feat: add BeyondCorp appgateways API

PiperOrigin-RevId: 456537802

google/cloud/beyondcorp/appgateways/v1/BUILD.bazel

@@ -0,0 +1,321 @@
+# This file was automatically generated by BuildFileGenerator
+# https://github.com/googleapis/rules_gapic/tree/master/bazel
+
+# Most of the manual changes to this file will be overwritten.
+# It's **only** allowed to change the following rule attribute values:
+# - names of *_gapic_assembly_* rules
+# - certain parameters of *_gapic_library rules, including but not limited to:
+#    * extra_protoc_parameters
+#    * extra_protoc_file_parameters
+# The complete list of preserved parameters can be found in the source code.
+
+##############################################################################
+# Common
+##############################################################################
+load("@rules_proto//proto:defs.bzl", "proto_library")
+load(
+    "@com_google_googleapis_imports//:imports.bzl",
+    "cc_grpc_library",
+    "cc_proto_library",
+    "csharp_gapic_assembly_pkg",
+    "csharp_gapic_library",
+    "csharp_grpc_library",
+    "csharp_proto_library",
+    "go_gapic_assembly_pkg",
+    "go_gapic_library",
+    "go_proto_library",
+    "go_test",
+    "java_gapic_assembly_gradle_pkg",
+    "java_gapic_library",
+    "java_gapic_test",
+    "java_grpc_library",
+    "java_proto_library",
+    "nodejs_gapic_assembly_pkg",
+    "nodejs_gapic_library",
+    "php_gapic_assembly_pkg",
+    "php_gapic_library",
+    "php_grpc_library",
+    "php_proto_library",
+    "proto_library_with_info",
+    "py_gapic_assembly_pkg",
+    "py_gapic_library",
+    "ruby_cloud_gapic_library",
+    "ruby_gapic_assembly_pkg",
+    "ruby_grpc_library",
+    "ruby_proto_library",
+)
+
+# This is an API workspace, having public visibility by default makes perfect sense.
+package(default_visibility = ["//visibility:public"])
+
+proto_library(
+    name = "appgateways_proto",
+    srcs = [
+        "app_gateways_service.proto",
+    ],
+    deps = [
+        "//google/api:annotations_proto",
+        "//google/api:client_proto",
+        "//google/api:field_behavior_proto",
+        "//google/api:resource_proto",
+        "//google/longrunning:operations_proto",
+        "@com_google_protobuf//:timestamp_proto",
+    ],
+)
+
+proto_library_with_info(
+    name = "appgateways_proto_with_info",
+    deps = [
+        ":appgateways_proto",
+        "//google/cloud:common_resources_proto",
+        "//google/cloud/location:location_proto",
+        "//google/iam/v1:iam_policy_proto",
+    ],
+)
+
+java_proto_library(
+    name = "appgateways_java_proto",
+    deps = [":appgateways_proto"],
+)
+
+java_grpc_library(
+    name = "appgateways_java_grpc",
+    srcs = [":appgateways_proto"],
+    deps = [":appgateways_java_proto"],
+)
+
+java_gapic_library(
+    name = "appgateways_java_gapic",
+    srcs = [":appgateways_proto_with_info"],
+    gapic_yaml = None,
+    grpc_service_config = "beyondcorp-appgateways_grpc_service_config.json",
+    service_yaml = "beyondcorp_v1.yaml",
+    test_deps = [
+        ":appgateways_java_grpc",
+        "//google/cloud/location:location_java_grpc",
+        "//google/iam/v1:iam_java_grpc",
+    ],
+    deps = [
+        ":appgateways_java_proto",
+        "//google/api:api_java_proto",
+        "//google/cloud/location:location_java_proto",
+        "//google/iam/v1:iam_java_proto",
+    ],
+)
+
+java_gapic_test(
+    name = "appgateways_java_gapic_test_suite",
+    test_classes = [
+        "com.google.cloud.beyondcorp.appgateways.v1.AppGatewaysServiceClientTest",
+    ],
