chore: Automated update of Discovery documents

PiperOrigin-RevId: 714398677

discoveries/alloydb.v1beta.json

@@ -1570,7 +1570,7 @@
       }
     }
   },
-  "revision": "20241204",
+  "revision": "20241228",
   "rootUrl": "https://alloydb.googleapis.com/",
   "schemas": {
     "AuthorizedNetwork": {
@@ -3142,19 +3142,23 @@
       "id": "Node",
       "properties": {
         "id": {
-          "description": "The identifier of the VM e.g. \"test-read-0601-407e52be-ms3l\".",
+          "description": "Output only. The identifier of the VM e.g. \"test-read-0601-407e52be-ms3l\".",
+          "readOnly": true,
           "type": "string"
         },
         "ip": {
-          "description": "The private IP address of the VM e.g. \"10.57.0.34\".",
+          "description": "Output only. The private IP address of the VM e.g. \"10.57.0.34\".",
+          "readOnly": true,
           "type": "string"
         },
         "state": {
-          "description": "Determined by state of the compute VM and postgres-service health. Compute VM state can have values listed in https://cloud.google.com/compute/docs/instances/instance-life-cycle and postgres-service health can have values: HEALTHY and UNHEALTHY.",
+          "description": "Output only. Determined by state of the compute VM and postgres-service health. Compute VM state can have values listed in https://cloud.google.com/compute/docs/instances/instance-life-cycle and postgres-service health can have values: HEALTHY and UNHEALTHY.",
+          "readOnly": true,
           "type": "string"
         },
         "zoneId": {
-          "description": "The Compute Engine zone of the VM e.g. \"us-central1-b\".",
+          "description": "Output only. The Compute Engine zone of the VM e.g. \"us-central1-b\".",
+          "readOnly": true,
           "type": "string"
         }
       },
@@ -4021,7 +4025,9 @@
             "SIGNAL_TYPE_SUPERUSER_WRITING_TO_USER_TABLES",
             "SIGNAL_TYPE_USER_GRANTED_ALL_PERMISSIONS",
             "SIGNAL_TYPE_DATA_EXPORT_TO_EXTERNAL_CLOUD_STORAGE_BUCKET",
-            "SIGNAL_TYPE_DATA_EXPORT_TO_PUBLIC_CLOUD_STORAGE_BUCKET"
+            "SIGNAL_TYPE_DATA_EXPORT_TO_PUBLIC_CLOUD_STORAGE_BUCKET",
+            "SIGNAL_TYPE_WEAK_PASSWORD_HASH_ALGORITHM",
+            "SIGNAL_TYPE_NO_USER_PASSWORD_POLICY"
           ],
           "enumDeprecated": [
             false,
@@ -4102,6 +4108,8 @@
             false,
             false,
             false,
+            false,
+            false,
             false
           ],
           "enumDescriptions": [
@@ -4183,7 +4191,9 @@
             "Detects events where a Cloud SQL superuser (postgres for PostgreSQL servers or root for MySQL users) writes to non-system tables.",
             "Detects events where a database user or role has been granted all privileges to a database, or to all tables, procedures, or functions in a schema.",
             "Detects if database instance data exported to a Cloud Storage bucket outside of the organization.",
-            "Detects if database instance data exported to a Cloud Storage bucket that is owned by the organization and is publicly accessible."
+            "Detects if database instance data exported to a Cloud Storage bucket that is owned by the organization and is publicly accessible.",
+            "Detects if a database instance is using a weak password hash algorithm.",
+            "Detects if a database instance has no user password policy set."
           ],
           "type": "string"
         },
@@ -4554,7 +4564,9 @@
             "SIGNAL_TYPE_SUPERUSER_WRITING_TO_USER_TABLES",
             "SIGNAL_TYPE_USER_GRANTED_ALL_PERMISSIONS",
             "SIGNAL_TYPE_DATA_EXPORT_TO_EXTERNAL_CLOUD_STORAGE_BUCKET",
-            "SIGNAL_TYPE_DATA_EXPORT_TO_PUBLIC_CLOUD_STORAGE_BUCKET"
+            "SIGNAL_TYPE_DATA_EXPORT_TO_PUBLIC_CLOUD_STORAGE_BUCKET",
+            "SIGNAL_TYPE_WEAK_PASSWORD_HASH_ALGORITHM",
+            "SIGNAL_TYPE_NO_USER_PASSWORD_POLICY"
           ],
           "enumDeprecated": [
             false,
@@ -4635,6 +4647,8 @@
             false,
             false,
             false,
+            false,
+            false,
             false
           ],
           "enumDescriptions": [
@@ -4716,7 +4730,9 @@
             "Detects events where a Cloud SQL superuser (postgres for PostgreSQL servers or root for MySQL users) writes to non-system tables.",
             "Detects events where a database user or role has been granted all privileges to a database, or to all tables, procedures, or functions in a schema.",
             "Detects if database instance data exported to a Cloud Storage bucket outside of the organization.",
-            "Detects if database instance data exported to a Cloud Storage bucket that is owned by the organization and is publicly accessible."
+            "Detects if database instance data exported to a Cloud Storage bucket that is owned by the organization and is publicly accessible.",
+            "Detects if a database instance is using a weak password hash algorithm.",
+            "Detects if a database instance has no user password policy set."
           ],
           "type": "string"
         }
@@ -4786,7 +4802,8 @@
       "id": "StorageDatabasecenterPartnerapiV1mainMachineConfiguration",
       "properties": {
         "cpuCount": {
-          "description": "The number of CPUs. TODO(b/342344482, b/342346271) add proto validations again after bug fix.",
+          "deprecated": true,
+          "description": "The number of CPUs. Deprecated. Use vcpu_count instead. TODO(b/342344482, b/342346271) add proto validations again after bug fix.",
           "format": "int32",
           "type": "integer"
         },

