From fda8c6c0061184e889d039eb4bbb2e88e35be9a7 Mon Sep 17 00:00:00 2001
From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com>
Date: Tue, 14 Feb 2023 06:22:00 -0500
Subject: [PATCH] feat: [SecurityPrivateCa] add X.509 Name Constraints support
 (#5874)

PiperOrigin-RevId: 509331611
Source-Link: https://github.com/googleapis/googleapis/commit/a57751bb8ef2e51a27115923a44c553eafc98faa
Source-Link: https://github.com/googleapis/googleapis-gen/commit/f99e972b5210aa2a5d0fe7cb91fb0dca4c8a9032
Copy-Tag: eyJwIjoiU2VjdXJpdHlQcml2YXRlQ2EvLk93bEJvdC55YW1sIiwiaCI6ImY5OWU5NzJiNTIxMGFhMmE1ZDBmZTdjYjkxZmIwZGNhNGM4YTkwMzIifQ==
---
 SecurityPrivateCa/metadata/V1/Resources.php   | Bin 13134 -> 13523 bytes
 .../activate_certificate_authority.php        |  28 +-
 .../create_ca_pool.php                        |   7 +-
 .../create_certificate.php                    |   9 +-
 .../create_certificate_authority.php          |  16 +-
 .../create_certificate_template.php           |   8 +-
 .../delete_ca_pool.php                        |   5 +-
 .../delete_certificate_authority.php          |   8 +-
 .../delete_certificate_template.php           |   8 +-
 .../disable_certificate_authority.php         |   8 +-
 .../enable_certificate_authority.php          |   8 +-
 .../fetch_ca_certs.php                        |  11 +-
 .../fetch_certificate_authority_csr.php       |  19 +-
 .../get_ca_pool.php                           |   3 +-
 .../get_certificate.php                       |   4 +-
 .../get_certificate_authority.php             |   9 +-
 .../get_certificate_revocation_list.php       |  10 +-
 .../get_certificate_template.php              |   9 +-
 .../list_certificate_authorities.php          |  10 +-
 .../list_certificate_revocation_lists.php     |   7 +-
 .../list_certificate_templates.php            |   7 +-
 .../list_certificates.php                     |   4 +-
 .../revoke_certificate.php                    |   8 +-
 .../undelete_certificate_authority.php        |   9 +-
 .../update_ca_pool.php                        |   4 +-
 .../update_certificate.php                    |   3 +-
 .../update_certificate_authority.php          |   8 +-
 .../update_certificate_revocation_list.php    |   3 +-
 .../update_certificate_template.php           |   3 +-
 .../ActivateCertificateAuthorityRequest.php   |  84 +--
 SecurityPrivateCa/src/V1/CaPool.php           | 110 ++--
 .../src/V1/CaPool/IssuancePolicy.php          | 275 +++++----
 .../CaPool/IssuancePolicy/AllowedKeyType.php  |  11 +-
 .../AllowedKeyType/EcKeyType.php              |  21 +-
 .../EcKeyType/EcSignatureAlgorithm.php        |   4 +-
 .../AllowedKeyType/RsaKeyType.php             |  53 +-
 .../CaPool/IssuancePolicy/IssuanceModes.php   |  43 +-
 .../src/V1/CaPool/PublishingOptions.php       | 123 +++--
 SecurityPrivateCa/src/V1/CaPool/Tier.php      |   4 +-
 SecurityPrivateCa/src/V1/Certificate.php      | 183 +++---
 .../src/V1/Certificate/RevocationDetails.php  |  35 +-
 .../src/V1/CertificateAuthority.php           | 392 ++++++++-----
 .../V1/CertificateAuthority/AccessUrls.php    |  52 +-
 .../CertificateAuthority/KeyVersionSpec.php   |   4 +-
 .../src/V1/CertificateAuthority/State.php     |  37 +-
 .../src/V1/CertificateAuthority/Type.php      |   7 +-
 .../src/V1/CertificateConfig.php              |  81 ++-
 .../V1/CertificateConfig/SubjectConfig.php    |  16 +-
 .../src/V1/CertificateDescription.php         |   6 +-
 .../src/V1/CertificateDescription/KeyId.php   |  16 +-
 .../V1/CertificateExtensionConstraints.php    |  40 +-
 .../KnownCertificateExtension.php             |  36 +-
 .../src/V1/CertificateIdentityConstraints.php |  96 ++--
 .../src/V1/CertificateRevocationList.php      | 111 ++--
 .../RevokedCertificate.php                    |  51 +-
 .../V1/CertificateRevocationList/State.php    |  12 +-
 .../src/V1/CertificateTemplate.php            | 245 ++++++---
 .../src/V1/CreateCaPoolRequest.php            |  72 +--
 .../V1/CreateCertificateAuthorityRequest.php  |  92 ++--
 .../src/V1/CreateCertificateRequest.php       | 247 ++++++---
 .../V1/CreateCertificateTemplateRequest.php   |  80 +--
 .../src/V1/DeleteCaPoolRequest.php            |  68 +--
 .../V1/DeleteCertificateAuthorityRequest.php  |  92 ++--
 .../V1/DeleteCertificateTemplateRequest.php   |  68 +--
 .../V1/DisableCertificateAuthorityRequest.php |  68 +--
 .../V1/EnableCertificateAuthorityRequest.php  |  68 +--
 .../src/V1/FetchCaCertsRequest.php            |  68 +--
 .../src/V1/FetchCaCertsResponse.php           |  12 +-
 .../FetchCertificateAuthorityCsrRequest.php   |  20 +-
 ...CertificateAuthorityServiceGapicClient.php | 520 ++++++++++--------
 SecurityPrivateCa/src/V1/GetCaPoolRequest.php |  15 +-
 .../src/V1/GetCertificateAuthorityRequest.php |  27 +-
 .../src/V1/GetCertificateRequest.php          |  16 +-
 .../GetCertificateRevocationListRequest.php   |  28 +-
 .../src/V1/GetCertificateTemplateRequest.php  |  24 +-
 SecurityPrivateCa/src/V1/KeyUsage.php         |  16 +-
 .../V1/KeyUsage/ExtendedKeyUsageOptions.php   |   5 +-
 .../src/V1/KeyUsage/KeyUsageOptions.php       |   5 +-
 .../src/V1/ListCaPoolsRequest.php             |  52 +-
 .../V1/ListCertificateAuthoritiesRequest.php  |  84 +--
 .../V1/ListCertificateAuthoritiesResponse.php |  12 +-
 .../ListCertificateRevocationListsRequest.php |  56 +-
 ...ListCertificateRevocationListsResponse.php |  12 +-
 .../V1/ListCertificateTemplatesRequest.php    |  64 ++-
 .../V1/ListCertificateTemplatesResponse.php   |  12 +-
 .../src/V1/ListCertificatesRequest.php        |  99 ++--
 .../src/V1/ListCertificatesResponse.php       |   3 +-
 SecurityPrivateCa/src/V1/ObjectId.php         |  21 +-
 .../src/V1/OperationMetadata.php              |  20 +-
 SecurityPrivateCa/src/V1/PublicKey.php        |   3 +-
 SecurityPrivateCa/src/V1/RevocationReason.php |  45 +-
 .../src/V1/RevokeCertificateRequest.php       |  80 +--
 SecurityPrivateCa/src/V1/Subject.php          |   4 +-
 SecurityPrivateCa/src/V1/SubjectAltNames.php  |   7 +-
 .../src/V1/SubjectRequestMode.php             |  25 +-
 .../src/V1/SubordinateConfig.php              |  40 +-
 .../UndeleteCertificateAuthorityRequest.php   |  68 +--
 .../src/V1/UpdateCaPoolRequest.php            |  60 +-
 .../V1/UpdateCertificateAuthorityRequest.php  |  64 ++-
 .../src/V1/UpdateCertificateRequest.php       |  63 ++-
 ...UpdateCertificateRevocationListRequest.php |  64 ++-
 .../V1/UpdateCertificateTemplateRequest.php   |  64 ++-
 SecurityPrivateCa/src/V1/X509Extension.php    |  29 +-
 SecurityPrivateCa/src/V1/X509Parameters.php   | 107 +++-
 .../src/V1/X509Parameters/CaOptions.php       |  20 +-
 .../src/V1/X509Parameters/NameConstraints.php | 437 +++++++++++++++
 106 files changed, 3570 insertions(+), 2040 deletions(-)
 create mode 100644 SecurityPrivateCa/src/V1/X509Parameters/NameConstraints.php

diff --git a/SecurityPrivateCa/metadata/V1/Resources.php b/SecurityPrivateCa/metadata/V1/Resources.php
index b38efa160d05fbb7f958964b304a86c08ab65811..66bd823545a68174c59be4dffaefce18ff264fa5 100644
GIT binary patch
delta 397
zcmX??b~$qc4>Qxxq|JQHOJtbNv2ETWFTyCA$R&`Mn421(oS#=*Qk0mPS5hp&HaSsN
zYw}w@J^?*Hpqw*8YVsk4i}g~SOkDhE5<&u89LYtQC7H>IITDNtj2aw5(p<s?sYSV&
zB_*jT@hN%5@gRGOC72YLH8_Q&xP($Gl5<K^P~@1wawr-z3*w6s^U{GDS)dy05jqi)
ztYAq+E=h!yskw=nIq``pDMhKp#X$XRU?mD%5^#&rRj`9qh;i{D3@I(jESBH^i;Hsc
zf_3tN+zb}y1c`5+tQg13vW1yTe)3v=`N<;s7a0#sex|=hOh|-Fz|YawHQw3ZFE}K~
Q(bF#^Sb%NwB!fLn05=GGZvX%Q

delta 49
zcmV-10M7r@Y0hS_3<Co6U$YJaq#Od@1GBUr6akYfA<MG@BVG*wo|9oP^8u=pRWYoy
H7c#s8)cO)t

diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/activate_certificate_authority.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/activate_certificate_authority.php
index 78f29a6468e2..ae1c525110a8 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/activate_certificate_authority.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/activate_certificate_authority.php
@@ -31,21 +31,29 @@
 use Google\Rpc\Status;
 
 /**
- * Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+ * Activate a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * that is in state
  * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
- * and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
- * the parent Certificate Authority signs a certificate signing request from
- * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
- * process.
+ * and is of type
+ * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+ * After the parent Certificate Authority signs a certificate signing request
+ * from
+ * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+ * this method can complete the activation process.
  *
- * @param string $formattedName                                  The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
- *                                                               format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`. Please see
+ * @param string $formattedName                                  The resource name for this
+ *                                                               [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ *                                                               in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`. Please see
  *                                                               {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
  * @param string $pemCaCertificate                               The signed CA certificate issued from
  *                                                               [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
- * @param string $formattedSubordinateConfigCertificateAuthority This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
- *                                                               subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
- *                                                               and usability purposes only. The resource name is in the format
+ * @param string $formattedSubordinateConfigCertificateAuthority This can refer to a
+ *                                                               [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ *                                                               that was used to create a subordinate
+ *                                                               [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+ *                                                               This field is used for information and usability purposes only. The
+ *                                                               resource name is in the format
  *                                                               `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`. Please see
  *                                                               {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
  */
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_ca_pool.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_ca_pool.php
index 5f38035adcf0..c5f10227035f 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_ca_pool.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_ca_pool.php
@@ -34,11 +34,14 @@
  * Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
  * @param string $formattedParent The resource name of the location associated with the
- *                                [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/&#42;/locations/*`. Please see
+ *                                [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+ *                                `projects/&#42;/locations/*`. Please see
  *                                {@see CertificateAuthorityServiceClient::locationName()} for help formatting this field.
  * @param string $caPoolId        It must be unique within a location and match the regular
  *                                expression `[a-zA-Z0-9_-]{1,63}`
- * @param int    $caPoolTier      Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+ * @param int    $caPoolTier      Immutable. The
+ *                                [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this
+ *                                [CaPool][google.cloud.security.privateca.v1.CaPool].
  */
 function create_ca_pool_sample(string $formattedParent, string $caPoolId, int $caPoolTier): void
 {
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_certificate.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_certificate.php
index 1918f32b9073..07b2b883c5b5 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_certificate.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_certificate.php
@@ -29,11 +29,14 @@
 use Google\Protobuf\Duration;
 
 /**
- * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+ * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+ * in a given Project, Location from a particular
  * [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
- * @param string $formattedParent The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
- *                                in the format `projects/&#42;/locations/&#42;/caPools/*`. Please see
+ * @param string $formattedParent The resource name of the
+ *                                [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+ *                                [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+ *                                format `projects/&#42;/locations/&#42;/caPools/*`. Please see
  *                                {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
  */
 function create_certificate_sample(string $formattedParent): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_certificate_authority.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_certificate_authority.php
index b98651be17bf..585898c6667c 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_certificate_authority.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_certificate_authority.php
@@ -37,15 +37,21 @@
 use Google\Rpc\Status;
 
 /**
- * Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+ * Create a new
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * in a given Project and Location.
  *
- * @param string $formattedParent          The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
- *                                         [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
- *                                         `projects/&#42;/locations/&#42;/caPools/*`. Please see
+ * @param string $formattedParent          The resource name of the
+ *                                         [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+ *                                         [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+ *                                         in the format `projects/&#42;/locations/&#42;/caPools/*`. Please see
  *                                         {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
  * @param string $certificateAuthorityId   It must be unique within a location and match the regular
  *                                         expression `[a-zA-Z0-9_-]{1,63}`
- * @param int    $certificateAuthorityType Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+ * @param int    $certificateAuthorityType Immutable. The
+ *                                         [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of
+ *                                         this
+ *                                         [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  */
 function create_certificate_authority_sample(
     string $formattedParent,
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_certificate_template.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_certificate_template.php
index b94bc4162ada..57fd0d8054b4 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_certificate_template.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_certificate_template.php
@@ -30,11 +30,13 @@
 use Google\Rpc\Status;
 
 /**
- * Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+ * Create a new
+ * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+ * in a given Project and Location.
  *
  * @param string $formattedParent       The resource name of the location associated with the
- *                                      [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
- *                                      `projects/&#42;/locations/*`. Please see
+ *                                      [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+ *                                      in the format `projects/&#42;/locations/*`. Please see
  *                                      {@see CertificateAuthorityServiceClient::locationName()} for help formatting this field.
  * @param string $certificateTemplateId It must be unique within a location and match the regular
  *                                      expression `[a-zA-Z0-9_-]{1,63}`
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/delete_ca_pool.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/delete_ca_pool.php
index e8fb7d8b9dcc..3d96361950e7 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/delete_ca_pool.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/delete_ca_pool.php
@@ -31,8 +31,9 @@
 /**
  * Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
- * @param string $formattedName The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
- *                              format `projects/&#42;/locations/&#42;/caPools/*`. Please see
+ * @param string $formattedName The resource name for this
+ *                              [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+ *                              `projects/&#42;/locations/&#42;/caPools/*`. Please see
  *                              {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
  */
 function delete_ca_pool_sample(string $formattedName): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/delete_certificate_authority.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/delete_certificate_authority.php
index 946d66d5670f..71c1090eb930 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/delete_certificate_authority.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/delete_certificate_authority.php
@@ -30,10 +30,12 @@
 use Google\Rpc\Status;
 
 /**
- * Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+ * Delete a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  *
- * @param string $formattedName The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
- *                              format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`. Please see
+ * @param string $formattedName The resource name for this
+ *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ *                              in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
  */
 function delete_certificate_authority_sample(string $formattedName): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/delete_certificate_template.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/delete_certificate_template.php
index 9ad54ec0b337..e887f4a24684 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/delete_certificate_template.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/delete_certificate_template.php
@@ -29,10 +29,12 @@
 use Google\Rpc\Status;
 
 /**
- * DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+ * DeleteCertificateTemplate deletes a
+ * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
  *
- * @param string $formattedName The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
- *                              `projects/&#42;/locations/&#42;/certificateTemplates/*`. Please see
+ * @param string $formattedName The resource name for this
+ *                              [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+ *                              in the format `projects/&#42;/locations/&#42;/certificateTemplates/*`. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateTemplateName()} for help formatting this field.
  */
 function delete_certificate_template_sample(string $formattedName): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/disable_certificate_authority.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/disable_certificate_authority.php
index c0797f770e6c..a5edbff40ee8 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/disable_certificate_authority.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/disable_certificate_authority.php
@@ -30,10 +30,12 @@
 use Google\Rpc\Status;
 
 /**
- * Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+ * Disable a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  *
- * @param string $formattedName The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
- *                              format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`. Please see
+ * @param string $formattedName The resource name for this
+ *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ *                              in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
  */
 function disable_certificate_authority_sample(string $formattedName): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/enable_certificate_authority.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/enable_certificate_authority.php
index 80bf37a166a3..9fc26e94ecaa 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/enable_certificate_authority.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/enable_certificate_authority.php
@@ -30,10 +30,12 @@
 use Google\Rpc\Status;
 
 /**
- * Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+ * Enable a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  *
- * @param string $formattedName The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
- *                              format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`. Please see
+ * @param string $formattedName The resource name for this
+ *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ *                              in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
  */
 function enable_certificate_authority_sample(string $formattedName): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/fetch_ca_certs.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/fetch_ca_certs.php
index 477fd37df287..82783d77ce62 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/fetch_ca_certs.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/fetch_ca_certs.php
@@ -28,12 +28,15 @@
 use Google\Cloud\Security\PrivateCA\V1\FetchCaCertsResponse;
 
 /**
- * FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
- * include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * FetchCaCerts returns the current trust anchor for the
+ * [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+ * certificate chains for all ACTIVE
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
  * resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
- * @param string $formattedCaPool The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
- *                                format `projects/&#42;/locations/&#42;/caPools/*`. Please see
+ * @param string $formattedCaPool The resource name for the
+ *                                [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+ *                                `projects/&#42;/locations/&#42;/caPools/*`. Please see
  *                                {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
  */
 function fetch_ca_certs_sample(string $formattedCaPool): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/fetch_certificate_authority_csr.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/fetch_certificate_authority_csr.php
index 031208453c27..1dcc4bfd60cc 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/fetch_certificate_authority_csr.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/fetch_certificate_authority_csr.php
@@ -28,16 +28,21 @@
 use Google\Cloud\Security\PrivateCA\V1\FetchCertificateAuthorityCsrResponse;
 
 /**
- * Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * Fetch a certificate signing request (CSR) from a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
  * that is in state
  * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
- * and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
- * CSR must then be signed by the desired parent Certificate Authority, which
- * could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
- * certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+ * and is of type
+ * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+ * The CSR must then be signed by the desired parent Certificate Authority,
+ * which could be another
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * resource, or could be an on-prem certificate authority. See also
+ * [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
  *
- * @param string $formattedName The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
- *                              format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`. Please see
+ * @param string $formattedName The resource name for this
+ *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ *                              in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
  */
 function fetch_certificate_authority_csr_sample(string $formattedName): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_ca_pool.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_ca_pool.php
index a5c7fd0f6edd..89fa6359a2f5 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_ca_pool.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_ca_pool.php
@@ -30,7 +30,8 @@
 /**
  * Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
- * @param string $formattedName The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get. Please see
+ * @param string $formattedName The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+ *                              [CaPool][google.cloud.security.privateca.v1.CaPool] to get. Please see
  *                              {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
  */
 function get_ca_pool_sample(string $formattedName): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate.php
index 4eb83766d89f..49b1ca0d583d 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate.php
@@ -30,7 +30,9 @@
 /**
  * Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
  *
- * @param string $formattedName The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get. Please see
+ * @param string $formattedName The [name][google.cloud.security.privateca.v1.Certificate.name]
+ *                              of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+ *                              get. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateName()} for help formatting this field.
  */
 function get_certificate_sample(string $formattedName): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate_authority.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate_authority.php
index 976f2c0e8913..48289183623d 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate_authority.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate_authority.php
@@ -28,10 +28,13 @@
 use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
 
 /**
- * Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+ * Returns a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  *
- * @param string $formattedName The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
- *                              get. Please see
+ * @param string $formattedName The
+ *                              [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+ *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ *                              to get. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
  */
 function get_certificate_authority_sample(string $formattedName): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate_revocation_list.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate_revocation_list.php
index ce664ad3fc7b..9fd999b5b4b8 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate_revocation_list.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate_revocation_list.php
@@ -28,10 +28,14 @@
 use Google\Cloud\Security\PrivateCA\V1\CertificateRevocationList;
 
 /**
- * Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+ * Returns a
+ * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
  *
- * @param string $formattedName The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
- *                              [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get. Please see
+ * @param string $formattedName The
+ *                              [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+ *                              of the
+ *                              [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+ *                              to get. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateRevocationListName()} for help formatting this field.
  */
 function get_certificate_revocation_list_sample(string $formattedName): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate_template.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate_template.php
index 618f10fae47a..72909545ef8a 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate_template.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate_template.php
@@ -28,10 +28,13 @@
 use Google\Cloud\Security\PrivateCA\V1\CertificateTemplate;
 
 /**
- * Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+ * Returns a
+ * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
  *
- * @param string $formattedName The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
- *                              get. Please see
+ * @param string $formattedName The
+ *                              [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+ *                              [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+ *                              to get. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateTemplateName()} for help formatting this field.
  */
 function get_certificate_template_sample(string $formattedName): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificate_authorities.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificate_authorities.php
index 01f83d6cd400..275fb812d1d1 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificate_authorities.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificate_authorities.php
@@ -29,11 +29,13 @@
 use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
 
 /**
- * Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+ * Lists
+ * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
  *
- * @param string $formattedParent The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
- *                                [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
- *                                `projects/&#42;/locations/&#42;/caPools/*`. Please see
+ * @param string $formattedParent The resource name of the
+ *                                [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+ *                                [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+ *                                in the format `projects/&#42;/locations/&#42;/caPools/*`. Please see
  *                                {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
  */
 function list_certificate_authorities_sample(string $formattedParent): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificate_revocation_lists.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificate_revocation_lists.php
index 7dfe3f4c6383..7365aeca9282 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificate_revocation_lists.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificate_revocation_lists.php
@@ -29,11 +29,12 @@
 use Google\Cloud\Security\PrivateCA\V1\CertificateRevocationList;
 
 /**
- * Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+ * Lists
+ * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
  *
  * @param string $formattedParent The resource name of the location associated with the
- *                                [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
- *                                `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`. Please see
+ *                                [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+ *                                in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`. Please see
  *                                {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
  */
 function list_certificate_revocation_lists_sample(string $formattedParent): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificate_templates.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificate_templates.php
index ae943cce4eb1..a06571d6a9b5 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificate_templates.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificate_templates.php
@@ -29,11 +29,12 @@
 use Google\Cloud\Security\PrivateCA\V1\CertificateTemplate;
 