+    runtime_deps = [":appgateways_java_gapic_test"],
+)
+
+# Open Source Packages
+java_gapic_assembly_gradle_pkg(
+    name = "google-cloud-beyondcorp-appgateways-v1-java",
+    include_samples = True,
+    deps = [
+        ":appgateways_java_gapic",
+        ":appgateways_java_grpc",
+        ":appgateways_java_proto",
+        ":appgateways_proto",
+    ],
+)
+
+go_proto_library(
+    name = "appgateways_go_proto",
+    compilers = ["@io_bazel_rules_go//proto:go_grpc"],
+    importpath = "google.golang.org/genproto/googleapis/cloud/beyondcorp/appgateways/v1",
+    protos = [":appgateways_proto"],
+    deps = [
+        "//google/api:annotations_go_proto",
+        "//google/longrunning:longrunning_go_proto",
+    ],
+)
+
+go_gapic_library(
+    name = "appgateways_go_gapic",
+    srcs = [":appgateways_proto_with_info"],
+    grpc_service_config = "beyondcorp-appgateways_grpc_service_config.json",
+    importpath = "cloud.google.com/go/beyondcorp/appgateways/apiv1;appgateways",
+    metadata = True,
+    service_yaml = "beyondcorp_v1.yaml",
+    deps = [
+        ":appgateways_go_proto",
+        "//google/cloud/location:location_go_proto",
+        "//google/iam/v1:iam_go_proto",
+        "//google/longrunning:longrunning_go_proto",
+        "@com_google_cloud_go//longrunning:go_default_library",
+        "@com_google_cloud_go//longrunning/autogen:go_default_library",
+    ],
+)
+
+go_test(
+    name = "appgateways_go_gapic_test",
+    srcs = [":appgateways_go_gapic_srcjar_test"],
+    embed = [":appgateways_go_gapic"],
+    importpath = "cloud.google.com/go/beyondcorp/appgateways/apiv1",
+)
+
+# Open Source Packages
+go_gapic_assembly_pkg(
+    name = "gapi-cloud-beyondcorp-appgateways-v1-go",
+    deps = [
+        ":appgateways_go_gapic",
+        ":appgateways_go_gapic_srcjar-metadata.srcjar",
+        ":appgateways_go_gapic_srcjar-test.srcjar",
+        ":appgateways_go_proto",
+    ],
+)
+
+py_gapic_library(
+    name = "appgateways_py_gapic",
+    srcs = [":appgateways_proto"],
+    grpc_service_config = "beyondcorp-appgateways_grpc_service_config.json",
+    service_yaml = "beyondcorp_v1.yaml",
+)
+
+# Open Source Packages
+py_gapic_assembly_pkg(
+    name = "beyondcorp-appgateways-v1-py",
+    deps = [
+        ":appgateways_py_gapic",
+    ],
+)
+
+php_proto_library(
+    name = "appgateways_php_proto",
+    deps = [":appgateways_proto"],
+)
+
+php_grpc_library(
+    name = "appgateways_php_grpc",
+    srcs = [":appgateways_proto"],
+    deps = [":appgateways_php_proto"],
+)
+
+php_gapic_library(
+    name = "appgateways_php_gapic",
+    srcs = [":appgateways_proto_with_info"],
+    grpc_service_config = "beyondcorp-appgateways_grpc_service_config.json",
+    service_yaml = "beyondcorp_v1.yaml",
+    deps = [
+        ":appgateways_php_grpc",
+        ":appgateways_php_proto",
+    ],
+)
+
+# Open Source Packages
+php_gapic_assembly_pkg(
+    name = "google-cloud-beyondcorp-appgateways-v1-php",
+    deps = [
+        ":appgateways_php_gapic",
+        ":appgateways_php_grpc",
+        ":appgateways_php_proto",
+    ],
+)
+
+nodejs_gapic_library(
+    name = "appgateways_nodejs_gapic",
+    package_name = "@google-cloud/appgateways",
+    src = ":appgateways_proto_with_info",
+    extra_protoc_parameters = ["metadata"],
+    grpc_service_config = "beyondcorp-appgateways_grpc_service_config.json",
+    package = "google.cloud.beyondcorp.appgateways.v1",
+    service_yaml = "beyondcorp_v1.yaml",
+    deps = [],
+)
+
+nodejs_gapic_assembly_pkg(
+    name = "beyondcorp-appgateways-v1-nodejs",
+    deps = [
+        ":appgateways_nodejs_gapic",
+        ":appgateways_proto",