discoveries/cloudkms.v1.json

@@ -98,6 +98,11 @@
       "description": "Regional Endpoint",
       "endpointUrl": "https://cloudkms.us-south1.rep.googleapis.com/",
       "location": "us-south1"
+    },
+    {
+      "description": "Regional Endpoint",
+      "endpointUrl": "https://cloudkms.us.rep.googleapis.com/",
+      "location": "us"
     }
   ],
   "fullyEncodeReservedExpansion": true,
@@ -2132,7 +2137,7 @@
       }
     }
   },
-  "revision": "20241111",
+  "revision": "20250102",
   "rootUrl": "https://cloudkms.googleapis.com/",
   "schemas": {
     "AsymmetricDecryptRequest": {

discoveries/container.v1.json

@@ -2540,7 +2540,7 @@
       }
     }
   },
-  "revision": "20241203",
+  "revision": "20241228",
   "rootUrl": "https://container.googleapis.com/",
   "schemas": {
     "AcceleratorConfig": {
@@ -3628,6 +3628,10 @@
           "$ref": "DefaultSnatStatus",
           "description": "The desired status of whether to disable default sNAT for this cluster."
         },
+        "desiredDisableL4LbFirewallReconciliation": {
+          "description": "Enable/Disable L4 LB VPC firewall reconciliation for the cluster.",
+          "type": "boolean"
+        },
         "desiredDnsConfig": {
           "$ref": "DNSConfig",
           "description": "DNSConfig contains clusterDNS config for this cluster."
@@ -5358,6 +5362,10 @@
           "$ref": "DefaultSnatStatus",
           "description": "Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when default_snat_status is disabled. When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic."
         },
+        "disableL4LbFirewallReconciliation": {
+          "description": "Disable L4 load balancer VPC firewalls to enable firewall policies.",
+          "type": "boolean"
+        },
         "dnsConfig": {
           "$ref": "DNSConfig",
           "description": "DNSConfig contains clusterDNS config for this cluster."
@@ -8024,6 +8032,23 @@
           "format": "google-datetime",
           "type": "string"
         },
+        "eventType": {
+          "description": "The type of the event.",
+          "enum": [
+            "EVENT_TYPE_UNSPECIFIED",
+            "END_OF_SUPPORT"
+          ],
+          "enumDescriptions": [
+            "EVENT_TYPE_UNSPECIFIED indicates the event type is unspecified.",
+            "END_OF_SUPPORT indicates GKE version reaches end of support, check standard_support_end_time and extended_support_end_time for more details."
+          ],
+          "type": "string"
+        },
+        "extendedSupportEndTime": {
+          "description": "The end of extended support timestamp.",
+          "format": "google-datetime",
+          "type": "string"
+        },
         "operation": {
           "description": "The operation associated with this upgrade.",
           "type": "string"
@@ -8046,6 +8071,11 @@
           ],
           "type": "string"
         },
+        "standardSupportEndTime": {
+          "description": "The end of standard support timestamp.",
+          "format": "google-datetime",
+          "type": "string"
+        },
         "startTime": {
           "description": "The time when the operation was started.",
           "format": "google-datetime",