 /**
- * Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+ * Lists
+ * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
  *
  * @param string $formattedParent The resource name of the location associated with the
- *                                [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
- *                                `projects/&#42;/locations/*`. Please see
+ *                                [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+ *                                in the format `projects/&#42;/locations/*`. Please see
  *                                {@see CertificateAuthorityServiceClient::locationName()} for help formatting this field.
  */
 function list_certificate_templates_sample(string $formattedParent): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificates.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificates.php
index c41ec8845553..a75543d88686 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificates.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/list_certificates.php
@@ -32,8 +32,8 @@
  * Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
  *
  * @param string $formattedParent The resource name of the location associated with the
- *                                [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
- *                                `projects/&#42;/locations/&#42;/caPools/*`. Please see
+ *                                [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+ *                                format `projects/&#42;/locations/&#42;/caPools/*`. Please see
  *                                {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
  */
 function list_certificates_sample(string $formattedParent): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/revoke_certificate.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/revoke_certificate.php
index cbe43e182d12..78f432f8da0d 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/revoke_certificate.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/revoke_certificate.php
@@ -31,11 +31,13 @@
 /**
  * Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
  *
- * @param string $formattedName The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
- *                              format
+ * @param string $formattedName The resource name for this
+ *                              [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
  *                              `projects/&#42;/locations/&#42;/caPools/&#42;/certificates/*`. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateName()} for help formatting this field.
- * @param int    $reason        The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
+ * @param int    $reason        The
+ *                              [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+ *                              revoking this certificate.
  */
 function revoke_certificate_sample(string $formattedName, int $reason): void
 {
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/undelete_certificate_authority.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/undelete_certificate_authority.php
index 90a8007cd97b..607c8b3aecdf 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/undelete_certificate_authority.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/undelete_certificate_authority.php
@@ -30,10 +30,13 @@
 use Google\Rpc\Status;
 
 /**
- * Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+ * Undelete a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * that has been deleted.
  *
- * @param string $formattedName The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
- *                              format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`. Please see
+ * @param string $formattedName The resource name for this
+ *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ *                              in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
  */
 function undelete_certificate_authority_sample(string $formattedName): void
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_ca_pool.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_ca_pool.php
index 4d4ee8eb2559..083c4749002f 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_ca_pool.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_ca_pool.php
@@ -34,7 +34,9 @@
 /**
  * Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
- * @param int $caPoolTier Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+ * @param int $caPoolTier Immutable. The
+ *                        [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this
+ *                        [CaPool][google.cloud.security.privateca.v1.CaPool].
  */
 function update_ca_pool_sample(int $caPoolTier): void
 {
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate.php
index 27fe1db1c94c..00c8ae10eb2f 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate.php
@@ -30,7 +30,8 @@
 use Google\Protobuf\FieldMask;
 
 /**
- * Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
+ * Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+ * Currently, the only field you can update is the
  * [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
  *
  * This sample has been automatically generated and should be regarded as a code
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate_authority.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate_authority.php
index 2f1be282008e..8a26c2837a21 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate_authority.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate_authority.php
@@ -38,9 +38,13 @@
 use Google\Rpc\Status;
 
 /**
- * Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+ * Update a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  *
- * @param int $certificateAuthorityType Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+ * @param int $certificateAuthorityType Immutable. The
+ *                                      [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of
+ *                                      this
+ *                                      [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  */
 function update_certificate_authority_sample(int $certificateAuthorityType): void
 {
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate_revocation_list.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate_revocation_list.php
index 4e160ef6580f..590cd1a17202 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate_revocation_list.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate_revocation_list.php
@@ -31,7 +31,8 @@
 use Google\Rpc\Status;
 
 /**
- * Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+ * Update a
+ * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
  *
  * This sample has been automatically generated and should be regarded as a code
  * template only. It will require modifications to work:
diff --git a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate_template.php b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate_template.php
index 2658894a92be..48bd2e1460d7 100644
--- a/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate_template.php
+++ b/SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/update_certificate_template.php
@@ -31,7 +31,8 @@
 use Google\Rpc\Status;
 
 /**
- * Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+ * Update a
+ * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
  *
  * This sample has been automatically generated and should be regarded as a code
  * template only. It will require modifications to work:
diff --git a/SecurityPrivateCa/src/V1/ActivateCertificateAuthorityRequest.php b/SecurityPrivateCa/src/V1/ActivateCertificateAuthorityRequest.php
index d4e65fb0a154..a08efd600e3f 100644
--- a/SecurityPrivateCa/src/V1/ActivateCertificateAuthorityRequest.php
+++ b/SecurityPrivateCa/src/V1/ActivateCertificateAuthorityRequest.php
@@ -17,8 +17,9 @@
 class ActivateCertificateAuthorityRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
@@ -31,19 +32,19 @@ class ActivateCertificateAuthorityRequest extends \Google\Protobuf\Internal\Mess
      */
     private $pem_ca_certificate = '';
     /**
-     * Required. Must include information about the issuer of 'pem_ca_certificate', and any
-     * further issuers until the self-signed CA.
+     * Required. Must include information about the issuer of
+     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      */
     private $subordinate_config = null;
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -61,21 +62,22 @@ class ActivateCertificateAuthorityRequest extends \Google\Protobuf\Internal\Mess
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     *           format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     *           Required. The resource name for this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *     @type string $pem_ca_certificate
      *           Required. The signed CA certificate issued from
      *           [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
      *     @type \Google\Cloud\Security\PrivateCA\V1\SubordinateConfig $subordinate_config
-     *           Required. Must include information about the issuer of 'pem_ca_certificate', and any
-     *           further issuers until the self-signed CA.
+     *           Required. Must include information about the issuer of
+     *           'pem_ca_certificate', and any further issuers until the self-signed CA.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -89,8 +91,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -101,8 +104,9 @@ public function getName()
     }
 
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -145,8 +149,8 @@ public function setPemCaCertificate($var)
     }
 
     /**
-     * Required. Must include information about the issuer of 'pem_ca_certificate', and any
-     * further issuers until the self-signed CA.
+     * Required. Must include information about the issuer of
+     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\SubordinateConfig|null
@@ -167,8 +171,8 @@ public function clearSubordinateConfig()
     }
 
     /**
-     * Required. Must include information about the issuer of 'pem_ca_certificate', and any
-     * further issuers until the self-signed CA.
+     * Required. Must include information about the issuer of
+     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\SubordinateConfig $var
@@ -183,12 +187,12 @@ public function setSubordinateConfig($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -204,12 +208,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/CaPool.php b/SecurityPrivateCa/src/V1/CaPool.php
index 733f8e661303..d9d2ebb3f382 100644
--- a/SecurityPrivateCa/src/V1/CaPool.php
+++ b/SecurityPrivateCa/src/V1/CaPool.php
@@ -10,39 +10,50 @@
 
 /**
  * A [CaPool][google.cloud.security.privateca.v1.CaPool] represents a group of
- * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] that form a trust anchor. A
- * [CaPool][google.cloud.security.privateca.v1.CaPool] can be used to manage issuance policies for one or more
- * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resources and to rotate CA certificates in and out
- * of the trust anchor.
+ * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+ * that form a trust anchor. A
+ * [CaPool][google.cloud.security.privateca.v1.CaPool] can be used to manage
+ * issuance policies for one or more
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * resources and to rotate CA certificates in and out of the trust anchor.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CaPool</code>
  */
 class CaPool extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Output only. The resource name for this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $name = '';
     /**
-     * Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * Required. Immutable. The
+     * [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.Tier tier = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];</code>
      */
     private $tier = 0;
     /**
-     * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
-     * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * Optional. The
+     * [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * to control how
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] will be
+     * issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $issuance_policy = null;
     /**
-     * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
-     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * Optional. The
+     * [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions]
+     * to follow when issuing
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] from any
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -61,17 +72,26 @@ class CaPool extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-     *           format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     *           Output only. The resource name for this
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     *           `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *     @type int $tier
-     *           Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     *           Required. Immutable. The
+     *           [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool].
      *     @type \Google\Cloud\Security\PrivateCA\V1\CaPool\IssuancePolicy $issuance_policy
-     *           Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
-     *           will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     *           Optional. The
+     *           [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     *           to control how
+     *           [Certificates][google.cloud.security.privateca.v1.Certificate] will be
+     *           issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
      *     @type \Google\Cloud\Security\PrivateCA\V1\CaPool\PublishingOptions $publishing_options
-     *           Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
-     *           [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
-     *           [CaPool][google.cloud.security.privateca.v1.CaPool].
+     *           Optional. The
+     *           [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions]
+     *           to follow when issuing
+     *           [Certificates][google.cloud.security.privateca.v1.Certificate] from any
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      *     @type array|\Google\Protobuf\Internal\MapField $labels
      *           Optional. Labels with user-defined metadata.
      * }
@@ -82,8 +102,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Output only. The resource name for this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return string
@@ -94,8 +115,9 @@ public function getName()
     }
 
     /**
-     * Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Output only. The resource name for this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param string $var
@@ -110,7 +132,9 @@ public function setName($var)
     }
 
     /**
-     * Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * Required. Immutable. The
+     * [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.Tier tier = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];</code>
      * @return int
@@ -121,7 +145,9 @@ public function getTier()
     }
 
     /**
-     * Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * Required. Immutable. The
+     * [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.Tier tier = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];</code>
      * @param int $var
@@ -136,8 +162,11 @@ public function setTier($var)
     }
 
     /**
-     * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
-     * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * Optional. The
+     * [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * to control how
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] will be
+     * issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CaPool\IssuancePolicy|null
@@ -158,8 +187,11 @@ public function clearIssuancePolicy()
     }
 
     /**
-     * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
-     * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * Optional. The
+     * [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * to control how
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] will be
+     * issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CaPool\IssuancePolicy $var
@@ -174,9 +206,12 @@ public function setIssuancePolicy($var)
     }
 
     /**
-     * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
-     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * Optional. The
+     * [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions]
+     * to follow when issuing
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] from any
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CaPool\PublishingOptions|null
@@ -197,9 +232,12 @@ public function clearPublishingOptions()
     }
 
     /**
-     * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
-     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * Optional. The
+     * [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions]
+     * to follow when issuing
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] from any
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CaPool\PublishingOptions $var
diff --git a/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy.php b/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy.php
index babf47a652d3..c465fee89533 100644
--- a/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy.php
+++ b/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy.php
@@ -9,68 +9,85 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * Defines controls over all certificate issuance within a [CaPool][google.cloud.security.privateca.v1.CaPool].
+ * Defines controls over all certificate issuance within a
+ * [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CaPool.IssuancePolicy</code>
  */
 class IssuancePolicy extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
-     * public key must match one of the key types listed here. Otherwise,
-     * any key may be used.
+     * Optional. If any
+     * [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
+     * is specified, then the certificate request's public key must match one of
+     * the key types listed here. Otherwise, any key may be used.
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $allowed_key_types;
     /**
-     * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
-     * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
-     * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
-     * be explicitly truncated to match it.
+     * Optional. The maximum lifetime allowed for issued
+     * [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that
+     * if the issuing
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * expires before a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested
+     * maximum_lifetime, the effective lifetime will be explicitly truncated to
+     * match it.
      *
      * Generated from protobuf field <code>.google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $maximum_lifetime = null;
     /**
-     * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
-     * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * Optional. If specified, then only methods allowed in the
+     * [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]
+     * may be used to issue
+     * [Certificates][google.cloud.security.privateca.v1.Certificate].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $allowed_issuance_modes = null;
     /**
-     * Optional. A set of X.509 values that will be applied to all certificates issued
-     * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
-     * values for the same properties, they will be overwritten by the values
-     * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * Optional. A set of X.509 values that will be applied to all certificates
+     * issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * If a certificate request includes conflicting values for the same
+     * properties, they will be overwritten by the values defined here. If a
+     * certificate request uses a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
      * that defines conflicting
-     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
-     * properties, the certificate issuance request will fail.
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
+     * for the same properties, the certificate issuance request will fail.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $baseline_values = null;
     /**
      * Optional. Describes constraints on identities that may appear in
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
-     * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
-     * certificate's identity.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued
+     * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If this
+     * is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool]
+     * will not add restrictions on a certificate's identity.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $identity_constraints = null;
     /**
      * Optional. Describes the set of X.509 extensions that may appear in a
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
-     * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued
+     * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a
+     * certificate request sets extensions that don't appear in the
+     * [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
      * those extensions will be dropped. If a certificate request uses a
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
-     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
-     * appear here, the certificate issuance request will fail. If this is
-     * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
-     * certificate's X.509 extensions. These constraints do not apply to X.509
-     * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
+     * that don't appear here, the certificate issuance request will fail. If
+     * this is omitted, then this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] will not add
+     * restrictions on a certificate's X.509 extensions. These constraints do
+     * not apply to X.509 extensions set in this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -83,41 +100,57 @@ class IssuancePolicy extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type array<\Google\Cloud\Security\PrivateCA\V1\CaPool\IssuancePolicy\AllowedKeyType>|\Google\Protobuf\Internal\RepeatedField $allowed_key_types
-     *           Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
-     *           public key must match one of the key types listed here. Otherwise,
-     *           any key may be used.
+     *           Optional. If any
+     *           [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
+     *           is specified, then the certificate request's public key must match one of
+     *           the key types listed here. Otherwise, any key may be used.
      *     @type \Google\Protobuf\Duration $maximum_lifetime
-     *           Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
-     *           that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
-     *           [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
-     *           be explicitly truncated to match it.
+     *           Optional. The maximum lifetime allowed for issued
+     *           [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that
+     *           if the issuing
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           expires before a
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested
+     *           maximum_lifetime, the effective lifetime will be explicitly truncated to
+     *           match it.
      *     @type \Google\Cloud\Security\PrivateCA\V1\CaPool\IssuancePolicy\IssuanceModes $allowed_issuance_modes
-     *           Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
-     *           used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+     *           Optional. If specified, then only methods allowed in the
+     *           [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]
+     *           may be used to issue
+     *           [Certificates][google.cloud.security.privateca.v1.Certificate].
      *     @type \Google\Cloud\Security\PrivateCA\V1\X509Parameters $baseline_values
-     *           Optional. A set of X.509 values that will be applied to all certificates issued
-     *           through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
-     *           values for the same properties, they will be overwritten by the values
-     *           defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     *           Optional. A set of X.509 values that will be applied to all certificates
+     *           issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     *           If a certificate request includes conflicting values for the same
+     *           properties, they will be overwritten by the values defined here. If a
+     *           certificate request uses a
+     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
      *           that defines conflicting
-     *           [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
-     *           properties, the certificate issuance request will fail.
+     *           [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
+     *           for the same properties, the certificate issuance request will fail.
      *     @type \Google\Cloud\Security\PrivateCA\V1\CertificateIdentityConstraints $identity_constraints
      *           Optional. Describes constraints on identities that may appear in
-     *           [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
-     *           If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
-     *           certificate's identity.
+     *           [Certificates][google.cloud.security.privateca.v1.Certificate] issued
+     *           through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If this
+     *           is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool]
+     *           will not add restrictions on a certificate's identity.
      *     @type \Google\Cloud\Security\PrivateCA\V1\CertificateExtensionConstraints $passthrough_extensions
      *           Optional. Describes the set of X.509 extensions that may appear in a
-     *           [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
-     *           sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] issued
+     *           through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a
+     *           certificate request sets extensions that don't appear in the
+     *           [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
      *           those extensions will be dropped. If a certificate request uses a
-     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
-     *           [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
-     *           appear here, the certificate issuance request will fail. If this is
-     *           omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
-     *           certificate's X.509 extensions. These constraints do not apply to X.509
-     *           extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     *           with
+     *           [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
+     *           that don't appear here, the certificate issuance request will fail. If
+     *           this is omitted, then this
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool] will not add
+     *           restrictions on a certificate's X.509 extensions. These constraints do
+     *           not apply to X.509 extensions set in this
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     *           [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
      * }
      */
     public function __construct($data = NULL) {
@@ -126,9 +159,10 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
-     * public key must match one of the key types listed here. Otherwise,
-     * any key may be used.
+     * Optional. If any
+     * [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
+     * is specified, then the certificate request's public key must match one of
+     * the key types listed here. Otherwise, any key may be used.
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Protobuf\Internal\RepeatedField
@@ -139,9 +173,10 @@ public function getAllowedKeyTypes()
     }
 
     /**
-     * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
-     * public key must match one of the key types listed here. Otherwise,
-     * any key may be used.
+     * Optional. If any
+     * [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
+     * is specified, then the certificate request's public key must match one of
+     * the key types listed here. Otherwise, any key may be used.
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param array<\Google\Cloud\Security\PrivateCA\V1\CaPool\IssuancePolicy\AllowedKeyType>|\Google\Protobuf\Internal\RepeatedField $var
@@ -156,10 +191,14 @@ public function setAllowedKeyTypes($var)
     }
 
     /**
-     * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
-     * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
-     * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
-     * be explicitly truncated to match it.
+     * Optional. The maximum lifetime allowed for issued
+     * [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that
+     * if the issuing
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * expires before a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested
+     * maximum_lifetime, the effective lifetime will be explicitly truncated to
+     * match it.
      *
      * Generated from protobuf field <code>.google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Protobuf\Duration|null
@@ -180,10 +219,14 @@ public function clearMaximumLifetime()
     }
 
     /**
-     * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
-     * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
-     * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
-     * be explicitly truncated to match it.
+     * Optional. The maximum lifetime allowed for issued
+     * [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that
+     * if the issuing
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * expires before a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested
+     * maximum_lifetime, the effective lifetime will be explicitly truncated to
+     * match it.
      *
      * Generated from protobuf field <code>.google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param \Google\Protobuf\Duration $var
@@ -198,8 +241,10 @@ public function setMaximumLifetime($var)
     }
 
     /**
-     * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
-     * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * Optional. If specified, then only methods allowed in the
+     * [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]
+     * may be used to issue
+     * [Certificates][google.cloud.security.privateca.v1.Certificate].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CaPool\IssuancePolicy\IssuanceModes|null
@@ -220,8 +265,10 @@ public function clearAllowedIssuanceModes()
     }
 
     /**
-     * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
-     * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * Optional. If specified, then only methods allowed in the
+     * [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]
+     * may be used to issue
+     * [Certificates][google.cloud.security.privateca.v1.Certificate].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CaPool\IssuancePolicy\IssuanceModes $var
@@ -236,13 +283,15 @@ public function setAllowedIssuanceModes($var)
     }
 
     /**
-     * Optional. A set of X.509 values that will be applied to all certificates issued
-     * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
-     * values for the same properties, they will be overwritten by the values
-     * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * Optional. A set of X.509 values that will be applied to all certificates
+     * issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * If a certificate request includes conflicting values for the same
+     * properties, they will be overwritten by the values defined here. If a
+     * certificate request uses a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
      * that defines conflicting
-     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
-     * properties, the certificate issuance request will fail.
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
+     * for the same properties, the certificate issuance request will fail.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\X509Parameters|null
@@ -263,13 +312,15 @@ public function clearBaselineValues()
     }
 
     /**
-     * Optional. A set of X.509 values that will be applied to all certificates issued
-     * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
-     * values for the same properties, they will be overwritten by the values
-     * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * Optional. A set of X.509 values that will be applied to all certificates
+     * issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * If a certificate request includes conflicting values for the same
+     * properties, they will be overwritten by the values defined here. If a
+     * certificate request uses a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
      * that defines conflicting
-     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
-     * properties, the certificate issuance request will fail.
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
+     * for the same properties, the certificate issuance request will fail.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\X509Parameters $var
@@ -285,9 +336,10 @@ public function setBaselineValues($var)
 
     /**
      * Optional. Describes constraints on identities that may appear in
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
-     * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
-     * certificate's identity.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued
+     * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If this
+     * is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool]
+     * will not add restrictions on a certificate's identity.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CertificateIdentityConstraints|null
@@ -309,9 +361,10 @@ public function clearIdentityConstraints()
 
     /**
      * Optional. Describes constraints on identities that may appear in
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
-     * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
-     * certificate's identity.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued
+     * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If this
+     * is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool]
+     * will not add restrictions on a certificate's identity.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CertificateIdentityConstraints $var
@@ -327,15 +380,21 @@ public function setIdentityConstraints($var)
 
     /**
      * Optional. Describes the set of X.509 extensions that may appear in a
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
-     * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued
+     * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a
+     * certificate request sets extensions that don't appear in the
+     * [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
      * those extensions will be dropped. If a certificate request uses a
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
-     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
-     * appear here, the certificate issuance request will fail. If this is
-     * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
-     * certificate's X.509 extensions. These constraints do not apply to X.509
-     * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
+     * that don't appear here, the certificate issuance request will fail. If
+     * this is omitted, then this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] will not add
+     * restrictions on a certificate's X.509 extensions. These constraints do
+     * not apply to X.509 extensions set in this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CertificateExtensionConstraints|null
@@ -357,15 +416,21 @@ public function clearPassthroughExtensions()
 
     /**
      * Optional. Describes the set of X.509 extensions that may appear in a
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
-     * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued
+     * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a
+     * certificate request sets extensions that don't appear in the
+     * [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
      * those extensions will be dropped. If a certificate request uses a
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
-     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
-     * appear here, the certificate issuance request will fail. If this is
-     * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
-     * certificate's X.509 extensions. These constraints do not apply to X.509
-     * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
+     * that don't appear here, the certificate issuance request will fail. If
+     * this is omitted, then this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] will not add
+     * restrictions on a certificate's X.509 extensions. These constraints do
+     * not apply to X.509 extensions set in this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CertificateExtensionConstraints $var
diff --git a/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType.php b/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType.php
index 2e5d915df862..fa4f25ecffe5 100644
--- a/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType.php
+++ b/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType.php
@@ -9,11 +9,12 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * Describes a "type" of key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued
- * from a [CaPool][google.cloud.security.privateca.v1.CaPool].
- * Note that a single [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] may refer to either a
- * fully-qualified key algorithm, such as RSA 4096, or a family of key
- * algorithms, such as any RSA key.
+ * Describes a "type" of key that may be used in a
+ * [Certificate][google.cloud.security.privateca.v1.Certificate] issued from
+ * a [CaPool][google.cloud.security.privateca.v1.CaPool]. Note that a single
+ * [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
+ * may refer to either a fully-qualified key algorithm, such as RSA 4096, or
+ * a family of key algorithms, such as any RSA key.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType</code>
  */
diff --git a/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType/EcKeyType.php b/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType/EcKeyType.php
index 2034ae1e54d7..84b3f9b5bc85 100644
--- a/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType/EcKeyType.php
+++ b/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType/EcKeyType.php
@@ -9,16 +9,17 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * Describes an Elliptic Curve key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate]
- * issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].
+ * Describes an Elliptic Curve key that may be used in a
+ * [Certificate][google.cloud.security.privateca.v1.Certificate] issued
+ * from a [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType</code>
  */
 class EcKeyType extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Optional. A signature algorithm that must be used. If this is omitted, any
-     * EC-based signature algorithm will be allowed.
+     * Optional. A signature algorithm that must be used. If this is
+     * omitted, any EC-based signature algorithm will be allowed.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm signature_algorithm = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -31,8 +32,8 @@ class EcKeyType extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type int $signature_algorithm
-     *           Optional. A signature algorithm that must be used. If this is omitted, any
-     *           EC-based signature algorithm will be allowed.
+     *           Optional. A signature algorithm that must be used. If this is
+     *           omitted, any EC-based signature algorithm will be allowed.
      * }
      */
     public function __construct($data = NULL) {
@@ -41,8 +42,8 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Optional. A signature algorithm that must be used. If this is omitted, any
-     * EC-based signature algorithm will be allowed.
+     * Optional. A signature algorithm that must be used. If this is
+     * omitted, any EC-based signature algorithm will be allowed.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm signature_algorithm = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return int
@@ -53,8 +54,8 @@ public function getSignatureAlgorithm()
     }
 
     /**
-     * Optional. A signature algorithm that must be used. If this is omitted, any
-     * EC-based signature algorithm will be allowed.
+     * Optional. A signature algorithm that must be used. If this is
+     * omitted, any EC-based signature algorithm will be allowed.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm signature_algorithm = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param int $var
diff --git a/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType/EcKeyType/EcSignatureAlgorithm.php b/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType/EcKeyType/EcSignatureAlgorithm.php
index 8679697ce35b..8d68b0663abc 100644
--- a/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType/EcKeyType/EcSignatureAlgorithm.php
+++ b/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType/EcKeyType/EcSignatureAlgorithm.php
@@ -8,7 +8,9 @@
 