+    ],
+)
+
+ruby_proto_library(
+    name = "appgateways_ruby_proto",
+    deps = [":appgateways_proto"],
+)
+
+ruby_grpc_library(
+    name = "appgateways_ruby_grpc",
+    srcs = [":appgateways_proto"],
+    deps = [":appgateways_ruby_proto"],
+)
+
+ruby_cloud_gapic_library(
+    name = "appgateways_ruby_gapic",
+    srcs = [":appgateways_proto_with_info"],
+    extra_protoc_parameters = [
+        "ruby-cloud-gem-name=google-cloud-beyond_corp-app_gateways-v1",
+        "ruby-cloud-product-url=https://cloud.google.com/beyondcorp/",
+        "ruby-cloud-api-id=beyondcorp.googleapis.com",
+        "ruby-cloud-api-shortname=beyondcorp",
+    ],
+    grpc_service_config = "beyondcorp-appgateways_grpc_service_config.json",
+    ruby_cloud_description = "Beyondcorp Enterprise provides identity and context aware access controls for enterprise resources and enables zero-trust access. Using the Beyondcorp Enterprise APIs, enterprises can set up multi-cloud and on-prem connectivity using the App Connector hybrid connectivity solution.",
+    ruby_cloud_title = "BeyondCorp AppGateways V1",
+    service_yaml = "beyondcorp_v1.yaml",
+    deps = [
+        ":appgateways_ruby_grpc",
+        ":appgateways_ruby_proto",
+    ],
+)
+
+# Open Source Packages
+ruby_gapic_assembly_pkg(
+    name = "google-cloud-beyondcorp-appgateways-v1-ruby",
+    deps = [
+        ":appgateways_ruby_gapic",
+        ":appgateways_ruby_grpc",
+        ":appgateways_ruby_proto",
+    ],
+)
+
+csharp_proto_library(
+    name = "appgateways_csharp_proto",
+    deps = [":appgateways_proto"],
+)
+
+csharp_grpc_library(
+    name = "appgateways_csharp_grpc",
+    srcs = [":appgateways_proto"],
+    deps = [":appgateways_csharp_proto"],
+)
+
+csharp_gapic_library(
+    name = "appgateways_csharp_gapic",
+    srcs = [":appgateways_proto_with_info"],
+    common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json",
+    grpc_service_config = "beyondcorp-appgateways_grpc_service_config.json",
+    service_yaml = "beyondcorp_v1.yaml",
+    deps = [
+        ":appgateways_csharp_grpc",
+        ":appgateways_csharp_proto",
+    ],
+)
+
+# Open Source Packages
+csharp_gapic_assembly_pkg(
+    name = "google-cloud-beyondcorp-appgateways-v1-csharp",
+    deps = [
+        ":appgateways_csharp_gapic",
+        ":appgateways_csharp_grpc",
+        ":appgateways_csharp_proto",
+    ],
+)
+
+cc_proto_library(
+    name = "appgateways_cc_proto",
+    deps = [":appgateways_proto"],
+)
+
+cc_grpc_library(
+    name = "appgateways_cc_grpc",
+    srcs = [":appgateways_proto"],
+    grpc_only = True,
+    deps = [":appgateways_cc_proto"],
+)

google/cloud/beyondcorp/appgateways/v1/app_gateways_service.proto

@@ -0,0 +1,356 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.beyondcorp.appgateways.v1;
+
+import "google/api/annotations.proto";
+import "google/api/client.proto";
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
+import "google/longrunning/operations.proto";
+import "google/protobuf/timestamp.proto";
+
+option csharp_namespace = "Google.Cloud.BeyondCorp.AppGateways.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/beyondcorp/appgateways/v1;appgateways";
+option java_multiple_files = true;
+option java_outer_classname = "AppGatewaysServiceProto";
+option java_package = "com.google.cloud.beyondcorp.appgateways.v1";
+option php_namespace = "Google\\Cloud\\BeyondCorp\\AppGateways\\V1";
+option ruby_package = "Google::Cloud::BeyondCorp::AppGateways::V1";
+
+// ## API Overview
+//
+// The `beyondcorp.googleapis.com` service implements the Google Cloud
+// BeyondCorp API.
