com.google.iam.v1.Binding value) {
      * Associates a list of `members`, or principals, with a `role`. Optionally,
      * may specify a `condition` that determines how and when the `bindings` are
      * applied. Each of the `bindings` must contain at least one principal.
-     *
      * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
      * of these principals can be Google groups. Each occurrence of a principal
      * counts towards these limits. For example, if the `bindings` grant 50
@@ -1282,7 +1266,6 @@ public Builder addBindings(com.google.iam.v1.Binding.Builder builderForValue) {
      * Associates a list of `members`, or principals, with a `role`. Optionally,
      * may specify a `condition` that determines how and when the `bindings` are
      * applied. Each of the `bindings` must contain at least one principal.
-     *
      * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
      * of these principals can be Google groups. Each occurrence of a principal
      * counts towards these limits. For example, if the `bindings` grant 50
@@ -1310,7 +1293,6 @@ public Builder addBindings(int index, com.google.iam.v1.Binding.Builder builderF
      * Associates a list of `members`, or principals, with a `role`. Optionally,
      * may specify a `condition` that determines how and when the `bindings` are
      * applied. Each of the `bindings` must contain at least one principal.
-     *
      * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
      * of these principals can be Google groups. Each occurrence of a principal
      * counts towards these limits. For example, if the `bindings` grant 50
@@ -1338,7 +1320,6 @@ public Builder addAllBindings(java.lang.Iterable getBindingsO
      * Associates a list of `members`, or principals, with a `role`. Optionally,
      * may specify a `condition` that determines how and when the `bindings` are
      * applied. Each of the `bindings` must contain at least one principal.
-     *
      * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
      * of these principals can be Google groups. Each occurrence of a principal
      * counts towards these limits. For example, if the `bindings` grant 50
@@ -1486,7 +1462,6 @@ public com.google.iam.v1.Binding.Builder addBindingsBuilder() {
      * Associates a list of `members`, or principals, with a `role`. Optionally,
      * may specify a `condition` that determines how and when the `bindings` are
      * applied. Each of the `bindings` must contain at least one principal.
-     *
      * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
      * of these principals can be Google groups. Each occurrence of a principal
      * counts towards these limits. For example, if the `bindings` grant 50
@@ -1508,7 +1483,6 @@ public com.google.iam.v1.Binding.Builder addBindingsBuilder(int index) {
      * Associates a list of `members`, or principals, with a `role`. Optionally,
      * may specify a `condition` that determines how and when the `bindings` are
      * applied. Each of the `bindings` must contain at least one principal.
-     *
      * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
      * of these principals can be Google groups. Each occurrence of a principal
      * counts towards these limits. For example, if the `bindings` grant 50
@@ -1900,7 +1874,6 @@ public java.util.List getAuditConfigsBuil
      * conditions: An `etag` is returned in the response to `getIamPolicy`, and
      * systems are expected to put that etag in the request to `setIamPolicy` to
      * ensure that their change will be applied to the same version of the policy.
-     *
      * **Important:** If you use IAM Conditions, you must include the `etag` field
      * whenever you call `setIamPolicy`. If you omit this field, then IAM allows
      * you to overwrite a version `3` policy with a version `1` policy, and all of
@@ -1926,7 +1899,6 @@ public com.google.protobuf.ByteString getEtag() {
      * conditions: An `etag` is returned in the response to `getIamPolicy`, and
      * systems are expected to put that etag in the request to `setIamPolicy` to
      * ensure that their change will be applied to the same version of the policy.
-     *
      * **Important:** If you use IAM Conditions, you must include the `etag` field
      * whenever you call `setIamPolicy`. If you omit this field, then IAM allows
      * you to overwrite a version `3` policy with a version `1` policy, and all of
@@ -1958,7 +1930,6 @@ public Builder setEtag(com.google.protobuf.ByteString value) {
      * conditions: An `etag` is returned in the response to `getIamPolicy`, and
      * systems are expected to put that etag in the request to `setIamPolicy` to
      * ensure that their change will be applied to the same version of the policy.
-     *
      * **Important:** If you use IAM Conditions, you must include the `etag` field
      * whenever you call `setIamPolicy`. If you omit this field, then IAM allows
      * you to overwrite a version `3` policy with a version `1` policy, and all of
diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/PolicyDelta.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/PolicyDelta.java
index 167801f546..9ee92e988c 100644
--- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/PolicyDelta.java
+++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/PolicyDelta.java
@@ -48,6 +48,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new PolicyDelta();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v1.PolicyProto.internal_static_google_iam_v1_PolicyDelta_descriptor;
   }
@@ -483,6 +488,39 @@ private void buildPartial0(com.google.iam.v1.PolicyDelta result) {
       int from_bitField0_ = bitField0_;
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v1.PolicyDelta) {
diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/PolicyOrBuilder.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/PolicyOrBuilder.java
index 2039d3792a..449c1d790c 100644
--- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/PolicyOrBuilder.java
+++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/PolicyOrBuilder.java
@@ -28,27 +28,21 @@ public interface PolicyOrBuilder
    *
    * 
    * Specifies the format of the policy.
-   *
    * Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
    * are rejected.
-   *
    * Any operation that affects conditional role bindings must specify version
    * `3`. This requirement applies to the following operations:
-   *
    * * Getting a policy that includes a conditional role binding
    * * Adding a conditional role binding to a policy
    * * Changing a conditional role binding in a policy
    * * Removing any role binding, with or without a condition, from a policy
    *   that includes conditions
-   *
    * **Important:** If you use IAM Conditions, you must include the `etag` field
    * whenever you call `setIamPolicy`. If you omit this field, then IAM allows
    * you to overwrite a version `3` policy with a version `1` policy, and all of
    * the conditions in the version `3` policy are lost.
-   *
    * If a policy does not include any conditions, operations on that policy may
    * specify any valid version or leave the field unset.
-   *
    * To learn which resources support conditions in their IAM policies, see the
    * [IAM
    * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
@@ -67,7 +61,6 @@ public interface PolicyOrBuilder
    * Associates a list of `members`, or principals, with a `role`. Optionally,
    * may specify a `condition` that determines how and when the `bindings` are
    * applied. Each of the `bindings` must contain at least one principal.
-   *
    * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
    * of these principals can be Google groups. Each occurrence of a principal
    * counts towards these limits. For example, if the `bindings` grant 50
@@ -86,7 +79,6 @@ public interface PolicyOrBuilder
    * Associates a list of `members`, or principals, with a `role`. Optionally,
    * may specify a `condition` that determines how and when the `bindings` are
    * applied. Each of the `bindings` must contain at least one principal.
-   *
    * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
    * of these principals can be Google groups. Each occurrence of a principal
    * counts towards these limits. For example, if the `bindings` grant 50
@@ -105,7 +97,6 @@ public interface PolicyOrBuilder
    * Associates a list of `members`, or principals, with a `role`. Optionally,
    * may specify a `condition` that determines how and when the `bindings` are
    * applied. Each of the `bindings` must contain at least one principal.
-   *
    * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
    * of these principals can be Google groups. Each occurrence of a principal
    * counts towards these limits. For example, if the `bindings` grant 50
@@ -124,7 +115,6 @@ public interface PolicyOrBuilder
    * Associates a list of `members`, or principals, with a `role`. Optionally,
    * may specify a `condition` that determines how and when the `bindings` are
    * applied. Each of the `bindings` must contain at least one principal.
-   *
    * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
    * of these principals can be Google groups. Each occurrence of a principal
    * counts towards these limits. For example, if the `bindings` grant 50
@@ -143,7 +133,6 @@ public interface PolicyOrBuilder
    * Associates a list of `members`, or principals, with a `role`. Optionally,
    * may specify a `condition` that determines how and when the `bindings` are
    * applied. Each of the `bindings` must contain at least one principal.
-   *
    * The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
    * of these principals can be Google groups. Each occurrence of a principal
    * counts towards these limits. For example, if the `bindings` grant 50
@@ -218,7 +207,6 @@ public interface PolicyOrBuilder
    * conditions: An `etag` is returned in the response to `getIamPolicy`, and
    * systems are expected to put that etag in the request to `setIamPolicy` to
    * ensure that their change will be applied to the same version of the policy.
-   *
    * **Important:** If you use IAM Conditions, you must include the `etag` field
    * whenever you call `setIamPolicy`. If you omit this field, then IAM allows
    * you to overwrite a version `3` policy with a version `1` policy, and all of
diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/SetIamPolicyRequest.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/SetIamPolicyRequest.java
index 7790e2c1c3..15561955bd 100644
--- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/SetIamPolicyRequest.java
+++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/SetIamPolicyRequest.java
@@ -47,6 +47,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new SetIamPolicyRequest();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v1.IamPolicyProto
         .internal_static_google_iam_v1_SetIamPolicyRequest_descriptor;
@@ -183,7 +188,6 @@ public com.google.iam.v1.PolicyOrBuilder getPolicyOrBuilder() {
    * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
    * the fields in the mask will be modified. If no mask is provided, the
    * following default mask is used:
-   *
    * `paths: "bindings, etag"`
    * 

    *
@@ -202,7 +206,6 @@ public boolean hasUpdateMask() {
    * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
    * the fields in the mask will be modified. If no mask is provided, the
    * following default mask is used:
-   *
    * `paths: "bindings, etag"`
    * 

    *
@@ -221,7 +224,6 @@ public com.google.protobuf.FieldMask getUpdateMask() {
    * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
    * the fields in the mask will be modified. If no mask is provided, the
    * following default mask is used:
-   *
    * `paths: "bindings, etag"`
    * 

    *
@@ -514,6 +516,39 @@ private void buildPartial0(com.google.iam.v1.SetIamPolicyRequest result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v1.SetIamPolicyRequest) {
@@ -939,7 +974,6 @@ public com.google.iam.v1.PolicyOrBuilder getPolicyOrBuilder() {
      * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
      * the fields in the mask will be modified. If no mask is provided, the
      * following default mask is used:
-     *
      * `paths: "bindings, etag"`
      * 

      *
@@ -957,7 +991,6 @@ public boolean hasUpdateMask() {
      * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
      * the fields in the mask will be modified. If no mask is provided, the
      * following default mask is used:
-     *
      * `paths: "bindings, etag"`
      * 

      *
@@ -981,7 +1014,6 @@ public com.google.protobuf.FieldMask getUpdateMask() {
      * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
      * the fields in the mask will be modified. If no mask is provided, the
      * following default mask is used:
-     *
      * `paths: "bindings, etag"`
      * 

      *
@@ -1007,7 +1039,6 @@ public Builder setUpdateMask(com.google.protobuf.FieldMask value) {
      * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
      * the fields in the mask will be modified. If no mask is provided, the
      * following default mask is used:
-     *
      * `paths: "bindings, etag"`
      * 

      *
@@ -1030,7 +1061,6 @@ public Builder setUpdateMask(com.google.protobuf.FieldMask.Builder builderForVal
      * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
      * the fields in the mask will be modified. If no mask is provided, the
      * following default mask is used:
-     *
      * `paths: "bindings, etag"`
      * 

      *
@@ -1059,7 +1089,6 @@ public Builder mergeUpdateMask(com.google.protobuf.FieldMask value) {
      * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
      * the fields in the mask will be modified. If no mask is provided, the
      * following default mask is used:
-     *
      * `paths: "bindings, etag"`
      * 

      *
@@ -1082,7 +1111,6 @@ public Builder clearUpdateMask() {
      * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
      * the fields in the mask will be modified. If no mask is provided, the
      * following default mask is used:
-     *
      * `paths: "bindings, etag"`
      * 

      *
@@ -1100,7 +1128,6 @@ public com.google.protobuf.FieldMask.Builder getUpdateMaskBuilder() {
      * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
      * the fields in the mask will be modified. If no mask is provided, the
      * following default mask is used:
-     *
      * `paths: "bindings, etag"`
      * 

      *
@@ -1122,7 +1149,6 @@ public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
      * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
      * the fields in the mask will be modified. If no mask is provided, the
      * following default mask is used:
-     *
      * `paths: "bindings, etag"`
      * 

      *
diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/SetIamPolicyRequestOrBuilder.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/SetIamPolicyRequestOrBuilder.java
index b7c42c8855..48ab0dff5d 100644
--- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/SetIamPolicyRequestOrBuilder.java
+++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/SetIamPolicyRequestOrBuilder.java
@@ -105,7 +105,6 @@ public interface SetIamPolicyRequestOrBuilder
    * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
    * the fields in the mask will be modified. If no mask is provided, the
    * following default mask is used:
-   *
    * `paths: "bindings, etag"`
    * 

    *
@@ -121,7 +120,6 @@ public interface SetIamPolicyRequestOrBuilder
    * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
    * the fields in the mask will be modified. If no mask is provided, the
    * following default mask is used:
-   *
    * `paths: "bindings, etag"`
    * 

    *
@@ -137,7 +135,6 @@ public interface SetIamPolicyRequestOrBuilder
    * OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
    * the fields in the mask will be modified. If no mask is provided, the
    * following default mask is used:
-   *
    * `paths: "bindings, etag"`
    * 

    *
diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/TestIamPermissionsRequest.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/TestIamPermissionsRequest.java
index 4393be5528..ee3530d94e 100644
--- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/TestIamPermissionsRequest.java
+++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/TestIamPermissionsRequest.java
@@ -39,7 +39,7 @@ private TestIamPermissionsRequest(com.google.protobuf.GeneratedMessageV3.Builder
 
   private TestIamPermissionsRequest() {
     resource_ = "";
-    permissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
+    permissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
   }
 
   @java.lang.Override
@@ -48,6 +48,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new TestIamPermissionsRequest();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v1.IamPolicyProto
         .internal_static_google_iam_v1_TestIamPermissionsRequest_descriptor;
@@ -123,8 +128,7 @@ public com.google.protobuf.ByteString getResourceBytes() {
   public static final int PERMISSIONS_FIELD_NUMBER = 2;
 
   @SuppressWarnings("serial")
-  private com.google.protobuf.LazyStringArrayList permissions_ =
-      com.google.protobuf.LazyStringArrayList.emptyList();
+  private com.google.protobuf.LazyStringList permissions_;
   /**
    *
    *
@@ -411,7 +415,8 @@ public Builder clear() {
       super.clear();
       bitField0_ = 0;
       resource_ = "";
-      permissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      permissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
       return this;
     }
 
@@ -439,6 +444,7 @@ public com.google.iam.v1.TestIamPermissionsRequest build() {
     public com.google.iam.v1.TestIamPermissionsRequest buildPartial() {
       com.google.iam.v1.TestIamPermissionsRequest result =
           new com.google.iam.v1.TestIamPermissionsRequest(this);
+      buildPartialRepeatedFields(result);
       if (bitField0_ != 0) {
         buildPartial0(result);
       }
@@ -446,15 +452,52 @@ public com.google.iam.v1.TestIamPermissionsRequest buildPartial() {
       return result;
     }
 
+    private void buildPartialRepeatedFields(com.google.iam.v1.TestIamPermissionsRequest result) {
+      if (((bitField0_ & 0x00000002) != 0)) {
+        permissions_ = permissions_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      }
+      result.permissions_ = permissions_;
+    }
+
     private void buildPartial0(com.google.iam.v1.TestIamPermissionsRequest result) {
       int from_bitField0_ = bitField0_;
       if (((from_bitField0_ & 0x00000001) != 0)) {
         result.resource_ = resource_;
       }
-      if (((from_bitField0_ & 0x00000002) != 0)) {
-        permissions_.makeImmutable();
-        result.permissions_ = permissions_;
-      }
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
     }
 
     @java.lang.Override
@@ -477,7 +520,7 @@ public Builder mergeFrom(com.google.iam.v1.TestIamPermissionsRequest other) {
       if (!other.permissions_.isEmpty()) {
         if (permissions_.isEmpty()) {
           permissions_ = other.permissions_;
-          bitField0_ |= 0x00000002;
+          bitField0_ = (bitField0_ & ~0x00000002);
         } else {
           ensurePermissionsIsMutable();
           permissions_.addAll(other.permissions_);
@@ -663,14 +706,14 @@ public Builder setResourceBytes(com.google.protobuf.ByteString value) {
       return this;
     }
 
-    private com.google.protobuf.LazyStringArrayList permissions_ =
-        com.google.protobuf.LazyStringArrayList.emptyList();
+    private com.google.protobuf.LazyStringList permissions_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
 
     private void ensurePermissionsIsMutable() {
-      if (!permissions_.isModifiable()) {
+      if (!((bitField0_ & 0x00000002) != 0)) {
         permissions_ = new com.google.protobuf.LazyStringArrayList(permissions_);
+        bitField0_ |= 0x00000002;
       }
-      bitField0_ |= 0x00000002;
     }
     /**
      *
@@ -687,8 +730,7 @@ private void ensurePermissionsIsMutable() {
      * @return A list containing the permissions.
      */
     public com.google.protobuf.ProtocolStringList getPermissionsList() {
-      permissions_.makeImmutable();
-      return permissions_;
+      return permissions_.getUnmodifiableView();
     }
     /**
      *
@@ -765,7 +807,6 @@ public Builder setPermissions(int index, java.lang.String value) {
       }
       ensurePermissionsIsMutable();
       permissions_.set(index, value);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
@@ -790,7 +831,6 @@ public Builder addPermissions(java.lang.String value) {
       }
       ensurePermissionsIsMutable();
       permissions_.add(value);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
@@ -812,7 +852,6 @@ public Builder addPermissions(java.lang.String value) {
     public Builder addAllPermissions(java.lang.Iterable values) {
       ensurePermissionsIsMutable();
       com.google.protobuf.AbstractMessageLite.Builder.addAll(values, permissions_);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
@@ -831,9 +870,8 @@ public Builder addAllPermissions(java.lang.Iterable values) {
      * @return This builder for chaining.
      */
     public Builder clearPermissions() {
-      permissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      permissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
       bitField0_ = (bitField0_ & ~0x00000002);
-      ;
       onChanged();
       return this;
     }
@@ -859,7 +897,6 @@ public Builder addPermissionsBytes(com.google.protobuf.ByteString value) {
       checkByteStringIsUtf8(value);
       ensurePermissionsIsMutable();
       permissions_.add(value);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
diff --git a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/TestIamPermissionsResponse.java b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/TestIamPermissionsResponse.java
index 4eb8379bbd..25fb71590e 100644
--- a/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/TestIamPermissionsResponse.java
+++ b/java-iam/proto-google-iam-v1/src/main/java/com/google/iam/v1/TestIamPermissionsResponse.java
@@ -38,7 +38,7 @@ private TestIamPermissionsResponse(com.google.protobuf.GeneratedMessageV3.Builde
   }
 
   private TestIamPermissionsResponse() {
-    permissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
+    permissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
   }
 
   @java.lang.Override
@@ -47,6 +47,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new TestIamPermissionsResponse();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v1.IamPolicyProto
         .internal_static_google_iam_v1_TestIamPermissionsResponse_descriptor;
@@ -65,8 +70,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
   public static final int PERMISSIONS_FIELD_NUMBER = 1;
 
   @SuppressWarnings("serial")
-  private com.google.protobuf.LazyStringArrayList permissions_ =
-      com.google.protobuf.LazyStringArrayList.emptyList();
+  private com.google.protobuf.LazyStringList permissions_;
   /**
    *
    *
@@ -335,7 +339,8 @@ private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
     public Builder clear() {
       super.clear();
       bitField0_ = 0;
-      permissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      permissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000001);
       return this;
     }
 