discoveries/container.v1beta1.json

@@ -2685,7 +2685,7 @@
       }
     }
   },
-  "revision": "20241203",
+  "revision": "20241228",
   "rootUrl": "https://container.googleapis.com/",
   "schemas": {
     "AcceleratorConfig": {
@@ -3944,6 +3944,10 @@
           "$ref": "DefaultSnatStatus",
           "description": "The desired status of whether to disable default sNAT for this cluster."
         },
+        "desiredDisableL4LbFirewallReconciliation": {
+          "description": "Enable/Disable L4 LB VPC firewall reconciliation for the cluster.",
+          "type": "boolean"
+        },
         "desiredDnsConfig": {
           "$ref": "DNSConfig",
           "description": "DNSConfig contains clusterDNS config for this cluster."
@@ -5962,6 +5966,10 @@
           "$ref": "DefaultSnatStatus",
           "description": "Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when default_snat_status is disabled. When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic."
         },
+        "disableL4LbFirewallReconciliation": {
+          "description": "Disable L4 load balancer VPC firewalls to enable firewall policies.",
+          "type": "boolean"
+        },
         "dnsConfig": {
           "$ref": "DNSConfig",
           "description": "DNSConfig contains clusterDNS config for this cluster."
@@ -8899,6 +8907,23 @@
           "format": "google-datetime",
           "type": "string"
         },
+        "eventType": {
+          "description": "The type of the event.",
+          "enum": [
+            "EVENT_TYPE_UNSPECIFIED",
+            "END_OF_SUPPORT"
+          ],
+          "enumDescriptions": [
+            "EVENT_TYPE_UNSPECIFIED indicates the event type is unspecified.",
+            "END_OF_SUPPORT indicates GKE version reaches end of support, check standard_support_end_time and extended_support_end_time for more details."
+          ],
+          "type": "string"
+        },
+        "extendedSupportEndTime": {
+          "description": "The end of extended support timestamp.",
+          "format": "google-datetime",
+          "type": "string"
+        },
         "operation": {
           "description": "The operation associated with this upgrade.",
           "type": "string"
@@ -8921,6 +8946,11 @@
           ],
           "type": "string"
         },
+        "standardSupportEndTime": {
+          "description": "The end of standard support timestamp.",
+          "format": "google-datetime",
+          "type": "string"
+        },
         "startTime": {
           "description": "The time when the operation was started.",
           "format": "google-datetime",