+//
+// ## Data Model
+//
+// The AppGatewaysService exposes the following resources:
+//
+// * AppGateways, named as follows:
+//   `projects/{project_id}/locations/{location_id}/appGateways/{app_gateway_id}`.
+//
+// The AppGatewaysService service provides methods to manage
+// (create/read/update/delete) BeyondCorp AppGateways.
+service AppGatewaysService {
+  option (google.api.default_host) = "beyondcorp.googleapis.com";
+  option (google.api.oauth_scopes) =
+      "https://www.googleapis.com/auth/cloud-platform";
+
+  // Lists AppGateways in a given project and location.
+  rpc ListAppGateways(ListAppGatewaysRequest)
+      returns (ListAppGatewaysResponse) {
+    option (google.api.http) = {
+      get: "/v1/{parent=projects/*/locations/*}/appGateways"
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Gets details of a single AppGateway.
+  rpc GetAppGateway(GetAppGatewayRequest) returns (AppGateway) {
+    option (google.api.http) = {
+      get: "/v1/{name=projects/*/locations/*/appGateways/*}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Creates a new AppGateway in a given project and location.
+  rpc CreateAppGateway(CreateAppGatewayRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{parent=projects/*/locations/*}/appGateways"
+      body: "app_gateway"
+    };
+    option (google.api.method_signature) = "parent,app_gateway,app_gateway_id";
+    option (google.longrunning.operation_info) = {
+      response_type: "AppGateway"
+      metadata_type: "AppGatewayOperationMetadata"
+    };
+  }
+
+  // Deletes a single AppGateway.
+  rpc DeleteAppGateway(DeleteAppGatewayRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      delete: "/v1/{name=projects/*/locations/*/appGateways/*}"
+    };
+    option (google.api.method_signature) = "name";
+    option (google.longrunning.operation_info) = {
+      response_type: "google.protobuf.Empty"
+      metadata_type: "AppGatewayOperationMetadata"
+    };
+  }
+}
+
+// Request message for BeyondCorp.ListAppGateways.
+message ListAppGatewaysRequest {
+  // Required. The resource name of the AppGateway location using the form:
+  // `projects/{project_id}/locations/{location_id}`
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "beyondcorp.googleapis.com/AppGateway"
+    }
+  ];
+
+  // Optional. The maximum number of items to return.
+  // If not specified, a default value of 50 will be used by the service.
+  // Regardless of the page_size value, the response may include a partial list
+  // and a caller should only rely on response's
+  // [next_page_token][BeyondCorp.ListAppGatewaysResponse.next_page_token] to
+  // determine if there are more instances left to be queried.
+  int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. The next_page_token value returned from a previous
+  // ListAppGatewaysRequest, if any.
+  string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. A filter specifying constraints of a list operation.
+  string filter = 4 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Specifies the ordering of results. See
+  // [Sorting
+  // order](https://cloud.google.com/apis/design/design_patterns#sorting_order)
+  // for more information.
+  string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Response message for BeyondCorp.ListAppGateways.
+message ListAppGatewaysResponse {
+  // A list of BeyondCorp AppGateways in the project.
+  repeated AppGateway app_gateways = 1;
+
+  // A token to retrieve the next page of results, or empty if there are no more
+  // results in the list.
+  string next_page_token = 2;
+
+  // A list of locations that could not be reached.
+  repeated string unreachable = 3;
+}
+
+// Request message for BeyondCorp.GetAppGateway.
+message GetAppGatewayRequest {
+  // Required. BeyondCorp AppGateway name using the form:
+  // `projects/{project_id}/locations/{location_id}/appGateways/{app_gateway_id}`
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "beyondcorp.googleapis.com/AppGateway"
+    }
+  ];
+}
+
+// Request message for BeyondCorp.CreateAppGateway.
+message CreateAppGatewayRequest {
+  // Required. The resource project name of the AppGateway location using the
+  // form: `projects/{project_id}/locations/{location_id}`
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "beyondcorp.googleapis.com/AppGateway"
+    }
+  ];
+
+  // Optional. User-settable AppGateway resource ID.
+  //  * Must start with a letter.