@@ -363,6 +368,7 @@ public com.google.iam.v1.TestIamPermissionsResponse build() {
     public com.google.iam.v1.TestIamPermissionsResponse buildPartial() {
       com.google.iam.v1.TestIamPermissionsResponse result =
           new com.google.iam.v1.TestIamPermissionsResponse(this);
+      buildPartialRepeatedFields(result);
       if (bitField0_ != 0) {
         buildPartial0(result);
       }
@@ -370,12 +376,49 @@ public com.google.iam.v1.TestIamPermissionsResponse buildPartial() {
       return result;
     }
 
+    private void buildPartialRepeatedFields(com.google.iam.v1.TestIamPermissionsResponse result) {
+      if (((bitField0_ & 0x00000001) != 0)) {
+        permissions_ = permissions_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000001);
+      }
+      result.permissions_ = permissions_;
+    }
+
     private void buildPartial0(com.google.iam.v1.TestIamPermissionsResponse result) {
       int from_bitField0_ = bitField0_;
-      if (((from_bitField0_ & 0x00000001) != 0)) {
-        permissions_.makeImmutable();
-        result.permissions_ = permissions_;
-      }
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
     }
 
     @java.lang.Override
@@ -393,7 +436,7 @@ public Builder mergeFrom(com.google.iam.v1.TestIamPermissionsResponse other) {
       if (!other.permissions_.isEmpty()) {
         if (permissions_.isEmpty()) {
           permissions_ = other.permissions_;
-          bitField0_ |= 0x00000001;
+          bitField0_ = (bitField0_ & ~0x00000001);
         } else {
           ensurePermissionsIsMutable();
           permissions_.addAll(other.permissions_);
@@ -452,14 +495,14 @@ public Builder mergeFrom(
 
     private int bitField0_;
 
-    private com.google.protobuf.LazyStringArrayList permissions_ =
-        com.google.protobuf.LazyStringArrayList.emptyList();
+    private com.google.protobuf.LazyStringList permissions_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
 
     private void ensurePermissionsIsMutable() {
-      if (!permissions_.isModifiable()) {
+      if (!((bitField0_ & 0x00000001) != 0)) {
         permissions_ = new com.google.protobuf.LazyStringArrayList(permissions_);
+        bitField0_ |= 0x00000001;
       }
-      bitField0_ |= 0x00000001;
     }
     /**
      *
@@ -474,8 +517,7 @@ private void ensurePermissionsIsMutable() {
      * @return A list containing the permissions.
      */
     public com.google.protobuf.ProtocolStringList getPermissionsList() {
-      permissions_.makeImmutable();
-      return permissions_;
+      return permissions_.getUnmodifiableView();
     }
     /**
      *
@@ -544,7 +586,6 @@ public Builder setPermissions(int index, java.lang.String value) {
       }
       ensurePermissionsIsMutable();
       permissions_.set(index, value);
-      bitField0_ |= 0x00000001;
       onChanged();
       return this;
     }
@@ -567,7 +608,6 @@ public Builder addPermissions(java.lang.String value) {
       }
       ensurePermissionsIsMutable();
       permissions_.add(value);
-      bitField0_ |= 0x00000001;
       onChanged();
       return this;
     }
@@ -587,7 +627,6 @@ public Builder addPermissions(java.lang.String value) {
     public Builder addAllPermissions(java.lang.Iterable values) {
       ensurePermissionsIsMutable();
       com.google.protobuf.AbstractMessageLite.Builder.addAll(values, permissions_);
-      bitField0_ |= 0x00000001;
       onChanged();
       return this;
     }
@@ -604,9 +643,8 @@ public Builder addAllPermissions(java.lang.Iterable values) {
      * @return This builder for chaining.
      */
     public Builder clearPermissions() {
-      permissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      permissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
       bitField0_ = (bitField0_ & ~0x00000001);
-      ;
       onChanged();
       return this;
     }
@@ -630,7 +668,6 @@ public Builder addPermissionsBytes(com.google.protobuf.ByteString value) {
       checkByteStringIsUtf8(value);
       ensurePermissionsIsMutable();
       permissions_.add(value);
-      bitField0_ |= 0x00000001;
       onChanged();
       return this;
     }
diff --git a/java-iam/proto-google-iam-v2/clirr-ignored-differences.xml b/java-iam/proto-google-iam-v2/clirr-ignored-differences.xml
index dca810c57f..f9346449b7 100644
--- a/java-iam/proto-google-iam-v2/clirr-ignored-differences.xml
+++ b/java-iam/proto-google-iam-v2/clirr-ignored-differences.xml
@@ -1,36 +1,6 @@
 
 
 
-  
-    7002
-    com/google/iam/v2/*Builder
-    * addRepeatedField(*)
-  
-  
-    7002
-    com/google/iam/v2/*Builder
-    * clearField(*)
-  
-  
-    7002
-    com/google/iam/v2/*Builder
-    * clearOneof(*)
-  
-  
-    7002
-    com/google/iam/v2/*Builder
-    * clone()
-  
-  
-    7002
-    com/google/iam/v2/*Builder
-    * setField(*)
-  
-  
-    7002
-    com/google/iam/v2/*Builder
-    * setRepeatedField(*)
-  
   
     7012
     com/google/iam/v2/*OrBuilder
diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/CreatePolicyRequest.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/CreatePolicyRequest.java
index 038188c87f..6d67c52f34 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/CreatePolicyRequest.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/CreatePolicyRequest.java
@@ -48,6 +48,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new CreatePolicyRequest();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2.PolicyProto
         .internal_static_google_iam_v2_CreatePolicyRequest_descriptor;
@@ -73,13 +78,10 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    * 
    * Required. The resource that the policy is attached to, along with the kind of policy
    * to create. Format: `policies/{attachment_point}/denypolicies`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -106,13 +108,10 @@ public java.lang.String getParent() {
    * 
    * Required. The resource that the policy is attached to, along with the kind of policy
    * to create. Format: `policies/{attachment_point}/denypolicies`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -510,6 +509,39 @@ private void buildPartial0(com.google.iam.v2.CreatePolicyRequest result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v2.CreatePolicyRequest) {
@@ -605,13 +637,10 @@ public Builder mergeFrom(
      * 
      * Required. The resource that the policy is attached to, along with the kind of policy
      * to create. Format: `policies/{attachment_point}/denypolicies`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -637,13 +666,10 @@ public java.lang.String getParent() {
      * 
      * Required. The resource that the policy is attached to, along with the kind of policy
      * to create. Format: `policies/{attachment_point}/denypolicies`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -669,13 +695,10 @@ public com.google.protobuf.ByteString getParentBytes() {
      * 
      * Required. The resource that the policy is attached to, along with the kind of policy
      * to create. Format: `policies/{attachment_point}/denypolicies`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -700,13 +723,10 @@ public Builder setParent(java.lang.String value) {
      * 
      * Required. The resource that the policy is attached to, along with the kind of policy
      * to create. Format: `policies/{attachment_point}/denypolicies`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -727,13 +747,10 @@ public Builder clearParent() {
      * 
      * Required. The resource that the policy is attached to, along with the kind of policy
      * to create. Format: `policies/{attachment_point}/denypolicies`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/CreatePolicyRequestOrBuilder.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/CreatePolicyRequestOrBuilder.java
index 750931920c..3825ae18ff 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/CreatePolicyRequestOrBuilder.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/CreatePolicyRequestOrBuilder.java
@@ -29,13 +29,10 @@ public interface CreatePolicyRequestOrBuilder
    * 
    * Required. The resource that the policy is attached to, along with the kind of policy
    * to create. Format: `policies/{attachment_point}/denypolicies`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -51,13 +48,10 @@ public interface CreatePolicyRequestOrBuilder
    * 
    * Required. The resource that the policy is attached to, along with the kind of policy
    * to create. Format: `policies/{attachment_point}/denypolicies`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DeletePolicyRequest.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DeletePolicyRequest.java
index 0c0b229bf6..a1fc39876b 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DeletePolicyRequest.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DeletePolicyRequest.java
@@ -48,6 +48,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new DeletePolicyRequest();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2.PolicyProto
         .internal_static_google_iam_v2_DeletePolicyRequest_descriptor;
@@ -73,12 +78,9 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    * 
    * Required. The resource name of the policy to delete. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -105,12 +107,9 @@ public java.lang.String getName() {
    * 
    * Required. The resource name of the policy to delete. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -143,7 +142,6 @@ public com.google.protobuf.ByteString getNameBytes() {
    * Optional. The expected `etag` of the policy to delete. If the value does not match
    * the value that is stored in IAM, the request fails with a `409` error code
    * and `ABORTED` status.
-   *
    * If you omit this field, the policy is deleted regardless of its current
    * `etag`.
    * 

@@ -171,7 +169,6 @@ public java.lang.String getEtag() {
    * Optional. The expected `etag` of the policy to delete. If the value does not match
    * the value that is stored in IAM, the request fails with a `409` error code
    * and `ABORTED` status.
-   *
    * If you omit this field, the policy is deleted regardless of its current
    * `etag`.
    * 

@@ -444,6 +441,39 @@ private void buildPartial0(com.google.iam.v2.DeletePolicyRequest result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v2.DeletePolicyRequest) {
@@ -530,12 +560,9 @@ public Builder mergeFrom(
      * 
      * Required. The resource name of the policy to delete. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -561,12 +588,9 @@ public java.lang.String getName() {
      * 
      * Required. The resource name of the policy to delete. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -592,12 +616,9 @@ public com.google.protobuf.ByteString getNameBytes() {
      * 
      * Required. The resource name of the policy to delete. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -622,12 +643,9 @@ public Builder setName(java.lang.String value) {
      * 
      * Required. The resource name of the policy to delete. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -648,12 +666,9 @@ public Builder clearName() {
      * 
      * Required. The resource name of the policy to delete. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -682,7 +697,6 @@ public Builder setNameBytes(com.google.protobuf.ByteString value) {
      * Optional. The expected `etag` of the policy to delete. If the value does not match
      * the value that is stored in IAM, the request fails with a `409` error code
      * and `ABORTED` status.
-     *
      * If you omit this field, the policy is deleted regardless of its current
      * `etag`.
      * 

@@ -709,7 +723,6 @@ public java.lang.String getEtag() {
      * Optional. The expected `etag` of the policy to delete. If the value does not match
      * the value that is stored in IAM, the request fails with a `409` error code
      * and `ABORTED` status.
-     *
      * If you omit this field, the policy is deleted regardless of its current
      * `etag`.
      * 

@@ -736,7 +749,6 @@ public com.google.protobuf.ByteString getEtagBytes() {
      * Optional. The expected `etag` of the policy to delete. If the value does not match
      * the value that is stored in IAM, the request fails with a `409` error code
      * and `ABORTED` status.
-     *
      * If you omit this field, the policy is deleted regardless of its current
      * `etag`.
      * 

@@ -762,7 +774,6 @@ public Builder setEtag(java.lang.String value) {
      * Optional. The expected `etag` of the policy to delete. If the value does not match
      * the value that is stored in IAM, the request fails with a `409` error code
      * and `ABORTED` status.
-     *
      * If you omit this field, the policy is deleted regardless of its current
      * `etag`.
      * 

@@ -784,7 +795,6 @@ public Builder clearEtag() {
      * Optional. The expected `etag` of the policy to delete. If the value does not match
      * the value that is stored in IAM, the request fails with a `409` error code
      * and `ABORTED` status.
-     *
      * If you omit this field, the policy is deleted regardless of its current
      * `etag`.
      * 

diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DeletePolicyRequestOrBuilder.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DeletePolicyRequestOrBuilder.java
index 16a7afe664..9bdd7fc3d3 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DeletePolicyRequestOrBuilder.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DeletePolicyRequestOrBuilder.java
@@ -29,12 +29,9 @@ public interface DeletePolicyRequestOrBuilder
    * 
    * Required. The resource name of the policy to delete. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -50,12 +47,9 @@ public interface DeletePolicyRequestOrBuilder
    * 
    * Required. The resource name of the policy to delete. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -73,7 +67,6 @@ public interface DeletePolicyRequestOrBuilder
    * Optional. The expected `etag` of the policy to delete. If the value does not match
    * the value that is stored in IAM, the request fails with a `409` error code
    * and `ABORTED` status.
-   *
    * If you omit this field, the policy is deleted regardless of its current
    * `etag`.
    * 

@@ -90,7 +83,6 @@ public interface DeletePolicyRequestOrBuilder
    * Optional. The expected `etag` of the policy to delete. If the value does not match
    * the value that is stored in IAM, the request fails with a `409` error code
    * and `ABORTED` status.
-   *
    * If you omit this field, the policy is deleted regardless of its current
    * `etag`.
    * 

diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DenyRule.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DenyRule.java
index be4c9b2f25..8fcf2a56fe 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DenyRule.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DenyRule.java
@@ -38,10 +38,10 @@ private DenyRule(com.google.protobuf.GeneratedMessageV3.Builder builder) {
   }
 
   private DenyRule() {
-    deniedPrincipals_ = com.google.protobuf.LazyStringArrayList.emptyList();
-    exceptionPrincipals_ = com.google.protobuf.LazyStringArrayList.emptyList();
-    deniedPermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
-    exceptionPermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
+    deniedPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    exceptionPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    deniedPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    exceptionPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
   }
 
   @java.lang.Override
@@ -50,6 +50,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new DenyRule();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2.DenyRuleProto.internal_static_google_iam_v2_DenyRule_descriptor;
   }
@@ -65,48 +70,39 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
   public static final int DENIED_PRINCIPALS_FIELD_NUMBER = 1;
 
   @SuppressWarnings("serial")
-  private com.google.protobuf.LazyStringArrayList deniedPrincipals_ =
-      com.google.protobuf.LazyStringArrayList.emptyList();
+  private com.google.protobuf.LazyStringList deniedPrincipals_;
   /**
    *
    *
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -126,40 +122,32 @@ public com.google.protobuf.ProtocolStringList getDeniedPrincipalsList() {
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -179,40 +167,32 @@ public int getDeniedPrincipalsCount() {
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -233,40 +213,32 @@ public java.lang.String getDeniedPrincipals(int index) {
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -285,8 +257,7 @@ public com.google.protobuf.ByteString getDeniedPrincipalsBytes(int index) {
   public static final int EXCEPTION_PRINCIPALS_FIELD_NUMBER = 2;
 
   @SuppressWarnings("serial")
-  private com.google.protobuf.LazyStringArrayList exceptionPrincipals_ =
-      com.google.protobuf.LazyStringArrayList.emptyList();
+  private com.google.protobuf.LazyStringList exceptionPrincipals_;
   /**
    *
    *
@@ -295,7 +266,6 @@ public com.google.protobuf.ByteString getDeniedPrincipalsBytes(int index) {
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -316,7 +286,6 @@ public com.google.protobuf.ProtocolStringList getExceptionPrincipalsList() {
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -337,7 +306,6 @@ public int getExceptionPrincipalsCount() {
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -359,7 +327,6 @@ public java.lang.String getExceptionPrincipals(int index) {
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -377,8 +344,7 @@ public com.google.protobuf.ByteString getExceptionPrincipalsBytes(int index) {
   public static final int DENIED_PERMISSIONS_FIELD_NUMBER = 3;
 
   @SuppressWarnings("serial")
-  private com.google.protobuf.LazyStringArrayList deniedPermissions_ =
-      com.google.protobuf.LazyStringArrayList.emptyList();
+  private com.google.protobuf.LazyStringList deniedPermissions_;
   /**
    *
    *
@@ -453,8 +419,7 @@ public com.google.protobuf.ByteString getDeniedPermissionsBytes(int index) {
   public static final int EXCEPTION_PERMISSIONS_FIELD_NUMBER = 4;
 
   @SuppressWarnings("serial")
-  private com.google.protobuf.LazyStringArrayList exceptionPermissions_ =
-      com.google.protobuf.LazyStringArrayList.emptyList();
+  private com.google.protobuf.LazyStringList exceptionPermissions_;
   /**
    *
    *
@@ -463,7 +428,6 @@ public com.google.protobuf.ByteString getDeniedPermissionsBytes(int index) {
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -483,7 +447,6 @@ public com.google.protobuf.ProtocolStringList getExceptionPermissionsList() {
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -503,7 +466,6 @@ public int getExceptionPermissionsCount() {
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -524,7 +486,6 @@ public java.lang.String getExceptionPermissions(int index) {
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -547,10 +508,8 @@ public com.google.protobuf.ByteString getExceptionPermissionsBytes(int index) {
    * The condition that determines whether this deny rule applies to a request.
    * If the condition expression evaluates to `true`, then the deny rule is
    * applied; otherwise, the deny rule is not applied.
-   *
    * Each deny rule is evaluated independently. If this deny rule does not apply
    * to a request, other deny rules might still apply.
-   *
    * The condition can use CEL functions that evaluate
    * [resource
    * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -572,10 +531,8 @@ public boolean hasDenialCondition() {
    * The condition that determines whether this deny rule applies to a request.
    * If the condition expression evaluates to `true`, then the deny rule is
    * applied; otherwise, the deny rule is not applied.
-   *
    * Each deny rule is evaluated independently. If this deny rule does not apply
    * to a request, other deny rules might still apply.
-   *
    * The condition can use CEL functions that evaluate
    * [resource
    * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -597,10 +554,8 @@ public com.google.type.Expr getDenialCondition() {
    * The condition that determines whether this deny rule applies to a request.
    * If the condition expression evaluates to `true`, then the deny rule is
    * applied; otherwise, the deny rule is not applied.
-   *
    * Each deny rule is evaluated independently. If this deny rule does not apply
    * to a request, other deny rules might still apply.
-   *
    * The condition can use CEL functions that evaluate
    * [resource
    * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -878,10 +833,14 @@ private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
     public Builder clear() {
       super.clear();
       bitField0_ = 0;
-      deniedPrincipals_ = com.google.protobuf.LazyStringArrayList.emptyList();
-      exceptionPrincipals_ = com.google.protobuf.LazyStringArrayList.emptyList();
-      deniedPermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
-      exceptionPermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      deniedPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000001);
+      exceptionPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      deniedPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000004);
+      exceptionPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000008);
       denialCondition_ = null;
       if (denialConditionBuilder_ != null) {
         denialConditionBuilder_.dispose();
@@ -912,6 +871,7 @@ public com.google.iam.v2.DenyRule build() {
     @java.lang.Override
     public com.google.iam.v2.DenyRule buildPartial() {
       com.google.iam.v2.DenyRule result = new com.google.iam.v2.DenyRule(this);
+      buildPartialRepeatedFields(result);
       if (bitField0_ != 0) {
         buildPartial0(result);
       }
@@ -919,30 +879,70 @@ public com.google.iam.v2.DenyRule buildPartial() {
       return result;
     }
 