 /**
  * Describes an elliptic curve-based signature algorithm that may be
- * used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].
+ * used in a
+ * [Certificate][google.cloud.security.privateca.v1.Certificate] issued
+ * from a [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
  * Protobuf type <code>google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm</code>
  */
diff --git a/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType/RsaKeyType.php b/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType/RsaKeyType.php
index d0e2a72bac63..46367e03612f 100644
--- a/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType/RsaKeyType.php
+++ b/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/AllowedKeyType/RsaKeyType.php
@@ -9,25 +9,26 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * Describes an RSA key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from
- * a [CaPool][google.cloud.security.privateca.v1.CaPool].
+ * Describes an RSA key that may be used in a
+ * [Certificate][google.cloud.security.privateca.v1.Certificate] issued
+ * from a [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType</code>
  */
 class RsaKeyType extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is
-     * not set, or if set to zero, the service-level min RSA modulus size
-     * will continue to apply.
+     * Optional. The minimum allowed RSA modulus size (inclusive), in bits.
+     * If this is not set, or if set to zero, the service-level min RSA
+     * modulus size will continue to apply.
      *
      * Generated from protobuf field <code>int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $min_modulus_size = 0;
     /**
-     * Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is
-     * not set, or if set to zero, the service will not enforce an explicit
-     * upper bound on RSA modulus sizes.
+     * Optional. The maximum allowed RSA modulus size (inclusive), in bits.
+     * If this is not set, or if set to zero, the service will not enforce
+     * an explicit upper bound on RSA modulus sizes.
      *
      * Generated from protobuf field <code>int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -40,13 +41,13 @@ class RsaKeyType extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type int|string $min_modulus_size
-     *           Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is
-     *           not set, or if set to zero, the service-level min RSA modulus size
-     *           will continue to apply.
+     *           Optional. The minimum allowed RSA modulus size (inclusive), in bits.
+     *           If this is not set, or if set to zero, the service-level min RSA
+     *           modulus size will continue to apply.
      *     @type int|string $max_modulus_size
-     *           Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is
-     *           not set, or if set to zero, the service will not enforce an explicit
-     *           upper bound on RSA modulus sizes.
+     *           Optional. The maximum allowed RSA modulus size (inclusive), in bits.
+     *           If this is not set, or if set to zero, the service will not enforce
+     *           an explicit upper bound on RSA modulus sizes.
      * }
      */
     public function __construct($data = NULL) {
@@ -55,9 +56,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is
-     * not set, or if set to zero, the service-level min RSA modulus size
-     * will continue to apply.
+     * Optional. The minimum allowed RSA modulus size (inclusive), in bits.
+     * If this is not set, or if set to zero, the service-level min RSA
+     * modulus size will continue to apply.
      *
      * Generated from protobuf field <code>int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return int|string
@@ -68,9 +69,9 @@ public function getMinModulusSize()
     }
 
     /**
-     * Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is
-     * not set, or if set to zero, the service-level min RSA modulus size
-     * will continue to apply.
+     * Optional. The minimum allowed RSA modulus size (inclusive), in bits.
+     * If this is not set, or if set to zero, the service-level min RSA
+     * modulus size will continue to apply.
      *
      * Generated from protobuf field <code>int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param int|string $var
@@ -85,9 +86,9 @@ public function setMinModulusSize($var)
     }
 
     /**
-     * Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is
-     * not set, or if set to zero, the service will not enforce an explicit
-     * upper bound on RSA modulus sizes.
+     * Optional. The maximum allowed RSA modulus size (inclusive), in bits.
+     * If this is not set, or if set to zero, the service will not enforce
+     * an explicit upper bound on RSA modulus sizes.
      *
      * Generated from protobuf field <code>int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return int|string
@@ -98,9 +99,9 @@ public function getMaxModulusSize()
     }
 
     /**
-     * Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is
-     * not set, or if set to zero, the service will not enforce an explicit
-     * upper bound on RSA modulus sizes.
+     * Optional. The maximum allowed RSA modulus size (inclusive), in bits.
+     * If this is not set, or if set to zero, the service will not enforce
+     * an explicit upper bound on RSA modulus sizes.
      *
      * Generated from protobuf field <code>int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param int|string $var
diff --git a/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/IssuanceModes.php b/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/IssuanceModes.php
index 173a8ae320fc..5ac99f032319 100644
--- a/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/IssuanceModes.php
+++ b/SecurityPrivateCa/src/V1/CaPool/IssuancePolicy/IssuanceModes.php
@@ -9,24 +9,28 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] specifies the allowed ways in which
- * [Certificates][google.cloud.security.privateca.v1.Certificate] may be requested from this
- * [CaPool][google.cloud.security.privateca.v1.CaPool].
+ * [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]
+ * specifies the allowed ways in which
+ * [Certificates][google.cloud.security.privateca.v1.Certificate] may be
+ * requested from this [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes</code>
  */
 class IssuanceModes extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Optional. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+     * Optional. When true, allows callers to create
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] by
      * specifying a CSR.
      *
      * Generated from protobuf field <code>bool allow_csr_based_issuance = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $allow_csr_based_issuance = false;
     /**
-     * Optional. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
-     * specifying a [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
+     * Optional. When true, allows callers to create
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] by
+     * specifying a
+     * [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
      *
      * Generated from protobuf field <code>bool allow_config_based_issuance = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -39,11 +43,14 @@ class IssuanceModes extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type bool $allow_csr_based_issuance
-     *           Optional. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+     *           Optional. When true, allows callers to create
+     *           [Certificates][google.cloud.security.privateca.v1.Certificate] by
      *           specifying a CSR.
      *     @type bool $allow_config_based_issuance
-     *           Optional. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
-     *           specifying a [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
+     *           Optional. When true, allows callers to create
+     *           [Certificates][google.cloud.security.privateca.v1.Certificate] by
+     *           specifying a
+     *           [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
      * }
      */
     public function __construct($data = NULL) {
@@ -52,7 +59,8 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Optional. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+     * Optional. When true, allows callers to create
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] by
      * specifying a CSR.
      *
      * Generated from protobuf field <code>bool allow_csr_based_issuance = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
@@ -64,7 +72,8 @@ public function getAllowCsrBasedIssuance()
     }
 
     /**
-     * Optional. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+     * Optional. When true, allows callers to create
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] by
      * specifying a CSR.
      *
      * Generated from protobuf field <code>bool allow_csr_based_issuance = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
@@ -80,8 +89,10 @@ public function setAllowCsrBasedIssuance($var)
     }
 
     /**
-     * Optional. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
-     * specifying a [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
+     * Optional. When true, allows callers to create
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] by
+     * specifying a
+     * [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
      *
      * Generated from protobuf field <code>bool allow_config_based_issuance = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return bool
@@ -92,8 +103,10 @@ public function getAllowConfigBasedIssuance()
     }
 
     /**
-     * Optional. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
-     * specifying a [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
+     * Optional. When true, allows callers to create
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] by
+     * specifying a
+     * [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
      *
      * Generated from protobuf field <code>bool allow_config_based_issuance = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param bool $var
diff --git a/SecurityPrivateCa/src/V1/CaPool/PublishingOptions.php b/SecurityPrivateCa/src/V1/CaPool/PublishingOptions.php
index 7e87398d8dd1..cca2e1adf183 100644
--- a/SecurityPrivateCa/src/V1/CaPool/PublishingOptions.php
+++ b/SecurityPrivateCa/src/V1/CaPool/PublishingOptions.php
@@ -9,33 +9,40 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * Options relating to the publication of each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA
- * certificate and CRLs and their inclusion as extensions in issued
- * [Certificates][google.cloud.security.privateca.v1.Certificate]. The options set here apply to certificates
- * issued by any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the [CaPool][google.cloud.security.privateca.v1.CaPool].
+ * Options relating to the publication of each
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+ * CA certificate and CRLs and their inclusion as extensions in issued
+ * [Certificates][google.cloud.security.privateca.v1.Certificate]. The options
+ * set here apply to certificates issued by any
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * in the [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CaPool.PublishingOptions</code>
  */
 class PublishingOptions extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Optional. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and
-     * includes its URL in the "Authority Information Access" X.509 extension
-     * in all issued [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, the CA
-     * certificate will not be published and the corresponding X.509 extension
-     * will not be written in issued certificates.
+     * Optional. When true, publishes each
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * CA certificate and includes its URL in the "Authority Information Access"
+     * X.509 extension in all issued
+     * [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
+     * is false, the CA certificate will not be published and the corresponding
+     * X.509 extension will not be written in issued certificates.
      *
      * Generated from protobuf field <code>bool publish_ca_cert = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $publish_ca_cert = false;
     /**
-     * Optional. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRL and includes its
-     * URL in the "CRL Distribution Points" X.509 extension in all issued
-     * [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, CRLs will not be published
-     * and the corresponding X.509 extension will not be written in issued
-     * certificates.
-     * CRLs will expire 7 days from their creation. However, we will rebuild
-     * daily. CRLs are also rebuilt shortly after a certificate is revoked.
+     * Optional. When true, publishes each
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * CRL and includes its URL in the "CRL Distribution Points" X.509 extension
+     * in all issued
+     * [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
+     * is false, CRLs will not be published and the corresponding X.509
+     * extension will not be written in issued certificates. CRLs will expire 7
+     * days from their creation. However, we will rebuild daily. CRLs are also
+     * rebuilt shortly after a certificate is revoked.
      *
      * Generated from protobuf field <code>bool publish_crl = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -48,19 +55,23 @@ class PublishingOptions extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type bool $publish_ca_cert
-     *           Optional. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and
-     *           includes its URL in the "Authority Information Access" X.509 extension
-     *           in all issued [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, the CA
-     *           certificate will not be published and the corresponding X.509 extension
-     *           will not be written in issued certificates.
+     *           Optional. When true, publishes each
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     *           CA certificate and includes its URL in the "Authority Information Access"
+     *           X.509 extension in all issued
+     *           [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
+     *           is false, the CA certificate will not be published and the corresponding
+     *           X.509 extension will not be written in issued certificates.
      *     @type bool $publish_crl
-     *           Optional. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRL and includes its
-     *           URL in the "CRL Distribution Points" X.509 extension in all issued
-     *           [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, CRLs will not be published
-     *           and the corresponding X.509 extension will not be written in issued
-     *           certificates.
-     *           CRLs will expire 7 days from their creation. However, we will rebuild
-     *           daily. CRLs are also rebuilt shortly after a certificate is revoked.
+     *           Optional. When true, publishes each
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     *           CRL and includes its URL in the "CRL Distribution Points" X.509 extension
+     *           in all issued
+     *           [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
+     *           is false, CRLs will not be published and the corresponding X.509
+     *           extension will not be written in issued certificates. CRLs will expire 7
+     *           days from their creation. However, we will rebuild daily. CRLs are also
+     *           rebuilt shortly after a certificate is revoked.
      * }
      */
     public function __construct($data = NULL) {
@@ -69,11 +80,13 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Optional. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and
-     * includes its URL in the "Authority Information Access" X.509 extension
-     * in all issued [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, the CA
-     * certificate will not be published and the corresponding X.509 extension
-     * will not be written in issued certificates.
+     * Optional. When true, publishes each
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * CA certificate and includes its URL in the "Authority Information Access"
+     * X.509 extension in all issued
+     * [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
+     * is false, the CA certificate will not be published and the corresponding
+     * X.509 extension will not be written in issued certificates.
      *
      * Generated from protobuf field <code>bool publish_ca_cert = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return bool
@@ -84,11 +97,13 @@ public function getPublishCaCert()
     }
 
     /**
-     * Optional. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and
-     * includes its URL in the "Authority Information Access" X.509 extension
-     * in all issued [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, the CA
-     * certificate will not be published and the corresponding X.509 extension
-     * will not be written in issued certificates.
+     * Optional. When true, publishes each
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * CA certificate and includes its URL in the "Authority Information Access"
+     * X.509 extension in all issued
+     * [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
+     * is false, the CA certificate will not be published and the corresponding
+     * X.509 extension will not be written in issued certificates.
      *
      * Generated from protobuf field <code>bool publish_ca_cert = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param bool $var
@@ -103,13 +118,15 @@ public function setPublishCaCert($var)
     }
 
     /**
-     * Optional. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRL and includes its
-     * URL in the "CRL Distribution Points" X.509 extension in all issued
-     * [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, CRLs will not be published
-     * and the corresponding X.509 extension will not be written in issued
-     * certificates.
-     * CRLs will expire 7 days from their creation. However, we will rebuild
-     * daily. CRLs are also rebuilt shortly after a certificate is revoked.
+     * Optional. When true, publishes each
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * CRL and includes its URL in the "CRL Distribution Points" X.509 extension
+     * in all issued
+     * [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
+     * is false, CRLs will not be published and the corresponding X.509
+     * extension will not be written in issued certificates. CRLs will expire 7
+     * days from their creation. However, we will rebuild daily. CRLs are also
+     * rebuilt shortly after a certificate is revoked.
      *
      * Generated from protobuf field <code>bool publish_crl = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return bool
@@ -120,13 +137,15 @@ public function getPublishCrl()
     }
 
     /**
-     * Optional. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRL and includes its
-     * URL in the "CRL Distribution Points" X.509 extension in all issued
-     * [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, CRLs will not be published
-     * and the corresponding X.509 extension will not be written in issued
-     * certificates.
-     * CRLs will expire 7 days from their creation. However, we will rebuild
-     * daily. CRLs are also rebuilt shortly after a certificate is revoked.
+     * Optional. When true, publishes each
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * CRL and includes its URL in the "CRL Distribution Points" X.509 extension
+     * in all issued
+     * [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
+     * is false, CRLs will not be published and the corresponding X.509
+     * extension will not be written in issued certificates. CRLs will expire 7
+     * days from their creation. However, we will rebuild daily. CRLs are also
+     * rebuilt shortly after a certificate is revoked.
      *
      * Generated from protobuf field <code>bool publish_crl = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param bool $var
diff --git a/SecurityPrivateCa/src/V1/CaPool/Tier.php b/SecurityPrivateCa/src/V1/CaPool/Tier.php
index fd1be054c219..8c3459845b66 100644
--- a/SecurityPrivateCa/src/V1/CaPool/Tier.php
+++ b/SecurityPrivateCa/src/V1/CaPool/Tier.php
@@ -7,8 +7,8 @@
 use UnexpectedValueException;
 
 /**
- * The tier of a [CaPool][google.cloud.security.privateca.v1.CaPool], indicating its supported functionality and/or
- * billing SKU.
+ * The tier of a [CaPool][google.cloud.security.privateca.v1.CaPool],
+ * indicating its supported functionality and/or billing SKU.
  *
  * Protobuf type <code>google.cloud.security.privateca.v1.CaPool.Tier</code>
  */
diff --git a/SecurityPrivateCa/src/V1/Certificate.php b/SecurityPrivateCa/src/V1/Certificate.php
index 7b04c31376f1..a9a98c28f250 100644
--- a/SecurityPrivateCa/src/V1/Certificate.php
+++ b/SecurityPrivateCa/src/V1/Certificate.php
@@ -9,7 +9,8 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * A [Certificate][google.cloud.security.privateca.v1.Certificate] corresponds to a signed X.509 certificate issued by a
+ * A [Certificate][google.cloud.security.privateca.v1.Certificate] corresponds
+ * to a signed X.509 certificate issued by a
  * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.Certificate</code>
@@ -17,22 +18,24 @@
 class Certificate extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * Output only. The resource name for this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
      * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = {</code>
      */
     private $name = '';
     /**
-     * Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Output only. The resource name of the issuing
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string issuer_certificate_authority = 4 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = {</code>
      */
     private $issuer_certificate_authority = '';
     /**
-     * Required. Immutable. The desired lifetime of a certificate. Used to create the
-     * "not_before_time" and "not_after_time" fields inside an X.509
+     * Required. Immutable. The desired lifetime of a certificate. Used to create
+     * the "not_before_time" and "not_after_time" fields inside an X.509
      * certificate. Note that the lifetime may be truncated if it would extend
      * past the life of any certificate authority in the issuing chain.
      *
@@ -40,26 +43,32 @@ class Certificate extends \Google\Protobuf\Internal\Message
      */
     private $lifetime = null;
     /**
-     * Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
-     * certificate, in the format
+     * Immutable. The resource name for a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * used to issue this certificate, in the format
      * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
      * If this is specified, the caller must have the necessary permission to
      * use this template. If this is omitted, no template will be used.
-     * This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * This template must be in the same location as the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate].
      *
      * Generated from protobuf field <code>string certificate_template = 6 [(.google.api.field_behavior) = IMMUTABLE, (.google.api.resource_reference) = {</code>
      */
     private $certificate_template = '';
     /**
-     * Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
-     * If this is omitted, the `DEFAULT` subject mode will be used.
+     * Immutable. Specifies how the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity
+     * fields are to be decided. If this is omitted, the `DEFAULT` subject mode
+     * will be used.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.SubjectRequestMode subject_mode = 7 [(.google.api.field_behavior) = IMMUTABLE];</code>
      */
     private $subject_mode = 0;
     /**
-     * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+     * Output only. Details regarding the revocation of this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered
+     * revoked if and only if this field is present.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
@@ -77,20 +86,22 @@ class Certificate extends \Google\Protobuf\Internal\Message
      */
     private $certificate_description = null;
     /**
-     * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
-     * in issuer-to-root order according to RFC 5246.
+     * Output only. The chain that may be used to verify the X.509 certificate.
+     * Expected to be in issuer-to-root order according to RFC 5246.
      *
      * Generated from protobuf field <code>repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $pem_certificate_chain;
     /**
-     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+     * Output only. The time at which this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $create_time = null;
     /**
-     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+     * Output only. The time at which this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
@@ -110,45 +121,55 @@ class Certificate extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     *           Output only. The resource name for this
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
      *           `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
      *     @type string $pem_csr
      *           Immutable. A pem-encoded X.509 certificate signing request (CSR).
      *     @type \Google\Cloud\Security\PrivateCA\V1\CertificateConfig $config
-     *           Immutable. A description of the certificate and key that does not require X.509 or
-     *           ASN.1.
+     *           Immutable. A description of the certificate and key that does not require
+     *           X.509 or ASN.1.
      *     @type string $issuer_certificate_authority
-     *           Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
-     *           `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     *           Output only. The resource name of the issuing
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *     @type \Google\Protobuf\Duration $lifetime
-     *           Required. Immutable. The desired lifetime of a certificate. Used to create the
-     *           "not_before_time" and "not_after_time" fields inside an X.509
+     *           Required. Immutable. The desired lifetime of a certificate. Used to create
+     *           the "not_before_time" and "not_after_time" fields inside an X.509
      *           certificate. Note that the lifetime may be truncated if it would extend
      *           past the life of any certificate authority in the issuing chain.
      *     @type string $certificate_template
-     *           Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
-     *           certificate, in the format
+     *           Immutable. The resource name for a
+     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     *           used to issue this certificate, in the format
      *           `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
      *           If this is specified, the caller must have the necessary permission to
      *           use this template. If this is omitted, no template will be used.
-     *           This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     *           This template must be in the same location as the
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate].
      *     @type int $subject_mode
-     *           Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
-     *           If this is omitted, the `DEFAULT` subject mode will be used.
+     *           Immutable. Specifies how the
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity
+     *           fields are to be decided. If this is omitted, the `DEFAULT` subject mode
+     *           will be used.
      *     @type \Google\Cloud\Security\PrivateCA\V1\Certificate\RevocationDetails $revocation_details
-     *           Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
-     *           [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+     *           Output only. Details regarding the revocation of this
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] is considered
+     *           revoked if and only if this field is present.
      *     @type string $pem_certificate
      *           Output only. The pem-encoded, signed X.509 certificate.
      *     @type \Google\Cloud\Security\PrivateCA\V1\CertificateDescription $certificate_description
      *           Output only. A structured description of the issued X.509 certificate.
      *     @type array<string>|\Google\Protobuf\Internal\RepeatedField $pem_certificate_chain
-     *           Output only. The chain that may be used to verify the X.509 certificate. Expected to be
-     *           in issuer-to-root order according to RFC 5246.
+     *           Output only. The chain that may be used to verify the X.509 certificate.
+     *           Expected to be in issuer-to-root order according to RFC 5246.
      *     @type \Google\Protobuf\Timestamp $create_time
-     *           Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+     *           Output only. The time at which this
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
      *     @type \Google\Protobuf\Timestamp $update_time
-     *           Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+     *           Output only. The time at which this
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
      *     @type array|\Google\Protobuf\Internal\MapField $labels
      *           Optional. Labels with user-defined metadata.
      * }
@@ -159,7 +180,8 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * Output only. The resource name for this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
      * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = {</code>
@@ -171,7 +193,8 @@ public function getName()
     }
 
     /**
-     * Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * Output only. The resource name for this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
      * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = {</code>
@@ -218,8 +241,8 @@ public function setPemCsr($var)
     }
 
     /**
-     * Immutable. A description of the certificate and key that does not require X.509 or
-     * ASN.1.
+     * Immutable. A description of the certificate and key that does not require
+     * X.509 or ASN.1.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CertificateConfig|null
@@ -235,8 +258,8 @@ public function hasConfig()
     }
 
     /**
-     * Immutable. A description of the certificate and key that does not require X.509 or
-     * ASN.1.
+     * Immutable. A description of the certificate and key that does not require
+     * X.509 or ASN.1.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CertificateConfig $var
@@ -251,8 +274,9 @@ public function setConfig($var)
     }
 
     /**
-     * Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Output only. The resource name of the issuing
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string issuer_certificate_authority = 4 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = {</code>
      * @return string
@@ -263,8 +287,9 @@ public function getIssuerCertificateAuthority()
     }
 
     /**
-     * Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Output only. The resource name of the issuing
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string issuer_certificate_authority = 4 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -279,8 +304,8 @@ public function setIssuerCertificateAuthority($var)
     }
 
     /**
-     * Required. Immutable. The desired lifetime of a certificate. Used to create the
-     * "not_before_time" and "not_after_time" fields inside an X.509
+     * Required. Immutable. The desired lifetime of a certificate. Used to create
+     * the "not_before_time" and "not_after_time" fields inside an X.509
      * certificate. Note that the lifetime may be truncated if it would extend
      * past the life of any certificate authority in the issuing chain.
      *
@@ -303,8 +328,8 @@ public function clearLifetime()
     }
 
     /**
-     * Required. Immutable. The desired lifetime of a certificate. Used to create the
-     * "not_before_time" and "not_after_time" fields inside an X.509
+     * Required. Immutable. The desired lifetime of a certificate. Used to create
+     * the "not_before_time" and "not_after_time" fields inside an X.509
      * certificate. Note that the lifetime may be truncated if it would extend
      * past the life of any certificate authority in the issuing chain.
      *
@@ -321,12 +346,14 @@ public function setLifetime($var)
     }
 
     /**
-     * Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
-     * certificate, in the format
+     * Immutable. The resource name for a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * used to issue this certificate, in the format
      * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
      * If this is specified, the caller must have the necessary permission to
      * use this template. If this is omitted, no template will be used.
-     * This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * This template must be in the same location as the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate].
      *
      * Generated from protobuf field <code>string certificate_template = 6 [(.google.api.field_behavior) = IMMUTABLE, (.google.api.resource_reference) = {</code>
      * @return string
@@ -337,12 +364,14 @@ public function getCertificateTemplate()
     }
 