+  //  * Must contain between 4-63 characters from `/[a-z][0-9]-/`.
+  //  * Must end with a number or a letter.
+  string app_gateway_id = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Required. A BeyondCorp AppGateway resource.
+  AppGateway app_gateway = 3 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. An optional request ID to identify requests. Specify a unique
+  // request ID so that if you must retry your request, the server will know to
+  // ignore the request if it has already been completed. The server will
+  // guarantee that for at least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. If set, validates request by executing a dry-run which would not
+  // alter the resource in any way.
+  bool validate_only = 5 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for BeyondCorp.DeleteAppGateway.
+message DeleteAppGatewayRequest {
+  // Required. BeyondCorp AppGateway name using the form:
+  // `projects/{project_id}/locations/{location_id}/appGateways/{app_gateway_id}`
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "beyondcorp.googleapis.com/AppGateway"
+    }
+  ];
+
+  // Optional. An optional request ID to identify requests. Specify a unique
+  // request ID so that if you must retry your request, the server will know to
+  // ignore the request if it has already been completed. The server will
+  // guarantee that for at least 60 minutes after the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. If set, validates request by executing a dry-run which would not
+  // alter the resource in any way.
+  bool validate_only = 3 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// A BeyondCorp AppGateway resource represents a BeyondCorp protected AppGateway
+// to a remote application. It creates all the necessary GCP components needed
+// for creating a BeyondCorp protected AppGateway. Multiple connectors can be
+// authorised for a single AppGateway.
+message AppGateway {
+  option (google.api.resource) = {
+    type: "beyondcorp.googleapis.com/AppGateway"
+    pattern: "projects/{project}/locations/{location}/appGateways/{app_gateway}"
+  };
+
+  // Allocated connection of the AppGateway.
+  message AllocatedConnection {
+    // Required. The PSC uri of an allocated connection
+    string psc_uri = 1 [(google.api.field_behavior) = REQUIRED];
+
+    // Required. The ingress port of an allocated connection
+    int32 ingress_port = 2 [(google.api.field_behavior) = REQUIRED];
+  }
+
+  // Enum containing list of all possible network connectivity options
+  // supported by BeyondCorp AppGateway.
+  enum Type {
+    // Default value. This value is unused.
+    TYPE_UNSPECIFIED = 0;
+
+    // TCP Proxy based BeyondCorp Connection. API will default to this if unset.
+    TCP_PROXY = 1;
+  }
+
+  // Represents the different states of an AppGateway.
+  enum State {
+    // Default value. This value is unused.
+    STATE_UNSPECIFIED = 0;
+
+    // AppGateway is being created.
+    CREATING = 1;
+
+    // AppGateway has been created.
+    CREATED = 2;
+
+    // AppGateway's configuration is being updated.
+    UPDATING = 3;
+
+    // AppGateway is being deleted.
+    DELETING = 4;
+
+    // AppGateway is down and may be restored in the future.
+    // This happens when CCFE sends ProjectState = OFF.
+    DOWN = 5;
+  }
+
+  // Enum containing list of all possible host types supported by BeyondCorp
+  // Connection.
+  enum HostType {
+    // Default value. This value is unused.
+    HOST_TYPE_UNSPECIFIED = 0;
+
+    // AppGateway hosted in a GCP regional managed instance group.
+    GCP_REGIONAL_MIG = 1;
+  }
+
+  // Required. Unique resource name of the AppGateway.
+  // The name is ignored when creating an AppGateway.
+  string name = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Output only. Timestamp when the resource was created.
+  google.protobuf.Timestamp create_time = 2
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Timestamp when the resource was last modified.
+  google.protobuf.Timestamp update_time = 3
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Optional. Resource labels to represent user provided metadata.
+  map<string, string> labels = 4 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. An arbitrary user-provided name for the AppGateway. Cannot exceed
+  // 64 characters.
+  string display_name = 5 [(google.api.field_behavior) = OPTIONAL];
+
+  // Output only. A unique identifier for the instance generated by the
+  // system.
+  string uid = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Required. The type of network connectivity used by the AppGateway.
+  Type type = 7 [(google.api.field_behavior) = REQUIRED];
+
+  // Output only. The current state of the AppGateway.
