docs: update the comments of various networksecurity resources

fix!: fix annotation of parent in Create*Request

PiperOrigin-RevId: 462271672

Author: Google APIs

google/cloud/networksecurity/v1beta1/BUILD.bazel

@@ -44,6 +44,8 @@ proto_library_with_info(
     deps = [
         ":networksecurity_proto",
         "//google/cloud:common_resources_proto",
+        "//google/cloud/location:location_proto",
+        "//google/iam/v1:iam_policy_proto",
     ],
 )
 
@@ -73,18 +75,27 @@ java_grpc_library(
 java_gapic_library(
     name = "networksecurity_java_gapic",
     srcs = [":networksecurity_proto_with_info"],
+    gapic_yaml = None,
     grpc_service_config = "networksecurity_v1beta1_grpc_service_config.json",
+    service_yaml = "networksecurity_v1beta1.yaml",
     test_deps = [
         ":networksecurity_java_grpc",
+        "//google/cloud/location:location_java_grpc",
+        "//google/iam/v1:iam_java_grpc",
     ],
+    transport = "grpc+rest",
     deps = [
         ":networksecurity_java_proto",
+        "//google/api:api_java_proto",
+        "//google/cloud/location:location_java_proto",
+        "//google/iam/v1:iam_java_proto",
     ],
 )
 
 java_gapic_test(
     name = "networksecurity_java_gapic_test_suite",
     test_classes = [
+        "com.google.cloud.networksecurity.v1beta1.NetworkSecurityClientHttpJsonTest",
         "com.google.cloud.networksecurity.v1beta1.NetworkSecurityClientTest",
     ],
     runtime_deps = [":networksecurity_java_gapic_test"],
@@ -94,6 +105,7 @@ java_gapic_test(
 java_gapic_assembly_gradle_pkg(
     name = "google-cloud-networksecurity-v1beta1-java",
     include_samples = True,
+    transport = "grpc+rest",
     deps = [
         ":networksecurity_java_gapic",
         ":networksecurity_java_grpc",
@@ -131,8 +143,11 @@ go_gapic_library(
     importpath = "cloud.google.com/go/networksecurity/apiv1beta1;networksecurity",
     metadata = True,
     service_yaml = "networksecurity_v1beta1.yaml",
+    transport = "grpc+rest",
     deps = [
         ":networksecurity_go_proto",
+        "//google/cloud/location:location_go_proto",
+        "//google/iam/v1:iam_go_proto",
         "//google/longrunning:longrunning_go_proto",
         "@com_google_cloud_go//longrunning:go_default_library",
         "@com_google_cloud_go//longrunning/autogen:go_default_library",
@@ -171,10 +186,11 @@ py_gapic_library(
     srcs = [":networksecurity_proto"],
     grpc_service_config = "networksecurity_v1beta1_grpc_service_config.json",
     opt_args = [
-        "warehouse-package-name=google-cloud-network-security",
-        "python-gapic-namespace=google.cloud",
         "python-gapic-name=network-security",
+        "python-gapic-namespace=google.cloud",
+        "warehouse-package-name=google-cloud-network-security",
     ],
+    service_yaml = "networksecurity_v1beta1.yaml",
 )
 
 # Open Source Packages
@@ -290,6 +306,7 @@ ruby_cloud_gapic_library(
     grpc_service_config = "networksecurity_v1beta1_grpc_service_config.json",
     ruby_cloud_description = "The client library for the Google Network Security V1beta1 API.",
     ruby_cloud_title = "Network Security V1beta1",
+    service_yaml = "networksecurity_v1beta1.yaml",
     deps = [
         ":networksecurity_ruby_grpc",
         ":networksecurity_ruby_proto",
@@ -353,4 +370,20 @@ csharp_gapic_assembly_pkg(
 ##############################################################################
 # C++
 ##############################################################################
-# Put your C++ rules here
+load(
+    "@com_google_googleapis_imports//:imports.bzl",
+    "cc_grpc_library",
+    "cc_proto_library",
+)
+
+cc_proto_library(
+    name = "networksecurity_cc_proto",
+    deps = [":networksecurity_proto"],
+)
+
+cc_grpc_library(
+    name = "networksecurity_cc_grpc",
+    srcs = [":networksecurity_proto"],
+    grpc_only = True,
+    deps = [":networksecurity_cc_proto"],
+)