     /**
-     * Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
-     * certificate, in the format
+     * Immutable. The resource name for a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * used to issue this certificate, in the format
      * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
      * If this is specified, the caller must have the necessary permission to
      * use this template. If this is omitted, no template will be used.
-     * This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * This template must be in the same location as the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate].
      *
      * Generated from protobuf field <code>string certificate_template = 6 [(.google.api.field_behavior) = IMMUTABLE, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -357,8 +386,10 @@ public function setCertificateTemplate($var)
     }
 
     /**
-     * Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
-     * If this is omitted, the `DEFAULT` subject mode will be used.
+     * Immutable. Specifies how the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity
+     * fields are to be decided. If this is omitted, the `DEFAULT` subject mode
+     * will be used.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.SubjectRequestMode subject_mode = 7 [(.google.api.field_behavior) = IMMUTABLE];</code>
      * @return int
@@ -369,8 +400,10 @@ public function getSubjectMode()
     }
 
     /**
-     * Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
-     * If this is omitted, the `DEFAULT` subject mode will be used.
+     * Immutable. Specifies how the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity
+     * fields are to be decided. If this is omitted, the `DEFAULT` subject mode
+     * will be used.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.SubjectRequestMode subject_mode = 7 [(.google.api.field_behavior) = IMMUTABLE];</code>
      * @param int $var
@@ -385,8 +418,10 @@ public function setSubjectMode($var)
     }
 
     /**
-     * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+     * Output only. Details regarding the revocation of this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered
+     * revoked if and only if this field is present.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\Certificate\RevocationDetails|null
@@ -407,8 +442,10 @@ public function clearRevocationDetails()
     }
 
     /**
-     * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+     * Output only. Details regarding the revocation of this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered
+     * revoked if and only if this field is present.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\Certificate\RevocationDetails $var
@@ -485,8 +522,8 @@ public function setCertificateDescription($var)
     }
 
     /**
-     * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
-     * in issuer-to-root order according to RFC 5246.
+     * Output only. The chain that may be used to verify the X.509 certificate.
+     * Expected to be in issuer-to-root order according to RFC 5246.
      *
      * Generated from protobuf field <code>repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return \Google\Protobuf\Internal\RepeatedField
@@ -497,8 +534,8 @@ public function getPemCertificateChain()
     }
 
     /**
-     * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
-     * in issuer-to-root order according to RFC 5246.
+     * Output only. The chain that may be used to verify the X.509 certificate.
+     * Expected to be in issuer-to-root order according to RFC 5246.
      *
      * Generated from protobuf field <code>repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param array<string>|\Google\Protobuf\Internal\RepeatedField $var
@@ -513,7 +550,8 @@ public function setPemCertificateChain($var)
     }
 
     /**
-     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+     * Output only. The time at which this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return \Google\Protobuf\Timestamp|null
@@ -534,7 +572,8 @@ public function clearCreateTime()
     }
 
     /**
-     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+     * Output only. The time at which this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param \Google\Protobuf\Timestamp $var
@@ -549,7 +588,8 @@ public function setCreateTime($var)
     }
 
     /**
-     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+     * Output only. The time at which this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return \Google\Protobuf\Timestamp|null
@@ -570,7 +610,8 @@ public function clearUpdateTime()
     }
 
     /**
-     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+     * Output only. The time at which this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param \Google\Protobuf\Timestamp $var
diff --git a/SecurityPrivateCa/src/V1/Certificate/RevocationDetails.php b/SecurityPrivateCa/src/V1/Certificate/RevocationDetails.php
index d77d58cad4f0..824cfa071177 100644
--- a/SecurityPrivateCa/src/V1/Certificate/RevocationDetails.php
+++ b/SecurityPrivateCa/src/V1/Certificate/RevocationDetails.php
@@ -9,20 +9,25 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * Describes fields that are relavent to the revocation of a [Certificate][google.cloud.security.privateca.v1.Certificate].
+ * Describes fields that are relavent to the revocation of a
+ * [Certificate][google.cloud.security.privateca.v1.Certificate].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.Certificate.RevocationDetails</code>
  */
 class RevocationDetails extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * Indicates why a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] was
+     * revoked.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.RevocationReason revocation_state = 1;</code>
      */
     private $revocation_state = 0;
     /**
-     * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * The time at which this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] was
+     * revoked.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp revocation_time = 2;</code>
      */
@@ -35,9 +40,13 @@ class RevocationDetails extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type int $revocation_state
-     *           Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     *           Indicates why a
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] was
+     *           revoked.
      *     @type \Google\Protobuf\Timestamp $revocation_time
-     *           The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     *           The time at which this
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] was
+     *           revoked.
      * }
      */
     public function __construct($data = NULL) {
@@ -46,7 +55,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * Indicates why a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] was
+     * revoked.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.RevocationReason revocation_state = 1;</code>
      * @return int
@@ -57,7 +68,9 @@ public function getRevocationState()
     }
 
     /**
-     * Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * Indicates why a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] was
+     * revoked.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.RevocationReason revocation_state = 1;</code>
      * @param int $var
@@ -72,7 +85,9 @@ public function setRevocationState($var)
     }
 
     /**
-     * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * The time at which this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] was
+     * revoked.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp revocation_time = 2;</code>
      * @return \Google\Protobuf\Timestamp|null
@@ -93,7 +108,9 @@ public function clearRevocationTime()
     }
 
     /**
-     * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * The time at which this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] was
+     * revoked.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp revocation_time = 2;</code>
      * @param \Google\Protobuf\Timestamp $var
diff --git a/SecurityPrivateCa/src/V1/CertificateAuthority.php b/SecurityPrivateCa/src/V1/CertificateAuthority.php
index eb903135f9ad..e973db0a814f 100644
--- a/SecurityPrivateCa/src/V1/CertificateAuthority.php
+++ b/SecurityPrivateCa/src/V1/CertificateAuthority.php
@@ -9,90 +9,116 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] represents an individual Certificate Authority.
- * A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] can be used to create [Certificates][google.cloud.security.privateca.v1.Certificate].
+ * A
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * represents an individual Certificate Authority. A
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * can be used to create
+ * [Certificates][google.cloud.security.privateca.v1.Certificate].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CertificateAuthority</code>
  */
 class CertificateAuthority extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Output only. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $name = '';
     /**
-     * Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Required. Immutable. The
+     * [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of
+     * this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority.Type type = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];</code>
      */
     private $type = 0;
     /**
-     * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+     * Required. Immutable. The config used to create a self-signed X.509
+     * certificate or CSR.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];</code>
      */
     private $config = null;
     /**
-     * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
-     * "not_before_time" and "not_after_time" fields inside an X.509
+     * Required. Immutable. The desired lifetime of the CA certificate. Used to
+     * create the "not_before_time" and "not_after_time" fields inside an X.509
      * certificate.
      *
      * Generated from protobuf field <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];</code>
      */
     private $lifetime = null;
     /**
-     * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
-     * is also used to sign the self-signed CA certificate. Otherwise, it
-     * is used to sign a CSR.
+     * Required. Immutable. Used when issuing certificates for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * If this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * is a self-signed CertificateAuthority, this key is also used to sign the
+     * self-signed CA certificate. Otherwise, it is used to sign a CSR.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];</code>
      */
     private $key_spec = null;
     /**
-     * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
-     * with the subordinate configuration, which describes its issuers. This may
-     * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+     * Optional. If this is a subordinate
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
+     * this field will be set with the subordinate configuration, which describes
+     * its issuers. This may be updated, but this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * must continue to validate.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $subordinate_config = null;
     /**
-     * Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
+     * Output only. The
+     * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
      * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.Tier tier = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $tier = 0;
     /**
-     * Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Output only. The
+     * [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for
+     * this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority.State state = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $state = 0;
     /**
-     * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
-     * is the final element (consistent with RFC 5246). For a self-signed CA, this
-     * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+     * Output only. This
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * certificate chain, including the current
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * certificate. Ordered such that the root issuer is the final element
+     * (consistent with RFC 5246). For a self-signed CA, this will only list the
+     * current
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * certificate.
      *
      * Generated from protobuf field <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $pem_ca_certificates;
     /**
-     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
-     * and its issuers. Ordered as self-to-root.
+     * Output only. A structured description of this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * CA certificate and its issuers. Ordered as self-to-root.
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $ca_certificate_descriptions;
     /**
-     * Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
-     * publish content, such as the CA certificate and CRLs. This must be a bucket
-     * name, without any prefixes (such as `gs://`) or suffixes (such as
+     * Immutable. The name of a Cloud Storage bucket where this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * will publish content, such as the CA certificate and CRLs. This must be a
+     * bucket name, without any prefixes (such as `gs://`) or suffixes (such as
      * `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
      * would simply specify `my-bucket`. If not specified, a managed bucket will
      * be created.
@@ -101,34 +127,44 @@ class CertificateAuthority extends \Google\Protobuf\Internal\Message
      */
     private $gcs_bucket = '';
     /**
-     * Output only. URLs for accessing content published by this CA, such as the CA certificate
-     * and CRLs.
+     * Output only. URLs for accessing content published by this CA, such as the
+     * CA certificate and CRLs.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $access_urls = null;
     /**
-     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+     * Output only. The time at which this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * was created.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $create_time = null;
     /**
-     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+     * Output only. The time at which this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * was last updated.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $update_time = null;
     /**
-     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
-     * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * Output only. The time at which this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * was soft deleted, if it is in the
+     * [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
+     * state.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $delete_time = null;
     /**
-     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
-     * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * Output only. The time at which this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * will be permanently purged, if it is in the
+     * [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
+     * state.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
@@ -147,58 +183,90 @@ class CertificateAuthority extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     *           format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     *           Output only. The resource name for this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *     @type int $type
-     *           Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     *           Required. Immutable. The
+     *           [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of
+     *           this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *     @type \Google\Cloud\Security\PrivateCA\V1\CertificateConfig $config
-     *           Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+     *           Required. Immutable. The config used to create a self-signed X.509
+     *           certificate or CSR.
      *     @type \Google\Protobuf\Duration $lifetime
-     *           Required. Immutable. The desired lifetime of the CA certificate. Used to create the
-     *           "not_before_time" and "not_after_time" fields inside an X.509
+     *           Required. Immutable. The desired lifetime of the CA certificate. Used to
+     *           create the "not_before_time" and "not_after_time" fields inside an X.509
      *           certificate.
      *     @type \Google\Cloud\Security\PrivateCA\V1\CertificateAuthority\KeyVersionSpec $key_spec
-     *           Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
-     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
-     *           is also used to sign the self-signed CA certificate. Otherwise, it
-     *           is used to sign a CSR.
+     *           Required. Immutable. Used when issuing certificates for this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     *           If this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           is a self-signed CertificateAuthority, this key is also used to sign the
+     *           self-signed CA certificate. Otherwise, it is used to sign a CSR.
      *     @type \Google\Cloud\Security\PrivateCA\V1\SubordinateConfig $subordinate_config
-     *           Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
-     *           with the subordinate configuration, which describes its issuers. This may
-     *           be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+     *           Optional. If this is a subordinate
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
+     *           this field will be set with the subordinate configuration, which describes
+     *           its issuers. This may be updated, but this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           must continue to validate.
      *     @type int $tier
-     *           Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
+     *           Output only. The
+     *           [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
      *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *     @type int $state
-     *           Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     *           Output only. The
+     *           [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for
+     *           this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *     @type array<string>|\Google\Protobuf\Internal\RepeatedField $pem_ca_certificates
-     *           Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
-     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
-     *           is the final element (consistent with RFC 5246). For a self-signed CA, this
-     *           will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+     *           Output only. This
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     *           certificate chain, including the current
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     *           certificate. Ordered such that the root issuer is the final element
+     *           (consistent with RFC 5246). For a self-signed CA, this will only list the
+     *           current
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     *           certificate.
      *     @type array<\Google\Cloud\Security\PrivateCA\V1\CertificateDescription>|\Google\Protobuf\Internal\RepeatedField $ca_certificate_descriptions
-     *           Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
-     *           and its issuers. Ordered as self-to-root.
+     *           Output only. A structured description of this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     *           CA certificate and its issuers. Ordered as self-to-root.
      *     @type string $gcs_bucket
-     *           Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
-     *           publish content, such as the CA certificate and CRLs. This must be a bucket
-     *           name, without any prefixes (such as `gs://`) or suffixes (such as
+     *           Immutable. The name of a Cloud Storage bucket where this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           will publish content, such as the CA certificate and CRLs. This must be a
+     *           bucket name, without any prefixes (such as `gs://`) or suffixes (such as
      *           `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
      *           would simply specify `my-bucket`. If not specified, a managed bucket will
      *           be created.
      *     @type \Google\Cloud\Security\PrivateCA\V1\CertificateAuthority\AccessUrls $access_urls
-     *           Output only. URLs for accessing content published by this CA, such as the CA certificate
-     *           and CRLs.
+     *           Output only. URLs for accessing content published by this CA, such as the
+     *           CA certificate and CRLs.
      *     @type \Google\Protobuf\Timestamp $create_time
-     *           Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+     *           Output only. The time at which this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           was created.
      *     @type \Google\Protobuf\Timestamp $update_time
-     *           Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+     *           Output only. The time at which this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           was last updated.
      *     @type \Google\Protobuf\Timestamp $delete_time
-     *           Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
-     *           it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     *           Output only. The time at which this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           was soft deleted, if it is in the
+     *           [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
+     *           state.
      *     @type \Google\Protobuf\Timestamp $expire_time
-     *           Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
-     *           if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     *           Output only. The time at which this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           will be permanently purged, if it is in the
+     *           [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
+     *           state.
      *     @type array|\Google\Protobuf\Internal\MapField $labels
      *           Optional. Labels with user-defined metadata.
      * }
@@ -209,8 +277,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Output only. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return string
@@ -221,8 +290,9 @@ public function getName()
     }
 
     /**
-     * Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Output only. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param string $var
@@ -237,7 +307,10 @@ public function setName($var)
     }
 
     /**
-     * Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Required. Immutable. The
+     * [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of
+     * this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority.Type type = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];</code>
      * @return int
@@ -248,7 +321,10 @@ public function getType()
     }
 
     /**
-     * Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Required. Immutable. The
+     * [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of
+     * this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority.Type type = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];</code>
      * @param int $var
@@ -263,7 +339,8 @@ public function setType($var)
     }
 
     /**
-     * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+     * Required. Immutable. The config used to create a self-signed X.509
+     * certificate or CSR.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CertificateConfig|null
@@ -284,7 +361,8 @@ public function clearConfig()
     }
 
     /**
-     * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+     * Required. Immutable. The config used to create a self-signed X.509
+     * certificate or CSR.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CertificateConfig $var
@@ -299,8 +377,8 @@ public function setConfig($var)
     }
 
     /**
-     * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
-     * "not_before_time" and "not_after_time" fields inside an X.509
+     * Required. Immutable. The desired lifetime of the CA certificate. Used to
+     * create the "not_before_time" and "not_after_time" fields inside an X.509
      * certificate.
      *
      * Generated from protobuf field <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];</code>
@@ -322,8 +400,8 @@ public function clearLifetime()
     }
 
     /**
-     * Required. Immutable. The desired lifetime of the CA certificate. Used to create the
-     * "not_before_time" and "not_after_time" fields inside an X.509
+     * Required. Immutable. The desired lifetime of the CA certificate. Used to
+     * create the "not_before_time" and "not_after_time" fields inside an X.509
      * certificate.
      *
      * Generated from protobuf field <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];</code>
@@ -339,10 +417,12 @@ public function setLifetime($var)
     }
 
     /**
-     * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
-     * is also used to sign the self-signed CA certificate. Otherwise, it
-     * is used to sign a CSR.
+     * Required. Immutable. Used when issuing certificates for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * If this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * is a self-signed CertificateAuthority, this key is also used to sign the
+     * self-signed CA certificate. Otherwise, it is used to sign a CSR.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CertificateAuthority\KeyVersionSpec|null
@@ -363,10 +443,12 @@ public function clearKeySpec()
     }
 
     /**
-     * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
-     * is also used to sign the self-signed CA certificate. Otherwise, it
-     * is used to sign a CSR.
+     * Required. Immutable. Used when issuing certificates for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * If this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * is a self-signed CertificateAuthority, this key is also used to sign the
+     * self-signed CA certificate. Otherwise, it is used to sign a CSR.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CertificateAuthority\KeyVersionSpec $var
@@ -381,9 +463,12 @@ public function setKeySpec($var)
     }
 
     /**
-     * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
-     * with the subordinate configuration, which describes its issuers. This may
-     * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+     * Optional. If this is a subordinate
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
+     * this field will be set with the subordinate configuration, which describes
+     * its issuers. This may be updated, but this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * must continue to validate.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\SubordinateConfig|null
@@ -404,9 +489,12 @@ public function clearSubordinateConfig()
     }
 
     /**
-     * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
-     * with the subordinate configuration, which describes its issuers. This may
-     * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+     * Optional. If this is a subordinate
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
+     * this field will be set with the subordinate configuration, which describes
+     * its issuers. This may be updated, but this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * must continue to validate.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\SubordinateConfig $var
@@ -421,7 +509,9 @@ public function setSubordinateConfig($var)
     }
 
     /**
-     * Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
+     * Output only. The
+     * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
      * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.Tier tier = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
@@ -433,7 +523,9 @@ public function getTier()
     }
 
     /**
-     * Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
+     * Output only. The
+     * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
      * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool.Tier tier = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
@@ -449,7 +541,10 @@ public function setTier($var)
     }
 
     /**
-     * Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Output only. The
+     * [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for
+     * this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority.State state = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return int
@@ -460,7 +555,10 @@ public function getState()
     }
 
     /**
-     * Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Output only. The
+     * [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for
+     * this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority.State state = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param int $var
@@ -475,10 +573,15 @@ public function setState($var)
     }
 
     /**
-     * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
-     * is the final element (consistent with RFC 5246). For a self-signed CA, this
-     * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+     * Output only. This
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * certificate chain, including the current
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * certificate. Ordered such that the root issuer is the final element
+     * (consistent with RFC 5246). For a self-signed CA, this will only list the
+     * current
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * certificate.
      *
      * Generated from protobuf field <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return \Google\Protobuf\Internal\RepeatedField
@@ -489,10 +592,15 @@ public function getPemCaCertificates()
     }
 
     /**
-     * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
-     * is the final element (consistent with RFC 5246). For a self-signed CA, this
-     * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+     * Output only. This
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * certificate chain, including the current
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * certificate. Ordered such that the root issuer is the final element
+     * (consistent with RFC 5246). For a self-signed CA, this will only list the
+     * current
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * certificate.
      *
      * Generated from protobuf field <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param array<string>|\Google\Protobuf\Internal\RepeatedField $var
@@ -507,8 +615,9 @@ public function setPemCaCertificates($var)
     }
 
     /**
-     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
-     * and its issuers. Ordered as self-to-root.
+     * Output only. A structured description of this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * CA certificate and its issuers. Ordered as self-to-root.
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return \Google\Protobuf\Internal\RepeatedField
@@ -519,8 +628,9 @@ public function getCaCertificateDescriptions()
     }
 
     /**
-     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
-     * and its issuers. Ordered as self-to-root.
+     * Output only. A structured description of this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * CA certificate and its issuers. Ordered as self-to-root.
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param array<\Google\Cloud\Security\PrivateCA\V1\CertificateDescription>|\Google\Protobuf\Internal\RepeatedField $var
@@ -535,9 +645,10 @@ public function setCaCertificateDescriptions($var)
     }
 
     /**
-     * Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
-     * publish content, such as the CA certificate and CRLs. This must be a bucket
-     * name, without any prefixes (such as `gs://`) or suffixes (such as
+     * Immutable. The name of a Cloud Storage bucket where this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * will publish content, such as the CA certificate and CRLs. This must be a
+     * bucket name, without any prefixes (such as `gs://`) or suffixes (such as
      * `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
      * would simply specify `my-bucket`. If not specified, a managed bucket will
      * be created.
@@ -551,9 +662,10 @@ public function getGcsBucket()
     }
 
     /**
-     * Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
-     * publish content, such as the CA certificate and CRLs. This must be a bucket
-     * name, without any prefixes (such as `gs://`) or suffixes (such as
+     * Immutable. The name of a Cloud Storage bucket where this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * will publish content, such as the CA certificate and CRLs. This must be a
+     * bucket name, without any prefixes (such as `gs://`) or suffixes (such as
      * `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
      * would simply specify `my-bucket`. If not specified, a managed bucket will
      * be created.
@@ -571,8 +683,8 @@ public function setGcsBucket($var)
     }
 
     /**
-     * Output only. URLs for accessing content published by this CA, such as the CA certificate
-     * and CRLs.
+     * Output only. URLs for accessing content published by this CA, such as the
+     * CA certificate and CRLs.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CertificateAuthority\AccessUrls|null
@@ -593,8 +705,8 @@ public function clearAccessUrls()
     }
 
     /**
-     * Output only. URLs for accessing content published by this CA, such as the CA certificate
-     * and CRLs.
+     * Output only. URLs for accessing content published by this CA, such as the
+     * CA certificate and CRLs.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CertificateAuthority\AccessUrls $var
@@ -609,7 +721,9 @@ public function setAccessUrls($var)
     }
 
     /**
-     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+     * Output only. The time at which this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * was created.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return \Google\Protobuf\Timestamp|null
@@ -630,7 +744,9 @@ public function clearCreateTime()
     }
 
     /**
-     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+     * Output only. The time at which this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * was created.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param \Google\Protobuf\Timestamp $var
@@ -645,7 +761,9 @@ public function setCreateTime($var)
     }
 
     /**
-     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+     * Output only. The time at which this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * was last updated.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return \Google\Protobuf\Timestamp|null
@@ -666,7 +784,9 @@ public function clearUpdateTime()
     }
 
     /**
-     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+     * Output only. The time at which this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * was last updated.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param \Google\Protobuf\Timestamp $var
@@ -681,8 +801,11 @@ public function setUpdateTime($var)
     }
 
     /**
-     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
-     * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * Output only. The time at which this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * was soft deleted, if it is in the
+     * [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
+     * state.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return \Google\Protobuf\Timestamp|null
@@ -703,8 +826,11 @@ public function clearDeleteTime()
     }
 
     /**
-     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
-     * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * Output only. The time at which this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * was soft deleted, if it is in the
+     * [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
+     * state.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param \Google\Protobuf\Timestamp $var
@@ -719,8 +845,11 @@ public function setDeleteTime($var)
     }
 
     /**
-     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
-     * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * Output only. The time at which this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * will be permanently purged, if it is in the
+     * [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
+     * state.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return \Google\Protobuf\Timestamp|null
@@ -741,8 +870,11 @@ public function clearExpireTime()
     }
 