-    private void buildPartial0(com.google.iam.v2.DenyRule result) {
-      int from_bitField0_ = bitField0_;
-      if (((from_bitField0_ & 0x00000001) != 0)) {
-        deniedPrincipals_.makeImmutable();
-        result.deniedPrincipals_ = deniedPrincipals_;
+    private void buildPartialRepeatedFields(com.google.iam.v2.DenyRule result) {
+      if (((bitField0_ & 0x00000001) != 0)) {
+        deniedPrincipals_ = deniedPrincipals_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000001);
       }
-      if (((from_bitField0_ & 0x00000002) != 0)) {
-        exceptionPrincipals_.makeImmutable();
-        result.exceptionPrincipals_ = exceptionPrincipals_;
+      result.deniedPrincipals_ = deniedPrincipals_;
+      if (((bitField0_ & 0x00000002) != 0)) {
+        exceptionPrincipals_ = exceptionPrincipals_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
       }
-      if (((from_bitField0_ & 0x00000004) != 0)) {
-        deniedPermissions_.makeImmutable();
-        result.deniedPermissions_ = deniedPermissions_;
+      result.exceptionPrincipals_ = exceptionPrincipals_;
+      if (((bitField0_ & 0x00000004) != 0)) {
+        deniedPermissions_ = deniedPermissions_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000004);
       }
-      if (((from_bitField0_ & 0x00000008) != 0)) {
-        exceptionPermissions_.makeImmutable();
-        result.exceptionPermissions_ = exceptionPermissions_;
+      result.deniedPermissions_ = deniedPermissions_;
+      if (((bitField0_ & 0x00000008) != 0)) {
+        exceptionPermissions_ = exceptionPermissions_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000008);
       }
+      result.exceptionPermissions_ = exceptionPermissions_;
+    }
+
+    private void buildPartial0(com.google.iam.v2.DenyRule result) {
+      int from_bitField0_ = bitField0_;
       if (((from_bitField0_ & 0x00000010) != 0)) {
         result.denialCondition_ =
             denialConditionBuilder_ == null ? denialCondition_ : denialConditionBuilder_.build();
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v2.DenyRule) {
@@ -958,7 +958,7 @@ public Builder mergeFrom(com.google.iam.v2.DenyRule other) {
       if (!other.deniedPrincipals_.isEmpty()) {
         if (deniedPrincipals_.isEmpty()) {
           deniedPrincipals_ = other.deniedPrincipals_;
-          bitField0_ |= 0x00000001;
+          bitField0_ = (bitField0_ & ~0x00000001);
         } else {
           ensureDeniedPrincipalsIsMutable();
           deniedPrincipals_.addAll(other.deniedPrincipals_);
@@ -968,7 +968,7 @@ public Builder mergeFrom(com.google.iam.v2.DenyRule other) {
       if (!other.exceptionPrincipals_.isEmpty()) {
         if (exceptionPrincipals_.isEmpty()) {
           exceptionPrincipals_ = other.exceptionPrincipals_;
-          bitField0_ |= 0x00000002;
+          bitField0_ = (bitField0_ & ~0x00000002);
         } else {
           ensureExceptionPrincipalsIsMutable();
           exceptionPrincipals_.addAll(other.exceptionPrincipals_);
@@ -978,7 +978,7 @@ public Builder mergeFrom(com.google.iam.v2.DenyRule other) {
       if (!other.deniedPermissions_.isEmpty()) {
         if (deniedPermissions_.isEmpty()) {
           deniedPermissions_ = other.deniedPermissions_;
-          bitField0_ |= 0x00000004;
+          bitField0_ = (bitField0_ & ~0x00000004);
         } else {
           ensureDeniedPermissionsIsMutable();
           deniedPermissions_.addAll(other.deniedPermissions_);
@@ -988,7 +988,7 @@ public Builder mergeFrom(com.google.iam.v2.DenyRule other) {
       if (!other.exceptionPermissions_.isEmpty()) {
         if (exceptionPermissions_.isEmpty()) {
           exceptionPermissions_ = other.exceptionPermissions_;
-          bitField0_ |= 0x00000008;
+          bitField0_ = (bitField0_ & ~0x00000008);
         } else {
           ensureExceptionPermissionsIsMutable();
           exceptionPermissions_.addAll(other.exceptionPermissions_);
@@ -1077,14 +1077,14 @@ public Builder mergeFrom(
 
     private int bitField0_;
 
-    private com.google.protobuf.LazyStringArrayList deniedPrincipals_ =
-        com.google.protobuf.LazyStringArrayList.emptyList();
+    private com.google.protobuf.LazyStringList deniedPrincipals_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
 
     private void ensureDeniedPrincipalsIsMutable() {
-      if (!deniedPrincipals_.isModifiable()) {
+      if (!((bitField0_ & 0x00000001) != 0)) {
         deniedPrincipals_ = new com.google.protobuf.LazyStringArrayList(deniedPrincipals_);
+        bitField0_ |= 0x00000001;
       }
-      bitField0_ |= 0x00000001;
     }
     /**
      *
@@ -1092,40 +1092,32 @@ private void ensureDeniedPrincipalsIsMutable() {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1137,8 +1129,7 @@ private void ensureDeniedPrincipalsIsMutable() {
      * @return A list containing the deniedPrincipals.
      */
     public com.google.protobuf.ProtocolStringList getDeniedPrincipalsList() {
-      deniedPrincipals_.makeImmutable();
-      return deniedPrincipals_;
+      return deniedPrincipals_.getUnmodifiableView();
     }
     /**
      *
@@ -1146,40 +1137,32 @@ public com.google.protobuf.ProtocolStringList getDeniedPrincipalsList() {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1199,40 +1182,32 @@ public int getDeniedPrincipalsCount() {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1253,40 +1228,32 @@ public java.lang.String getDeniedPrincipals(int index) {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1307,40 +1274,32 @@ public com.google.protobuf.ByteString getDeniedPrincipalsBytes(int index) {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1359,7 +1318,6 @@ public Builder setDeniedPrincipals(int index, java.lang.String value) {
       }
       ensureDeniedPrincipalsIsMutable();
       deniedPrincipals_.set(index, value);
-      bitField0_ |= 0x00000001;
       onChanged();
       return this;
     }
@@ -1369,40 +1327,32 @@ public Builder setDeniedPrincipals(int index, java.lang.String value) {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1420,7 +1370,6 @@ public Builder addDeniedPrincipals(java.lang.String value) {
       }
       ensureDeniedPrincipalsIsMutable();
       deniedPrincipals_.add(value);
-      bitField0_ |= 0x00000001;
       onChanged();
       return this;
     }
@@ -1430,40 +1379,32 @@ public Builder addDeniedPrincipals(java.lang.String value) {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1478,7 +1419,6 @@ public Builder addDeniedPrincipals(java.lang.String value) {
     public Builder addAllDeniedPrincipals(java.lang.Iterable values) {
       ensureDeniedPrincipalsIsMutable();
       com.google.protobuf.AbstractMessageLite.Builder.addAll(values, deniedPrincipals_);
-      bitField0_ |= 0x00000001;
       onChanged();
       return this;
     }
@@ -1488,40 +1428,32 @@ public Builder addAllDeniedPrincipals(java.lang.Iterable value
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1533,9 +1465,8 @@ public Builder addAllDeniedPrincipals(java.lang.Iterable value
      * @return This builder for chaining.
      */
     public Builder clearDeniedPrincipals() {
-      deniedPrincipals_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      deniedPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
       bitField0_ = (bitField0_ & ~0x00000001);
-      ;
       onChanged();
       return this;
     }
@@ -1545,40 +1476,32 @@ public Builder clearDeniedPrincipals() {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1597,19 +1520,18 @@ public Builder addDeniedPrincipalsBytes(com.google.protobuf.ByteString value) {
       checkByteStringIsUtf8(value);
       ensureDeniedPrincipalsIsMutable();
       deniedPrincipals_.add(value);
-      bitField0_ |= 0x00000001;
       onChanged();
       return this;
     }
 
-    private com.google.protobuf.LazyStringArrayList exceptionPrincipals_ =
-        com.google.protobuf.LazyStringArrayList.emptyList();
+    private com.google.protobuf.LazyStringList exceptionPrincipals_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
 
     private void ensureExceptionPrincipalsIsMutable() {
-      if (!exceptionPrincipals_.isModifiable()) {
+      if (!((bitField0_ & 0x00000002) != 0)) {
         exceptionPrincipals_ = new com.google.protobuf.LazyStringArrayList(exceptionPrincipals_);
+        bitField0_ |= 0x00000002;
       }
-      bitField0_ |= 0x00000002;
     }
     /**
      *
@@ -1619,7 +1541,6 @@ private void ensureExceptionPrincipalsIsMutable() {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1630,8 +1551,7 @@ private void ensureExceptionPrincipalsIsMutable() {
      * @return A list containing the exceptionPrincipals.
      */
     public com.google.protobuf.ProtocolStringList getExceptionPrincipalsList() {
-      exceptionPrincipals_.makeImmutable();
-      return exceptionPrincipals_;
+      return exceptionPrincipals_.getUnmodifiableView();
     }
     /**
      *
@@ -1641,7 +1561,6 @@ public com.google.protobuf.ProtocolStringList getExceptionPrincipalsList() {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1662,7 +1581,6 @@ public int getExceptionPrincipalsCount() {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1684,7 +1602,6 @@ public java.lang.String getExceptionPrincipals(int index) {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1706,7 +1623,6 @@ public com.google.protobuf.ByteString getExceptionPrincipalsBytes(int index) {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1724,7 +1640,6 @@ public Builder setExceptionPrincipals(int index, java.lang.String value) {
       }
       ensureExceptionPrincipalsIsMutable();
       exceptionPrincipals_.set(index, value);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
@@ -1736,7 +1651,6 @@ public Builder setExceptionPrincipals(int index, java.lang.String value) {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1753,7 +1667,6 @@ public Builder addExceptionPrincipals(java.lang.String value) {
       }
       ensureExceptionPrincipalsIsMutable();
       exceptionPrincipals_.add(value);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
@@ -1765,7 +1678,6 @@ public Builder addExceptionPrincipals(java.lang.String value) {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1779,7 +1691,6 @@ public Builder addExceptionPrincipals(java.lang.String value) {
     public Builder addAllExceptionPrincipals(java.lang.Iterable values) {
       ensureExceptionPrincipalsIsMutable();
       com.google.protobuf.AbstractMessageLite.Builder.addAll(values, exceptionPrincipals_);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
@@ -1791,7 +1702,6 @@ public Builder addAllExceptionPrincipals(java.lang.Iterable va
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1802,9 +1712,8 @@ public Builder addAllExceptionPrincipals(java.lang.Iterable va
      * @return This builder for chaining.
      */
     public Builder clearExceptionPrincipals() {
-      exceptionPrincipals_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      exceptionPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
       bitField0_ = (bitField0_ & ~0x00000002);
-      ;
       onChanged();
       return this;
     }
@@ -1816,7 +1725,6 @@ public Builder clearExceptionPrincipals() {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1834,19 +1742,18 @@ public Builder addExceptionPrincipalsBytes(com.google.protobuf.ByteString value)
       checkByteStringIsUtf8(value);
       ensureExceptionPrincipalsIsMutable();
       exceptionPrincipals_.add(value);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
 
-    private com.google.protobuf.LazyStringArrayList deniedPermissions_ =
-        com.google.protobuf.LazyStringArrayList.emptyList();
+    private com.google.protobuf.LazyStringList deniedPermissions_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
 
     private void ensureDeniedPermissionsIsMutable() {
-      if (!deniedPermissions_.isModifiable()) {
+      if (!((bitField0_ & 0x00000004) != 0)) {
         deniedPermissions_ = new com.google.protobuf.LazyStringArrayList(deniedPermissions_);
+        bitField0_ |= 0x00000004;
       }
-      bitField0_ |= 0x00000004;
     }
     /**
      *
@@ -1863,8 +1770,7 @@ private void ensureDeniedPermissionsIsMutable() {
      * @return A list containing the deniedPermissions.
      */
     public com.google.protobuf.ProtocolStringList getDeniedPermissionsList() {
-      deniedPermissions_.makeImmutable();
-      return deniedPermissions_;
+      return deniedPermissions_.getUnmodifiableView();
     }
     /**
      *
@@ -1941,7 +1847,6 @@ public Builder setDeniedPermissions(int index, java.lang.String value) {
       }
       ensureDeniedPermissionsIsMutable();
       deniedPermissions_.set(index, value);
-      bitField0_ |= 0x00000004;
       onChanged();
       return this;
     }
@@ -1966,7 +1871,6 @@ public Builder addDeniedPermissions(java.lang.String value) {
       }
       ensureDeniedPermissionsIsMutable();
       deniedPermissions_.add(value);
-      bitField0_ |= 0x00000004;
       onChanged();
       return this;
     }
@@ -1988,7 +1892,6 @@ public Builder addDeniedPermissions(java.lang.String value) {
     public Builder addAllDeniedPermissions(java.lang.Iterable values) {
       ensureDeniedPermissionsIsMutable();
       com.google.protobuf.AbstractMessageLite.Builder.addAll(values, deniedPermissions_);
-      bitField0_ |= 0x00000004;
       onChanged();
       return this;
     }
@@ -2007,9 +1910,8 @@ public Builder addAllDeniedPermissions(java.lang.Iterable valu
      * @return This builder for chaining.
      */
     public Builder clearDeniedPermissions() {
-      deniedPermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      deniedPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
       bitField0_ = (bitField0_ & ~0x00000004);
-      ;
       onChanged();
       return this;
     }
@@ -2035,19 +1937,18 @@ public Builder addDeniedPermissionsBytes(com.google.protobuf.ByteString value) {
       checkByteStringIsUtf8(value);
       ensureDeniedPermissionsIsMutable();
       deniedPermissions_.add(value);
-      bitField0_ |= 0x00000004;
       onChanged();
       return this;
     }
 
-    private com.google.protobuf.LazyStringArrayList exceptionPermissions_ =
-        com.google.protobuf.LazyStringArrayList.emptyList();
+    private com.google.protobuf.LazyStringList exceptionPermissions_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
 