google/cloud/networksecurity/v1beta1/authorization_policy.proto

@@ -20,7 +20,6 @@ import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
 import "google/protobuf/field_mask.proto";
 import "google/protobuf/timestamp.proto";
-import "google/api/annotations.proto";
 
 option csharp_namespace = "Google.Cloud.NetworkSecurity.V1Beta1";
 option go_package = "google.golang.org/genproto/googleapis/cloud/networksecurity/v1beta1;networksecurity";
@@ -44,25 +43,25 @@ message AuthorizationPolicy {
   message Rule {
     // Specification of traffic source attributes.
     message Source {
-      // Optional. List of peer identities to match for authorization. At least one
-      // principal should match. Each peer can be an exact match, or a prefix
-      // match (example, "namespace/*") or a suffix match (example, //
-      // */service-account") or a presence match "*". Authorization based on the
-      // principal name without certificate validation (configured by
+      // Optional. List of peer identities to match for authorization. At least
+      // one principal should match. Each peer can be an exact match, or a
+      // prefix match (example, "namespace/*") or a suffix match (example,
+      // "*/service-account") or a presence match "*". Authorization based on
+      // the principal name without certificate validation (configured by
       // ServerTlsPolicy resource) is considered insecure.
       repeated string principals = 1 [(google.api.field_behavior) = OPTIONAL];
 
-      // Optional. List of CIDR ranges to match based on source IP address. At least one
-      // IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g.,
-      // "1.2.3.0/24") are supported. Authorization based on source IP alone
-      // should be avoided. The IP addresses of any load balancers or proxies
-      // should be considered untrusted.
+      // Optional. List of CIDR ranges to match based on source IP address. At
+      // least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR
+      // (e.g., "1.2.3.0/24") are supported. Authorization based on source IP
+      // alone should be avoided. The IP addresses of any load balancers or
+      // proxies should be considered untrusted.
       repeated string ip_blocks = 2 [(google.api.field_behavior) = OPTIONAL];
     }
 
     // Specification of traffic destination attributes.
     message Destination {
-      // Specification of HTTP header match atrributes.
+      // Specification of HTTP header match attributes.
       message HttpHeaderMatch {
         oneof type {
           // Required. The value of the header must match the regular expression
@@ -82,39 +81,42 @@ message AuthorizationPolicy {
         string header_name = 1 [(google.api.field_behavior) = REQUIRED];
       }
 
-      // Required. List of host names to match. Matched against the ":authority" header in
-      // http requests. At least one host should match. Each host can be an
-      // exact match, or a prefix match (example "mydomain.*") or a suffix
-      // match (example // *.myorg.com") or a presence(any) match "*".
+      // Required. List of host names to match. Matched against the ":authority"
+      // header in http requests. At least one host should match. Each host can
+      // be an exact match, or a prefix match (example "mydomain.*") or a suffix
+      // match (example "*.myorg.com") or a presence (any) match "*".
       repeated string hosts = 1 [(google.api.field_behavior) = REQUIRED];
 
-      // Required. List of destination ports to match. At least one port should match.
+      // Required. List of destination ports to match. At least one port should
+      // match.
       repeated uint32 ports = 2 [(google.api.field_behavior) = REQUIRED];
 
       // Optional. A list of HTTP methods to match. At least one method should
       // match. Should not be set for gRPC services.
       repeated string methods = 4 [(google.api.field_behavior) = OPTIONAL];
 
-      // Optional. Match against key:value pair in http header. Provides a flexible match
-      // based on HTTP headers, for potentially advanced use cases. At least one
-      // header should match. Avoid using header matches to make authorization
-      // decisions unless there is a strong guarantee that requests arrive
-      // through a trusted client or proxy.
-      HttpHeaderMatch http_header_match = 5 [(google.api.field_behavior) = OPTIONAL];
+      // Optional. Match against key:value pair in http header. Provides a
+      // flexible match based on HTTP headers, for potentially advanced use
+      // cases. At least one header should match. Avoid using header matches to
+      // make authorization decisions unless there is a strong guarantee that
+      // requests arrive through a trusted client or proxy.
+      HttpHeaderMatch http_header_match = 5
+          [(google.api.field_behavior) = OPTIONAL];
     }
 