     /**
-     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
-     * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * Output only. The time at which this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * will be permanently purged, if it is in the
+     * [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
+     * state.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param \Google\Protobuf\Timestamp $var
diff --git a/SecurityPrivateCa/src/V1/CertificateAuthority/AccessUrls.php b/SecurityPrivateCa/src/V1/CertificateAuthority/AccessUrls.php
index a0022affee42..770971e502e5 100644
--- a/SecurityPrivateCa/src/V1/CertificateAuthority/AccessUrls.php
+++ b/SecurityPrivateCa/src/V1/CertificateAuthority/AccessUrls.php
@@ -9,22 +9,28 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * URLs where a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will publish content.
+ * URLs where a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * will publish content.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls</code>
  */
 class AccessUrls extends \Google\Protobuf\Internal\Message
 {
     /**
-     * The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
-     * published. This will only be set for CAs that have been activated.
+     * The URL where this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * CA certificate is published. This will only be set for CAs that have been
+     * activated.
      *
      * Generated from protobuf field <code>string ca_certificate_access_url = 1;</code>
      */
     private $ca_certificate_access_url = '';
     /**
-     * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
-     * will only be set for CAs that have been activated.
+     * The URLs where this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * CRLs are published. This will only be set for CAs that have been
+     * activated.
      *
      * Generated from protobuf field <code>repeated string crl_access_urls = 2;</code>
      */
@@ -37,11 +43,15 @@ class AccessUrls extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $ca_certificate_access_url
-     *           The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
-     *           published. This will only be set for CAs that have been activated.
+     *           The URL where this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     *           CA certificate is published. This will only be set for CAs that have been
+     *           activated.
      *     @type array<string>|\Google\Protobuf\Internal\RepeatedField $crl_access_urls
-     *           The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
-     *           will only be set for CAs that have been activated.
+     *           The URLs where this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     *           CRLs are published. This will only be set for CAs that have been
+     *           activated.
      * }
      */
     public function __construct($data = NULL) {
@@ -50,8 +60,10 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
-     * published. This will only be set for CAs that have been activated.
+     * The URL where this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * CA certificate is published. This will only be set for CAs that have been
+     * activated.
      *
      * Generated from protobuf field <code>string ca_certificate_access_url = 1;</code>
      * @return string
@@ -62,8 +74,10 @@ public function getCaCertificateAccessUrl()
     }
 
     /**
-     * The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
-     * published. This will only be set for CAs that have been activated.
+     * The URL where this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * CA certificate is published. This will only be set for CAs that have been
+     * activated.
      *
      * Generated from protobuf field <code>string ca_certificate_access_url = 1;</code>
      * @param string $var
@@ -78,8 +92,10 @@ public function setCaCertificateAccessUrl($var)
     }
 
     /**
-     * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
-     * will only be set for CAs that have been activated.
+     * The URLs where this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * CRLs are published. This will only be set for CAs that have been
+     * activated.
      *
      * Generated from protobuf field <code>repeated string crl_access_urls = 2;</code>
      * @return \Google\Protobuf\Internal\RepeatedField
@@ -90,8 +106,10 @@ public function getCrlAccessUrls()
     }
 
     /**
-     * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
-     * will only be set for CAs that have been activated.
+     * The URLs where this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+     * CRLs are published. This will only be set for CAs that have been
+     * activated.
      *
      * Generated from protobuf field <code>repeated string crl_access_urls = 2;</code>
      * @param array<string>|\Google\Protobuf\Internal\RepeatedField $var
diff --git a/SecurityPrivateCa/src/V1/CertificateAuthority/KeyVersionSpec.php b/SecurityPrivateCa/src/V1/CertificateAuthority/KeyVersionSpec.php
index 24ca0c8fdfd7..faabd3c223d0 100644
--- a/SecurityPrivateCa/src/V1/CertificateAuthority/KeyVersionSpec.php
+++ b/SecurityPrivateCa/src/V1/CertificateAuthority/KeyVersionSpec.php
@@ -9,7 +9,9 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * A Cloud KMS key configuration that a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will use.
+ * A Cloud KMS key configuration that a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * will use.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec</code>
  */
diff --git a/SecurityPrivateCa/src/V1/CertificateAuthority/State.php b/SecurityPrivateCa/src/V1/CertificateAuthority/State.php
index 4c8355362aa9..a8c10d5bf94e 100644
--- a/SecurityPrivateCa/src/V1/CertificateAuthority/State.php
+++ b/SecurityPrivateCa/src/V1/CertificateAuthority/State.php
@@ -7,7 +7,9 @@
 use UnexpectedValueException;
 
 /**
- * The state of a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], indicating if it can be used.
+ * The state of a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
+ * indicating if it can be used.
  *
  * Protobuf type <code>google.cloud.security.privateca.v1.CertificateAuthority.State</code>
  */
@@ -21,32 +23,40 @@ class State
     const STATE_UNSPECIFIED = 0;
     /**
      * Certificates can be issued from this CA. CRLs will be generated for this
-     * CA. The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will be
-     * used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * CA. The CA will be part of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and
+     * will be used to issue certificates from the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf enum <code>ENABLED = 1;</code>
      */
     const ENABLED = 1;
     /**
      * Certificates cannot be issued from this CA. CRLs will still be generated.
-     * The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but will not be
-     * used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * The CA will be part of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but
+     * will not be used to issue certificates from the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf enum <code>DISABLED = 2;</code>
      */
     const DISABLED = 2;
     /**
      * Certificates can be issued from this CA. CRLs will be generated for this
-     * CA. The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but will not
-     * be used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * CA. The CA will be part of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but
+     * will not be used to issue certificates from the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf enum <code>STAGED = 3;</code>
      */
     const STAGED = 3;
     /**
      * Certificates cannot be issued from this CA. CRLs will not be generated.
-     * The CA will not be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will not be
-     * used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * The CA will not be part of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and
+     * will not be used to issue certificates from the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf enum <code>AWAITING_USER_ACTIVATION = 4;</code>
      */
@@ -54,10 +64,13 @@ class State
     /**
      * Certificates cannot be issued from this CA. CRLs will not be generated.
      * The CA may still be recovered by calling
-     * [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority] before
+     * [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority]
+     * before
      * [expire_time][google.cloud.security.privateca.v1.CertificateAuthority.expire_time].
-     * The CA will not be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will not be
-     * used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * The CA will not be part of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and
+     * will not be used to issue certificates from the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf enum <code>DELETED = 5;</code>
      */
diff --git a/SecurityPrivateCa/src/V1/CertificateAuthority/Type.php b/SecurityPrivateCa/src/V1/CertificateAuthority/Type.php
index 136922cb2583..939123b996e2 100644
--- a/SecurityPrivateCa/src/V1/CertificateAuthority/Type.php
+++ b/SecurityPrivateCa/src/V1/CertificateAuthority/Type.php
@@ -7,7 +7,9 @@
 use UnexpectedValueException;
 
 /**
- * The type of a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], indicating its issuing chain.
+ * The type of a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
+ * indicating its issuing chain.
  *
  * Protobuf type <code>google.cloud.security.privateca.v1.CertificateAuthority.Type</code>
  */
@@ -26,7 +28,8 @@ class Type
      */
     const SELF_SIGNED = 1;
     /**
-     * Subordinate CA. Could be issued by a Private CA [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * Subordinate CA. Could be issued by a Private CA
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * or an unmanaged CA.
      *
      * Generated from protobuf enum <code>SUBORDINATE = 2;</code>
diff --git a/SecurityPrivateCa/src/V1/CertificateConfig.php b/SecurityPrivateCa/src/V1/CertificateConfig.php
index cab829f03c0c..bda17a078836 100644
--- a/SecurityPrivateCa/src/V1/CertificateConfig.php
+++ b/SecurityPrivateCa/src/V1/CertificateConfig.php
@@ -9,31 +9,37 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * A [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig] describes an X.509 certificate or CSR that is to be
- * created, as an alternative to using ASN.1.
+ * A [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig]
+ * describes an X.509 certificate or CSR that is to be created, as an
+ * alternative to using ASN.1.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CertificateConfig</code>
  */
 class CertificateConfig extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. Specifies some of the values in a certificate that are related to the
-     * subject.
+     * Required. Specifies some of the values in a certificate that are related to
+     * the subject.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      */
     private $subject_config = null;
     /**
-     * Required. Describes how some of the technical X.509 fields in a certificate should be
-     * populated.
+     * Required. Describes how some of the technical X.509 fields in a certificate
+     * should be populated.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];</code>
      */
     private $x509_config = null;
     /**
-     * Optional. The public key that corresponds to this config. This is, for example, used
-     * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
-     * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+     * Optional. The public key that corresponds to this config. This is, for
+     * example, used when issuing
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], but not
+     * when creating a self-signed
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * or
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * CSR.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -46,15 +52,20 @@ class CertificateConfig extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type \Google\Cloud\Security\PrivateCA\V1\CertificateConfig\SubjectConfig $subject_config
-     *           Required. Specifies some of the values in a certificate that are related to the
-     *           subject.
+     *           Required. Specifies some of the values in a certificate that are related to
+     *           the subject.
      *     @type \Google\Cloud\Security\PrivateCA\V1\X509Parameters $x509_config
-     *           Required. Describes how some of the technical X.509 fields in a certificate should be
-     *           populated.
+     *           Required. Describes how some of the technical X.509 fields in a certificate
+     *           should be populated.
      *     @type \Google\Cloud\Security\PrivateCA\V1\PublicKey $public_key
-     *           Optional. The public key that corresponds to this config. This is, for example, used
-     *           when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
-     *           self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+     *           Optional. The public key that corresponds to this config. This is, for
+     *           example, used when issuing
+     *           [Certificates][google.cloud.security.privateca.v1.Certificate], but not
+     *           when creating a self-signed
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           or
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           CSR.
      * }
      */
     public function __construct($data = NULL) {
@@ -63,8 +74,8 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. Specifies some of the values in a certificate that are related to the
-     * subject.
+     * Required. Specifies some of the values in a certificate that are related to
+     * the subject.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CertificateConfig\SubjectConfig|null
@@ -85,8 +96,8 @@ public function clearSubjectConfig()
     }
 
     /**
-     * Required. Specifies some of the values in a certificate that are related to the
-     * subject.
+     * Required. Specifies some of the values in a certificate that are related to
+     * the subject.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CertificateConfig\SubjectConfig $var
@@ -101,8 +112,8 @@ public function setSubjectConfig($var)
     }
 
     /**
-     * Required. Describes how some of the technical X.509 fields in a certificate should be
-     * populated.
+     * Required. Describes how some of the technical X.509 fields in a certificate
+     * should be populated.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\X509Parameters|null
@@ -123,8 +134,8 @@ public function clearX509Config()
     }
 
     /**
-     * Required. Describes how some of the technical X.509 fields in a certificate should be
-     * populated.
+     * Required. Describes how some of the technical X.509 fields in a certificate
+     * should be populated.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\X509Parameters $var
@@ -139,9 +150,14 @@ public function setX509Config($var)
     }
 
     /**
-     * Optional. The public key that corresponds to this config. This is, for example, used
-     * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
-     * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+     * Optional. The public key that corresponds to this config. This is, for
+     * example, used when issuing
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], but not
+     * when creating a self-signed
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * or
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * CSR.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\PublicKey|null
@@ -162,9 +178,14 @@ public function clearPublicKey()
     }
 
     /**
-     * Optional. The public key that corresponds to this config. This is, for example, used
-     * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
-     * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+     * Optional. The public key that corresponds to this config. This is, for
+     * example, used when issuing
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], but not
+     * when creating a self-signed
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * or
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * CSR.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\PublicKey $var
diff --git a/SecurityPrivateCa/src/V1/CertificateConfig/SubjectConfig.php b/SecurityPrivateCa/src/V1/CertificateConfig/SubjectConfig.php
index 8907a032d6bc..b0d8caf1e016 100644
--- a/SecurityPrivateCa/src/V1/CertificateConfig/SubjectConfig.php
+++ b/SecurityPrivateCa/src/V1/CertificateConfig/SubjectConfig.php
@@ -17,8 +17,8 @@
 class SubjectConfig extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. Contains distinguished name fields such as the common name, location and
-     * organization.
+     * Required. Contains distinguished name fields such as the common name,
+     * location and organization.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      */
@@ -37,8 +37,8 @@ class SubjectConfig extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type \Google\Cloud\Security\PrivateCA\V1\Subject $subject
-     *           Required. Contains distinguished name fields such as the common name, location and
-     *           organization.
+     *           Required. Contains distinguished name fields such as the common name,
+     *           location and organization.
      *     @type \Google\Cloud\Security\PrivateCA\V1\SubjectAltNames $subject_alt_name
      *           Optional. The subject alternative name fields.
      * }
@@ -49,8 +49,8 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. Contains distinguished name fields such as the common name, location and
-     * organization.
+     * Required. Contains distinguished name fields such as the common name,
+     * location and organization.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\Subject|null
@@ -71,8 +71,8 @@ public function clearSubject()
     }
 
     /**
-     * Required. Contains distinguished name fields such as the common name, location and
-     * organization.
+     * Required. Contains distinguished name fields such as the common name,
+     * location and organization.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\Subject $var
diff --git a/SecurityPrivateCa/src/V1/CertificateDescription.php b/SecurityPrivateCa/src/V1/CertificateDescription.php
index 034db4781bf7..70aa5d78a91d 100644
--- a/SecurityPrivateCa/src/V1/CertificateDescription.php
+++ b/SecurityPrivateCa/src/V1/CertificateDescription.php
@@ -9,8 +9,10 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * A [CertificateDescription][google.cloud.security.privateca.v1.CertificateDescription] describes an X.509 certificate or CSR that has
- * been issued, as an alternative to using ASN.1 / X.509.
+ * A
+ * [CertificateDescription][google.cloud.security.privateca.v1.CertificateDescription]
+ * describes an X.509 certificate or CSR that has been issued, as an alternative
+ * to using ASN.1 / X.509.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CertificateDescription</code>
  */
diff --git a/SecurityPrivateCa/src/V1/CertificateDescription/KeyId.php b/SecurityPrivateCa/src/V1/CertificateDescription/KeyId.php
index 127fba6c60ca..4cce9138102b 100644
--- a/SecurityPrivateCa/src/V1/CertificateDescription/KeyId.php
+++ b/SecurityPrivateCa/src/V1/CertificateDescription/KeyId.php
@@ -17,8 +17,8 @@
 class KeyId extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
-     * likely the 160 bit SHA-1 hash of the public key.
+     * Optional. The value of this KeyId encoded in lowercase hexadecimal. This
+     * is most likely the 160 bit SHA-1 hash of the public key.
      *
      * Generated from protobuf field <code>string key_id = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -31,8 +31,8 @@ class KeyId extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $key_id
-     *           Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
-     *           likely the 160 bit SHA-1 hash of the public key.
+     *           Optional. The value of this KeyId encoded in lowercase hexadecimal. This
+     *           is most likely the 160 bit SHA-1 hash of the public key.
      * }
      */
     public function __construct($data = NULL) {
@@ -41,8 +41,8 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
-     * likely the 160 bit SHA-1 hash of the public key.
+     * Optional. The value of this KeyId encoded in lowercase hexadecimal. This
+     * is most likely the 160 bit SHA-1 hash of the public key.
      *
      * Generated from protobuf field <code>string key_id = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return string
@@ -53,8 +53,8 @@ public function getKeyId()
     }
 
     /**
-     * Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
-     * likely the 160 bit SHA-1 hash of the public key.
+     * Optional. The value of this KeyId encoded in lowercase hexadecimal. This
+     * is most likely the 160 bit SHA-1 hash of the public key.
      *
      * Generated from protobuf field <code>string key_id = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param string $var
diff --git a/SecurityPrivateCa/src/V1/CertificateExtensionConstraints.php b/SecurityPrivateCa/src/V1/CertificateExtensionConstraints.php
index 6fa3133d6877..83a89cb3e0f0 100644
--- a/SecurityPrivateCa/src/V1/CertificateExtensionConstraints.php
+++ b/SecurityPrivateCa/src/V1/CertificateExtensionConstraints.php
@@ -18,15 +18,17 @@ class CertificateExtensionConstraints extends \Google\Protobuf\Internal\Message
 {
     /**
      * Optional. A set of named X.509 extensions. Will be combined with
-     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions]
+     * to determine the full set of X.509 extensions.
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $known_extensions;
     /**
-     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
-     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
-     * X.509 extensions.
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId]
+     * identifying custom X.509 extensions. Will be combined with
+     * [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions]
+     * to determine the full set of X.509 extensions.
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -40,11 +42,13 @@ class CertificateExtensionConstraints extends \Google\Protobuf\Internal\Message
      *
      *     @type array<int>|\Google\Protobuf\Internal\RepeatedField $known_extensions
      *           Optional. A set of named X.509 extensions. Will be combined with
-     *           [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     *           [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions]
+     *           to determine the full set of X.509 extensions.
      *     @type array<\Google\Cloud\Security\PrivateCA\V1\ObjectId>|\Google\Protobuf\Internal\RepeatedField $additional_extensions
-     *           Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
-     *           Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
-     *           X.509 extensions.
+     *           Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId]
+     *           identifying custom X.509 extensions. Will be combined with
+     *           [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions]
+     *           to determine the full set of X.509 extensions.
      * }
      */
     public function __construct($data = NULL) {
@@ -54,7 +58,8 @@ public function __construct($data = NULL) {
 
     /**
      * Optional. A set of named X.509 extensions. Will be combined with
-     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions]
+     * to determine the full set of X.509 extensions.
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Protobuf\Internal\RepeatedField
@@ -66,7 +71,8 @@ public function getKnownExtensions()
 
     /**
      * Optional. A set of named X.509 extensions. Will be combined with
-     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions]
+     * to determine the full set of X.509 extensions.
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param array<int>|\Google\Protobuf\Internal\RepeatedField $var
@@ -81,9 +87,10 @@ public function setKnownExtensions($var)
     }
 
     /**
-     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
-     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
-     * X.509 extensions.
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId]
+     * identifying custom X.509 extensions. Will be combined with
+     * [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions]
+     * to determine the full set of X.509 extensions.
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Protobuf\Internal\RepeatedField
@@ -94,9 +101,10 @@ public function getAdditionalExtensions()
     }
 
     /**
-     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
-     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
-     * X.509 extensions.
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId]
+     * identifying custom X.509 extensions. Will be combined with
+     * [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions]
+     * to determine the full set of X.509 extensions.
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param array<\Google\Cloud\Security\PrivateCA\V1\ObjectId>|\Google\Protobuf\Internal\RepeatedField $var
diff --git a/SecurityPrivateCa/src/V1/CertificateExtensionConstraints/KnownCertificateExtension.php b/SecurityPrivateCa/src/V1/CertificateExtensionConstraints/KnownCertificateExtension.php
index f747cd06cdb6..9d8622a9045b 100644
--- a/SecurityPrivateCa/src/V1/CertificateExtensionConstraints/KnownCertificateExtension.php
+++ b/SecurityPrivateCa/src/V1/CertificateExtensionConstraints/KnownCertificateExtension.php
@@ -7,8 +7,11 @@
 use UnexpectedValueException;
 
 /**
- * Describes well-known X.509 extensions that can appear in a [Certificate][google.cloud.security.privateca.v1.Certificate],
- * not including the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension.
+ * Describes well-known X.509 extensions that can appear in a
+ * [Certificate][google.cloud.security.privateca.v1.Certificate], not
+ * including the
+ * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames]
+ * extension.
  *
  * Protobuf type <code>google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension</code>
  */
@@ -23,7 +26,9 @@ class KnownCertificateExtension
     /**
      * Refers to a certificate's Key Usage extension, as described in [RFC 5280
      * section 4.2.1.3](https://tools.ietf.org/html/rfc5280#section-4.2.1.3).
-     * This corresponds to the [KeyUsage.base_key_usage][google.cloud.security.privateca.v1.KeyUsage.base_key_usage] field.
+     * This corresponds to the
+     * [KeyUsage.base_key_usage][google.cloud.security.privateca.v1.KeyUsage.base_key_usage]
+     * field.
      *
      * Generated from protobuf enum <code>BASE_KEY_USAGE = 1;</code>
      */
@@ -32,7 +37,9 @@ class KnownCertificateExtension
      * Refers to a certificate's Extended Key Usage extension, as described in
      * [RFC 5280
      * section 4.2.1.12](https://tools.ietf.org/html/rfc5280#section-4.2.1.12).
-     * This corresponds to the [KeyUsage.extended_key_usage][google.cloud.security.privateca.v1.KeyUsage.extended_key_usage] message.
+     * This corresponds to the
+     * [KeyUsage.extended_key_usage][google.cloud.security.privateca.v1.KeyUsage.extended_key_usage]
+     * message.
      *
      * Generated from protobuf enum <code>EXTENDED_KEY_USAGE = 2;</code>
      */
@@ -41,7 +48,9 @@ class KnownCertificateExtension
      * Refers to a certificate's Basic Constraints extension, as described in
      * [RFC 5280
      * section 4.2.1.9](https://tools.ietf.org/html/rfc5280#section-4.2.1.9).
-     * This corresponds to the [X509Parameters.ca_options][google.cloud.security.privateca.v1.X509Parameters.ca_options] field.
+     * This corresponds to the
+     * [X509Parameters.ca_options][google.cloud.security.privateca.v1.X509Parameters.ca_options]
+     * field.
      *
      * Generated from protobuf enum <code>CA_OPTIONS = 3;</code>
      */
@@ -50,7 +59,9 @@ class KnownCertificateExtension
      * Refers to a certificate's Policy object identifiers, as described in
      * [RFC 5280
      * section 4.2.1.4](https://tools.ietf.org/html/rfc5280#section-4.2.1.4).
-     * This corresponds to the [X509Parameters.policy_ids][google.cloud.security.privateca.v1.X509Parameters.policy_ids] field.
+     * This corresponds to the
+     * [X509Parameters.policy_ids][google.cloud.security.privateca.v1.X509Parameters.policy_ids]
+     * field.
      *
      * Generated from protobuf enum <code>POLICY_IDS = 4;</code>
      */
@@ -60,11 +71,21 @@ class KnownCertificateExtension
      * extension, as described in
      * [RFC 5280
      * section 4.2.2.1](https://tools.ietf.org/html/rfc5280#section-4.2.2.1),
-     * This corresponds to the [X509Parameters.aia_ocsp_servers][google.cloud.security.privateca.v1.X509Parameters.aia_ocsp_servers] field.
+     * This corresponds to the
+     * [X509Parameters.aia_ocsp_servers][google.cloud.security.privateca.v1.X509Parameters.aia_ocsp_servers]
+     * field.
      *
      * Generated from protobuf enum <code>AIA_OCSP_SERVERS = 5;</code>
      */
     const AIA_OCSP_SERVERS = 5;
+    /**
+     * Refers to Name Constraints extension as described in
+     * [RFC 5280
+     * section 4.2.1.10](https://tools.ietf.org/html/rfc5280#section-4.2.1.10)
+     *
+     * Generated from protobuf enum <code>NAME_CONSTRAINTS = 6;</code>
+     */
+    const NAME_CONSTRAINTS = 6;
 
     private static $valueToName = [
         self::KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED => 'KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED',
@@ -73,6 +94,7 @@ class KnownCertificateExtension
         self::CA_OPTIONS => 'CA_OPTIONS',
         self::POLICY_IDS => 'POLICY_IDS',
         self::AIA_OCSP_SERVERS => 'AIA_OCSP_SERVERS',
+        self::NAME_CONSTRAINTS => 'NAME_CONSTRAINTS',
     ];
 