     private void ensureExceptionPermissionsIsMutable() {
-      if (!exceptionPermissions_.isModifiable()) {
+      if (!((bitField0_ & 0x00000008) != 0)) {
         exceptionPermissions_ = new com.google.protobuf.LazyStringArrayList(exceptionPermissions_);
+        bitField0_ |= 0x00000008;
       }
-      bitField0_ |= 0x00000008;
     }
     /**
      *
@@ -2057,7 +1958,6 @@ private void ensureExceptionPermissionsIsMutable() {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2067,8 +1967,7 @@ private void ensureExceptionPermissionsIsMutable() {
      * @return A list containing the exceptionPermissions.
      */
     public com.google.protobuf.ProtocolStringList getExceptionPermissionsList() {
-      exceptionPermissions_.makeImmutable();
-      return exceptionPermissions_;
+      return exceptionPermissions_.getUnmodifiableView();
     }
     /**
      *
@@ -2078,7 +1977,6 @@ public com.google.protobuf.ProtocolStringList getExceptionPermissionsList() {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2098,7 +1996,6 @@ public int getExceptionPermissionsCount() {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2119,7 +2016,6 @@ public java.lang.String getExceptionPermissions(int index) {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2140,7 +2036,6 @@ public com.google.protobuf.ByteString getExceptionPermissionsBytes(int index) {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2157,7 +2052,6 @@ public Builder setExceptionPermissions(int index, java.lang.String value) {
       }
       ensureExceptionPermissionsIsMutable();
       exceptionPermissions_.set(index, value);
-      bitField0_ |= 0x00000008;
       onChanged();
       return this;
     }
@@ -2169,7 +2063,6 @@ public Builder setExceptionPermissions(int index, java.lang.String value) {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2185,7 +2078,6 @@ public Builder addExceptionPermissions(java.lang.String value) {
       }
       ensureExceptionPermissionsIsMutable();
       exceptionPermissions_.add(value);
-      bitField0_ |= 0x00000008;
       onChanged();
       return this;
     }
@@ -2197,7 +2089,6 @@ public Builder addExceptionPermissions(java.lang.String value) {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2210,7 +2101,6 @@ public Builder addExceptionPermissions(java.lang.String value) {
     public Builder addAllExceptionPermissions(java.lang.Iterable values) {
       ensureExceptionPermissionsIsMutable();
       com.google.protobuf.AbstractMessageLite.Builder.addAll(values, exceptionPermissions_);
-      bitField0_ |= 0x00000008;
       onChanged();
       return this;
     }
@@ -2222,7 +2112,6 @@ public Builder addAllExceptionPermissions(java.lang.Iterable v
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2232,9 +2121,8 @@ public Builder addAllExceptionPermissions(java.lang.Iterable v
      * @return This builder for chaining.
      */
     public Builder clearExceptionPermissions() {
-      exceptionPermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      exceptionPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
       bitField0_ = (bitField0_ & ~0x00000008);
-      ;
       onChanged();
       return this;
     }
@@ -2246,7 +2134,6 @@ public Builder clearExceptionPermissions() {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2263,7 +2150,6 @@ public Builder addExceptionPermissionsBytes(com.google.protobuf.ByteString value
       checkByteStringIsUtf8(value);
       ensureExceptionPermissionsIsMutable();
       exceptionPermissions_.add(value);
-      bitField0_ |= 0x00000008;
       onChanged();
       return this;
     }
@@ -2279,10 +2165,8 @@ public Builder addExceptionPermissionsBytes(com.google.protobuf.ByteString value
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2303,10 +2187,8 @@ public boolean hasDenialCondition() {
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2333,10 +2215,8 @@ public com.google.type.Expr getDenialCondition() {
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2365,10 +2245,8 @@ public Builder setDenialCondition(com.google.type.Expr value) {
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2394,10 +2272,8 @@ public Builder setDenialCondition(com.google.type.Expr.Builder builderForValue)
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2429,10 +2305,8 @@ public Builder mergeDenialCondition(com.google.type.Expr value) {
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2458,10 +2332,8 @@ public Builder clearDenialCondition() {
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2482,10 +2354,8 @@ public com.google.type.Expr.Builder getDenialConditionBuilder() {
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2510,10 +2380,8 @@ public com.google.type.ExprOrBuilder getDenialConditionOrBuilder() {
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DenyRuleOrBuilder.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DenyRuleOrBuilder.java
index cb8dd9758c..1d35367fb8 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DenyRuleOrBuilder.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/DenyRuleOrBuilder.java
@@ -29,40 +29,32 @@ public interface DenyRuleOrBuilder
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -80,40 +72,32 @@ public interface DenyRuleOrBuilder
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -131,40 +115,32 @@ public interface DenyRuleOrBuilder
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -183,40 +159,32 @@ public interface DenyRuleOrBuilder
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -238,7 +206,6 @@ public interface DenyRuleOrBuilder
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -257,7 +224,6 @@ public interface DenyRuleOrBuilder
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -276,7 +242,6 @@ public interface DenyRuleOrBuilder
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -296,7 +261,6 @@ public interface DenyRuleOrBuilder
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -380,7 +344,6 @@ public interface DenyRuleOrBuilder
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -398,7 +361,6 @@ public interface DenyRuleOrBuilder
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -416,7 +378,6 @@ public interface DenyRuleOrBuilder
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -435,7 +396,6 @@ public interface DenyRuleOrBuilder
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -454,10 +414,8 @@ public interface DenyRuleOrBuilder
    * The condition that determines whether this deny rule applies to a request.
    * If the condition expression evaluates to `true`, then the deny rule is
    * applied; otherwise, the deny rule is not applied.
-   *
    * Each deny rule is evaluated independently. If this deny rule does not apply
    * to a request, other deny rules might still apply.
-   *
    * The condition can use CEL functions that evaluate
    * [resource
    * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -476,10 +434,8 @@ public interface DenyRuleOrBuilder
    * The condition that determines whether this deny rule applies to a request.
    * If the condition expression evaluates to `true`, then the deny rule is
    * applied; otherwise, the deny rule is not applied.
-   *
    * Each deny rule is evaluated independently. If this deny rule does not apply
    * to a request, other deny rules might still apply.
-   *
    * The condition can use CEL functions that evaluate
    * [resource
    * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -498,10 +454,8 @@ public interface DenyRuleOrBuilder
    * The condition that determines whether this deny rule applies to a request.
    * If the condition expression evaluates to `true`, then the deny rule is
    * applied; otherwise, the deny rule is not applied.
-   *
    * Each deny rule is evaluated independently. If this deny rule does not apply
    * to a request, other deny rules might still apply.
-   *
    * The condition can use CEL functions that evaluate
    * [resource
    * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/GetPolicyRequest.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/GetPolicyRequest.java
index 1f51e3a3e6..31ae9840b5 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/GetPolicyRequest.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/GetPolicyRequest.java
@@ -47,6 +47,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new GetPolicyRequest();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2.PolicyProto.internal_static_google_iam_v2_GetPolicyRequest_descriptor;
   }
@@ -71,12 +76,9 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    * 
    * Required. The resource name of the policy to retrieve. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -103,12 +105,9 @@ public java.lang.String getName() {
    * 
    * Required. The resource name of the policy to retrieve. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -367,6 +366,39 @@ private void buildPartial0(com.google.iam.v2.GetPolicyRequest result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v2.GetPolicyRequest) {
@@ -442,12 +474,9 @@ public Builder mergeFrom(
      * 
      * Required. The resource name of the policy to retrieve. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -473,12 +502,9 @@ public java.lang.String getName() {
      * 
      * Required. The resource name of the policy to retrieve. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -504,12 +530,9 @@ public com.google.protobuf.ByteString getNameBytes() {
      * 
      * Required. The resource name of the policy to retrieve. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -534,12 +557,9 @@ public Builder setName(java.lang.String value) {
      * 
      * Required. The resource name of the policy to retrieve. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -560,12 +580,9 @@ public Builder clearName() {
      * 
      * Required. The resource name of the policy to retrieve. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/GetPolicyRequestOrBuilder.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/GetPolicyRequestOrBuilder.java
index 4756f85ed0..6f293a3267 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/GetPolicyRequestOrBuilder.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/GetPolicyRequestOrBuilder.java
@@ -29,12 +29,9 @@ public interface GetPolicyRequestOrBuilder
    * 
    * Required. The resource name of the policy to retrieve. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -50,12 +47,9 @@ public interface GetPolicyRequestOrBuilder
    * 
    * Required. The resource name of the policy to retrieve. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/ListPoliciesRequest.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/ListPoliciesRequest.java
index 053058d820..42f23221d0 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/ListPoliciesRequest.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/ListPoliciesRequest.java
@@ -48,6 +48,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new ListPoliciesRequest();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2.PolicyProto
         .internal_static_google_iam_v2_ListPoliciesRequest_descriptor;
@@ -74,13 +79,10 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    * Required. The resource that the policy is attached to, along with the kind of policy
    * to list. Format:
    * `policies/{attachment_point}/denypolicies`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    *
@@ -108,13 +110,10 @@ public java.lang.String getParent() { * Required. The resource that the policy is attached to, along with the kind of policy * to list. Format: * `policies/{attachment_point}/denypolicies` - * - * * The attachment point is identified by its URL-encoded full resource name, * which means that the forward-slash character, `/`, must be written as * `%2F`. For example, * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`. - * * For organizations and folders, use the numeric ID in the full resource * name. For projects, you can use the alphanumeric or the numeric ID. * @@ -472,6 +471,39 @@ private void buildPartial0(com.google.iam.v2.ListPoliciesRequest result) { } } + @java.lang.Override + public Builder clone() { + return super.clone(); + } + + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.setField(field, value); + } + + @java.lang.Override + public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + + @java.lang.Override + public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override public Builder mergeFrom(com.google.protobuf.Message other) { if (other instanceof com.google.iam.v2.ListPoliciesRequest) { @@ -568,13 +600,10 @@ public Builder mergeFrom( * Required. The resource that the policy is attached to, along with the kind of policy * to list. Format: * `policies/{attachment_point}/denypolicies` - * - * * The attachment point is identified by its URL-encoded full resource name, * which means that the forward-slash character, `/`, must be written as * `%2F`. For example, * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`. - * * For organizations and folders, use the numeric ID in the full resource * name. For projects, you can use the alphanumeric or the numeric ID. * @@ -601,13 +630,10 @@ public java.lang.String getParent() { * Required. The resource that the policy is attached to, along with the kind of policy * to list. Format: * `policies/{attachment_point}/denypolicies` - * - * * The attachment point is identified by its URL-encoded full resource name, * which means that the forward-slash character, `/`, must be written as * `%2F`. For example, * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`. - * * For organizations and folders, use the numeric ID in the full resource * name. For projects, you can use the alphanumeric or the numeric ID. * @@ -634,13 +660,10 @@ public com.google.protobuf.ByteString getParentBytes() { * Required. The resource that the policy is attached to, along with the kind of policy * to list. Format: * `policies/{attachment_point}/denypolicies` - * - * * The attachment point is identified by its URL-encoded full resource name, * which means that the forward-slash character, `/`, must be written as * `%2F`. For example, * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`. - * * For organizations and folders, use the numeric ID in the full resource * name. For projects, you can use the alphanumeric or the numeric ID. * @@ -666,13 +689,10 @@ public Builder setParent(java.lang.String value) { * Required. The resource that the policy is attached to, along with the kind of policy * to list. Format: * `policies/{attachment_point}/denypolicies` - * - * * The attachment point is identified by its URL-encoded full resource name, * which means that the forward-slash character, `/`, must be written as * `%2F`. For example, * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`. - * * For organizations and folders, use the numeric ID in the full resource * name. For projects, you can use the alphanumeric or the numeric ID. * @@ -694,13 +714,10 @@ public Builder clearParent() { * Required. The resource that the policy is attached to, along with the kind of policy * to list. Format: * `policies/{attachment_point}/denypolicies` - * - * * The attachment point is identified by its URL-encoded full resource name, * which means that the forward-slash character, `/`, must be written as * `%2F`. For example, * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`. - * * For organizations and folders, use the numeric ID in the full resource * name. For projects, you can use the alphanumeric or the numeric ID. * diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/ListPoliciesRequestOrBuilder.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/ListPoliciesRequestOrBuilder.java index 45bde87af8..bfea871b46 100644 --- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/ListPoliciesRequestOrBuilder.java +++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/ListPoliciesRequestOrBuilder.java @@ -30,13 +30,10 @@ public interface ListPoliciesRequestOrBuilder * Required. The resource that the policy is attached to, along with the kind of policy * to list. Format: * `policies/{attachment_point}/denypolicies` - * - * * The attachment point is identified by its URL-encoded full resource name, * which means that the forward-slash character, `/`, must be written as * `%2F`. For example, * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`. - * * For organizations and folders, use the numeric ID in the full resource * name. For projects, you can use the alphanumeric or the numeric ID. * @@ -53,13 +50,10 @@ public interface ListPoliciesRequestOrBuilder * Required. The resource that the policy is attached to, along with the kind of policy * to list. Format: * `policies/{attachment_point}/denypolicies` - * - * * The attachment point is identified by its URL-encoded full resource name, * which means that the forward-slash character, `/`, must be written as * `%2F`. For example, * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`. - * * For organizations and folders, use the numeric ID in the full resource * name. For projects, you can use the alphanumeric or the numeric ID. * diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/ListPoliciesResponse.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/ListPoliciesResponse.java index 0003d236d0..85d5cf7b5d 100644 --- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/ListPoliciesResponse.java +++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/ListPoliciesResponse.java @@ -48,6 +48,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) { return new ListPoliciesResponse(); } + @java.lang.Override + public final com.google.protobuf.UnknownFieldSet getUnknownFields() { + return this.unknownFields; + } + public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { return com.google.iam.v2.PolicyProto .internal_static_google_iam_v2_ListPoliciesResponse_descriptor; @@ -456,6 +461,39 @@ private void buildPartial0(com.google.iam.v2.ListPoliciesResponse result) { } } + @java.lang.Override + public Builder clone() { + return super.clone(); + } + + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.setField(field, value); + } + + @java.lang.Override + public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + + @java.lang.Override + public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override public Builder mergeFrom(com.google.protobuf.Message other) { if (other instanceof com.google.iam.v2.ListPoliciesResponse) { diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/Policy.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/Policy.java index 7b4e45d901..2c6ad8972b 100644 --- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/Policy.java +++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/Policy.java @@ -53,6 +53,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) { return new Policy(); } + @java.lang.Override + public final com.google.protobuf.UnknownFieldSet getUnknownFields() { + return this.unknownFields; + } + public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { return com.google.iam.v2.PolicyProto.internal_static_google_iam_v2_Policy_descriptor; } @@ -86,13 +91,10 @@ protected com.google.protobuf.MapField internalGetMapField(int number) { * 
    * Immutable. The resource name of the `Policy`, which must be unique. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, requests can use the alphanumeric or the numeric ID.
    * Responses always contain the numeric ID.
@@ -120,13 +122,10 @@ public java.lang.String getName() {
    * 
    * Immutable. The resource name of the `Policy`, which must be unique. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, requests can use the alphanumeric or the numeric ID.
    * Responses always contain the numeric ID.
@@ -424,7 +423,6 @@ public java.lang.String getAnnotationsOrThrow(java.lang.String key) {
    * An opaque tag that identifies the current version of the `Policy`. IAM uses
    * this value to help manage concurrent updates, so they do not cause one
    * update to be overwritten by another.
-   *
    * If this field is present in a [CreatePolicy][] request, the value is
    * ignored.
    * 

@@ -452,7 +450,6 @@ public java.lang.String getEtag() {
    * An opaque tag that identifies the current version of the `Policy`. IAM uses
    * this value to help manage concurrent updates, so they do not cause one
    * update to be overwritten by another.
-   *
    * If this field is present in a [CreatePolicy][] request, the value is
    * ignored.
    *
@@ -1186,6 +1183,39 @@ private void buildPartial0(com.google.iam.v2.Policy result) { } } + @java.lang.Override + public Builder clone() { + return super.clone(); + } + + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.setField(field, value); + } + + @java.lang.Override + public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + + @java.lang.Override + public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override public Builder mergeFrom(com.google.protobuf.Message other) { if (other instanceof com.google.iam.v2.Policy) { @@ -1396,13 +1426,10 @@ public Builder mergeFrom( * 
      * Immutable. The resource name of the `Policy`, which must be unique. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, requests can use the alphanumeric or the numeric ID.
      * Responses always contain the numeric ID.
@@ -1429,13 +1456,10 @@ public java.lang.String getName() {
      * 
      * Immutable. The resource name of the `Policy`, which must be unique. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, requests can use the alphanumeric or the numeric ID.
      * Responses always contain the numeric ID.
@@ -1462,13 +1486,10 @@ public com.google.protobuf.ByteString getNameBytes() {
      * 
      * Immutable. The resource name of the `Policy`, which must be unique. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, requests can use the alphanumeric or the numeric ID.
      * Responses always contain the numeric ID.
@@ -1494,13 +1515,10 @@ public Builder setName(java.lang.String value) {
      * 
      * Immutable. The resource name of the `Policy`, which must be unique. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, requests can use the alphanumeric or the numeric ID.
      * Responses always contain the numeric ID.
@@ -1522,13 +1540,10 @@ public Builder clearName() {
      * 
      * Immutable. The resource name of the `Policy`, which must be unique. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, requests can use the alphanumeric or the numeric ID.
      * Responses always contain the numeric ID.
@@ -2059,7 +2074,6 @@ public Builder putAllAnnotations(java.util.Map
@@ -2086,7 +2100,6 @@ public java.lang.String getEtag() {
      * An opaque tag that identifies the current version of the `Policy`. IAM uses
      * this value to help manage concurrent updates, so they do not cause one
      * update to be overwritten by another.
-     *
      * If this field is present in a [CreatePolicy][] request, the value is
      * ignored.
      * 

@@ -2113,7 +2126,6 @@ public com.google.protobuf.ByteString getEtagBytes() {
      * An opaque tag that identifies the current version of the `Policy`. IAM uses
      * this value to help manage concurrent updates, so they do not cause one
      * update to be overwritten by another.
-     *
      * If this field is present in a [CreatePolicy][] request, the value is
      * ignored.
      * 

@@ -2139,7 +2151,6 @@ public Builder setEtag(java.lang.String value) {
      * An opaque tag that identifies the current version of the `Policy`. IAM uses
      * this value to help manage concurrent updates, so they do not cause one
      * update to be overwritten by another.
-     *
      * If this field is present in a [CreatePolicy][] request, the value is
      * ignored.
      * 

@@ -2161,7 +2172,6 @@ public Builder clearEtag() {
      * An opaque tag that identifies the current version of the `Policy`. IAM uses
      * this value to help manage concurrent updates, so they do not cause one
      * update to be overwritten by another.
-     *
      * If this field is present in a [CreatePolicy][] request, the value is
      * ignored.
      * 

diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyOperationMetadata.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyOperationMetadata.java
index ba3e43f112..15a04e7840 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyOperationMetadata.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyOperationMetadata.java
@@ -45,6 +45,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new PolicyOperationMetadata();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2.PolicyProto
         .internal_static_google_iam_v2_PolicyOperationMetadata_descriptor;
@@ -355,6 +360,39 @@ private void buildPartial0(com.google.iam.v2.PolicyOperationMetadata result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v2.PolicyOperationMetadata) {
diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyOrBuilder.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyOrBuilder.java
index 8e87db6374..44e15c3d3b 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyOrBuilder.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyOrBuilder.java
@@ -29,13 +29,10 @@ public interface PolicyOrBuilder
    * 
    * Immutable. The resource name of the `Policy`, which must be unique. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, requests can use the alphanumeric or the numeric ID.
    * Responses always contain the numeric ID.
@@ -52,13 +49,10 @@ public interface PolicyOrBuilder
    * 
    * Immutable. The resource name of the `Policy`, which must be unique. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, requests can use the alphanumeric or the numeric ID.
    * Responses always contain the numeric ID.
@@ -219,7 +213,6 @@ java.lang.String getAnnotationsOrDefault(
    * An opaque tag that identifies the current version of the `Policy`. IAM uses
    * this value to help manage concurrent updates, so they do not cause one
    * update to be overwritten by another.
-   *
    * If this field is present in a [CreatePolicy][] request, the value is
    * ignored.
    * 

@@ -236,7 +229,6 @@ java.lang.String getAnnotationsOrDefault(
    * An opaque tag that identifies the current version of the `Policy`. IAM uses
    * this value to help manage concurrent updates, so they do not cause one
    * update to be overwritten by another.
-   *
    * If this field is present in a [CreatePolicy][] request, the value is
    * ignored.
    * 

diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyProto.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyProto.java
index e8933f1a0c..d7b59bfe2a 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyProto.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyProto.java
@@ -81,59 +81,58 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
           + "e/api/client.proto\032\037google/api/field_beh"
           + "avior.proto\032\030google/iam/v2/deny.proto\032#g"
           + "oogle/longrunning/operations.proto\032\037goog"
-          + "le/protobuf/timestamp.proto\"\311\003\n\006Policy\022\022"
-          + "\n\004name\030\001 \001(\tB\004\342A\001\005\022\021\n\003uid\030\002 \001(\tB\004\342A\001\005\022\022\n"
-          + "\004kind\030\003 \001(\tB\004\342A\001\003\022\024\n\014display_name\030\004 \001(\t\022"
-          + ";\n\013annotations\030\005 \003(\0132&.google.iam.v2.Pol"
-          + "icy.AnnotationsEntry\022\014\n\004etag\030\006 \001(\t\0225\n\013cr"
-          + "eate_time\030\007 \001(\0132\032.google.protobuf.Timest"
-          + "ampB\004\342A\001\003\0225\n\013update_time\030\010 \001(\0132\032.google."
-          + "protobuf.TimestampB\004\342A\001\003\0225\n\013delete_time\030"
-          + "\t \001(\0132\032.google.protobuf.TimestampB\004\342A\001\003\022"
-          + "(\n\005rules\030\n \003(\0132\031.google.iam.v2.PolicyRul"
-          + "e\022 \n\022managing_authority\030\013 \001(\tB\004\342A\001\005\0322\n\020A"
-          + "nnotationsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 "
-          + "\001(\t:\0028\001\"W\n\nPolicyRule\022,\n\tdeny_rule\030\002 \001(\013"
-          + "2\027.google.iam.v2.DenyRuleH\000\022\023\n\013descripti"
-          + "on\030\001 \001(\tB\006\n\004kind\"R\n\023ListPoliciesRequest\022"
-          + "\024\n\006parent\030\001 \001(\tB\004\342A\001\002\022\021\n\tpage_size\030\002 \001(\005"
-          + "\022\022\n\npage_token\030\003 \001(\t\"X\n\024ListPoliciesResp"
-          + "onse\022\'\n\010policies\030\001 \003(\0132\025.google.iam.v2.P"
-          + "olicy\022\027\n\017next_page_token\030\002 \001(\t\"&\n\020GetPol"
-          + "icyRequest\022\022\n\004name\030\001 \001(\tB\004\342A\001\002\"k\n\023Create"
-          + "PolicyRequest\022\024\n\006parent\030\001 \001(\tB\004\342A\001\002\022+\n\006p"
-          + "olicy\030\002 \001(\0132\025.google.iam.v2.PolicyB\004\342A\001\002"
-          + "\022\021\n\tpolicy_id\030\003 \001(\t\"B\n\023UpdatePolicyReque"
-          + "st\022+\n\006policy\030\001 \001(\0132\025.google.iam.v2.Polic"
-          + "yB\004\342A\001\002\"=\n\023DeletePolicyRequest\022\022\n\004name\030\001"
-          + " \001(\tB\004\342A\001\002\022\022\n\004etag\030\002 \001(\tB\004\342A\001\001\"J\n\027Policy"
-          + "OperationMetadata\022/\n\013create_time\030\001 \001(\0132\032"
-          + ".google.protobuf.Timestamp2\320\006\n\010Policies\022"
-          + "\203\001\n\014ListPolicies\022\".google.iam.v2.ListPol"
-          + "iciesRequest\032#.google.iam.v2.ListPolicie"
-          + "sResponse\"*\332A\006parent\202\323\344\223\002\033\022\031/v2/{parent="
-          + "policies/*/*}\022m\n\tGetPolicy\022\037.google.iam."
-          + "v2.GetPolicyRequest\032\025.google.iam.v2.Poli"
-          + "cy\"(\332A\004name\202\323\344\223\002\033\022\031/v2/{name=policies/*/"
-          + "*/*}\022\272\001\n\014CreatePolicy\022\".google.iam.v2.Cr"
-          + "eatePolicyRequest\032\035.google.longrunning.O"
-          + "peration\"g\312A!\n\006Policy\022\027PolicyOperationMe"
-          + "tadata\332A\027parent,policy,policy_id\202\323\344\223\002#\"\031"
-          + "/v2/{parent=policies/*/*}:\006policy\022\247\001\n\014Up"
-          + "datePolicy\022\".google.iam.v2.UpdatePolicyR"
-          + "equest\032\035.google.longrunning.Operation\"T\312"
-          + "A!\n\006Policy\022\027PolicyOperationMetadata\202\323\344\223\002"
-          + "*\032 /v2/{policy.name=policies/*/*/*}:\006pol"
-          + "icy\022\237\001\n\014DeletePolicy\022\".google.iam.v2.Del"
-          + "etePolicyRequest\032\035.google.longrunning.Op"
-          + "eration\"L\312A!\n\006Policy\022\027PolicyOperationMet"
-          + "adata\332A\004name\202\323\344\223\002\033*\031/v2/{name=policies/*"
-          + "/*/*}\032F\312A\022iam.googleapis.com\322A.https://w"
-          + "ww.googleapis.com/auth/cloud-platformBy\n"
-          + "\021com.google.iam.v2B\013PolicyProtoP\001Z)cloud"
-          + ".google.com/go/iam/apiv2/iampb;iampb\252\002\023G"
-          + "oogle.Cloud.Iam.V2\312\002\023Google\\Cloud\\Iam\\V2"
-          + "b\006proto3"
+          + "le/protobuf/timestamp.proto\"\302\003\n\006Policy\022\021"
+          + "\n\004name\030\001 \001(\tB\003\340A\005\022\020\n\003uid\030\002 \001(\tB\003\340A\005\022\021\n\004k"
+          + "ind\030\003 \001(\tB\003\340A\003\022\024\n\014display_name\030\004 \001(\t\022;\n\013"
+          + "annotations\030\005 \003(\0132&.google.iam.v2.Policy"
+          + ".AnnotationsEntry\022\014\n\004etag\030\006 \001(\t\0224\n\013creat"
+          + "e_time\030\007 \001(\0132\032.google.protobuf.Timestamp"
+          + "B\003\340A\003\0224\n\013update_time\030\010 \001(\0132\032.google.prot"
+          + "obuf.TimestampB\003\340A\003\0224\n\013delete_time\030\t \001(\013"
+          + "2\032.google.protobuf.TimestampB\003\340A\003\022(\n\005rul"
+          + "es\030\n \003(\0132\031.google.iam.v2.PolicyRule\022\037\n\022m"
+          + "anaging_authority\030\013 \001(\tB\003\340A\005\0322\n\020Annotati"
+          + "onsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028\001"
+          + "\"W\n\nPolicyRule\022,\n\tdeny_rule\030\002 \001(\0132\027.goog"
+          + "le.iam.v2.DenyRuleH\000\022\023\n\013description\030\001 \001("
+          + "\tB\006\n\004kind\"Q\n\023ListPoliciesRequest\022\023\n\006pare"
+          + "nt\030\001 \001(\tB\003\340A\002\022\021\n\tpage_size\030\002 \001(\005\022\022\n\npage"
+          + "_token\030\003 \001(\t\"X\n\024ListPoliciesResponse\022\'\n\010"
+          + "policies\030\001 \003(\0132\025.google.iam.v2.Policy\022\027\n"
+          + "\017next_page_token\030\002 \001(\t\"%\n\020GetPolicyReque"
+          + "st\022\021\n\004name\030\001 \001(\tB\003\340A\002\"i\n\023CreatePolicyReq"
+          + "uest\022\023\n\006parent\030\001 \001(\tB\003\340A\002\022*\n\006policy\030\002 \001("
+          + "\0132\025.google.iam.v2.PolicyB\003\340A\002\022\021\n\tpolicy_"
+          + "id\030\003 \001(\t\"A\n\023UpdatePolicyRequest\022*\n\006polic"
+          + "y\030\001 \001(\0132\025.google.iam.v2.PolicyB\003\340A\002\";\n\023D"
+          + "eletePolicyRequest\022\021\n\004name\030\001 \001(\tB\003\340A\002\022\021\n"
+          + "\004etag\030\002 \001(\tB\003\340A\001\"J\n\027PolicyOperationMetad"
+          + "ata\022/\n\013create_time\030\001 \001(\0132\032.google.protob"
+          + "uf.Timestamp2\320\006\n\010Policies\022\203\001\n\014ListPolici"
+          + "es\022\".google.iam.v2.ListPoliciesRequest\032#"
+          + ".google.iam.v2.ListPoliciesResponse\"*\202\323\344"
+          + "\223\002\033\022\031/v2/{parent=policies/*/*}\332A\006parent\022"
+          + "m\n\tGetPolicy\022\037.google.iam.v2.GetPolicyRe"
+          + "quest\032\025.google.iam.v2.Policy\"(\202\323\344\223\002\033\022\031/v"
+          + "2/{name=policies/*/*/*}\332A\004name\022\272\001\n\014Creat"
+          + "ePolicy\022\".google.iam.v2.CreatePolicyRequ"
+          + "est\032\035.google.longrunning.Operation\"g\202\323\344\223"
+          + "\002#\"\031/v2/{parent=policies/*/*}:\006policy\332A\027"
+          + "parent,policy,policy_id\312A!\n\006Policy\022\027Poli"
+          + "cyOperationMetadata\022\247\001\n\014UpdatePolicy\022\".g"
+          + "oogle.iam.v2.UpdatePolicyRequest\032\035.googl"
+          + "e.longrunning.Operation\"T\202\323\344\223\002*\032 /v2/{po"
+          + "licy.name=policies/*/*/*}:\006policy\312A!\n\006Po"
+          + "licy\022\027PolicyOperationMetadata\022\237\001\n\014Delete"
+          + "Policy\022\".google.iam.v2.DeletePolicyReque"
+          + "st\032\035.google.longrunning.Operation\"L\202\323\344\223\002"
+          + "\033*\031/v2/{name=policies/*/*/*}\332A\004name\312A!\n\006"
+          + "Policy\022\027PolicyOperationMetadata\032F\312A\022iam."
+          + "googleapis.com\322A.https://www.googleapis."
+          + "com/auth/cloud-platformBy\n\021com.google.ia"
+          + "m.v2B\013PolicyProtoP\001Z)cloud.google.com/go"
+          + "/iam/apiv2/iampb;iampb\252\002\023Google.Cloud.Ia"
+          + "m.V2\312\002\023Google\\Cloud\\Iam\\V2b\006proto3"
     };
     descriptor =
         com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyRule.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyRule.java
index 8de7d2eb9b..9e842ab3f1 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyRule.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyRule.java
@@ -47,6 +47,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new PolicyRule();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2.PolicyProto.internal_static_google_iam_v2_PolicyRule_descriptor;
   }
@@ -60,8 +65,6 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
   }
 
   private int kindCase_ = 0;
-
-  @SuppressWarnings("serial")
   private java.lang.Object kind_;
 
   public enum KindCase
@@ -481,6 +484,39 @@ private void buildPartialOneofs(com.google.iam.v2.PolicyRule result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v2.PolicyRule) {
diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyRuleOrBuilder.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyRuleOrBuilder.java
index d3c32e76c7..712ec0723f 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyRuleOrBuilder.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/PolicyRuleOrBuilder.java
@@ -85,5 +85,5 @@ public interface PolicyRuleOrBuilder
    */
   com.google.protobuf.ByteString getDescriptionBytes();
 
-  com.google.iam.v2.PolicyRule.KindCase getKindCase();
+  public com.google.iam.v2.PolicyRule.KindCase getKindCase();
 }
diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/UpdatePolicyRequest.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/UpdatePolicyRequest.java
index cc7bdd8393..bc506e2671 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/UpdatePolicyRequest.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/UpdatePolicyRequest.java
@@ -45,6 +45,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new UpdatePolicyRequest();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2.PolicyProto
         .internal_static_google_iam_v2_UpdatePolicyRequest_descriptor;
@@ -67,7 +72,6 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    * 
    * Required. The policy to update.
-   *
    * To prevent conflicting updates, the `etag` value must match the value that
    * is stored in IAM. If the `etag` values do not match, the request fails with
    * a `409` error code and `ABORTED` status.
@@ -86,7 +90,6 @@ public boolean hasPolicy() {
    *
    * 
    * Required. The policy to update.
-   *
    * To prevent conflicting updates, the `etag` value must match the value that
    * is stored in IAM. If the `etag` values do not match, the request fails with
    * a `409` error code and `ABORTED` status.
@@ -105,7 +108,6 @@ public com.google.iam.v2.Policy getPolicy() {
    *
    * 
    * Required. The policy to update.
-   *
    * To prevent conflicting updates, the `etag` value must match the value that
    * is stored in IAM. If the `etag` values do not match, the request fails with
    * a `409` error code and `ABORTED` status.
@@ -365,6 +367,39 @@ private void buildPartial0(com.google.iam.v2.UpdatePolicyRequest result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v2.UpdatePolicyRequest) {
@@ -442,7 +477,6 @@ public Builder mergeFrom(
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -460,7 +494,6 @@ public boolean hasPolicy() {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -482,7 +515,6 @@ public com.google.iam.v2.Policy getPolicy() {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -508,7 +540,6 @@ public Builder setPolicy(com.google.iam.v2.Policy value) {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -531,7 +562,6 @@ public Builder setPolicy(com.google.iam.v2.Policy.Builder builderForValue) {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -560,7 +590,6 @@ public Builder mergePolicy(com.google.iam.v2.Policy value) {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -583,7 +612,6 @@ public Builder clearPolicy() {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -601,7 +629,6 @@ public com.google.iam.v2.Policy.Builder getPolicyBuilder() {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -621,7 +648,6 @@ public com.google.iam.v2.PolicyOrBuilder getPolicyOrBuilder() {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
diff --git a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/UpdatePolicyRequestOrBuilder.java b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/UpdatePolicyRequestOrBuilder.java
index 3a26ee64ee..fa20ec03d5 100644
--- a/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/UpdatePolicyRequestOrBuilder.java
+++ b/java-iam/proto-google-iam-v2/src/main/java/com/google/iam/v2/UpdatePolicyRequestOrBuilder.java
@@ -28,7 +28,6 @@ public interface UpdatePolicyRequestOrBuilder
    *
    * 
    * Required. The policy to update.
-   *
    * To prevent conflicting updates, the `etag` value must match the value that
    * is stored in IAM. If the `etag` values do not match, the request fails with
    * a `409` error code and `ABORTED` status.
@@ -44,7 +43,6 @@ public interface UpdatePolicyRequestOrBuilder
    *
    * 
    * Required. The policy to update.
-   *
    * To prevent conflicting updates, the `etag` value must match the value that
    * is stored in IAM. If the `etag` values do not match, the request fails with
    * a `409` error code and `ABORTED` status.
@@ -60,7 +58,6 @@ public interface UpdatePolicyRequestOrBuilder
    *
    * 
    * Required. The policy to update.
-   *
    * To prevent conflicting updates, the `etag` value must match the value that
    * is stored in IAM. If the `etag` values do not match, the request fails with
    * a `409` error code and `ABORTED` status.
diff --git a/java-iam/proto-google-iam-v2beta/clirr-ignored-differences.xml b/java-iam/proto-google-iam-v2beta/clirr-ignored-differences.xml
index 7c7553c4b6..136c027be8 100644
--- a/java-iam/proto-google-iam-v2beta/clirr-ignored-differences.xml
+++ b/java-iam/proto-google-iam-v2beta/clirr-ignored-differences.xml
@@ -1,36 +1,6 @@
 
 
 
-  
-    7002
-    com/google/iam/v2beta/*Builder
-    * addRepeatedField(*)
-  
-  
-    7002
-    com/google/iam/v2beta/*Builder
-    * clearField(*)
-  
-  
-    7002
-    com/google/iam/v2beta/*Builder
-    * clearOneof(*)
-  
-  
-    7002
-    com/google/iam/v2beta/*Builder
-    * clone()
-  
-  
-    7002
-    com/google/iam/v2beta/*Builder
-    * setField(*)
-  
-  
-    7002
-    com/google/iam/v2beta/*Builder
-    * setRepeatedField(*)
-  
   
     7012
     com/google/iam/v2beta/*OrBuilder
diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/CreatePolicyRequest.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/CreatePolicyRequest.java
index 65f5f6cda6..370189917a 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/CreatePolicyRequest.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/CreatePolicyRequest.java
@@ -48,6 +48,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new CreatePolicyRequest();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2beta.PolicyProto
         .internal_static_google_iam_v2beta_CreatePolicyRequest_descriptor;
@@ -73,13 +78,10 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    * 
    * Required. The resource that the policy is attached to, along with the kind of policy
    * to create. Format: `policies/{attachment_point}/denypolicies`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -106,13 +108,10 @@ public java.lang.String getParent() {
    * 
    * Required. The resource that the policy is attached to, along with the kind of policy
    * to create. Format: `policies/{attachment_point}/denypolicies`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -512,6 +511,39 @@ private void buildPartial0(com.google.iam.v2beta.CreatePolicyRequest result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v2beta.CreatePolicyRequest) {
@@ -607,13 +639,10 @@ public Builder mergeFrom(
      * 
      * Required. The resource that the policy is attached to, along with the kind of policy
      * to create. Format: `policies/{attachment_point}/denypolicies`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -639,13 +668,10 @@ public java.lang.String getParent() {
      * 
      * Required. The resource that the policy is attached to, along with the kind of policy
      * to create. Format: `policies/{attachment_point}/denypolicies`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -671,13 +697,10 @@ public com.google.protobuf.ByteString getParentBytes() {
      * 
      * Required. The resource that the policy is attached to, along with the kind of policy
      * to create. Format: `policies/{attachment_point}/denypolicies`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -702,13 +725,10 @@ public Builder setParent(java.lang.String value) {
      * 
      * Required. The resource that the policy is attached to, along with the kind of policy
      * to create. Format: `policies/{attachment_point}/denypolicies`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -729,13 +749,10 @@ public Builder clearParent() {
      * 
      * Required. The resource that the policy is attached to, along with the kind of policy
      * to create. Format: `policies/{attachment_point}/denypolicies`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/CreatePolicyRequestOrBuilder.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/CreatePolicyRequestOrBuilder.java
index 51a7e57106..24c4fc2fb6 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/CreatePolicyRequestOrBuilder.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/CreatePolicyRequestOrBuilder.java
@@ -29,13 +29,10 @@ public interface CreatePolicyRequestOrBuilder
    * 
    * Required. The resource that the policy is attached to, along with the kind of policy
    * to create. Format: `policies/{attachment_point}/denypolicies`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -51,13 +48,10 @@ public interface CreatePolicyRequestOrBuilder
    * 
    * Required. The resource that the policy is attached to, along with the kind of policy
    * to create. Format: `policies/{attachment_point}/denypolicies`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DeletePolicyRequest.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DeletePolicyRequest.java
index d9a1ca0ad5..9eae189aef 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DeletePolicyRequest.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DeletePolicyRequest.java
@@ -48,6 +48,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new DeletePolicyRequest();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2beta.PolicyProto
         .internal_static_google_iam_v2beta_DeletePolicyRequest_descriptor;
@@ -73,12 +78,9 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    * 
    * Required. The resource name of the policy to delete. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -105,12 +107,9 @@ public java.lang.String getName() {
    * 
    * Required. The resource name of the policy to delete. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -143,7 +142,6 @@ public com.google.protobuf.ByteString getNameBytes() {
    * Optional. The expected `etag` of the policy to delete. If the value does not match
    * the value that is stored in IAM, the request fails with a `409` error code
    * and `ABORTED` status.
-   *
    * If you omit this field, the policy is deleted regardless of its current
    * `etag`.
    * 

@@ -171,7 +169,6 @@ public java.lang.String getEtag() {
    * Optional. The expected `etag` of the policy to delete. If the value does not match
    * the value that is stored in IAM, the request fails with a `409` error code
    * and `ABORTED` status.
-   *
    * If you omit this field, the policy is deleted regardless of its current
    * `etag`.
    * 

@@ -446,6 +443,39 @@ private void buildPartial0(com.google.iam.v2beta.DeletePolicyRequest result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v2beta.DeletePolicyRequest) {
@@ -532,12 +562,9 @@ public Builder mergeFrom(
      * 
      * Required. The resource name of the policy to delete. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -563,12 +590,9 @@ public java.lang.String getName() {
      * 
      * Required. The resource name of the policy to delete. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -594,12 +618,9 @@ public com.google.protobuf.ByteString getNameBytes() {
      * 
      * Required. The resource name of the policy to delete. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -624,12 +645,9 @@ public Builder setName(java.lang.String value) {
      * 
      * Required. The resource name of the policy to delete. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -650,12 +668,9 @@ public Builder clearName() {
      * 
      * Required. The resource name of the policy to delete. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -684,7 +699,6 @@ public Builder setNameBytes(com.google.protobuf.ByteString value) {
      * Optional. The expected `etag` of the policy to delete. If the value does not match
      * the value that is stored in IAM, the request fails with a `409` error code
      * and `ABORTED` status.
-     *
      * If you omit this field, the policy is deleted regardless of its current
      * `etag`.
      * 

@@ -711,7 +725,6 @@ public java.lang.String getEtag() {
      * Optional. The expected `etag` of the policy to delete. If the value does not match
      * the value that is stored in IAM, the request fails with a `409` error code
      * and `ABORTED` status.
-     *
      * If you omit this field, the policy is deleted regardless of its current
      * `etag`.
      * 

@@ -738,7 +751,6 @@ public com.google.protobuf.ByteString getEtagBytes() {
      * Optional. The expected `etag` of the policy to delete. If the value does not match
      * the value that is stored in IAM, the request fails with a `409` error code
      * and `ABORTED` status.
-     *
      * If you omit this field, the policy is deleted regardless of its current
      * `etag`.
      * 

@@ -764,7 +776,6 @@ public Builder setEtag(java.lang.String value) {
      * Optional. The expected `etag` of the policy to delete. If the value does not match
      * the value that is stored in IAM, the request fails with a `409` error code
      * and `ABORTED` status.
-     *
      * If you omit this field, the policy is deleted regardless of its current
      * `etag`.
      * 

@@ -786,7 +797,6 @@ public Builder clearEtag() {
      * Optional. The expected `etag` of the policy to delete. If the value does not match
      * the value that is stored in IAM, the request fails with a `409` error code
      * and `ABORTED` status.
-     *
      * If you omit this field, the policy is deleted regardless of its current
      * `etag`.
      * 

diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DeletePolicyRequestOrBuilder.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DeletePolicyRequestOrBuilder.java
index 101572706d..1b19529885 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DeletePolicyRequestOrBuilder.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DeletePolicyRequestOrBuilder.java
@@ -29,12 +29,9 @@ public interface DeletePolicyRequestOrBuilder
    * 
    * Required. The resource name of the policy to delete. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -50,12 +47,9 @@ public interface DeletePolicyRequestOrBuilder
    * 
    * Required. The resource name of the policy to delete. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -73,7 +67,6 @@ public interface DeletePolicyRequestOrBuilder
    * Optional. The expected `etag` of the policy to delete. If the value does not match
    * the value that is stored in IAM, the request fails with a `409` error code
    * and `ABORTED` status.
-   *
    * If you omit this field, the policy is deleted regardless of its current
    * `etag`.
    * 

@@ -90,7 +83,6 @@ public interface DeletePolicyRequestOrBuilder
    * Optional. The expected `etag` of the policy to delete. If the value does not match
    * the value that is stored in IAM, the request fails with a `409` error code
    * and `ABORTED` status.
-   *
    * If you omit this field, the policy is deleted regardless of its current
    * `etag`.
    * 

diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DenyRule.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DenyRule.java
index 2763ff66f0..2d2a3b6363 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DenyRule.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DenyRule.java
@@ -38,10 +38,10 @@ private DenyRule(com.google.protobuf.GeneratedMessageV3.Builder builder) {
   }
 
   private DenyRule() {
-    deniedPrincipals_ = com.google.protobuf.LazyStringArrayList.emptyList();
-    exceptionPrincipals_ = com.google.protobuf.LazyStringArrayList.emptyList();
-    deniedPermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
-    exceptionPermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
+    deniedPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    exceptionPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    deniedPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    exceptionPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
   }
 
   @java.lang.Override
@@ -50,6 +50,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new DenyRule();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2beta.DenyRuleProto
         .internal_static_google_iam_v2beta_DenyRule_descriptor;
@@ -67,48 +72,39 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
   public static final int DENIED_PRINCIPALS_FIELD_NUMBER = 1;
 