-    // Optional. List of attributes for the traffic source. All of the sources must match.
-    // A source is a match if both principals and ip_blocks match. If not set,
-    // the action specified in the 'action' field will be applied without any
-    // rule checks for the source.
+    // Optional. List of attributes for the traffic source. All of the sources
+    // must match. A source is a match if both principals and ip_blocks match.
+    // If not set, the action specified in the 'action' field will be applied
+    // without any rule checks for the source.
     repeated Source sources = 1 [(google.api.field_behavior) = OPTIONAL];
 
-    // Optional. List of attributes for the traffic destination. All of the destinations
-    // must match. A destination is a match if a request matches all the
-    // specified hosts, ports, methods and headers. If not set, the
+    // Optional. List of attributes for the traffic destination. All of the
+    // destinations must match. A destination is a match if a request matches
+    // all the specified hosts, ports, methods and headers. If not set, the
     // action specified in the 'action' field will be applied without any rule
     // checks for the destination.
-    repeated Destination destinations = 2 [(google.api.field_behavior) = OPTIONAL];
+    repeated Destination destinations = 2
+        [(google.api.field_behavior) = OPTIONAL];
   }
 
   // Possible values that define what action to take.
@@ -139,22 +141,26 @@ message AuthorizationPolicy {
   string description = 2 [(google.api.field_behavior) = OPTIONAL];
 
   // Output only. The timestamp when the resource was created.
-  google.protobuf.Timestamp create_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp create_time = 3
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Output only. The timestamp when the resource was updated.
-  google.protobuf.Timestamp update_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp update_time = 4
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
-  // Optional. Set of label tags associated with the AuthorizationPolicy resource.
+  // Optional. Set of label tags associated with the AuthorizationPolicy
+  // resource.
   map<string, string> labels = 5 [(google.api.field_behavior) = OPTIONAL];
 
   // Required. The action to take when a rule match is found. Possible values
   // are "ALLOW" or "DENY".
   Action action = 6 [(google.api.field_behavior) = REQUIRED];
 
-  // Optional. List of rules to match. Note that at least one of the rules must match in
-  // order for the action specified in the 'action' field to be taken. A rule is
-  // a match if there is a matching source and destination. If left blank, the
-  // action specified in the `action` field will be applied on every request.
+  // Optional. List of rules to match. Note that at least one of the rules must
+  // match in order for the action specified in the 'action' field to be taken.
+  // A rule is a match if there is a matching source and destination. If left
+  // blank, the action specified in the `action` field will be applied on every
+  // request.
   repeated Rule rules = 7 [(google.api.field_behavior) = OPTIONAL];
 }
 
@@ -210,7 +216,7 @@ message CreateAuthorizationPolicyRequest {
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
-      type: "networksecurity.googleapis.com/AuthorizationPolicy"
+      child_type: "networksecurity.googleapis.com/AuthorizationPolicy"
     }
   ];
 
@@ -221,7 +227,8 @@ message CreateAuthorizationPolicyRequest {
   string authorization_policy_id = 2 [(google.api.field_behavior) = REQUIRED];
 
   // Required. AuthorizationPolicy resource to be created.
-  AuthorizationPolicy authorization_policy = 3 [(google.api.field_behavior) = REQUIRED];
+  AuthorizationPolicy authorization_policy = 3
+      [(google.api.field_behavior) = REQUIRED];
 }
 
 // Request used by the UpdateAuthorizationPolicy method.
@@ -231,16 +238,18 @@ message UpdateAuthorizationPolicyRequest {
   // The fields specified in the update_mask are relative to the resource, not
   // the full request. A field will be overwritten if it is in the mask. If the
   // user does not provide a mask then all fields will be overwritten.
-  google.protobuf.FieldMask update_mask = 1 [(google.api.field_behavior) = OPTIONAL];
+  google.protobuf.FieldMask update_mask = 1
+      [(google.api.field_behavior) = OPTIONAL];
 
   // Required. Updated AuthorizationPolicy resource.
-  AuthorizationPolicy authorization_policy = 2 [(google.api.field_behavior) = REQUIRED];
+  AuthorizationPolicy authorization_policy = 2
+      [(google.api.field_behavior) = REQUIRED];
 }
 