     public static function name($value)
diff --git a/SecurityPrivateCa/src/V1/CertificateIdentityConstraints.php b/SecurityPrivateCa/src/V1/CertificateIdentityConstraints.php
index f157bde9036e..369f28da3151 100644
--- a/SecurityPrivateCa/src/V1/CertificateIdentityConstraints.php
+++ b/SecurityPrivateCa/src/V1/CertificateIdentityConstraints.php
@@ -9,7 +9,9 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * Describes constraints on a [Certificate][google.cloud.security.privateca.v1.Certificate]'s [Subject][google.cloud.security.privateca.v1.Subject] and
+ * Describes constraints on a
+ * [Certificate][google.cloud.security.privateca.v1.Certificate]'s
+ * [Subject][google.cloud.security.privateca.v1.Subject] and
  * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CertificateIdentityConstraints</code>
@@ -17,26 +19,31 @@
 class CertificateIdentityConstraints extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
-     * and/or Subject Alternative Name before a certificate is signed.
-     * To see the full allowed syntax and some examples, see
+     * Optional. A CEL expression that may be used to validate the resolved X.509
+     * Subject and/or Subject Alternative Name before a certificate is signed. To
+     * see the full allowed syntax and some examples, see
      * https://cloud.google.com/certificate-authority-service/docs/using-cel
      *
      * Generated from protobuf field <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $cel_expression = null;
     /**
-     * Required. If this is true, the [Subject][google.cloud.security.privateca.v1.Subject] field may be copied from a certificate
-     * request into the signed certificate. Otherwise, the requested [Subject][google.cloud.security.privateca.v1.Subject]
-     * will be discarded.
+     * Required. If this is true, the
+     * [Subject][google.cloud.security.privateca.v1.Subject] field may be copied
+     * from a certificate request into the signed certificate. Otherwise, the
+     * requested [Subject][google.cloud.security.privateca.v1.Subject] will be
+     * discarded.
      *
      * Generated from protobuf field <code>optional bool allow_subject_passthrough = 2 [(.google.api.field_behavior) = REQUIRED];</code>
      */
     private $allow_subject_passthrough = null;
     /**
-     * Required. If this is true, the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension may be copied from a
-     * certificate request into the signed certificate. Otherwise, the requested
-     * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be discarded.
+     * Required. If this is true, the
+     * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames]
+     * extension may be copied from a certificate request into the signed
+     * certificate. Otherwise, the requested
+     * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will
+     * be discarded.
      *
      * Generated from protobuf field <code>optional bool allow_subject_alt_names_passthrough = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      */
@@ -49,18 +56,23 @@ class CertificateIdentityConstraints extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type \Google\Type\Expr $cel_expression
-     *           Optional. A CEL expression that may be used to validate the resolved X.509 Subject
-     *           and/or Subject Alternative Name before a certificate is signed.
-     *           To see the full allowed syntax and some examples, see
+     *           Optional. A CEL expression that may be used to validate the resolved X.509
+     *           Subject and/or Subject Alternative Name before a certificate is signed. To
+     *           see the full allowed syntax and some examples, see
      *           https://cloud.google.com/certificate-authority-service/docs/using-cel
      *     @type bool $allow_subject_passthrough
-     *           Required. If this is true, the [Subject][google.cloud.security.privateca.v1.Subject] field may be copied from a certificate
-     *           request into the signed certificate. Otherwise, the requested [Subject][google.cloud.security.privateca.v1.Subject]
-     *           will be discarded.
+     *           Required. If this is true, the
+     *           [Subject][google.cloud.security.privateca.v1.Subject] field may be copied
+     *           from a certificate request into the signed certificate. Otherwise, the
+     *           requested [Subject][google.cloud.security.privateca.v1.Subject] will be
+     *           discarded.
      *     @type bool $allow_subject_alt_names_passthrough
-     *           Required. If this is true, the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension may be copied from a
-     *           certificate request into the signed certificate. Otherwise, the requested
-     *           [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be discarded.
+     *           Required. If this is true, the
+     *           [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames]
+     *           extension may be copied from a certificate request into the signed
+     *           certificate. Otherwise, the requested
+     *           [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will
+     *           be discarded.
      * }
      */
     public function __construct($data = NULL) {
@@ -69,9 +81,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
-     * and/or Subject Alternative Name before a certificate is signed.
-     * To see the full allowed syntax and some examples, see
+     * Optional. A CEL expression that may be used to validate the resolved X.509
+     * Subject and/or Subject Alternative Name before a certificate is signed. To
+     * see the full allowed syntax and some examples, see
      * https://cloud.google.com/certificate-authority-service/docs/using-cel
      *
      * Generated from protobuf field <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
@@ -93,9 +105,9 @@ public function clearCelExpression()
     }
 
     /**
-     * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
-     * and/or Subject Alternative Name before a certificate is signed.
-     * To see the full allowed syntax and some examples, see
+     * Optional. A CEL expression that may be used to validate the resolved X.509
+     * Subject and/or Subject Alternative Name before a certificate is signed. To
+     * see the full allowed syntax and some examples, see
      * https://cloud.google.com/certificate-authority-service/docs/using-cel
      *
      * Generated from protobuf field <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
@@ -111,9 +123,11 @@ public function setCelExpression($var)
     }
 
     /**
-     * Required. If this is true, the [Subject][google.cloud.security.privateca.v1.Subject] field may be copied from a certificate
-     * request into the signed certificate. Otherwise, the requested [Subject][google.cloud.security.privateca.v1.Subject]
-     * will be discarded.
+     * Required. If this is true, the
+     * [Subject][google.cloud.security.privateca.v1.Subject] field may be copied
+     * from a certificate request into the signed certificate. Otherwise, the
+     * requested [Subject][google.cloud.security.privateca.v1.Subject] will be
+     * discarded.
      *
      * Generated from protobuf field <code>optional bool allow_subject_passthrough = 2 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return bool
@@ -134,9 +148,11 @@ public function clearAllowSubjectPassthrough()
     }
 
     /**
-     * Required. If this is true, the [Subject][google.cloud.security.privateca.v1.Subject] field may be copied from a certificate
-     * request into the signed certificate. Otherwise, the requested [Subject][google.cloud.security.privateca.v1.Subject]
-     * will be discarded.
+     * Required. If this is true, the
+     * [Subject][google.cloud.security.privateca.v1.Subject] field may be copied
+     * from a certificate request into the signed certificate. Otherwise, the
+     * requested [Subject][google.cloud.security.privateca.v1.Subject] will be
+     * discarded.
      *
      * Generated from protobuf field <code>optional bool allow_subject_passthrough = 2 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param bool $var
@@ -151,9 +167,12 @@ public function setAllowSubjectPassthrough($var)
     }
 
     /**
-     * Required. If this is true, the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension may be copied from a
-     * certificate request into the signed certificate. Otherwise, the requested
-     * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be discarded.
+     * Required. If this is true, the
+     * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames]
+     * extension may be copied from a certificate request into the signed
+     * certificate. Otherwise, the requested
+     * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will
+     * be discarded.
      *
      * Generated from protobuf field <code>optional bool allow_subject_alt_names_passthrough = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return bool
@@ -174,9 +193,12 @@ public function clearAllowSubjectAltNamesPassthrough()
     }
 
     /**
-     * Required. If this is true, the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension may be copied from a
-     * certificate request into the signed certificate. Otherwise, the requested
-     * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be discarded.
+     * Required. If this is true, the
+     * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames]
+     * extension may be copied from a certificate request into the signed
+     * certificate. Otherwise, the requested
+     * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will
+     * be discarded.
      *
      * Generated from protobuf field <code>optional bool allow_subject_alt_names_passthrough = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param bool $var
diff --git a/SecurityPrivateCa/src/V1/CertificateRevocationList.php b/SecurityPrivateCa/src/V1/CertificateRevocationList.php
index 75cd2909b1a2..2c077fb69611 100644
--- a/SecurityPrivateCa/src/V1/CertificateRevocationList.php
+++ b/SecurityPrivateCa/src/V1/CertificateRevocationList.php
@@ -9,18 +9,19 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * A [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] corresponds to a signed X.509 certificate
- * Revocation List (CRL). A CRL contains the serial numbers of certificates that
- * should no longer be trusted.
+ * A
+ * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+ * corresponds to a signed X.509 certificate Revocation List (CRL). A CRL
+ * contains the serial numbers of certificates that should no longer be trusted.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CertificateRevocationList</code>
  */
 class CertificateRevocationList extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
-     * the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
+     * Output only. The resource name for this
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
      *    certificateRevocationLists/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
@@ -51,27 +52,35 @@ class CertificateRevocationList extends \Google\Protobuf\Internal\Message
      */
     private $access_url = '';
     /**
-     * Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Output only. The
+     * [State][google.cloud.security.privateca.v1.CertificateRevocationList.State]
+     * for this
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateRevocationList.State state = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $state = 0;
     /**
-     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+     * Output only. The time at which this
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * was created.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $create_time = null;
     /**
-     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+     * Output only. The time at which this
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * was updated.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $update_time = null;
     /**
-     * Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
-     * committed whenever a new CRL is published. The format is an 8-character
-     * hexadecimal string.
+     * Output only. The revision ID of this
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * A new revision is committed whenever a new CRL is published. The format is
+     * an 8-character hexadecimal string.
      *
      * Generated from protobuf field <code>string revision_id = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
@@ -90,9 +99,9 @@ class CertificateRevocationList extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
-     *           the format
-     *           `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
+     *           Output only. The resource name for this
+     *           [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     *           in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
      *              certificateRevocationLists/&#42;`.
      *     @type int|string $sequence_number
      *           Output only. The CRL sequence number that appears in pem_crl.
@@ -103,15 +112,23 @@ class CertificateRevocationList extends \Google\Protobuf\Internal\Message
      *     @type string $access_url
      *           Output only. The location where 'pem_crl' can be accessed.
      *     @type int $state
-     *           Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     *           Output only. The
+     *           [State][google.cloud.security.privateca.v1.CertificateRevocationList.State]
+     *           for this
+     *           [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
      *     @type \Google\Protobuf\Timestamp $create_time
-     *           Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+     *           Output only. The time at which this
+     *           [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     *           was created.
      *     @type \Google\Protobuf\Timestamp $update_time
-     *           Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+     *           Output only. The time at which this
+     *           [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     *           was updated.
      *     @type string $revision_id
-     *           Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
-     *           committed whenever a new CRL is published. The format is an 8-character
-     *           hexadecimal string.
+     *           Output only. The revision ID of this
+     *           [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     *           A new revision is committed whenever a new CRL is published. The format is
+     *           an 8-character hexadecimal string.
      *     @type array|\Google\Protobuf\Internal\MapField $labels
      *           Optional. Labels with user-defined metadata.
      * }
@@ -122,9 +139,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
-     * the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
+     * Output only. The resource name for this
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
      *    certificateRevocationLists/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
@@ -136,9 +153,9 @@ public function getName()
     }
 
     /**
-     * Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
-     * the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
+     * Output only. The resource name for this
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
      *    certificateRevocationLists/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
@@ -258,7 +275,10 @@ public function setAccessUrl($var)
     }
 
     /**
-     * Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Output only. The
+     * [State][google.cloud.security.privateca.v1.CertificateRevocationList.State]
+     * for this
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateRevocationList.State state = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return int
@@ -269,7 +289,10 @@ public function getState()
     }
 
     /**
-     * Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Output only. The
+     * [State][google.cloud.security.privateca.v1.CertificateRevocationList.State]
+     * for this
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateRevocationList.State state = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param int $var
@@ -284,7 +307,9 @@ public function setState($var)
     }
 
     /**
-     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+     * Output only. The time at which this
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * was created.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return \Google\Protobuf\Timestamp|null
@@ -305,7 +330,9 @@ public function clearCreateTime()
     }
 
     /**
-     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+     * Output only. The time at which this
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * was created.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param \Google\Protobuf\Timestamp $var
@@ -320,7 +347,9 @@ public function setCreateTime($var)
     }
 
     /**
-     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+     * Output only. The time at which this
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * was updated.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return \Google\Protobuf\Timestamp|null
@@ -341,7 +370,9 @@ public function clearUpdateTime()
     }
 
     /**
-     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+     * Output only. The time at which this
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * was updated.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param \Google\Protobuf\Timestamp $var
@@ -356,9 +387,10 @@ public function setUpdateTime($var)
     }
 
     /**
-     * Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
-     * committed whenever a new CRL is published. The format is an 8-character
-     * hexadecimal string.
+     * Output only. The revision ID of this
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * A new revision is committed whenever a new CRL is published. The format is
+     * an 8-character hexadecimal string.
      *
      * Generated from protobuf field <code>string revision_id = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return string
@@ -369,9 +401,10 @@ public function getRevisionId()
     }
 
     /**
-     * Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
-     * committed whenever a new CRL is published. The format is an 8-character
-     * hexadecimal string.
+     * Output only. The revision ID of this
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * A new revision is committed whenever a new CRL is published. The format is
+     * an 8-character hexadecimal string.
      *
      * Generated from protobuf field <code>string revision_id = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param string $var
diff --git a/SecurityPrivateCa/src/V1/CertificateRevocationList/RevokedCertificate.php b/SecurityPrivateCa/src/V1/CertificateRevocationList/RevokedCertificate.php
index 43a5e132534c..2d88dbeaca2a 100644
--- a/SecurityPrivateCa/src/V1/CertificateRevocationList/RevokedCertificate.php
+++ b/SecurityPrivateCa/src/V1/CertificateRevocationList/RevokedCertificate.php
@@ -9,27 +9,32 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * Describes a revoked [Certificate][google.cloud.security.privateca.v1.Certificate].
+ * Describes a revoked
+ * [Certificate][google.cloud.security.privateca.v1.Certificate].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate</code>
  */
 class RevokedCertificate extends \Google\Protobuf\Internal\Message
 {
     /**
-     * The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * The resource name for the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
      *
      * Generated from protobuf field <code>string certificate = 1 [(.google.api.resource_reference) = {</code>
      */
     private $certificate = '';
     /**
-     * The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * The serial number of the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate].
      *
      * Generated from protobuf field <code>string hex_serial_number = 2;</code>
      */
     private $hex_serial_number = '';
     /**
-     * The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * The reason the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] was
+     * revoked.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.RevocationReason revocation_reason = 3;</code>
      */
@@ -42,12 +47,16 @@ class RevokedCertificate extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $certificate
-     *           The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
-     *           `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     *           The resource name for the
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] in the
+     *           format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
      *     @type string $hex_serial_number
-     *           The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     *           The serial number of the
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate].
      *     @type int $revocation_reason
-     *           The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     *           The reason the
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] was
+     *           revoked.
      * }
      */
     public function __construct($data = NULL) {
@@ -56,8 +65,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * The resource name for the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
      *
      * Generated from protobuf field <code>string certificate = 1 [(.google.api.resource_reference) = {</code>
      * @return string
@@ -68,8 +78,9 @@ public function getCertificate()
     }
 
     /**
-     * The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * The resource name for the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
      *
      * Generated from protobuf field <code>string certificate = 1 [(.google.api.resource_reference) = {</code>
      * @param string $var
@@ -84,7 +95,8 @@ public function setCertificate($var)
     }
 
     /**
-     * The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * The serial number of the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate].
      *
      * Generated from protobuf field <code>string hex_serial_number = 2;</code>
      * @return string
@@ -95,7 +107,8 @@ public function getHexSerialNumber()
     }
 
     /**
-     * The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * The serial number of the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate].
      *
      * Generated from protobuf field <code>string hex_serial_number = 2;</code>
      * @param string $var
@@ -110,7 +123,9 @@ public function setHexSerialNumber($var)
     }
 
     /**
-     * The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * The reason the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] was
+     * revoked.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.RevocationReason revocation_reason = 3;</code>
      * @return int
@@ -121,7 +136,9 @@ public function getRevocationReason()
     }
 
     /**
-     * The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * The reason the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] was
+     * revoked.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.RevocationReason revocation_reason = 3;</code>
      * @param int $var
diff --git a/SecurityPrivateCa/src/V1/CertificateRevocationList/State.php b/SecurityPrivateCa/src/V1/CertificateRevocationList/State.php
index eb86748e5275..6a6aa9c37981 100644
--- a/SecurityPrivateCa/src/V1/CertificateRevocationList/State.php
+++ b/SecurityPrivateCa/src/V1/CertificateRevocationList/State.php
@@ -7,7 +7,9 @@
 use UnexpectedValueException;
 
 /**
- * The state of a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList], indicating if it is current.
+ * The state of a
+ * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList],
+ * indicating if it is current.
  *
  * Protobuf type <code>google.cloud.security.privateca.v1.CertificateRevocationList.State</code>
  */
@@ -20,13 +22,17 @@ class State
      */
     const STATE_UNSPECIFIED = 0;
     /**
-     * The [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] is up to date.
+     * The
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * is up to date.
      *
      * Generated from protobuf enum <code>ACTIVE = 1;</code>
      */
     const ACTIVE = 1;
     /**
-     * The [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] is no longer current.
+     * The
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * is no longer current.
      *
      * Generated from protobuf enum <code>SUPERSEDED = 2;</code>
      */
diff --git a/SecurityPrivateCa/src/V1/CertificateTemplate.php b/SecurityPrivateCa/src/V1/CertificateTemplate.php
index 53f1cd2c32fb..09e02822fc7c 100644
--- a/SecurityPrivateCa/src/V1/CertificateTemplate.php
+++ b/SecurityPrivateCa/src/V1/CertificateTemplate.php
@@ -9,69 +9,86 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] refers to a managed template for certificate
- * issuance.
+ * A
+ * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+ * refers to a managed template for certificate issuance.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CertificateTemplate</code>
  */
 class CertificateTemplate extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * Output only. The resource name for this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = {</code>
      */
     private $name = '';
     /**
-     * Optional. A set of X.509 values that will be applied to all issued certificates that
-     * use this template. If the certificate request includes conflicting values
-     * for the same properties, they will be overwritten by the values defined
-     * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * Optional. A set of X.509 values that will be applied to all issued
+     * certificates that use this template. If the certificate request includes
+     * conflicting values for the same properties, they will be overwritten by the
+     * values defined here. If the issuing
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     * [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
      * defines conflicting
-     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
-     * properties, the certificate issuance request will fail.
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
+     * for the same properties, the certificate issuance request will fail.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $predefined_values = null;
     /**
      * Optional. Describes constraints on identities that may be appear in
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
-     * then this template will not add restrictions on a certificate's identity.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using
+     * this template. If this is omitted, then this template will not add
+     * restrictions on a certificate's identity.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $identity_constraints = null;
     /**
      * Optional. Describes the set of X.509 extensions that may appear in a
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
-     * request sets extensions that don't appear in the
-     * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
-     * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
-     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
-     * here, the certificate issuance request will fail. If this is omitted, then
-     * this template will not add restrictions on a certificate's X.509
-     * extensions. These constraints do not apply to X.509 extensions set in this
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using
+     * this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * If a certificate request sets extensions that don't appear in the
+     * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions],
+     * those extensions will be dropped. If the issuing
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     * [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * defines
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
+     * that don't appear here, the certificate issuance request will fail. If this
+     * is omitted, then this template will not add restrictions on a certificate's
+     * X.509 extensions. These constraints do not apply to X.509 extensions set in
+     * this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $passthrough_extensions = null;
     /**
-     * Optional. A human-readable description of scenarios this template is intended for.
+     * Optional. A human-readable description of scenarios this template is
+     * intended for.
      *
      * Generated from protobuf field <code>string description = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $description = '';
     /**
-     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+     * Output only. The time at which this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * was created.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $create_time = null;
     /**
-     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+     * Output only. The time at which this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * was updated.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
@@ -90,37 +107,53 @@ class CertificateTemplate extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-     *           `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     *           Output only. The resource name for this
+     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     *           in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
      *     @type \Google\Cloud\Security\PrivateCA\V1\X509Parameters $predefined_values
-     *           Optional. A set of X.509 values that will be applied to all issued certificates that
-     *           use this template. If the certificate request includes conflicting values
-     *           for the same properties, they will be overwritten by the values defined
-     *           here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     *           Optional. A set of X.509 values that will be applied to all issued
+     *           certificates that use this template. If the certificate request includes
+     *           conflicting values for the same properties, they will be overwritten by the
+     *           values defined here. If the issuing
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     *           [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
      *           defines conflicting
-     *           [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
-     *           properties, the certificate issuance request will fail.
+     *           [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
+     *           for the same properties, the certificate issuance request will fail.
      *     @type \Google\Cloud\Security\PrivateCA\V1\CertificateIdentityConstraints $identity_constraints
      *           Optional. Describes constraints on identities that may be appear in
-     *           [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
-     *           then this template will not add restrictions on a certificate's identity.
+     *           [Certificates][google.cloud.security.privateca.v1.Certificate] issued using
+     *           this template. If this is omitted, then this template will not add
+     *           restrictions on a certificate's identity.
      *     @type \Google\Cloud\Security\PrivateCA\V1\CertificateExtensionConstraints $passthrough_extensions
      *           Optional. Describes the set of X.509 extensions that may appear in a
-     *           [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
-     *           request sets extensions that don't appear in the
-     *           [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
-     *           issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
-     *           [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
-     *           here, the certificate issuance request will fail. If this is omitted, then
-     *           this template will not add restrictions on a certificate's X.509
-     *           extensions. These constraints do not apply to X.509 extensions set in this
-     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] issued using
+     *           this
+     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     *           If a certificate request sets extensions that don't appear in the
+     *           [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions],
+     *           those extensions will be dropped. If the issuing
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     *           [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     *           defines
+     *           [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
+     *           that don't appear here, the certificate issuance request will fail. If this
+     *           is omitted, then this template will not add restrictions on a certificate's
+     *           X.509 extensions. These constraints do not apply to X.509 extensions set in
+     *           this
+     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s
+     *           [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
      *     @type string $description
-     *           Optional. A human-readable description of scenarios this template is intended for.
+     *           Optional. A human-readable description of scenarios this template is
+     *           intended for.
      *     @type \Google\Protobuf\Timestamp $create_time
-     *           Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+     *           Output only. The time at which this
+     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     *           was created.
      *     @type \Google\Protobuf\Timestamp $update_time
-     *           Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+     *           Output only. The time at which this
+     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     *           was updated.
      *     @type array|\Google\Protobuf\Internal\MapField $labels
      *           Optional. Labels with user-defined metadata.
      * }
@@ -131,8 +164,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * Output only. The resource name for this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = {</code>
      * @return string
@@ -143,8 +177,9 @@ public function getName()
     }
 
     /**
-     * Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * Output only. The resource name for this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -159,13 +194,15 @@ public function setName($var)
     }
 
     /**
-     * Optional. A set of X.509 values that will be applied to all issued certificates that
-     * use this template. If the certificate request includes conflicting values
-     * for the same properties, they will be overwritten by the values defined
-     * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * Optional. A set of X.509 values that will be applied to all issued
+     * certificates that use this template. If the certificate request includes
+     * conflicting values for the same properties, they will be overwritten by the
+     * values defined here. If the issuing
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     * [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
      * defines conflicting
-     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
-     * properties, the certificate issuance request will fail.
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
+     * for the same properties, the certificate issuance request will fail.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\X509Parameters|null
@@ -186,13 +223,15 @@ public function clearPredefinedValues()
     }
 
     /**
-     * Optional. A set of X.509 values that will be applied to all issued certificates that
-     * use this template. If the certificate request includes conflicting values
-     * for the same properties, they will be overwritten by the values defined
-     * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * Optional. A set of X.509 values that will be applied to all issued
+     * certificates that use this template. If the certificate request includes
+     * conflicting values for the same properties, they will be overwritten by the
+     * values defined here. If the issuing
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     * [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
      * defines conflicting
-     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
-     * properties, the certificate issuance request will fail.
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
+     * for the same properties, the certificate issuance request will fail.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\X509Parameters $var
@@ -208,8 +247,9 @@ public function setPredefinedValues($var)
 
     /**
      * Optional. Describes constraints on identities that may be appear in
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
-     * then this template will not add restrictions on a certificate's identity.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using
+     * this template. If this is omitted, then this template will not add
+     * restrictions on a certificate's identity.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CertificateIdentityConstraints|null
@@ -231,8 +271,9 @@ public function clearIdentityConstraints()
 