   @SuppressWarnings("serial")
-  private com.google.protobuf.LazyStringArrayList deniedPrincipals_ =
-      com.google.protobuf.LazyStringArrayList.emptyList();
+  private com.google.protobuf.LazyStringList deniedPrincipals_;
   /**
    *
    *
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -128,40 +124,32 @@ public com.google.protobuf.ProtocolStringList getDeniedPrincipalsList() {
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -181,40 +169,32 @@ public int getDeniedPrincipalsCount() {
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -235,40 +215,32 @@ public java.lang.String getDeniedPrincipals(int index) {
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -287,8 +259,7 @@ public com.google.protobuf.ByteString getDeniedPrincipalsBytes(int index) {
   public static final int EXCEPTION_PRINCIPALS_FIELD_NUMBER = 2;
 
   @SuppressWarnings("serial")
-  private com.google.protobuf.LazyStringArrayList exceptionPrincipals_ =
-      com.google.protobuf.LazyStringArrayList.emptyList();
+  private com.google.protobuf.LazyStringList exceptionPrincipals_;
   /**
    *
    *
@@ -297,7 +268,6 @@ public com.google.protobuf.ByteString getDeniedPrincipalsBytes(int index) {
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -318,7 +288,6 @@ public com.google.protobuf.ProtocolStringList getExceptionPrincipalsList() {
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -339,7 +308,6 @@ public int getExceptionPrincipalsCount() {
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -361,7 +329,6 @@ public java.lang.String getExceptionPrincipals(int index) {
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -379,8 +346,7 @@ public com.google.protobuf.ByteString getExceptionPrincipalsBytes(int index) {
   public static final int DENIED_PERMISSIONS_FIELD_NUMBER = 3;
 
   @SuppressWarnings("serial")
-  private com.google.protobuf.LazyStringArrayList deniedPermissions_ =
-      com.google.protobuf.LazyStringArrayList.emptyList();
+  private com.google.protobuf.LazyStringList deniedPermissions_;
   /**
    *
    *
@@ -455,8 +421,7 @@ public com.google.protobuf.ByteString getDeniedPermissionsBytes(int index) {
   public static final int EXCEPTION_PERMISSIONS_FIELD_NUMBER = 4;
 
   @SuppressWarnings("serial")
-  private com.google.protobuf.LazyStringArrayList exceptionPermissions_ =
-      com.google.protobuf.LazyStringArrayList.emptyList();
+  private com.google.protobuf.LazyStringList exceptionPermissions_;
   /**
    *
    *
@@ -465,7 +430,6 @@ public com.google.protobuf.ByteString getDeniedPermissionsBytes(int index) {
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -485,7 +449,6 @@ public com.google.protobuf.ProtocolStringList getExceptionPermissionsList() {
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -505,7 +468,6 @@ public int getExceptionPermissionsCount() {
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -526,7 +488,6 @@ public java.lang.String getExceptionPermissions(int index) {
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -549,10 +510,8 @@ public com.google.protobuf.ByteString getExceptionPermissionsBytes(int index) {
    * The condition that determines whether this deny rule applies to a request.
    * If the condition expression evaluates to `true`, then the deny rule is
    * applied; otherwise, the deny rule is not applied.
-   *
    * Each deny rule is evaluated independently. If this deny rule does not apply
    * to a request, other deny rules might still apply.
-   *
    * The condition can use CEL functions that evaluate
    * [resource
    * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -574,10 +533,8 @@ public boolean hasDenialCondition() {
    * The condition that determines whether this deny rule applies to a request.
    * If the condition expression evaluates to `true`, then the deny rule is
    * applied; otherwise, the deny rule is not applied.
-   *
    * Each deny rule is evaluated independently. If this deny rule does not apply
    * to a request, other deny rules might still apply.
-   *
    * The condition can use CEL functions that evaluate
    * [resource
    * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -599,10 +556,8 @@ public com.google.type.Expr getDenialCondition() {
    * The condition that determines whether this deny rule applies to a request.
    * If the condition expression evaluates to `true`, then the deny rule is
    * applied; otherwise, the deny rule is not applied.
-   *
    * Each deny rule is evaluated independently. If this deny rule does not apply
    * to a request, other deny rules might still apply.
-   *
    * The condition can use CEL functions that evaluate
    * [resource
    * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -881,10 +836,14 @@ private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
     public Builder clear() {
       super.clear();
       bitField0_ = 0;
-      deniedPrincipals_ = com.google.protobuf.LazyStringArrayList.emptyList();
-      exceptionPrincipals_ = com.google.protobuf.LazyStringArrayList.emptyList();
-      deniedPermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
-      exceptionPermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      deniedPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000001);
+      exceptionPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      deniedPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000004);
+      exceptionPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000008);
       denialCondition_ = null;
       if (denialConditionBuilder_ != null) {
         denialConditionBuilder_.dispose();
@@ -916,6 +875,7 @@ public com.google.iam.v2beta.DenyRule build() {
     @java.lang.Override
     public com.google.iam.v2beta.DenyRule buildPartial() {
       com.google.iam.v2beta.DenyRule result = new com.google.iam.v2beta.DenyRule(this);
+      buildPartialRepeatedFields(result);
       if (bitField0_ != 0) {
         buildPartial0(result);
       }
@@ -923,30 +883,70 @@ public com.google.iam.v2beta.DenyRule buildPartial() {
       return result;
     }
 
-    private void buildPartial0(com.google.iam.v2beta.DenyRule result) {
-      int from_bitField0_ = bitField0_;
-      if (((from_bitField0_ & 0x00000001) != 0)) {
-        deniedPrincipals_.makeImmutable();
-        result.deniedPrincipals_ = deniedPrincipals_;
+    private void buildPartialRepeatedFields(com.google.iam.v2beta.DenyRule result) {
+      if (((bitField0_ & 0x00000001) != 0)) {
+        deniedPrincipals_ = deniedPrincipals_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000001);
       }
-      if (((from_bitField0_ & 0x00000002) != 0)) {
-        exceptionPrincipals_.makeImmutable();
-        result.exceptionPrincipals_ = exceptionPrincipals_;
+      result.deniedPrincipals_ = deniedPrincipals_;
+      if (((bitField0_ & 0x00000002) != 0)) {
+        exceptionPrincipals_ = exceptionPrincipals_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
       }
-      if (((from_bitField0_ & 0x00000004) != 0)) {
-        deniedPermissions_.makeImmutable();
-        result.deniedPermissions_ = deniedPermissions_;
+      result.exceptionPrincipals_ = exceptionPrincipals_;
+      if (((bitField0_ & 0x00000004) != 0)) {
+        deniedPermissions_ = deniedPermissions_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000004);
       }
-      if (((from_bitField0_ & 0x00000008) != 0)) {
-        exceptionPermissions_.makeImmutable();
-        result.exceptionPermissions_ = exceptionPermissions_;
+      result.deniedPermissions_ = deniedPermissions_;
+      if (((bitField0_ & 0x00000008) != 0)) {
+        exceptionPermissions_ = exceptionPermissions_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000008);
       }
+      result.exceptionPermissions_ = exceptionPermissions_;
+    }
+
+    private void buildPartial0(com.google.iam.v2beta.DenyRule result) {
+      int from_bitField0_ = bitField0_;
       if (((from_bitField0_ & 0x00000010) != 0)) {
         result.denialCondition_ =
             denialConditionBuilder_ == null ? denialCondition_ : denialConditionBuilder_.build();
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v2beta.DenyRule) {
@@ -962,7 +962,7 @@ public Builder mergeFrom(com.google.iam.v2beta.DenyRule other) {
       if (!other.deniedPrincipals_.isEmpty()) {
         if (deniedPrincipals_.isEmpty()) {
           deniedPrincipals_ = other.deniedPrincipals_;
-          bitField0_ |= 0x00000001;
+          bitField0_ = (bitField0_ & ~0x00000001);
         } else {
           ensureDeniedPrincipalsIsMutable();
           deniedPrincipals_.addAll(other.deniedPrincipals_);
@@ -972,7 +972,7 @@ public Builder mergeFrom(com.google.iam.v2beta.DenyRule other) {
       if (!other.exceptionPrincipals_.isEmpty()) {
         if (exceptionPrincipals_.isEmpty()) {
           exceptionPrincipals_ = other.exceptionPrincipals_;
-          bitField0_ |= 0x00000002;
+          bitField0_ = (bitField0_ & ~0x00000002);
         } else {
           ensureExceptionPrincipalsIsMutable();
           exceptionPrincipals_.addAll(other.exceptionPrincipals_);
@@ -982,7 +982,7 @@ public Builder mergeFrom(com.google.iam.v2beta.DenyRule other) {
       if (!other.deniedPermissions_.isEmpty()) {
         if (deniedPermissions_.isEmpty()) {
           deniedPermissions_ = other.deniedPermissions_;
-          bitField0_ |= 0x00000004;
+          bitField0_ = (bitField0_ & ~0x00000004);
         } else {
           ensureDeniedPermissionsIsMutable();
           deniedPermissions_.addAll(other.deniedPermissions_);
@@ -992,7 +992,7 @@ public Builder mergeFrom(com.google.iam.v2beta.DenyRule other) {
       if (!other.exceptionPermissions_.isEmpty()) {
         if (exceptionPermissions_.isEmpty()) {
           exceptionPermissions_ = other.exceptionPermissions_;
-          bitField0_ |= 0x00000008;
+          bitField0_ = (bitField0_ & ~0x00000008);
         } else {
           ensureExceptionPermissionsIsMutable();
           exceptionPermissions_.addAll(other.exceptionPermissions_);
@@ -1081,14 +1081,14 @@ public Builder mergeFrom(
 
     private int bitField0_;
 
-    private com.google.protobuf.LazyStringArrayList deniedPrincipals_ =
-        com.google.protobuf.LazyStringArrayList.emptyList();
+    private com.google.protobuf.LazyStringList deniedPrincipals_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
 
     private void ensureDeniedPrincipalsIsMutable() {
-      if (!deniedPrincipals_.isModifiable()) {
+      if (!((bitField0_ & 0x00000001) != 0)) {
         deniedPrincipals_ = new com.google.protobuf.LazyStringArrayList(deniedPrincipals_);
+        bitField0_ |= 0x00000001;
       }
-      bitField0_ |= 0x00000001;
     }
     /**
      *
@@ -1096,40 +1096,32 @@ private void ensureDeniedPrincipalsIsMutable() {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1141,8 +1133,7 @@ private void ensureDeniedPrincipalsIsMutable() {
      * @return A list containing the deniedPrincipals.
      */
     public com.google.protobuf.ProtocolStringList getDeniedPrincipalsList() {
-      deniedPrincipals_.makeImmutable();
-      return deniedPrincipals_;
+      return deniedPrincipals_.getUnmodifiableView();
     }
     /**
      *
@@ -1150,40 +1141,32 @@ public com.google.protobuf.ProtocolStringList getDeniedPrincipalsList() {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1203,40 +1186,32 @@ public int getDeniedPrincipalsCount() {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1257,40 +1232,32 @@ public java.lang.String getDeniedPrincipals(int index) {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1311,40 +1278,32 @@ public com.google.protobuf.ByteString getDeniedPrincipalsBytes(int index) {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1363,7 +1322,6 @@ public Builder setDeniedPrincipals(int index, java.lang.String value) {
       }
       ensureDeniedPrincipalsIsMutable();
       deniedPrincipals_.set(index, value);
-      bitField0_ |= 0x00000001;
       onChanged();
       return this;
     }
@@ -1373,40 +1331,32 @@ public Builder setDeniedPrincipals(int index, java.lang.String value) {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1424,7 +1374,6 @@ public Builder addDeniedPrincipals(java.lang.String value) {
       }
       ensureDeniedPrincipalsIsMutable();
       deniedPrincipals_.add(value);
-      bitField0_ |= 0x00000001;
       onChanged();
       return this;
     }
@@ -1434,40 +1383,32 @@ public Builder addDeniedPrincipals(java.lang.String value) {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1482,7 +1423,6 @@ public Builder addDeniedPrincipals(java.lang.String value) {
     public Builder addAllDeniedPrincipals(java.lang.Iterable values) {
       ensureDeniedPrincipalsIsMutable();
       com.google.protobuf.AbstractMessageLite.Builder.addAll(values, deniedPrincipals_);
-      bitField0_ |= 0x00000001;
       onChanged();
       return this;
     }
@@ -1492,40 +1432,32 @@ public Builder addAllDeniedPrincipals(java.lang.Iterable value
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1537,9 +1469,8 @@ public Builder addAllDeniedPrincipals(java.lang.Iterable value
      * @return This builder for chaining.
      */
     public Builder clearDeniedPrincipals() {
-      deniedPrincipals_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      deniedPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
       bitField0_ = (bitField0_ & ~0x00000001);
-      ;
       onChanged();
       return this;
     }
@@ -1549,40 +1480,32 @@ public Builder clearDeniedPrincipals() {
      * 
      * The identities that are prevented from using one or more permissions on
      * Google Cloud resources. This field can contain the following values:
-     *
      * * `principalSet://goog/public:all`: A special identifier that represents
      *   any principal that is on the internet, even if they do not have a Google
      *   Account or are not logged in.
-     *
      * * `principal://goog/subject/{email_id}`: A specific Google Account.
      *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
      *   example, `principal://goog/subject/alice@example.com`.
-     *
      * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
      *   Google Account that was deleted recently. For example,
      *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
      *   the Google Account is recovered, this identifier reverts to the standard
      *   identifier for a Google Account.
-     *
      * * `principalSet://goog/group/{group_id}`: A Google group. For example,
      *   `principalSet://goog/group/admins@example.com`.
-     *
      * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
      *   that was deleted recently. For example,
      *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
      *   the Google group is restored, this identifier reverts to the standard
      *   identifier for a Google group.
-     *
      * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
      *   A Google Cloud service account. For example,
      *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-     *
      * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
      *   A Google Cloud service account that was deleted recently. For example,
      *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
      *   If the service account is undeleted, this identifier reverts to the
      *   standard identifier for a service account.
-     *
      * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
      *   principals associated with the specified Google Workspace or Cloud
      *   Identity customer ID. For example,
@@ -1601,19 +1524,18 @@ public Builder addDeniedPrincipalsBytes(com.google.protobuf.ByteString value) {
       checkByteStringIsUtf8(value);
       ensureDeniedPrincipalsIsMutable();
       deniedPrincipals_.add(value);
-      bitField0_ |= 0x00000001;
       onChanged();
       return this;
     }
 
-    private com.google.protobuf.LazyStringArrayList exceptionPrincipals_ =
-        com.google.protobuf.LazyStringArrayList.emptyList();
+    private com.google.protobuf.LazyStringList exceptionPrincipals_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
 
     private void ensureExceptionPrincipalsIsMutable() {
-      if (!exceptionPrincipals_.isModifiable()) {
+      if (!((bitField0_ & 0x00000002) != 0)) {
         exceptionPrincipals_ = new com.google.protobuf.LazyStringArrayList(exceptionPrincipals_);
+        bitField0_ |= 0x00000002;
       }
-      bitField0_ |= 0x00000002;
     }
     /**
      *
@@ -1623,7 +1545,6 @@ private void ensureExceptionPrincipalsIsMutable() {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1634,8 +1555,7 @@ private void ensureExceptionPrincipalsIsMutable() {
      * @return A list containing the exceptionPrincipals.
      */
     public com.google.protobuf.ProtocolStringList getExceptionPrincipalsList() {
-      exceptionPrincipals_.makeImmutable();
-      return exceptionPrincipals_;
+      return exceptionPrincipals_.getUnmodifiableView();
     }
     /**
      *
@@ -1645,7 +1565,6 @@ public com.google.protobuf.ProtocolStringList getExceptionPrincipalsList() {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1666,7 +1585,6 @@ public int getExceptionPrincipalsCount() {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1688,7 +1606,6 @@ public java.lang.String getExceptionPrincipals(int index) {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1710,7 +1627,6 @@ public com.google.protobuf.ByteString getExceptionPrincipalsBytes(int index) {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1728,7 +1644,6 @@ public Builder setExceptionPrincipals(int index, java.lang.String value) {
       }
       ensureExceptionPrincipalsIsMutable();
       exceptionPrincipals_.set(index, value);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
@@ -1740,7 +1655,6 @@ public Builder setExceptionPrincipals(int index, java.lang.String value) {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1757,7 +1671,6 @@ public Builder addExceptionPrincipals(java.lang.String value) {
       }
       ensureExceptionPrincipalsIsMutable();
       exceptionPrincipals_.add(value);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
@@ -1769,7 +1682,6 @@ public Builder addExceptionPrincipals(java.lang.String value) {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1783,7 +1695,6 @@ public Builder addExceptionPrincipals(java.lang.String value) {
     public Builder addAllExceptionPrincipals(java.lang.Iterable values) {
       ensureExceptionPrincipalsIsMutable();
       com.google.protobuf.AbstractMessageLite.Builder.addAll(values, exceptionPrincipals_);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
@@ -1795,7 +1706,6 @@ public Builder addAllExceptionPrincipals(java.lang.Iterable va
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1806,9 +1716,8 @@ public Builder addAllExceptionPrincipals(java.lang.Iterable va
      * @return This builder for chaining.
      */
     public Builder clearExceptionPrincipals() {
-      exceptionPrincipals_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      exceptionPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
       bitField0_ = (bitField0_ & ~0x00000002);
-      ;
       onChanged();
       return this;
     }
@@ -1820,7 +1729,6 @@ public Builder clearExceptionPrincipals() {
      * listed in the `denied_principals`. For example, you could add a Google
      * group to the `denied_principals`, then exclude specific users who belong to
      * that group.
-     *
      * This field can contain the same values as the `denied_principals` field,
      * excluding `principalSet://goog/public:all`, which represents all users on
      * the internet.
@@ -1838,19 +1746,18 @@ public Builder addExceptionPrincipalsBytes(com.google.protobuf.ByteString value)
       checkByteStringIsUtf8(value);
       ensureExceptionPrincipalsIsMutable();
       exceptionPrincipals_.add(value);
-      bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
 
-    private com.google.protobuf.LazyStringArrayList deniedPermissions_ =
-        com.google.protobuf.LazyStringArrayList.emptyList();
+    private com.google.protobuf.LazyStringList deniedPermissions_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
 
     private void ensureDeniedPermissionsIsMutable() {
-      if (!deniedPermissions_.isModifiable()) {
+      if (!((bitField0_ & 0x00000004) != 0)) {
         deniedPermissions_ = new com.google.protobuf.LazyStringArrayList(deniedPermissions_);
+        bitField0_ |= 0x00000004;
       }
-      bitField0_ |= 0x00000004;
     }
     /**
      *
@@ -1867,8 +1774,7 @@ private void ensureDeniedPermissionsIsMutable() {
      * @return A list containing the deniedPermissions.
      */
     public com.google.protobuf.ProtocolStringList getDeniedPermissionsList() {
-      deniedPermissions_.makeImmutable();
-      return deniedPermissions_;
+      return deniedPermissions_.getUnmodifiableView();
     }
     /**
      *
@@ -1945,7 +1851,6 @@ public Builder setDeniedPermissions(int index, java.lang.String value) {
       }
       ensureDeniedPermissionsIsMutable();
       deniedPermissions_.set(index, value);
-      bitField0_ |= 0x00000004;
       onChanged();
       return this;
     }
@@ -1970,7 +1875,6 @@ public Builder addDeniedPermissions(java.lang.String value) {
       }
       ensureDeniedPermissionsIsMutable();
       deniedPermissions_.add(value);
-      bitField0_ |= 0x00000004;
       onChanged();
       return this;
     }
@@ -1992,7 +1896,6 @@ public Builder addDeniedPermissions(java.lang.String value) {
     public Builder addAllDeniedPermissions(java.lang.Iterable values) {
       ensureDeniedPermissionsIsMutable();
       com.google.protobuf.AbstractMessageLite.Builder.addAll(values, deniedPermissions_);
-      bitField0_ |= 0x00000004;
       onChanged();
       return this;
     }
@@ -2011,9 +1914,8 @@ public Builder addAllDeniedPermissions(java.lang.Iterable valu
      * @return This builder for chaining.
      */
     public Builder clearDeniedPermissions() {
-      deniedPermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      deniedPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
       bitField0_ = (bitField0_ & ~0x00000004);
-      ;
       onChanged();
       return this;
     }
@@ -2039,19 +1941,18 @@ public Builder addDeniedPermissionsBytes(com.google.protobuf.ByteString value) {
       checkByteStringIsUtf8(value);
       ensureDeniedPermissionsIsMutable();
       deniedPermissions_.add(value);
-      bitField0_ |= 0x00000004;
       onChanged();
       return this;
     }
 