 // Request used by the DeleteAuthorizationPolicy method.
 message DeleteAuthorizationPolicyRequest {
-  // Required. A name of the AuthorizationPolicy to delete. Must be in the format
-  // `projects/{project}/locations/{location}/authorizationPolicies/*`.
+  // Required. A name of the AuthorizationPolicy to delete. Must be in the
+  // format `projects/{project}/locations/{location}/authorizationPolicies/*`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {

google/cloud/networksecurity/v1beta1/client_tls_policy.proto

@@ -21,7 +21,6 @@ import "google/api/resource.proto";
 import "google/cloud/networksecurity/v1beta1/tls.proto";
 import "google/protobuf/field_mask.proto";
 import "google/protobuf/timestamp.proto";
-import "google/api/annotations.proto";
 
 option csharp_namespace = "Google.Cloud.NetworkSecurity.V1Beta1";
 option go_package = "google.golang.org/genproto/googleapis/cloud/networksecurity/v1beta1;networksecurity";
@@ -48,10 +47,12 @@ message ClientTlsPolicy {
   string description = 2 [(google.api.field_behavior) = OPTIONAL];
 
   // Output only. The timestamp when the resource was created.
-  google.protobuf.Timestamp create_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp create_time = 3
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Output only. The timestamp when the resource was updated.
-  google.protobuf.Timestamp update_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp update_time = 4
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Optional. Set of label tags associated with the resource.
   map<string, string> labels = 5 [(google.api.field_behavior) = OPTIONAL];
@@ -60,14 +61,17 @@ message ClientTlsPolicy {
   // handshake. E.g: "secure.example.com".
   string sni = 6 [(google.api.field_behavior) = OPTIONAL];
 
-  // Optional. Defines a mechanism to provision client identity (public and private keys)
-  // for peer to peer authentication. The presence of this dictates mTLS.
-  CertificateProvider client_certificate = 7 [(google.api.field_behavior) = OPTIONAL];
-
-  // Optional. Defines the mechanism to obtain the Certificate Authority certificate to
-  // validate the server certificate. If empty, client does not validate the
-  // server certificate.
-  repeated ValidationCA server_validation_ca = 8 [(google.api.field_behavior) = OPTIONAL];
+  // Optional. Defines a mechanism to provision client identity (public and
+  // private keys) for peer to peer authentication. The presence of this
+  // dictates mTLS.
+  CertificateProvider client_certificate = 7
+      [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Defines the mechanism to obtain the Certificate Authority
+  // certificate to validate the server certificate. If empty, client does not
+  // validate the server certificate.
+  repeated ValidationCA server_validation_ca = 8
+      [(google.api.field_behavior) = OPTIONAL];
 }
 
 // Request used by the ListClientTlsPolicies method.
@@ -121,17 +125,19 @@ message CreateClientTlsPolicyRequest {
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
-      type: "networksecurity.googleapis.com/ClientTlsPolicy"
+      child_type: "networksecurity.googleapis.com/ClientTlsPolicy"
     }
   ];
 
-  // Required. Short name of the ClientTlsPolicy resource to be created. This value should
-  // be 1-63 characters long, containing only letters, numbers, hyphens, and
-  // underscores, and should not start with a number. E.g. "client_mtls_policy".
+  // Required. Short name of the ClientTlsPolicy resource to be created. This
+  // value should be 1-63 characters long, containing only letters, numbers,
+  // hyphens, and underscores, and should not start with a number. E.g.
+  // "client_mtls_policy".
   string client_tls_policy_id = 2 [(google.api.field_behavior) = REQUIRED];
 
   // Required. ClientTlsPolicy resource to be created.
-  ClientTlsPolicy client_tls_policy = 3 [(google.api.field_behavior) = REQUIRED];
+  ClientTlsPolicy client_tls_policy = 3
+      [(google.api.field_behavior) = REQUIRED];
 }
 
 // Request used by UpdateClientTlsPolicy method.
@@ -142,10 +148,12 @@ message UpdateClientTlsPolicyRequest {
   // the full request. A field will be overwritten if it is in the
   // mask. If the user does not provide a mask then all fields will be
   // overwritten.
-  google.protobuf.FieldMask update_mask = 1 [(google.api.field_behavior) = OPTIONAL];
+  google.protobuf.FieldMask update_mask = 1
+      [(google.api.field_behavior) = OPTIONAL];
 
   // Required. Updated ClientTlsPolicy resource.
-  ClientTlsPolicy client_tls_policy = 2 [(google.api.field_behavior) = REQUIRED];
+  ClientTlsPolicy client_tls_policy = 2
+      [(google.api.field_behavior) = REQUIRED];
 }
 
 // Request used by the DeleteClientTlsPolicy method.