     /**
      * Optional. Describes constraints on identities that may be appear in
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
-     * then this template will not add restrictions on a certificate's identity.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using
+     * this template. If this is omitted, then this template will not add
+     * restrictions on a certificate's identity.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CertificateIdentityConstraints $var
@@ -248,15 +289,22 @@ public function setIdentityConstraints($var)
 
     /**
      * Optional. Describes the set of X.509 extensions that may appear in a
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
-     * request sets extensions that don't appear in the
-     * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
-     * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
-     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
-     * here, the certificate issuance request will fail. If this is omitted, then
-     * this template will not add restrictions on a certificate's X.509
-     * extensions. These constraints do not apply to X.509 extensions set in this
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using
+     * this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * If a certificate request sets extensions that don't appear in the
+     * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions],
+     * those extensions will be dropped. If the issuing
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     * [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * defines
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
+     * that don't appear here, the certificate issuance request will fail. If this
+     * is omitted, then this template will not add restrictions on a certificate's
+     * X.509 extensions. These constraints do not apply to X.509 extensions set in
+     * this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CertificateExtensionConstraints|null
@@ -278,15 +326,22 @@ public function clearPassthroughExtensions()
 
     /**
      * Optional. Describes the set of X.509 extensions that may appear in a
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
-     * request sets extensions that don't appear in the
-     * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
-     * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
-     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
-     * here, the certificate issuance request will fail. If this is omitted, then
-     * this template will not add restrictions on a certificate's X.509
-     * extensions. These constraints do not apply to X.509 extensions set in this
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using
+     * this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * If a certificate request sets extensions that don't appear in the
+     * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions],
+     * those extensions will be dropped. If the issuing
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     * [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * defines
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
+     * that don't appear here, the certificate issuance request will fail. If this
+     * is omitted, then this template will not add restrictions on a certificate's
+     * X.509 extensions. These constraints do not apply to X.509 extensions set in
+     * this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CertificateExtensionConstraints $var
@@ -301,7 +356,8 @@ public function setPassthroughExtensions($var)
     }
 
     /**
-     * Optional. A human-readable description of scenarios this template is intended for.
+     * Optional. A human-readable description of scenarios this template is
+     * intended for.
      *
      * Generated from protobuf field <code>string description = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return string
@@ -312,7 +368,8 @@ public function getDescription()
     }
 
     /**
-     * Optional. A human-readable description of scenarios this template is intended for.
+     * Optional. A human-readable description of scenarios this template is
+     * intended for.
      *
      * Generated from protobuf field <code>string description = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param string $var
@@ -327,7 +384,9 @@ public function setDescription($var)
     }
 
     /**
-     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+     * Output only. The time at which this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * was created.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return \Google\Protobuf\Timestamp|null
@@ -348,7 +407,9 @@ public function clearCreateTime()
     }
 
     /**
-     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+     * Output only. The time at which this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * was created.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param \Google\Protobuf\Timestamp $var
@@ -363,7 +424,9 @@ public function setCreateTime($var)
     }
 
     /**
-     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+     * Output only. The time at which this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * was updated.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return \Google\Protobuf\Timestamp|null
@@ -384,7 +447,9 @@ public function clearUpdateTime()
     }
 
     /**
-     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+     * Output only. The time at which this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * was updated.
      *
      * Generated from protobuf field <code>.google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param \Google\Protobuf\Timestamp $var
diff --git a/SecurityPrivateCa/src/V1/CreateCaPoolRequest.php b/SecurityPrivateCa/src/V1/CreateCaPoolRequest.php
index 1c74b238ac86..f414447463f9 100644
--- a/SecurityPrivateCa/src/V1/CreateCaPoolRequest.php
+++ b/SecurityPrivateCa/src/V1/CreateCaPoolRequest.php
@@ -18,7 +18,8 @@ class CreateCaPoolRequest extends \Google\Protobuf\Internal\Message
 {
     /**
      * Required. The resource name of the location associated with the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/&#42;&#47;locations/&#42;`.
+     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+     * `projects/&#42;&#47;locations/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
@@ -31,18 +32,19 @@ class CreateCaPoolRequest extends \Google\Protobuf\Internal\Message
      */
     private $ca_pool_id = '';
     /**
-     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+     * initial field values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      */
     private $ca_pool = null;
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -61,19 +63,21 @@ class CreateCaPoolRequest extends \Google\Protobuf\Internal\Message
      *
      *     @type string $parent
      *           Required. The resource name of the location associated with the
-     *           [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/&#42;&#47;locations/&#42;`.
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+     *           `projects/&#42;&#47;locations/&#42;`.
      *     @type string $ca_pool_id
      *           Required. It must be unique within a location and match the regular
      *           expression `[a-zA-Z0-9_-]{1,63}`
      *     @type \Google\Cloud\Security\PrivateCA\V1\CaPool $ca_pool
-     *           Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
+     *           Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+     *           initial field values.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -88,7 +92,8 @@ public function __construct($data = NULL) {
 
     /**
      * Required. The resource name of the location associated with the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/&#42;&#47;locations/&#42;`.
+     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+     * `projects/&#42;&#47;locations/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -100,7 +105,8 @@ public function getParent()
 
     /**
      * Required. The resource name of the location associated with the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/&#42;&#47;locations/&#42;`.
+     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+     * `projects/&#42;&#47;locations/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -143,7 +149,8 @@ public function setCaPoolId($var)
     }
 
     /**
-     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+     * initial field values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CaPool|null
@@ -164,7 +171,8 @@ public function clearCaPool()
     }
 
     /**
-     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+     * initial field values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CaPool $var
@@ -179,12 +187,12 @@ public function setCaPool($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -200,12 +208,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/CreateCertificateAuthorityRequest.php b/SecurityPrivateCa/src/V1/CreateCertificateAuthorityRequest.php
index d3e5507875e7..78673022ff27 100644
--- a/SecurityPrivateCa/src/V1/CreateCertificateAuthorityRequest.php
+++ b/SecurityPrivateCa/src/V1/CreateCertificateAuthorityRequest.php
@@ -17,9 +17,10 @@
 class CreateCertificateAuthorityRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
@@ -32,18 +33,20 @@ class CreateCertificateAuthorityRequest extends \Google\Protobuf\Internal\Messag
      */
     private $certificate_authority_id = '';
     /**
-     * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
+     * Required. A
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with initial field values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      */
     private $certificate_authority = null;
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -61,21 +64,24 @@ class CreateCertificateAuthorityRequest extends \Google\Protobuf\Internal\Messag
      *     Optional. Data for populating the Message object.
      *
      *     @type string $parent
-     *           Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     *           [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-     *           `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     *           Required. The resource name of the
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     *           [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     *           in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *     @type string $certificate_authority_id
      *           Required. It must be unique within a location and match the regular
      *           expression `[a-zA-Z0-9_-]{1,63}`
      *     @type \Google\Cloud\Security\PrivateCA\V1\CertificateAuthority $certificate_authority
-     *           Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
+     *           Required. A
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           with initial field values.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -89,9 +95,10 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -102,9 +109,10 @@ public function getParent()
     }
 
     /**
-     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -147,7 +155,9 @@ public function setCertificateAuthorityId($var)
     }
 
     /**
-     * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
+     * Required. A
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with initial field values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CertificateAuthority|null
@@ -168,7 +178,9 @@ public function clearCertificateAuthority()
     }
 
     /**
-     * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
+     * Required. A
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with initial field values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CertificateAuthority $var
@@ -183,12 +195,12 @@ public function setCertificateAuthority($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -204,12 +216,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/CreateCertificateRequest.php b/SecurityPrivateCa/src/V1/CreateCertificateRequest.php
index 9cff1c7d7090..81199e98b40f 100644
--- a/SecurityPrivateCa/src/V1/CreateCertificateRequest.php
+++ b/SecurityPrivateCa/src/V1/CreateCertificateRequest.php
@@ -9,15 +9,18 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * Request message for [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
+ * Request message for
+ * [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.CreateCertificateRequest</code>
  */
 class CreateCertificateRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
-     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
@@ -25,23 +28,25 @@ class CreateCertificateRequest extends \Google\Protobuf\Internal\Message
     /**
      * Optional. It must be unique within a location and match the regular
      * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
-     * but is optional and its value is ignored otherwise.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the Enterprise [CertificateAuthority.Tier][], but is optional and its
+     * value is ignored otherwise.
      *
      * Generated from protobuf field <code>string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $certificate_id = '';
     /**
-     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with initial field values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      */
     private $certificate = null;
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
      * For example, consider a situation where you make an initial request and the
      * request times out. If you make the request again with the same request ID,
      * the server can check if original operation with the same request ID was
@@ -54,25 +59,38 @@ class CreateCertificateRequest extends \Google\Protobuf\Internal\Message
      */
     private $request_id = '';
     /**
-     * Optional. If this is true, no [Certificate][google.cloud.security.privateca.v1.Certificate] resource will be persisted regardless
-     * of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * will not contain the [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate] field.
+     * Optional. If this is true, no
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
+     * be persisted regardless of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     * [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] will not
+     * contain the
+     * [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
+     * field.
      *
      * Generated from protobuf field <code>bool validate_only = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $validate_only = false;
     /**
-     * Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
-     * certificate.  This optional field will ignore the load-balancing scheme of
-     * the Pool and directly issue the certificate from the CA with the specified
-     * ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
-     * rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
-     * the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
-     * a Certificate Authority with resource name
+     * Optional. The resource ID of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that should issue the certificate.  This optional field will ignore the
+     * load-balancing scheme of the Pool and directly issue the certificate from
+     * the CA with the specified ID, contained in the same
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+     * Per-CA quota rules apply. If left empty, a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+     * by the service. For example, to issue a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+     * Certificate Authority with resource name
      * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-     * you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
-     * "projects/my-project/locations/us-central1/caPools/my-pool" and the
-     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
+     * you can set the
+     * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+     * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+     * to "my-ca".
      *
      * Generated from protobuf field <code>string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -85,20 +103,24 @@ class CreateCertificateRequest extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $parent
-     *           Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
-     *           in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     *           Required. The resource name of the
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+     *           format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *     @type string $certificate_id
      *           Optional. It must be unique within a location and match the regular
      *           expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
-     *           but is optional and its value is ignored otherwise.
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           in the Enterprise [CertificateAuthority.Tier][], but is optional and its
+     *           value is ignored otherwise.
      *     @type \Google\Cloud\Security\PrivateCA\V1\Certificate $certificate
-     *           Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
+     *           Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+     *           with initial field values.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *           For example, consider a situation where you make an initial request and the
      *           request times out. If you make the request again with the same request ID,
      *           the server can check if original operation with the same request ID was
@@ -107,21 +129,34 @@ class CreateCertificateRequest extends \Google\Protobuf\Internal\Message
      *           The request ID must be a valid UUID with the exception that zero UUID is
      *           not supported (00000000-0000-0000-0000-000000000000).
      *     @type bool $validate_only
-     *           Optional. If this is true, no [Certificate][google.cloud.security.privateca.v1.Certificate] resource will be persisted regardless
-     *           of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned [Certificate][google.cloud.security.privateca.v1.Certificate]
-     *           will not contain the [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate] field.
+     *           Optional. If this is true, no
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
+     *           be persisted regardless of the
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     *           [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] will not
+     *           contain the
+     *           [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
+     *           field.
      *     @type string $issuing_certificate_authority_id
-     *           Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
-     *           certificate.  This optional field will ignore the load-balancing scheme of
-     *           the Pool and directly issue the certificate from the CA with the specified
-     *           ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
-     *           rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
-     *           the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
-     *           a Certificate Authority with resource name
+     *           Optional. The resource ID of the
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           that should issue the certificate.  This optional field will ignore the
+     *           load-balancing scheme of the Pool and directly issue the certificate from
+     *           the CA with the specified ID, contained in the same
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+     *           Per-CA quota rules apply. If left empty, a
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+     *           by the service. For example, to issue a
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+     *           Certificate Authority with resource name
      *           "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-     *           you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
-     *           "projects/my-project/locations/us-central1/caPools/my-pool" and the
-     *           [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
+     *           you can set the
+     *           [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+     *           to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+     *           [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+     *           to "my-ca".
      * }
      */
     public function __construct($data = NULL) {
@@ -130,8 +165,10 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
-     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -142,8 +179,10 @@ public function getParent()
     }
 
     /**
-     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
-     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -160,8 +199,9 @@ public function setParent($var)
     /**
      * Optional. It must be unique within a location and match the regular
      * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
-     * but is optional and its value is ignored otherwise.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the Enterprise [CertificateAuthority.Tier][], but is optional and its
+     * value is ignored otherwise.
      *
      * Generated from protobuf field <code>string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return string
@@ -174,8 +214,9 @@ public function getCertificateId()
     /**
      * Optional. It must be unique within a location and match the regular
      * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
-     * but is optional and its value is ignored otherwise.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the Enterprise [CertificateAuthority.Tier][], but is optional and its
+     * value is ignored otherwise.
      *
      * Generated from protobuf field <code>string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param string $var
@@ -190,7 +231,8 @@ public function setCertificateId($var)
     }
 
     /**
-     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with initial field values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\Certificate|null
@@ -211,7 +253,8 @@ public function clearCertificate()
     }
 
     /**
-     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with initial field values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\Certificate $var
@@ -226,10 +269,10 @@ public function setCertificate($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
      * For example, consider a situation where you make an initial request and the
      * request times out. If you make the request again with the same request ID,
      * the server can check if original operation with the same request ID was
@@ -247,10 +290,10 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
      * For example, consider a situation where you make an initial request and the
      * request times out. If you make the request again with the same request ID,
      * the server can check if original operation with the same request ID was
@@ -272,9 +315,15 @@ public function setRequestId($var)
     }
 
     /**
-     * Optional. If this is true, no [Certificate][google.cloud.security.privateca.v1.Certificate] resource will be persisted regardless
-     * of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * will not contain the [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate] field.
+     * Optional. If this is true, no
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
+     * be persisted regardless of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     * [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] will not
+     * contain the
+     * [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
+     * field.
      *
      * Generated from protobuf field <code>bool validate_only = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return bool
@@ -285,9 +334,15 @@ public function getValidateOnly()
     }
 
     /**
-     * Optional. If this is true, no [Certificate][google.cloud.security.privateca.v1.Certificate] resource will be persisted regardless
-     * of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * will not contain the [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate] field.
+     * Optional. If this is true, no
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
+     * be persisted regardless of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     * [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] will not
+     * contain the
+     * [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
+     * field.
      *
      * Generated from protobuf field <code>bool validate_only = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param bool $var
@@ -302,17 +357,24 @@ public function setValidateOnly($var)
     }
 
     /**
-     * Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
-     * certificate.  This optional field will ignore the load-balancing scheme of
-     * the Pool and directly issue the certificate from the CA with the specified
-     * ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
-     * rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
-     * the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
-     * a Certificate Authority with resource name
+     * Optional. The resource ID of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that should issue the certificate.  This optional field will ignore the
+     * load-balancing scheme of the Pool and directly issue the certificate from
+     * the CA with the specified ID, contained in the same
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+     * Per-CA quota rules apply. If left empty, a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+     * by the service. For example, to issue a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+     * Certificate Authority with resource name
      * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-     * you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
-     * "projects/my-project/locations/us-central1/caPools/my-pool" and the
-     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
+     * you can set the
+     * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+     * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+     * to "my-ca".
      *
      * Generated from protobuf field <code>string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return string
@@ -323,17 +385,24 @@ public function getIssuingCertificateAuthorityId()
     }
 
     /**
-     * Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
-     * certificate.  This optional field will ignore the load-balancing scheme of
-     * the Pool and directly issue the certificate from the CA with the specified
-     * ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
-     * rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
-     * the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
-     * a Certificate Authority with resource name
+     * Optional. The resource ID of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that should issue the certificate.  This optional field will ignore the
+     * load-balancing scheme of the Pool and directly issue the certificate from
+     * the CA with the specified ID, contained in the same
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+     * Per-CA quota rules apply. If left empty, a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+     * by the service. For example, to issue a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+     * Certificate Authority with resource name
      * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-     * you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
-     * "projects/my-project/locations/us-central1/caPools/my-pool" and the
-     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
+     * you can set the
+     * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+     * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+     * to "my-ca".
      *
      * Generated from protobuf field <code>string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param string $var
diff --git a/SecurityPrivateCa/src/V1/CreateCertificateTemplateRequest.php b/SecurityPrivateCa/src/V1/CreateCertificateTemplateRequest.php
index e4737777a7e2..5d145814cdce 100644
--- a/SecurityPrivateCa/src/V1/CreateCertificateTemplateRequest.php
+++ b/SecurityPrivateCa/src/V1/CreateCertificateTemplateRequest.php
@@ -18,8 +18,8 @@ class CreateCertificateTemplateRequest extends \Google\Protobuf\Internal\Message
 {
     /**
      * Required. The resource name of the location associated with the
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-     * `projects/&#42;&#47;locations/&#42;`.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
@@ -32,18 +32,20 @@ class CreateCertificateTemplateRequest extends \Google\Protobuf\Internal\Message
      */
     private $certificate_template_id = '';
     /**
-     * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
+     * Required. A
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with initial field values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      */
     private $certificate_template = null;
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -62,20 +64,22 @@ class CreateCertificateTemplateRequest extends \Google\Protobuf\Internal\Message
      *
      *     @type string $parent
      *           Required. The resource name of the location associated with the
-     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-     *           `projects/&#42;&#47;locations/&#42;`.
+     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+     *           in the format `projects/&#42;&#47;locations/&#42;`.
      *     @type string $certificate_template_id
      *           Required. It must be unique within a location and match the regular
      *           expression `[a-zA-Z0-9_-]{1,63}`
      *     @type \Google\Cloud\Security\PrivateCA\V1\CertificateTemplate $certificate_template
-     *           Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
+     *           Required. A
+     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     *           with initial field values.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -90,8 +94,8 @@ public function __construct($data = NULL) {
 
     /**
      * Required. The resource name of the location associated with the
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-     * `projects/&#42;&#47;locations/&#42;`.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -103,8 +107,8 @@ public function getParent()
 
     /**
      * Required. The resource name of the location associated with the
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-     * `projects/&#42;&#47;locations/&#42;`.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -147,7 +151,9 @@ public function setCertificateTemplateId($var)
     }
 
     /**
-     * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
+     * Required. A
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with initial field values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CertificateTemplate|null
@@ -168,7 +174,9 @@ public function clearCertificateTemplate()
     }
 
     /**
-     * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
+     * Required. A
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with initial field values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CertificateTemplate $var
@@ -183,12 +191,12 @@ public function setCertificateTemplate($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -204,12 +212,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/DeleteCaPoolRequest.php b/SecurityPrivateCa/src/V1/DeleteCaPoolRequest.php
index ffa7909347fa..054187aab9ec 100644
--- a/SecurityPrivateCa/src/V1/DeleteCaPoolRequest.php
+++ b/SecurityPrivateCa/src/V1/DeleteCaPoolRequest.php
@@ -17,19 +17,20 @@
 class DeleteCaPoolRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Required. The resource name for this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
     private $name = '';
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -47,15 +48,16 @@ class DeleteCaPoolRequest extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-     *           format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     *           Required. The resource name for this
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     *           `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -69,8 +71,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Required. The resource name for this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -81,8 +84,9 @@ public function getName()
     }
 
     /**
-     * Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Required. The resource name for this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -97,12 +101,12 @@ public function setName($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -118,12 +122,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/DeleteCertificateAuthorityRequest.php b/SecurityPrivateCa/src/V1/DeleteCertificateAuthorityRequest.php
index e1adb0aa40b0..4d98ffe84d3f 100644
--- a/SecurityPrivateCa/src/V1/DeleteCertificateAuthorityRequest.php
+++ b/SecurityPrivateCa/src/V1/DeleteCertificateAuthorityRequest.php
@@ -17,19 +17,20 @@
 class DeleteCertificateAuthorityRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
     private $name = '';
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -47,9 +48,9 @@ class DeleteCertificateAuthorityRequest extends \Google\Protobuf\Internal\Messag
      */
     private $ignore_active_certificates = false;
     /**
-     * Optional. If this flag is set, the Certificate Authority will be deleted as soon as
-     * possible without a 30-day grace period where undeletion would have been
-     * allowed. If you proceed, there will be no way to recover this CA.
+     * Optional. If this flag is set, the Certificate Authority will be deleted as
+     * soon as possible without a 30-day grace period where undeletion would have
+     * been allowed. If you proceed, there will be no way to recover this CA.
      *
      * Generated from protobuf field <code>bool skip_grace_period = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -62,15 +63,16 @@ class DeleteCertificateAuthorityRequest extends \Google\Protobuf\Internal\Messag
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     *           format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     *           Required. The resource name for this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -80,9 +82,9 @@ class DeleteCertificateAuthorityRequest extends \Google\Protobuf\Internal\Messag
      *           Optional. This field allows the CA to be deleted even if the CA has
      *           active certs. Active certs include both unrevoked and unexpired certs.
      *     @type bool $skip_grace_period
-     *           Optional. If this flag is set, the Certificate Authority will be deleted as soon as
-     *           possible without a 30-day grace period where undeletion would have been
-     *           allowed. If you proceed, there will be no way to recover this CA.
+     *           Optional. If this flag is set, the Certificate Authority will be deleted as
+     *           soon as possible without a 30-day grace period where undeletion would have
+     *           been allowed. If you proceed, there will be no way to recover this CA.
      * }
      */
     public function __construct($data = NULL) {
@@ -91,8 +93,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -103,8 +106,9 @@ public function getName()
     }
 
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -119,12 +123,12 @@ public function setName($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -140,12 +144,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -193,9 +197,9 @@ public function setIgnoreActiveCertificates($var)
     }
 
     /**
-     * Optional. If this flag is set, the Certificate Authority will be deleted as soon as
-     * possible without a 30-day grace period where undeletion would have been
-     * allowed. If you proceed, there will be no way to recover this CA.
+     * Optional. If this flag is set, the Certificate Authority will be deleted as
+     * soon as possible without a 30-day grace period where undeletion would have
+     * been allowed. If you proceed, there will be no way to recover this CA.
      *
      * Generated from protobuf field <code>bool skip_grace_period = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return bool
@@ -206,9 +210,9 @@ public function getSkipGracePeriod()
     }
 
     /**
-     * Optional. If this flag is set, the Certificate Authority will be deleted as soon as
-     * possible without a 30-day grace period where undeletion would have been
-     * allowed. If you proceed, there will be no way to recover this CA.
+     * Optional. If this flag is set, the Certificate Authority will be deleted as
+     * soon as possible without a 30-day grace period where undeletion would have
+     * been allowed. If you proceed, there will be no way to recover this CA.
      *
      * Generated from protobuf field <code>bool skip_grace_period = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param bool $var
diff --git a/SecurityPrivateCa/src/V1/DeleteCertificateTemplateRequest.php b/SecurityPrivateCa/src/V1/DeleteCertificateTemplateRequest.php
index ad7eb897a6db..768c293b4dbb 100644
--- a/SecurityPrivateCa/src/V1/DeleteCertificateTemplateRequest.php
+++ b/SecurityPrivateCa/src/V1/DeleteCertificateTemplateRequest.php
@@ -17,19 +17,20 @@
 class DeleteCertificateTemplateRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * Required. The resource name for this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
     private $name = '';
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -47,15 +48,16 @@ class DeleteCertificateTemplateRequest extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-     *           `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     *           Required. The resource name for this
+     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     *           in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -69,8 +71,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * Required. The resource name for this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -81,8 +84,9 @@ public function getName()
     }
 