+  State state = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Server-defined URI for this resource.
+  string uri = 9 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. A list of connections allocated for the Gateway
+  repeated AllocatedConnection allocated_connections = 10
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Required. The type of hosting used by the AppGateway.
+  HostType host_type = 11 [(google.api.field_behavior) = REQUIRED];
+}
+
+// Represents the metadata of the long-running operation.
+message AppGatewayOperationMetadata {
+  // Output only. The time the operation was created.
+  google.protobuf.Timestamp create_time = 1
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The time the operation finished running.
+  google.protobuf.Timestamp end_time = 2
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Server-defined resource path for the target of the operation.
+  string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Name of the verb executed by the operation.
+  string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Human-readable status of the operation, if any.
+  string status_message = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Identifies whether the user has requested cancellation
+  // of the operation. Operations that have successfully been cancelled
+  // have [Operation.error][] value with a
+  // [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
+  // `Code.CANCELLED`.
+  bool requested_cancellation = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. API version used to start the operation.
+  string api_version = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
+}

google/cloud/beyondcorp/appgateways/v1/beyondcorp-appgateways_grpc_service_config.json

@@ -0,0 +1,23 @@
+{
+  "methodConfig": [{
+    "name": [
+      { "service": "google.cloud.beyondcorp.appgateways.v1", "method": "ListAppGateways" },
+      { "service": "google.cloud.beyondcorp.appgateways.v1", "method": "GetAppGateway" }
+    ],
+    "timeout": "60s",
+    "retryPolicy": {
+      "maxAttempts": 5,
+      "initialBackoff": "1s",
+      "maxBackoff": "10s",
+      "backoffMultiplier": 1.3,
+      "retryableStatusCodes": ["UNAVAILABLE"]
+    }
+  },
+  {
+    "name": [
+      { "service": "google.cloud.beyondcorp.appgateways.v1", "method": "CreateAppGateway" },
+      { "service": "google.cloud.beyondcorp.appgateways.v1", "method": "DeleteAppGateway" }
+    ],
+    "timeout": "60s"
+  }]
+}

google/cloud/beyondcorp/appgateways/v1/beyondcorp_v1.yaml

@@ -0,0 +1,132 @@
+type: google.api.Service
+config_version: 3
+name: beyondcorp.googleapis.com
+title: BeyondCorp API
+
+apis:
+- name: google.cloud.beyondcorp.appgateways.v1.AppGatewaysService
+- name: google.cloud.location.Locations
+- name: google.iam.v1.IAMPolicy
+- name: google.longrunning.Operations
+
+types:
+- name: google.cloud.beyondcorp.appgateways.v1.AppGatewayOperationMetadata
+
+documentation:
+  summary: |-
+    Beyondcorp Enterprise provides identity and context aware access controls
+    for enterprise resources and enables zero-trust access. Using the
+    Beyondcorp Enterprise APIs, enterprises can set up multi-cloud and on-prem
+    connectivity using the App Connector hybrid connectivity solution.
+  rules:
+  - selector: google.cloud.location.Locations.GetLocation
+    description: Gets information about a location.
+
+  - selector: google.cloud.location.Locations.ListLocations
+    description: Lists information about the supported locations for this service.
+
+  - selector: google.iam.v1.IAMPolicy.GetIamPolicy
+    description: |-
+      Gets the access control policy for a resource. Returns an empty policy
+      if the resource exists and does not have a policy set.
+
+  - selector: google.iam.v1.IAMPolicy.SetIamPolicy
+    description: |-
+      Sets the access control policy on the specified resource. Replaces
+      any existing policy.
+
+      Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
+      errors.
+
+  - selector: google.iam.v1.IAMPolicy.TestIamPermissions
+    description: |-
+      Returns permissions that a caller has on the specified resource. If the
+      resource does not exist, this will return an empty set of
+      permissions, not a `NOT_FOUND` error.
+
+      Note: This operation is designed to be used for building
+      permission-aware UIs and command-line tools, not for authorization
+      checking. This operation may "fail open" without warning.