-    private com.google.protobuf.LazyStringArrayList exceptionPermissions_ =
-        com.google.protobuf.LazyStringArrayList.emptyList();
+    private com.google.protobuf.LazyStringList exceptionPermissions_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
 
     private void ensureExceptionPermissionsIsMutable() {
-      if (!exceptionPermissions_.isModifiable()) {
+      if (!((bitField0_ & 0x00000008) != 0)) {
         exceptionPermissions_ = new com.google.protobuf.LazyStringArrayList(exceptionPermissions_);
+        bitField0_ |= 0x00000008;
       }
-      bitField0_ |= 0x00000008;
     }
     /**
      *
@@ -2061,7 +1962,6 @@ private void ensureExceptionPermissionsIsMutable() {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2071,8 +1971,7 @@ private void ensureExceptionPermissionsIsMutable() {
      * @return A list containing the exceptionPermissions.
      */
     public com.google.protobuf.ProtocolStringList getExceptionPermissionsList() {
-      exceptionPermissions_.makeImmutable();
-      return exceptionPermissions_;
+      return exceptionPermissions_.getUnmodifiableView();
     }
     /**
      *
@@ -2082,7 +1981,6 @@ public com.google.protobuf.ProtocolStringList getExceptionPermissionsList() {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2102,7 +2000,6 @@ public int getExceptionPermissionsCount() {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2123,7 +2020,6 @@ public java.lang.String getExceptionPermissions(int index) {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2144,7 +2040,6 @@ public com.google.protobuf.ByteString getExceptionPermissionsBytes(int index) {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2161,7 +2056,6 @@ public Builder setExceptionPermissions(int index, java.lang.String value) {
       }
       ensureExceptionPermissionsIsMutable();
       exceptionPermissions_.set(index, value);
-      bitField0_ |= 0x00000008;
       onChanged();
       return this;
     }
@@ -2173,7 +2067,6 @@ public Builder setExceptionPermissions(int index, java.lang.String value) {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2189,7 +2082,6 @@ public Builder addExceptionPermissions(java.lang.String value) {
       }
       ensureExceptionPermissionsIsMutable();
       exceptionPermissions_.add(value);
-      bitField0_ |= 0x00000008;
       onChanged();
       return this;
     }
@@ -2201,7 +2093,6 @@ public Builder addExceptionPermissions(java.lang.String value) {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2214,7 +2105,6 @@ public Builder addExceptionPermissions(java.lang.String value) {
     public Builder addAllExceptionPermissions(java.lang.Iterable values) {
       ensureExceptionPermissionsIsMutable();
       com.google.protobuf.AbstractMessageLite.Builder.addAll(values, exceptionPermissions_);
-      bitField0_ |= 0x00000008;
       onChanged();
       return this;
     }
@@ -2226,7 +2116,6 @@ public Builder addAllExceptionPermissions(java.lang.Iterable v
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2236,9 +2125,8 @@ public Builder addAllExceptionPermissions(java.lang.Iterable v
      * @return This builder for chaining.
      */
     public Builder clearExceptionPermissions() {
-      exceptionPermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      exceptionPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
       bitField0_ = (bitField0_ & ~0x00000008);
-      ;
       onChanged();
       return this;
     }
@@ -2250,7 +2138,6 @@ public Builder clearExceptionPermissions() {
      * permissions given by `denied_permissions`. If a permission appears in
      * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
      * denied.
-     *
      * The excluded permissions can be specified using the same syntax as
      * `denied_permissions`.
      * 

@@ -2267,7 +2154,6 @@ public Builder addExceptionPermissionsBytes(com.google.protobuf.ByteString value
       checkByteStringIsUtf8(value);
       ensureExceptionPermissionsIsMutable();
       exceptionPermissions_.add(value);
-      bitField0_ |= 0x00000008;
       onChanged();
       return this;
     }
@@ -2283,10 +2169,8 @@ public Builder addExceptionPermissionsBytes(com.google.protobuf.ByteString value
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2307,10 +2191,8 @@ public boolean hasDenialCondition() {
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2337,10 +2219,8 @@ public com.google.type.Expr getDenialCondition() {
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2369,10 +2249,8 @@ public Builder setDenialCondition(com.google.type.Expr value) {
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2398,10 +2276,8 @@ public Builder setDenialCondition(com.google.type.Expr.Builder builderForValue)
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2433,10 +2309,8 @@ public Builder mergeDenialCondition(com.google.type.Expr value) {
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2462,10 +2336,8 @@ public Builder clearDenialCondition() {
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2486,10 +2358,8 @@ public com.google.type.Expr.Builder getDenialConditionBuilder() {
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -2514,10 +2384,8 @@ public com.google.type.ExprOrBuilder getDenialConditionOrBuilder() {
      * The condition that determines whether this deny rule applies to a request.
      * If the condition expression evaluates to `true`, then the deny rule is
      * applied; otherwise, the deny rule is not applied.
-     *
      * Each deny rule is evaluated independently. If this deny rule does not apply
      * to a request, other deny rules might still apply.
-     *
      * The condition can use CEL functions that evaluate
      * [resource
      * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DenyRuleOrBuilder.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DenyRuleOrBuilder.java
index 28e0b45b8f..30258206ce 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DenyRuleOrBuilder.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/DenyRuleOrBuilder.java
@@ -29,40 +29,32 @@ public interface DenyRuleOrBuilder
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -80,40 +72,32 @@ public interface DenyRuleOrBuilder
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -131,40 +115,32 @@ public interface DenyRuleOrBuilder
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -183,40 +159,32 @@ public interface DenyRuleOrBuilder
    * 
    * The identities that are prevented from using one or more permissions on
    * Google Cloud resources. This field can contain the following values:
-   *
    * * `principalSet://goog/public:all`: A special identifier that represents
    *   any principal that is on the internet, even if they do not have a Google
    *   Account or are not logged in.
-   *
    * * `principal://goog/subject/{email_id}`: A specific Google Account.
    *   Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    *   example, `principal://goog/subject/alice@example.com`.
-   *
    * * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    *   Google Account that was deleted recently. For example,
    *   `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    *   the Google Account is recovered, this identifier reverts to the standard
    *   identifier for a Google Account.
-   *
    * * `principalSet://goog/group/{group_id}`: A Google group. For example,
    *   `principalSet://goog/group/admins@example.com`.
-   *
    * * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    *   that was deleted recently. For example,
    *   `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    *   the Google group is restored, this identifier reverts to the standard
    *   identifier for a Google group.
-   *
    * * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    *   A Google Cloud service account. For example,
    *   `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
-   *
    * * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    *   A Google Cloud service account that was deleted recently. For example,
    *   `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    *   If the service account is undeleted, this identifier reverts to the
    *   standard identifier for a service account.
-   *
    * * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    *   principals associated with the specified Google Workspace or Cloud
    *   Identity customer ID. For example,
@@ -238,7 +206,6 @@ public interface DenyRuleOrBuilder
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -257,7 +224,6 @@ public interface DenyRuleOrBuilder
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -276,7 +242,6 @@ public interface DenyRuleOrBuilder
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -296,7 +261,6 @@ public interface DenyRuleOrBuilder
    * listed in the `denied_principals`. For example, you could add a Google
    * group to the `denied_principals`, then exclude specific users who belong to
    * that group.
-   *
    * This field can contain the same values as the `denied_principals` field,
    * excluding `principalSet://goog/public:all`, which represents all users on
    * the internet.
@@ -380,7 +344,6 @@ public interface DenyRuleOrBuilder
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -398,7 +361,6 @@ public interface DenyRuleOrBuilder
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -416,7 +378,6 @@ public interface DenyRuleOrBuilder
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -435,7 +396,6 @@ public interface DenyRuleOrBuilder
    * permissions given by `denied_permissions`. If a permission appears in
    * `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
    * denied.
-   *
    * The excluded permissions can be specified using the same syntax as
    * `denied_permissions`.
    * 

@@ -454,10 +414,8 @@ public interface DenyRuleOrBuilder
    * The condition that determines whether this deny rule applies to a request.
    * If the condition expression evaluates to `true`, then the deny rule is
    * applied; otherwise, the deny rule is not applied.
-   *
    * Each deny rule is evaluated independently. If this deny rule does not apply
    * to a request, other deny rules might still apply.
-   *
    * The condition can use CEL functions that evaluate
    * [resource
    * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -476,10 +434,8 @@ public interface DenyRuleOrBuilder
    * The condition that determines whether this deny rule applies to a request.
    * If the condition expression evaluates to `true`, then the deny rule is
    * applied; otherwise, the deny rule is not applied.
-   *
    * Each deny rule is evaluated independently. If this deny rule does not apply
    * to a request, other deny rules might still apply.
-   *
    * The condition can use CEL functions that evaluate
    * [resource
    * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
@@ -498,10 +454,8 @@ public interface DenyRuleOrBuilder
    * The condition that determines whether this deny rule applies to a request.
    * If the condition expression evaluates to `true`, then the deny rule is
    * applied; otherwise, the deny rule is not applied.
-   *
    * Each deny rule is evaluated independently. If this deny rule does not apply
    * to a request, other deny rules might still apply.
-   *
    * The condition can use CEL functions that evaluate
    * [resource
    * tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/GetPolicyRequest.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/GetPolicyRequest.java
index 31ac088455..fbe4827adc 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/GetPolicyRequest.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/GetPolicyRequest.java
@@ -47,6 +47,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new GetPolicyRequest();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2beta.PolicyProto
         .internal_static_google_iam_v2beta_GetPolicyRequest_descriptor;
@@ -72,12 +77,9 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    * 
    * Required. The resource name of the policy to retrieve. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -104,12 +106,9 @@ public java.lang.String getName() {
    * 
    * Required. The resource name of the policy to retrieve. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -370,6 +369,39 @@ private void buildPartial0(com.google.iam.v2beta.GetPolicyRequest result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v2beta.GetPolicyRequest) {
@@ -445,12 +477,9 @@ public Builder mergeFrom(
      * 
      * Required. The resource name of the policy to retrieve. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -476,12 +505,9 @@ public java.lang.String getName() {
      * 
      * Required. The resource name of the policy to retrieve. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -507,12 +533,9 @@ public com.google.protobuf.ByteString getNameBytes() {
      * 
      * Required. The resource name of the policy to retrieve. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -537,12 +560,9 @@ public Builder setName(java.lang.String value) {
      * 
      * Required. The resource name of the policy to retrieve. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -563,12 +583,9 @@ public Builder clearName() {
      * 
      * Required. The resource name of the policy to retrieve. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * Use the URL-encoded full resource name, which means that the forward-slash
      * character, `/`, must be written as `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/GetPolicyRequestOrBuilder.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/GetPolicyRequestOrBuilder.java
index 589313315d..def786214b 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/GetPolicyRequestOrBuilder.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/GetPolicyRequestOrBuilder.java
@@ -29,12 +29,9 @@ public interface GetPolicyRequestOrBuilder
    * 
    * Required. The resource name of the policy to retrieve. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -50,12 +47,9 @@ public interface GetPolicyRequestOrBuilder
    * 
    * Required. The resource name of the policy to retrieve. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * Use the URL-encoded full resource name, which means that the forward-slash
    * character, `/`, must be written as `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/ListPoliciesRequest.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/ListPoliciesRequest.java
index 24ce49a716..36db2f0ff0 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/ListPoliciesRequest.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/ListPoliciesRequest.java
@@ -48,6 +48,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new ListPoliciesRequest();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2beta.PolicyProto
         .internal_static_google_iam_v2beta_ListPoliciesRequest_descriptor;
@@ -74,13 +79,10 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    * Required. The resource that the policy is attached to, along with the kind of policy
    * to list. Format:
    * `policies/{attachment_point}/denypolicies`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -108,13 +110,10 @@ public java.lang.String getParent() {
    * Required. The resource that the policy is attached to, along with the kind of policy
    * to list. Format:
    * `policies/{attachment_point}/denypolicies`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, you can use the alphanumeric or the numeric ID.
    * 

@@ -474,6 +473,39 @@ private void buildPartial0(com.google.iam.v2beta.ListPoliciesRequest result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v2beta.ListPoliciesRequest) {
@@ -570,13 +602,10 @@ public Builder mergeFrom(
      * Required. The resource that the policy is attached to, along with the kind of policy
      * to list. Format:
      * `policies/{attachment_point}/denypolicies`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -603,13 +632,10 @@ public java.lang.String getParent() {
      * Required. The resource that the policy is attached to, along with the kind of policy
      * to list. Format:
      * `policies/{attachment_point}/denypolicies`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -636,13 +662,10 @@ public com.google.protobuf.ByteString getParentBytes() {
      * Required. The resource that the policy is attached to, along with the kind of policy
      * to list. Format:
      * `policies/{attachment_point}/denypolicies`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -668,13 +691,10 @@ public Builder setParent(java.lang.String value) {
      * Required. The resource that the policy is attached to, along with the kind of policy
      * to list. Format:
      * `policies/{attachment_point}/denypolicies`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      * 

@@ -696,13 +716,10 @@ public Builder clearParent() {
      * Required. The resource that the policy is attached to, along with the kind of policy
      * to list. Format:
      * `policies/{attachment_point}/denypolicies`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, you can use the alphanumeric or the numeric ID.
      *
diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/ListPoliciesRequestOrBuilder.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/ListPoliciesRequestOrBuilder.java index 1370a31505..3090b50243 100644 --- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/ListPoliciesRequestOrBuilder.java +++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/ListPoliciesRequestOrBuilder.java @@ -30,13 +30,10 @@ public interface ListPoliciesRequestOrBuilder * Required. The resource that the policy is attached to, along with the kind of policy * to list. Format: * `policies/{attachment_point}/denypolicies` - * - * * The attachment point is identified by its URL-encoded full resource name, * which means that the forward-slash character, `/`, must be written as * `%2F`. For example, * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`. - * * For organizations and folders, use the numeric ID in the full resource * name. For projects, you can use the alphanumeric or the numeric ID. * @@ -53,13 +50,10 @@ public interface ListPoliciesRequestOrBuilder * Required. The resource that the policy is attached to, along with the kind of policy * to list. Format: * `policies/{attachment_point}/denypolicies` - * - * * The attachment point is identified by its URL-encoded full resource name, * which means that the forward-slash character, `/`, must be written as * `%2F`. For example, * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`. - * * For organizations and folders, use the numeric ID in the full resource * name. For projects, you can use the alphanumeric or the numeric ID. * diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/ListPoliciesResponse.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/ListPoliciesResponse.java index 388e703aa4..423bc3f3ff 100644 --- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/ListPoliciesResponse.java +++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/ListPoliciesResponse.java @@ -48,6 +48,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) { return new ListPoliciesResponse(); } + @java.lang.Override + public final com.google.protobuf.UnknownFieldSet getUnknownFields() { + return this.unknownFields; + } + public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { return com.google.iam.v2beta.PolicyProto .internal_static_google_iam_v2beta_ListPoliciesResponse_descriptor; @@ -458,6 +463,39 @@ private void buildPartial0(com.google.iam.v2beta.ListPoliciesResponse result) { } } + @java.lang.Override + public Builder clone() { + return super.clone(); + } + + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.setField(field, value); + } + + @java.lang.Override + public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + + @java.lang.Override + public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override public Builder mergeFrom(com.google.protobuf.Message other) { if (other instanceof com.google.iam.v2beta.ListPoliciesResponse) { diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/Policy.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/Policy.java index 708315bd33..55ce515fb5 100644 --- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/Policy.java +++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/Policy.java @@ -52,6 +52,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) { return new Policy(); } + @java.lang.Override + public final com.google.protobuf.UnknownFieldSet getUnknownFields() { + return this.unknownFields; + } + public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { return com.google.iam.v2beta.PolicyProto.internal_static_google_iam_v2beta_Policy_descriptor; } @@ -86,13 +91,10 @@ protected com.google.protobuf.MapField internalGetMapField(int number) { * 
    * Immutable. The resource name of the `Policy`, which must be unique. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, requests can use the alphanumeric or the numeric ID.
    * Responses always contain the numeric ID.
@@ -120,13 +122,10 @@ public java.lang.String getName() {
    * 
    * Immutable. The resource name of the `Policy`, which must be unique. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, requests can use the alphanumeric or the numeric ID.
    * Responses always contain the numeric ID.
@@ -424,7 +423,6 @@ public java.lang.String getAnnotationsOrThrow(java.lang.String key) {
    * An opaque tag that identifies the current version of the `Policy`. IAM uses
    * this value to help manage concurrent updates, so they do not cause one
    * update to be overwritten by another.
-   *
    * If this field is present in a [CreatePolicy][] request, the value is
    * ignored.
    * 

@@ -452,7 +450,6 @@ public java.lang.String getEtag() {
    * An opaque tag that identifies the current version of the `Policy`. IAM uses
    * this value to help manage concurrent updates, so they do not cause one
    * update to be overwritten by another.
-   *
    * If this field is present in a [CreatePolicy][] request, the value is
    * ignored.
    *
@@ -1122,6 +1119,39 @@ private void buildPartial0(com.google.iam.v2beta.Policy result) { } } + @java.lang.Override + public Builder clone() { + return super.clone(); + } + + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.setField(field, value); + } + + @java.lang.Override + public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + + @java.lang.Override + public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override public Builder mergeFrom(com.google.protobuf.Message other) { if (other instanceof com.google.iam.v2beta.Policy) { @@ -1321,13 +1351,10 @@ public Builder mergeFrom( * 
      * Immutable. The resource name of the `Policy`, which must be unique. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, requests can use the alphanumeric or the numeric ID.
      * Responses always contain the numeric ID.
@@ -1354,13 +1381,10 @@ public java.lang.String getName() {
      * 
      * Immutable. The resource name of the `Policy`, which must be unique. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, requests can use the alphanumeric or the numeric ID.
      * Responses always contain the numeric ID.
@@ -1387,13 +1411,10 @@ public com.google.protobuf.ByteString getNameBytes() {
      * 
      * Immutable. The resource name of the `Policy`, which must be unique. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, requests can use the alphanumeric or the numeric ID.
      * Responses always contain the numeric ID.
@@ -1419,13 +1440,10 @@ public Builder setName(java.lang.String value) {
      * 
      * Immutable. The resource name of the `Policy`, which must be unique. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, requests can use the alphanumeric or the numeric ID.
      * Responses always contain the numeric ID.
@@ -1447,13 +1465,10 @@ public Builder clearName() {
      * 
      * Immutable. The resource name of the `Policy`, which must be unique. Format:
      * `policies/{attachment_point}/denypolicies/{policy_id}`
-     *
-     *
      * The attachment point is identified by its URL-encoded full resource name,
      * which means that the forward-slash character, `/`, must be written as
      * `%2F`. For example,
      * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-     *
      * For organizations and folders, use the numeric ID in the full resource
      * name. For projects, requests can use the alphanumeric or the numeric ID.
      * Responses always contain the numeric ID.
@@ -1984,7 +1999,6 @@ public Builder putAllAnnotations(java.util.Map
@@ -2011,7 +2025,6 @@ public java.lang.String getEtag() {
      * An opaque tag that identifies the current version of the `Policy`. IAM uses
      * this value to help manage concurrent updates, so they do not cause one
      * update to be overwritten by another.
-     *
      * If this field is present in a [CreatePolicy][] request, the value is
      * ignored.
      * 