discoveries/dialogflow.v3beta1.json

@@ -5272,7 +5272,7 @@
       }
     }
   },
-  "revision": "20241216",
+  "revision": "20250103",
   "rootUrl": "https://dialogflow.googleapis.com/",
   "schemas": {
     "GoogleCloudDialogflowCxV3AdvancedSettings": {
@@ -7779,6 +7779,16 @@
           "$ref": "GoogleCloudDialogflowCxV3beta1AgentPersonalizationSettings",
           "description": "Optional. Settings for end user personalization."
         },
+        "satisfiesPzi": {
+          "description": "Optional. Output only. A read only boolean field reflecting Zone Isolation status of the agent.",
+          "readOnly": true,
+          "type": "boolean"
+        },
+        "satisfiesPzs": {
+          "description": "Optional. Output only. A read only boolean field reflecting Zone Separation status of the agent.",
+          "readOnly": true,
+          "type": "boolean"
+        },
         "securitySettings": {
           "description": "Name of the SecuritySettings reference for the agent. Format: `projects//locations//securitySettings/`.",
           "type": "string"
@@ -12194,6 +12204,10 @@
           },
           "type": "array"
         },
+        "speechSettings": {
+          "$ref": "GoogleCloudDialogflowCxV3beta1AdvancedSettingsSpeechSettings",
+          "description": "Optional. Playbook level Settings for speech to text detection."
+        },
         "tokenCount": {
           "description": "Output only. Estimated number of tokes current playbook takes when sent to the LLM.",
           "format": "int64",

discoveries/dlp.v2.json

@@ -5025,7 +5025,7 @@
       }
     }
   },
-  "revision": "20241215",
+  "revision": "20250105",
   "rootUrl": "https://dlp.googleapis.com/",
   "schemas": {
     "GooglePrivacyDlpV2Action": {
@@ -6526,7 +6526,7 @@
       "type": "object"
     },
     "GooglePrivacyDlpV2CryptoReplaceFfxFpeConfig": {
-      "description": "Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/sensitive-data-protection/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.",
+      "description": "Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/sensitive-data-protection/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. FPE incurs significant latency costs.",
       "id": "GooglePrivacyDlpV2CryptoReplaceFfxFpeConfig",
       "properties": {
         "commonAlphabet": {
@@ -8147,7 +8147,7 @@
       "properties": {
         "profileTable": {
           "$ref": "GooglePrivacyDlpV2BigQueryTable",
-          "description": "Store all table and column profiles in an existing table or a new table in an existing dataset. Each re-generation will result in new rows in BigQuery. Data is inserted using [streaming insert](https://cloud.google.com/blog/products/bigquery/life-of-a-bigquery-streaming-insert) and so data may be in the buffer for a period of time after the profile has finished. The Pub/Sub notification is sent before the streaming buffer is guaranteed to be written, so data may not be instantly visible to queries by the time your topic receives the Pub/Sub notification."
+          "description": "Store all profiles to BigQuery. * The system will create a new dataset and table for you if none are are provided. The dataset will be named `sensitive_data_protection_discovery` and table will be named `discovery_profiles`. This table will be placed in the same project as the container project running the scan. The configuration will be updated with the fields set after the first profile is generated and the dataset and table are created. * See [Analyze data profiles stored in BigQuery](https://cloud.google.com/sensitive-data-protection/docs/analyze-data-profiles) * See [Sample queries for your BigQuery table](https://cloud.google.com/sensitive-data-protection/docs/analyze-data-profiles#sample_sql_queries). * Data is inserted using [streaming insert](https://cloud.google.com/blog/products/bigquery/life-of-a-bigquery-streaming-insert) and so data may be in the buffer for a period of time after the profile has finished. * The Pub/Sub notification is sent before the streaming buffer is guaranteed to be written, so data may not be instantly visible to queries by the time your topic receives the Pub/Sub notification. * The best practice is to use the same table for an entire organization so that you can take advantage of the provided Looker reports. If you use VPC Service Controls to define security perimeters, then you must use a separate table for each boundary."
         }
       },
       "type": "object"
@@ -10443,7 +10443,7 @@
         },
         "cryptoReplaceFfxFpeConfig": {
           "$ref": "GooglePrivacyDlpV2CryptoReplaceFfxFpeConfig",
-          "description": "Ffx-Fpe"
+          "description": "Ffx-Fpe. Strongly discouraged, consider using CryptoDeterministicConfig instead. Fpe is computationally expensive incurring latency costs."
         },
         "dateShiftConfig": {
           "$ref": "GooglePrivacyDlpV2DateShiftConfig",