+
+backend:
+  rules:
+  - selector: 'google.cloud.beyondcorp.appgateways.v1.AppGatewaysService.*'
+    deadline: 60.0
+  - selector: google.cloud.location.Locations.GetLocation
+    deadline: 60.0
+  - selector: google.cloud.location.Locations.ListLocations
+    deadline: 60.0
+  - selector: 'google.iam.v1.IAMPolicy.*'
+    deadline: 60.0
+  - selector: 'google.longrunning.Operations.*'
+    deadline: 60.0
+
+http:
+  rules:
+  - selector: google.cloud.location.Locations.GetLocation
+    get: '/v1/{name=projects/*/locations/*}'
+  - selector: google.cloud.location.Locations.ListLocations
+    get: '/v1/{name=projects/*}/locations'
+  - selector: google.iam.v1.IAMPolicy.GetIamPolicy
+    get: '/v1/{resource=projects/*/locations/*/appConnections/*}:getIamPolicy'
+    additional_bindings:
+    - get: '/v1/{resource=projects/*/locations/*/appConnectors/*}:getIamPolicy'
+    - get: '/v1/{resource=projects/*/locations/*/appGateways/*}:getIamPolicy'
+    - get: '/v1/{resource=projects/*/locations/*/clientConnectorServices/*}:getIamPolicy'
+    - get: '/v1/{resource=projects/*/locations/*/clientGateways/*}:getIamPolicy'
+  - selector: google.iam.v1.IAMPolicy.SetIamPolicy
+    post: '/v1/{resource=projects/*/locations/*/appConnections/*}:setIamPolicy'
+    body: '*'
+    additional_bindings:
+    - post: '/v1/{resource=projects/*/locations/*/appConnectors/*}:setIamPolicy'
+      body: '*'
+    - post: '/v1/{resource=projects/*/locations/*/appGateways/*}:setIamPolicy'
+      body: '*'
+    - post: '/v1/{resource=projects/*/locations/*/clientConnectorServices/*}:setIamPolicy'
+      body: '*'
+    - post: '/v1/{resource=projects/*/locations/*/clientGateways/*}:setIamPolicy'
+      body: '*'
+  - selector: google.iam.v1.IAMPolicy.TestIamPermissions
+    post: '/v1/{resource=projects/*/locations/*/appConnections/*}:testIamPermissions'
+    body: '*'
+    additional_bindings:
+    - post: '/v1/{resource=projects/*/locations/*/appConnectors/*}:testIamPermissions'
+      body: '*'
+    - post: '/v1/{resource=projects/*/locations/*/appGateways/*}:testIamPermissions'
+      body: '*'
+    - post: '/v1/{resource=projects/*/locations/*/clientConnectorServices/*}:testIamPermissions'
+      body: '*'
+    - post: '/v1/{resource=projects/*/locations/*/clientGateways/*}:testIamPermissions'
+      body: '*'
+  - selector: google.longrunning.Operations.CancelOperation
+    post: '/v1/{name=projects/*/locations/*/operations/*}:cancel'
+    body: '*'
+  - selector: google.longrunning.Operations.DeleteOperation
+    delete: '/v1/{name=projects/*/locations/*/operations/*}'
+  - selector: google.longrunning.Operations.GetOperation
+    get: '/v1/{name=projects/*/locations/*/operations/*}'
+  - selector: google.longrunning.Operations.ListOperations
+    get: '/v1/{name=projects/*/locations/*}/operations'
+
+authentication:
+  rules:
+  - selector: 'google.cloud.beyondcorp.appgateways.v1.AppGatewaysService.*'
+    oauth:
+      canonical_scopes: |-
+        https://www.googleapis.com/auth/cloud-platform
+  - selector: google.cloud.location.Locations.GetLocation
+    oauth:
+      canonical_scopes: |-
+        https://www.googleapis.com/auth/cloud-platform
+  - selector: google.cloud.location.Locations.ListLocations
+    oauth:
+      canonical_scopes: |-
+        https://www.googleapis.com/auth/cloud-platform
+  - selector: 'google.iam.v1.IAMPolicy.*'
+    oauth:
+      canonical_scopes: |-
+        https://www.googleapis.com/auth/cloud-platform
+  - selector: 'google.longrunning.Operations.*'
+    oauth:
+      canonical_scopes: |-
+        https://www.googleapis.com/auth/cloud-platform