@@ -2038,7 +2051,6 @@ public com.google.protobuf.ByteString getEtagBytes() {
      * An opaque tag that identifies the current version of the `Policy`. IAM uses
      * this value to help manage concurrent updates, so they do not cause one
      * update to be overwritten by another.
-     *
      * If this field is present in a [CreatePolicy][] request, the value is
      * ignored.
      * 

@@ -2064,7 +2076,6 @@ public Builder setEtag(java.lang.String value) {
      * An opaque tag that identifies the current version of the `Policy`. IAM uses
      * this value to help manage concurrent updates, so they do not cause one
      * update to be overwritten by another.
-     *
      * If this field is present in a [CreatePolicy][] request, the value is
      * ignored.
      * 

@@ -2086,7 +2097,6 @@ public Builder clearEtag() {
      * An opaque tag that identifies the current version of the `Policy`. IAM uses
      * this value to help manage concurrent updates, so they do not cause one
      * update to be overwritten by another.
-     *
      * If this field is present in a [CreatePolicy][] request, the value is
      * ignored.
      * 

diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyOperationMetadata.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyOperationMetadata.java
index e64fe2d448..7c1c6a9bb9 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyOperationMetadata.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyOperationMetadata.java
@@ -45,6 +45,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new PolicyOperationMetadata();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2beta.PolicyProto
         .internal_static_google_iam_v2beta_PolicyOperationMetadata_descriptor;
@@ -355,6 +360,39 @@ private void buildPartial0(com.google.iam.v2beta.PolicyOperationMetadata result)
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v2beta.PolicyOperationMetadata) {
diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyOrBuilder.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyOrBuilder.java
index 2c6929cd7e..a1a4d2a7b2 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyOrBuilder.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyOrBuilder.java
@@ -29,13 +29,10 @@ public interface PolicyOrBuilder
    * 
    * Immutable. The resource name of the `Policy`, which must be unique. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, requests can use the alphanumeric or the numeric ID.
    * Responses always contain the numeric ID.
@@ -52,13 +49,10 @@ public interface PolicyOrBuilder
    * 
    * Immutable. The resource name of the `Policy`, which must be unique. Format:
    * `policies/{attachment_point}/denypolicies/{policy_id}`
-   *
-   *
    * The attachment point is identified by its URL-encoded full resource name,
    * which means that the forward-slash character, `/`, must be written as
    * `%2F`. For example,
    * `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`.
-   *
    * For organizations and folders, use the numeric ID in the full resource
    * name. For projects, requests can use the alphanumeric or the numeric ID.
    * Responses always contain the numeric ID.
@@ -219,7 +213,6 @@ java.lang.String getAnnotationsOrDefault(
    * An opaque tag that identifies the current version of the `Policy`. IAM uses
    * this value to help manage concurrent updates, so they do not cause one
    * update to be overwritten by another.
-   *
    * If this field is present in a [CreatePolicy][] request, the value is
    * ignored.
    * 

@@ -236,7 +229,6 @@ java.lang.String getAnnotationsOrDefault(
    * An opaque tag that identifies the current version of the `Policy`. IAM uses
    * this value to help manage concurrent updates, so they do not cause one
    * update to be overwritten by another.
-   *
    * If this field is present in a [CreatePolicy][] request, the value is
    * ignored.
    * 

diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyProto.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyProto.java
index fab21840a2..ac3be8e6d1 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyProto.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyProto.java
@@ -82,59 +82,59 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
           + "ield_behavior.proto\032\034google/iam/v2beta/d"
           + "eny.proto\032#google/longrunning/operations"
           + ".proto\032\037google/protobuf/timestamp.proto\""
-          + "\257\003\n\006Policy\022\022\n\004name\030\001 \001(\tB\004\342A\001\005\022\021\n\003uid\030\002 "
-          + "\001(\tB\004\342A\001\005\022\022\n\004kind\030\003 \001(\tB\004\342A\001\003\022\024\n\014display"
-          + "_name\030\004 \001(\t\022?\n\013annotations\030\005 \003(\0132*.googl"
-          + "e.iam.v2beta.Policy.AnnotationsEntry\022\014\n\004"
-          + "etag\030\006 \001(\t\0225\n\013create_time\030\007 \001(\0132\032.google"
-          + ".protobuf.TimestampB\004\342A\001\003\0225\n\013update_time"
-          + "\030\010 \001(\0132\032.google.protobuf.TimestampB\004\342A\001\003"
-          + "\0225\n\013delete_time\030\t \001(\0132\032.google.protobuf."
-          + "TimestampB\004\342A\001\003\022,\n\005rules\030\n \003(\0132\035.google."
-          + "iam.v2beta.PolicyRule\0322\n\020AnnotationsEntr"
-          + "y\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028\001\"[\n\nPol"
-          + "icyRule\0220\n\tdeny_rule\030\002 \001(\0132\033.google.iam."
-          + "v2beta.DenyRuleH\000\022\023\n\013description\030\001 \001(\tB\006"
-          + "\n\004kind\"R\n\023ListPoliciesRequest\022\024\n\006parent\030"
-          + "\001 \001(\tB\004\342A\001\002\022\021\n\tpage_size\030\002 \001(\005\022\022\n\npage_t"
-          + "oken\030\003 \001(\t\"\\\n\024ListPoliciesResponse\022+\n\010po"
-          + "licies\030\001 \003(\0132\031.google.iam.v2beta.Policy\022"
-          + "\027\n\017next_page_token\030\002 \001(\t\"&\n\020GetPolicyReq"
-          + "uest\022\022\n\004name\030\001 \001(\tB\004\342A\001\002\"o\n\023CreatePolicy"
-          + "Request\022\024\n\006parent\030\001 \001(\tB\004\342A\001\002\022/\n\006policy\030"
-          + "\002 \001(\0132\031.google.iam.v2beta.PolicyB\004\342A\001\002\022\021"
-          + "\n\tpolicy_id\030\003 \001(\t\"F\n\023UpdatePolicyRequest"
-          + "\022/\n\006policy\030\001 \001(\0132\031.google.iam.v2beta.Pol"
-          + "icyB\004\342A\001\002\"=\n\023DeletePolicyRequest\022\022\n\004name"
-          + "\030\001 \001(\tB\004\342A\001\002\022\022\n\004etag\030\002 \001(\tB\004\342A\001\001\"J\n\027Poli"
-          + "cyOperationMetadata\022/\n\013create_time\030\001 \001(\013"
-          + "2\032.google.protobuf.Timestamp2\200\007\n\010Policie"
-          + "s\022\217\001\n\014ListPolicies\022&.google.iam.v2beta.L"
-          + "istPoliciesRequest\032\'.google.iam.v2beta.L"
-          + "istPoliciesResponse\".\332A\006parent\202\323\344\223\002\037\022\035/v"
-          + "2beta/{parent=policies/*/*}\022y\n\tGetPolicy"
-          + "\022#.google.iam.v2beta.GetPolicyRequest\032\031."
-          + "google.iam.v2beta.Policy\",\332A\004name\202\323\344\223\002\037\022"
-          + "\035/v2beta/{name=policies/*/*/*}\022\302\001\n\014Creat"
-          + "ePolicy\022&.google.iam.v2beta.CreatePolicy"
-          + "Request\032\035.google.longrunning.Operation\"k"
-          + "\312A!\n\006Policy\022\027PolicyOperationMetadata\332A\027p"
-          + "arent,policy,policy_id\202\323\344\223\002\'\"\035/v2beta/{p"
-          + "arent=policies/*/*}:\006policy\022\257\001\n\014UpdatePo"
-          + "licy\022&.google.iam.v2beta.UpdatePolicyReq"
-          + "uest\032\035.google.longrunning.Operation\"X\312A!"
-          + "\n\006Policy\022\027PolicyOperationMetadata\202\323\344\223\002.\032"
-          + "$/v2beta/{policy.name=policies/*/*/*}:\006p"
-          + "olicy\022\247\001\n\014DeletePolicy\022&.google.iam.v2be"
-          + "ta.DeletePolicyRequest\032\035.google.longrunn"
-          + "ing.Operation\"P\312A!\n\006Policy\022\027PolicyOperat"
-          + "ionMetadata\332A\004name\202\323\344\223\002\037*\035/v2beta/{name="
-          + "policies/*/*/*}\032F\312A\022iam.googleapis.com\322A"
-          + ".https://www.googleapis.com/auth/cloud-p"
-          + "latformB\211\001\n\025com.google.iam.v2betaB\013Polic"
-          + "yProtoP\001Z-cloud.google.com/go/iam/apiv2b"
-          + "eta/iampb;iampb\252\002\027Google.Cloud.Iam.V2Bet"
-          + "a\312\002\027Google\\Cloud\\Iam\\V2betab\006proto3"
+          + "\251\003\n\006Policy\022\021\n\004name\030\001 \001(\tB\003\340A\005\022\020\n\003uid\030\002 \001"
+          + "(\tB\003\340A\005\022\021\n\004kind\030\003 \001(\tB\003\340A\003\022\024\n\014display_na"
+          + "me\030\004 \001(\t\022?\n\013annotations\030\005 \003(\0132*.google.i"
+          + "am.v2beta.Policy.AnnotationsEntry\022\014\n\004eta"
+          + "g\030\006 \001(\t\0224\n\013create_time\030\007 \001(\0132\032.google.pr"
+          + "otobuf.TimestampB\003\340A\003\0224\n\013update_time\030\010 \001"
+          + "(\0132\032.google.protobuf.TimestampB\003\340A\003\0224\n\013d"
+          + "elete_time\030\t \001(\0132\032.google.protobuf.Times"
+          + "tampB\003\340A\003\022,\n\005rules\030\n \003(\0132\035.google.iam.v2"
+          + "beta.PolicyRule\0322\n\020AnnotationsEntry\022\013\n\003k"
+          + "ey\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028\001\"[\n\nPolicyRul"
+          + "e\0220\n\tdeny_rule\030\002 \001(\0132\033.google.iam.v2beta"
+          + ".DenyRuleH\000\022\023\n\013description\030\001 \001(\tB\006\n\004kind"
+          + "\"Q\n\023ListPoliciesRequest\022\023\n\006parent\030\001 \001(\tB"
+          + "\003\340A\002\022\021\n\tpage_size\030\002 \001(\005\022\022\n\npage_token\030\003 "
+          + "\001(\t\"\\\n\024ListPoliciesResponse\022+\n\010policies\030"
+          + "\001 \003(\0132\031.google.iam.v2beta.Policy\022\027\n\017next"
+          + "_page_token\030\002 \001(\t\"%\n\020GetPolicyRequest\022\021\n"
+          + "\004name\030\001 \001(\tB\003\340A\002\"m\n\023CreatePolicyRequest\022"
+          + "\023\n\006parent\030\001 \001(\tB\003\340A\002\022.\n\006policy\030\002 \001(\0132\031.g"
+          + "oogle.iam.v2beta.PolicyB\003\340A\002\022\021\n\tpolicy_i"
+          + "d\030\003 \001(\t\"E\n\023UpdatePolicyRequest\022.\n\006policy"
+          + "\030\001 \001(\0132\031.google.iam.v2beta.PolicyB\003\340A\002\";"
+          + "\n\023DeletePolicyRequest\022\021\n\004name\030\001 \001(\tB\003\340A\002"
+          + "\022\021\n\004etag\030\002 \001(\tB\003\340A\001\"J\n\027PolicyOperationMe"
+          + "tadata\022/\n\013create_time\030\001 \001(\0132\032.google.pro"
+          + "tobuf.Timestamp2\200\007\n\010Policies\022\217\001\n\014ListPol"
+          + "icies\022&.google.iam.v2beta.ListPoliciesRe"
+          + "quest\032\'.google.iam.v2beta.ListPoliciesRe"
+          + "sponse\".\202\323\344\223\002\037\022\035/v2beta/{parent=policies"
+          + "/*/*}\332A\006parent\022y\n\tGetPolicy\022#.google.iam"
+          + ".v2beta.GetPolicyRequest\032\031.google.iam.v2"
+          + "beta.Policy\",\202\323\344\223\002\037\022\035/v2beta/{name=polic"
+          + "ies/*/*/*}\332A\004name\022\302\001\n\014CreatePolicy\022&.goo"
+          + "gle.iam.v2beta.CreatePolicyRequest\032\035.goo"
+          + "gle.longrunning.Operation\"k\202\323\344\223\002\'\"\035/v2be"
+          + "ta/{parent=policies/*/*}:\006policy\332A\027paren"
+          + "t,policy,policy_id\312A!\n\006Policy\022\027PolicyOpe"
+          + "rationMetadata\022\257\001\n\014UpdatePolicy\022&.google"
+          + ".iam.v2beta.UpdatePolicyRequest\032\035.google"
+          + ".longrunning.Operation\"X\202\323\344\223\002.\032$/v2beta/"
+          + "{policy.name=policies/*/*/*}:\006policy\312A!\n"
+          + "\006Policy\022\027PolicyOperationMetadata\022\247\001\n\014Del"
+          + "etePolicy\022&.google.iam.v2beta.DeletePoli"
+          + "cyRequest\032\035.google.longrunning.Operation"
+          + "\"P\202\323\344\223\002\037*\035/v2beta/{name=policies/*/*/*}\332"
+          + "A\004name\312A!\n\006Policy\022\027PolicyOperationMetada"
+          + "ta\032F\312A\022iam.googleapis.com\322A.https://www."
+          + "googleapis.com/auth/cloud-platformB\211\001\n\025c"
+          + "om.google.iam.v2betaB\013PolicyProtoP\001Z-clo"
+          + "ud.google.com/go/iam/apiv2beta/iampb;iam"
+          + "pb\252\002\027Google.Cloud.Iam.V2Beta\312\002\027Google\\Cl"
+          + "oud\\Iam\\V2betab\006proto3"
     };
     descriptor =
         com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyRule.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyRule.java
index c326c9b44e..8da3bc2c5e 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyRule.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyRule.java
@@ -47,6 +47,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new PolicyRule();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2beta.PolicyProto
         .internal_static_google_iam_v2beta_PolicyRule_descriptor;
@@ -62,8 +67,6 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
   }
 
   private int kindCase_ = 0;
-
-  @SuppressWarnings("serial")
   private java.lang.Object kind_;
 
   public enum KindCase
@@ -486,6 +489,39 @@ private void buildPartialOneofs(com.google.iam.v2beta.PolicyRule result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v2beta.PolicyRule) {
diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyRuleOrBuilder.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyRuleOrBuilder.java
index f6463abdbb..1c71f86bff 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyRuleOrBuilder.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/PolicyRuleOrBuilder.java
@@ -85,5 +85,5 @@ public interface PolicyRuleOrBuilder
    */
   com.google.protobuf.ByteString getDescriptionBytes();
 
-  com.google.iam.v2beta.PolicyRule.KindCase getKindCase();
+  public com.google.iam.v2beta.PolicyRule.KindCase getKindCase();
 }
diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/UpdatePolicyRequest.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/UpdatePolicyRequest.java
index ef0b3c287f..97a01efac9 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/UpdatePolicyRequest.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/UpdatePolicyRequest.java
@@ -45,6 +45,11 @@ protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
     return new UpdatePolicyRequest();
   }
 
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
   public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
     return com.google.iam.v2beta.PolicyProto
         .internal_static_google_iam_v2beta_UpdatePolicyRequest_descriptor;
@@ -67,7 +72,6 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    * 
    * Required. The policy to update.
-   *
    * To prevent conflicting updates, the `etag` value must match the value that
    * is stored in IAM. If the `etag` values do not match, the request fails with
    * a `409` error code and `ABORTED` status.
@@ -86,7 +90,6 @@ public boolean hasPolicy() {
    *
    * 
    * Required. The policy to update.
-   *
    * To prevent conflicting updates, the `etag` value must match the value that
    * is stored in IAM. If the `etag` values do not match, the request fails with
    * a `409` error code and `ABORTED` status.
@@ -105,7 +108,6 @@ public com.google.iam.v2beta.Policy getPolicy() {
    *
    * 
    * Required. The policy to update.
-   *
    * To prevent conflicting updates, the `etag` value must match the value that
    * is stored in IAM. If the `etag` values do not match, the request fails with
    * a `409` error code and `ABORTED` status.
@@ -367,6 +369,39 @@ private void buildPartial0(com.google.iam.v2beta.UpdatePolicyRequest result) {
       }
     }
 
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
       if (other instanceof com.google.iam.v2beta.UpdatePolicyRequest) {
@@ -444,7 +479,6 @@ public Builder mergeFrom(
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -462,7 +496,6 @@ public boolean hasPolicy() {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -484,7 +517,6 @@ public com.google.iam.v2beta.Policy getPolicy() {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -510,7 +542,6 @@ public Builder setPolicy(com.google.iam.v2beta.Policy value) {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -533,7 +564,6 @@ public Builder setPolicy(com.google.iam.v2beta.Policy.Builder builderForValue) {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -562,7 +592,6 @@ public Builder mergePolicy(com.google.iam.v2beta.Policy value) {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -585,7 +614,6 @@ public Builder clearPolicy() {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -603,7 +631,6 @@ public com.google.iam.v2beta.Policy.Builder getPolicyBuilder() {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
@@ -623,7 +650,6 @@ public com.google.iam.v2beta.PolicyOrBuilder getPolicyOrBuilder() {
      *
      * 
      * Required. The policy to update.
-     *
      * To prevent conflicting updates, the `etag` value must match the value that
      * is stored in IAM. If the `etag` values do not match, the request fails with
      * a `409` error code and `ABORTED` status.
diff --git a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/UpdatePolicyRequestOrBuilder.java b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/UpdatePolicyRequestOrBuilder.java
index 231607713a..ffbd2892e1 100644
--- a/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/UpdatePolicyRequestOrBuilder.java
+++ b/java-iam/proto-google-iam-v2beta/src/main/java/com/google/iam/v2beta/UpdatePolicyRequestOrBuilder.java
@@ -28,7 +28,6 @@ public interface UpdatePolicyRequestOrBuilder
    *
    * 
    * Required. The policy to update.
-   *
    * To prevent conflicting updates, the `etag` value must match the value that
    * is stored in IAM. If the `etag` values do not match, the request fails with
    * a `409` error code and `ABORTED` status.
@@ -44,7 +43,6 @@ public interface UpdatePolicyRequestOrBuilder
    *
    * 
    * Required. The policy to update.
-   *
    * To prevent conflicting updates, the `etag` value must match the value that
    * is stored in IAM. If the `etag` values do not match, the request fails with
    * a `409` error code and `ABORTED` status.
@@ -60,7 +58,6 @@ public interface UpdatePolicyRequestOrBuilder
    *
    * 
    * Required. The policy to update.
-   *
    * To prevent conflicting updates, the `etag` value must match the value that
    * is stored in IAM. If the `etag` values do not match, the request fails with
    * a `409` error code and `ABORTED` status.