     /**
-     * Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * Required. The resource name for this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -97,12 +101,12 @@ public function setName($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -118,12 +122,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/DisableCertificateAuthorityRequest.php b/SecurityPrivateCa/src/V1/DisableCertificateAuthorityRequest.php
index a79e9422101b..75a4e852dddb 100644
--- a/SecurityPrivateCa/src/V1/DisableCertificateAuthorityRequest.php
+++ b/SecurityPrivateCa/src/V1/DisableCertificateAuthorityRequest.php
@@ -17,19 +17,20 @@
 class DisableCertificateAuthorityRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
     private $name = '';
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -47,15 +48,16 @@ class DisableCertificateAuthorityRequest extends \Google\Protobuf\Internal\Messa
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     *           format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     *           Required. The resource name for this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -69,8 +71,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -81,8 +84,9 @@ public function getName()
     }
 
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -97,12 +101,12 @@ public function setName($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -118,12 +122,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/EnableCertificateAuthorityRequest.php b/SecurityPrivateCa/src/V1/EnableCertificateAuthorityRequest.php
index bb8aba5b0e59..16fff3ba8ff3 100644
--- a/SecurityPrivateCa/src/V1/EnableCertificateAuthorityRequest.php
+++ b/SecurityPrivateCa/src/V1/EnableCertificateAuthorityRequest.php
@@ -17,19 +17,20 @@
 class EnableCertificateAuthorityRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
     private $name = '';
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -47,15 +48,16 @@ class EnableCertificateAuthorityRequest extends \Google\Protobuf\Internal\Messag
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     *           format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     *           Required. The resource name for this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -69,8 +71,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -81,8 +84,9 @@ public function getName()
     }
 
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -97,12 +101,12 @@ public function setName($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -118,12 +122,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/FetchCaCertsRequest.php b/SecurityPrivateCa/src/V1/FetchCaCertsRequest.php
index c8f154879bd6..96c0a5ece016 100644
--- a/SecurityPrivateCa/src/V1/FetchCaCertsRequest.php
+++ b/SecurityPrivateCa/src/V1/FetchCaCertsRequest.php
@@ -17,19 +17,20 @@
 class FetchCaCertsRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Required. The resource name for the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string ca_pool = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
     private $ca_pool = '';
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -47,15 +48,16 @@ class FetchCaCertsRequest extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $ca_pool
-     *           Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-     *           format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     *           Required. The resource name for the
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     *           `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -69,8 +71,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Required. The resource name for the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string ca_pool = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -81,8 +84,9 @@ public function getCaPool()
     }
 
     /**
-     * Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Required. The resource name for the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string ca_pool = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -97,12 +101,12 @@ public function setCaPool($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -118,12 +122,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/FetchCaCertsResponse.php b/SecurityPrivateCa/src/V1/FetchCaCertsResponse.php
index e311149869bc..510236f406d5 100644
--- a/SecurityPrivateCa/src/V1/FetchCaCertsResponse.php
+++ b/SecurityPrivateCa/src/V1/FetchCaCertsResponse.php
@@ -18,7 +18,8 @@ class FetchCaCertsResponse extends \Google\Protobuf\Internal\Message
 {
     /**
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;</code>
@@ -33,7 +34,8 @@ class FetchCaCertsResponse extends \Google\Protobuf\Internal\Message
      *
      *     @type array<\Google\Cloud\Security\PrivateCA\V1\FetchCaCertsResponse\CertChain>|\Google\Protobuf\Internal\RepeatedField $ca_certs
      *           The PEM encoded CA certificate chains of all
-     *           [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           [ACTIVE][CertificateAuthority.State.ACTIVE]
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      *           resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * }
      */
@@ -44,7 +46,8 @@ public function __construct($data = NULL) {
 
     /**
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;</code>
@@ -57,7 +60,8 @@ public function getCaCerts()
 
     /**
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;</code>
diff --git a/SecurityPrivateCa/src/V1/FetchCertificateAuthorityCsrRequest.php b/SecurityPrivateCa/src/V1/FetchCertificateAuthorityCsrRequest.php
index 2143d174ded6..3f9ae3cfcada 100644
--- a/SecurityPrivateCa/src/V1/FetchCertificateAuthorityCsrRequest.php
+++ b/SecurityPrivateCa/src/V1/FetchCertificateAuthorityCsrRequest.php
@@ -17,8 +17,9 @@
 class FetchCertificateAuthorityCsrRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
@@ -31,8 +32,9 @@ class FetchCertificateAuthorityCsrRequest extends \Google\Protobuf\Internal\Mess
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     *           format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     *           Required. The resource name for this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      * }
      */
     public function __construct($data = NULL) {
@@ -41,8 +43,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -53,8 +56,9 @@ public function getName()
     }
 
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
diff --git a/SecurityPrivateCa/src/V1/Gapic/CertificateAuthorityServiceGapicClient.php b/SecurityPrivateCa/src/V1/Gapic/CertificateAuthorityServiceGapicClient.php
index 15924f49fd10..8af5d23faf9c 100644
--- a/SecurityPrivateCa/src/V1/Gapic/CertificateAuthorityServiceGapicClient.php
+++ b/SecurityPrivateCa/src/V1/Gapic/CertificateAuthorityServiceGapicClient.php
@@ -93,8 +93,9 @@
 use Google\Protobuf\FieldMask;
 
 /**
- * Service Description: [Certificate Authority Service][google.cloud.security.privateca.v1.CertificateAuthorityService] manages private
- * certificate authorities and issued certificates.
+ * Service Description: [Certificate Authority
+ * Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
+ * manages private certificate authorities and issued certificates.
  *
  * This class provides the ability to make remote calls to the backing service through method
  * calls that map to API methods. Sample code to get started:
@@ -524,12 +525,16 @@ public function __construct(array $options = [])
     }
 
     /**
-     * Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+     * Activate a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that is in state
      * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-     * and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-     * the parent Certificate Authority signs a certificate signing request from
-     * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-     * process.
+     * and is of type
+     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+     * After the parent Certificate Authority signs a certificate signing request
+     * from
+     * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+     * this method can complete the activation process.
      *
      * Sample code:
      * ```
@@ -569,23 +574,24 @@ public function __construct(array $options = [])
      * }
      * ```
      *
-     * @param string            $name              Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     *                                             format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`.
+     * @param string            $name              Required. The resource name for this
+     *                                             [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *                                             in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`.
      * @param string            $pemCaCertificate  Required. The signed CA certificate issued from
      *                                             [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
-     * @param SubordinateConfig $subordinateConfig Required. Must include information about the issuer of 'pem_ca_certificate', and any
-     *                                             further issuers until the self-signed CA.
+     * @param SubordinateConfig $subordinateConfig Required. Must include information about the issuer of
+     *                                             'pem_ca_certificate', and any further issuers until the self-signed CA.
      * @param array             $optionalArgs      {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -661,21 +667,23 @@ public function activateCertificateAuthority($name, $pemCaCertificate, $subordin
      * ```
      *
      * @param string $parent       Required. The resource name of the location associated with the
-     *                             [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/&#42;/locations/*`.
+     *                             [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+     *                             `projects/&#42;/locations/*`.
      * @param string $caPoolId     Required. It must be unique within a location and match the regular
      *                             expression `[a-zA-Z0-9_-]{1,63}`
-     * @param CaPool $caPool       Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
+     * @param CaPool $caPool       Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+     *                             initial field values.
      * @param array  $optionalArgs {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -710,7 +718,8 @@ public function createCaPool($parent, $caPoolId, $caPool, array $optionalArgs =
     }
 
     /**
-     * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+     * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * in a given Project, Location from a particular
      * [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Sample code:
@@ -725,22 +734,26 @@ public function createCaPool($parent, $caPoolId, $caPool, array $optionalArgs =
      * }
      * ```
      *
-     * @param string      $parent       Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
-     *                                  in the format `projects/&#42;/locations/&#42;/caPools/*`.
-     * @param Certificate $certificate  Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
+     * @param string      $parent       Required. The resource name of the
+     *                                  [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     *                                  [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+     *                                  format `projects/&#42;/locations/&#42;/caPools/*`.
+     * @param Certificate $certificate  Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+     *                                  with initial field values.
      * @param array       $optionalArgs {
      *     Optional.
      *
      *     @type string $certificateId
      *           Optional. It must be unique within a location and match the regular
      *           expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
-     *           but is optional and its value is ignored otherwise.
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           in the Enterprise [CertificateAuthority.Tier][], but is optional and its
+     *           value is ignored otherwise.
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
      *           For example, consider a situation where you make an initial request and the
      *           request times out. If you make the request again with the same request ID,
@@ -751,21 +764,34 @@ public function createCaPool($parent, $caPoolId, $caPool, array $optionalArgs =
      *           The request ID must be a valid UUID with the exception that zero UUID is
      *           not supported (00000000-0000-0000-0000-000000000000).
      *     @type bool $validateOnly
-     *           Optional. If this is true, no [Certificate][google.cloud.security.privateca.v1.Certificate] resource will be persisted regardless
-     *           of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned [Certificate][google.cloud.security.privateca.v1.Certificate]
-     *           will not contain the [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate] field.
+     *           Optional. If this is true, no
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
+     *           be persisted regardless of the
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     *           [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] will not
+     *           contain the
+     *           [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
+     *           field.
      *     @type string $issuingCertificateAuthorityId
-     *           Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
-     *           certificate.  This optional field will ignore the load-balancing scheme of
-     *           the Pool and directly issue the certificate from the CA with the specified
-     *           ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
-     *           rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
-     *           the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
-     *           a Certificate Authority with resource name
+     *           Optional. The resource ID of the
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           that should issue the certificate.  This optional field will ignore the
+     *           load-balancing scheme of the Pool and directly issue the certificate from
+     *           the CA with the specified ID, contained in the same
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+     *           Per-CA quota rules apply. If left empty, a
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+     *           by the service. For example, to issue a
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+     *           Certificate Authority with resource name
      *           "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-     *           you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
-     *           "projects/my-project/locations/us-central1/caPools/my-pool" and the
-     *           [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
+     *           you can set the
+     *           [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+     *           to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+     *           [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+     *           to "my-ca".
      *     @type RetrySettings|array $retrySettings
      *           Retry settings to use for this call. Can be a {@see RetrySettings} object, or an
      *           associative array of retry settings parameters. See the documentation on
@@ -805,7 +831,9 @@ public function createCertificate($parent, $certificate, array $optionalArgs = [
     }
 
     /**
-     * Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+     * Create a new
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in a given Project and Location.
      *
      * Sample code:
      * ```
@@ -845,23 +873,26 @@ public function createCertificate($parent, $certificate, array $optionalArgs = [
      * }
      * ```
      *
-     * @param string               $parent                 Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     *                                                     [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-     *                                                     `projects/&#42;/locations/&#42;/caPools/*`.
+     * @param string               $parent                 Required. The resource name of the
+     *                                                     [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     *                                                     [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     *                                                     in the format `projects/&#42;/locations/&#42;/caPools/*`.
      * @param string               $certificateAuthorityId Required. It must be unique within a location and match the regular
      *                                                     expression `[a-zA-Z0-9_-]{1,63}`
-     * @param CertificateAuthority $certificateAuthority   Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
+     * @param CertificateAuthority $certificateAuthority   Required. A
+     *                                                     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *                                                     with initial field values.
      * @param array                $optionalArgs           {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -896,7 +927,9 @@ public function createCertificateAuthority($parent, $certificateAuthorityId, $ce
     }
 
     /**
-     * Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+     * Create a new
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in a given Project and Location.
      *
      * Sample code:
      * ```
@@ -937,22 +970,24 @@ public function createCertificateAuthority($parent, $certificateAuthorityId, $ce
      * ```
      *
      * @param string              $parent                Required. The resource name of the location associated with the
-     *                                                   [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-     *                                                   `projects/&#42;/locations/*`.
+     *                                                   [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+     *                                                   in the format `projects/&#42;/locations/*`.
      * @param string              $certificateTemplateId Required. It must be unique within a location and match the regular
      *                                                   expression `[a-zA-Z0-9_-]{1,63}`
-     * @param CertificateTemplate $certificateTemplate   Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
+     * @param CertificateTemplate $certificateTemplate   Required. A
+     *                                                   [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     *                                                   with initial field values.
      * @param array               $optionalArgs          {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -1023,19 +1058,20 @@ public function createCertificateTemplate($parent, $certificateTemplateId, $cert
      * }
      * ```
      *
-     * @param string $name         Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-     *                             format `projects/&#42;/locations/&#42;/caPools/*`.
+     * @param string $name         Required. The resource name for this
+     *                             [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     *                             `projects/&#42;/locations/&#42;/caPools/*`.
      * @param array  $optionalArgs {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -1068,7 +1104,8 @@ public function deleteCaPool($name, array $optionalArgs = [])
     }
 
     /**
-     * Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Delete a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Sample code:
      * ```
@@ -1106,19 +1143,20 @@ public function deleteCaPool($name, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param string $name         Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     *                             format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`.
+     * @param string $name         Required. The resource name for this
+     *                             [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *                             in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`.
      * @param array  $optionalArgs {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -1129,9 +1167,9 @@ public function deleteCaPool($name, array $optionalArgs = [])
      *           Optional. This field allows the CA to be deleted even if the CA has
      *           active certs. Active certs include both unrevoked and unexpired certs.
      *     @type bool $skipGracePeriod
-     *           Optional. If this flag is set, the Certificate Authority will be deleted as soon as
-     *           possible without a 30-day grace period where undeletion would have been
-     *           allowed. If you proceed, there will be no way to recover this CA.
+     *           Optional. If this flag is set, the Certificate Authority will be deleted as
+     *           soon as possible without a 30-day grace period where undeletion would have
+     *           been allowed. If you proceed, there will be no way to recover this CA.
      *     @type RetrySettings|array $retrySettings
      *           Retry settings to use for this call. Can be a {@see RetrySettings} object, or an
      *           associative array of retry settings parameters. See the documentation on
@@ -1166,7 +1204,8 @@ public function deleteCertificateAuthority($name, array $optionalArgs = [])
     }
 
     /**
-     * DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * DeleteCertificateTemplate deletes a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
      *
      * Sample code:
      * ```
@@ -1202,19 +1241,20 @@ public function deleteCertificateAuthority($name, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param string $name         Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-     *                             `projects/&#42;/locations/&#42;/certificateTemplates/*`.
+     * @param string $name         Required. The resource name for this
+     *                             [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     *                             in the format `projects/&#42;/locations/&#42;/certificateTemplates/*`.
      * @param array  $optionalArgs {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -1247,7 +1287,8 @@ public function deleteCertificateTemplate($name, array $optionalArgs = [])
     }
 
     /**
-     * Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Disable a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Sample code:
      * ```
@@ -1285,19 +1326,20 @@ public function deleteCertificateTemplate($name, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param string $name         Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     *                             format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`.
+     * @param string $name         Required. The resource name for this
+     *                             [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *                             in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`.
      * @param array  $optionalArgs {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -1330,7 +1372,8 @@ public function disableCertificateAuthority($name, array $optionalArgs = [])
     }
 
     /**
-     * Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Enable a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Sample code:
      * ```
@@ -1368,19 +1411,20 @@ public function disableCertificateAuthority($name, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param string $name         Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     *                             format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`.
+     * @param string $name         Required. The resource name for this
+     *                             [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *                             in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`.
      * @param array  $optionalArgs {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -1413,8 +1457,10 @@ public function enableCertificateAuthority($name, array $optionalArgs = [])
     }
 
     /**
-     * FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-     * include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * FetchCaCerts returns the current trust anchor for the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+     * certificate chains for all ACTIVE
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
      * Sample code:
@@ -1428,19 +1474,20 @@ public function enableCertificateAuthority($name, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param string $caPool       Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-     *                             format `projects/&#42;/locations/&#42;/caPools/*`.
+     * @param string $caPool       Required. The resource name for the
+     *                             [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     *                             `projects/&#42;/locations/&#42;/caPools/*`.
      * @param array  $optionalArgs {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -1473,13 +1520,17 @@ public function fetchCaCerts($caPool, array $optionalArgs = [])
     }
 
     /**
-     * Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * Fetch a certificate signing request (CSR) from a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * that is in state
      * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-     * and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-     * CSR must then be signed by the desired parent Certificate Authority, which
-     * could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-     * certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+     * and is of type
+     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+     * The CSR must then be signed by the desired parent Certificate Authority,
+     * which could be another
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resource, or could be an on-prem certificate authority. See also
+     * [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
      *
      * Sample code:
      * ```
@@ -1492,8 +1543,9 @@ public function fetchCaCerts($caPool, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param string $name         Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     *                             format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`.
+     * @param string $name         Required. The resource name for this
+     *                             [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *                             in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`.
      * @param array  $optionalArgs {
      *     Optional.
      *
@@ -1532,7 +1584,8 @@ public function fetchCertificateAuthorityCsr($name, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param string $name         Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+     * @param string $name         Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+     *                             [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
      * @param array  $optionalArgs {
      *     Optional.
      *
@@ -1571,7 +1624,9 @@ public function getCaPool($name, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param string $name         Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
+     * @param string $name         Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+     *                             of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+     *                             get.
      * @param array  $optionalArgs {
      *     Optional.
      *
@@ -1597,7 +1652,8 @@ public function getCertificate($name, array $optionalArgs = [])
     }
 
     /**
-     * Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Returns a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Sample code:
      * ```
@@ -1610,8 +1666,10 @@ public function getCertificate($name, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param string $name         Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
-     *                             get.
+     * @param string $name         Required. The
+     *                             [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+     *                             [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *                             to get.
      * @param array  $optionalArgs {
      *     Optional.
      *
@@ -1637,7 +1695,8 @@ public function getCertificateAuthority($name, array $optionalArgs = [])
     }
 
     /**
-     * Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Returns a
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
      * Sample code:
      * ```
@@ -1650,8 +1709,11 @@ public function getCertificateAuthority($name, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param string $name         Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
-     *                             [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
+     * @param string $name         Required. The
+     *                             [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+     *                             of the
+     *                             [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     *                             to get.
      * @param array  $optionalArgs {
      *     Optional.
      *
@@ -1677,7 +1739,8 @@ public function getCertificateRevocationList($name, array $optionalArgs = [])
     }
 
     /**
-     * Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * Returns a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
      *
      * Sample code:
      * ```
@@ -1690,8 +1753,10 @@ public function getCertificateRevocationList($name, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param string $name         Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
-     *                             get.
+     * @param string $name         Required. The
+     *                             [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+     *                             [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     *                             to get.
      * @param array  $optionalArgs {
      *     Optional.
      *
@@ -1799,7 +1864,8 @@ public function listCaPools($parent, array $optionalArgs = [])
     }
 
     /**
-     * Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Lists
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Sample code:
      * ```
@@ -1824,9 +1890,10 @@ public function listCaPools($parent, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param string $parent       Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     *                             [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-     *                             `projects/&#42;/locations/&#42;/caPools/*`.
+     * @param string $parent       Required. The resource name of the
+     *                             [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     *                             [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     *                             in the format `projects/&#42;/locations/&#42;/caPools/*`.
      * @param array  $optionalArgs {
      *     Optional.
      *
@@ -1881,7 +1948,8 @@ public function listCertificateAuthorities($parent, array $optionalArgs = [])
     }
 
     /**
-     * Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Lists
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
      * Sample code:
      * ```
@@ -1907,8 +1975,8 @@ public function listCertificateAuthorities($parent, array $optionalArgs = [])
      * ```
      *
      * @param string $parent       Required. The resource name of the location associated with the
-     *                             [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
-     *                             `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`.
+     *                             [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+     *                             in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`.
      * @param array  $optionalArgs {
      *     Optional.
      *
@@ -1963,7 +2031,8 @@ public function listCertificateRevocationLists($parent, array $optionalArgs = []
     }
 
     /**
-     * Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * Lists
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      *
      * Sample code:
      * ```
@@ -1989,8 +2058,8 @@ public function listCertificateRevocationLists($parent, array $optionalArgs = []
      * ```
      *
      * @param string $parent       Required. The resource name of the location associated with the
-     *                             [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-     *                             `projects/&#42;/locations/*`.
+     *                             [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+     *                             in the format `projects/&#42;/locations/*`.
      * @param array  $optionalArgs {
      *     Optional.
      *
@@ -2071,8 +2140,8 @@ public function listCertificateTemplates($parent, array $optionalArgs = [])
      * ```
      *
      * @param string $parent       Required. The resource name of the location associated with the
-     *                             [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
-     *                             `projects/&#42;/locations/&#42;/caPools/*`.
+     *                             [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+     *                             format `projects/&#42;/locations/&#42;/caPools/*`.
      * @param array  $optionalArgs {
      *     Optional.
      *
@@ -2086,12 +2155,12 @@ public function listCertificateTemplates($parent, array $optionalArgs = [])
      *           of values will be returned. Any page token used here must have
      *           been generated by a previous call to the API.
      *     @type string $filter
-     *           Optional. Only include resources that match the filter in the response. For details
-     *           on supported filters and syntax, see [Certificates Filtering
+     *           Optional. Only include resources that match the filter in the response. For
+     *           details on supported filters and syntax, see [Certificates Filtering
      *           documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
      *     @type string $orderBy
-     *           Optional. Specify how the results should be sorted. For details on supported fields
-     *           and syntax, see [Certificates Sorting
+     *           Optional. Specify how the results should be sorted. For details on
+     *           supported fields and syntax, see [Certificates Sorting
      *           documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
      *     @type RetrySettings|array $retrySettings
      *           Retry settings to use for this call. Can be a {@see RetrySettings} object, or an
@@ -2145,22 +2214,24 @@ public function listCertificates($parent, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param string $name         Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
-     *                             format
+     * @param string $name         Required. The resource name for this
+     *                             [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
      *                             `projects/&#42;/locations/&#42;/caPools/&#42;/certificates/*`.
-     * @param int    $reason       Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
+     * @param int    $reason       Required. The
+     *                             [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+     *                             revoking this certificate.
      *                             For allowed values, use constants defined on {@see \Google\Cloud\Security\PrivateCA\V1\RevocationReason}
      * @param array  $optionalArgs {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -2194,7 +2265,9 @@ public function revokeCertificate($name, $reason, array $optionalArgs = [])
     }
 
     /**
-     * Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+     * Undelete a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that has been deleted.
      *
      * Sample code:
      * ```
@@ -2232,19 +2305,20 @@ public function revokeCertificate($name, $reason, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param string $name         Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     *                             format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`.
+     * @param string $name         Required. The resource name for this
+     *                             [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *                             in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/*`.
      * @param array  $optionalArgs {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -2316,19 +2390,20 @@ public function undeleteCertificateAuthority($name, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param CaPool    $caPool       Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
+     * @param CaPool    $caPool       Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+     *                                values.
      * @param FieldMask $updateMask   Required. A list of fields to be updated in this request.
      * @param array     $optionalArgs {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -2362,7 +2437,8 @@ public function updateCaPool($caPool, $updateMask, array $optionalArgs = [])
     }
 
     /**
-     * Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
+     * Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * Currently, the only field you can update is the
      * [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
      *
      * Sample code:
@@ -2377,19 +2453,20 @@ public function updateCaPool($caPool, $updateMask, array $optionalArgs = [])
      * }
      * ```
      *
-     * @param Certificate $certificate  Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
+     * @param Certificate $certificate  Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+     *                                  with updated values.
      * @param FieldMask   $updateMask   Required. A list of fields to be updated in this request.
      * @param array       $optionalArgs {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -2423,7 +2500,8 @@ public function updateCertificate($certificate, $updateMask, array $optionalArgs
     }
 
     /**
-     * Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Update a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Sample code:
      * ```
@@ -2462,19 +2540,21 @@ public function updateCertificate($certificate, $updateMask, array $optionalArgs
      * }
      * ```
      *
-     * @param CertificateAuthority $certificateAuthority Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
+     * @param CertificateAuthority $certificateAuthority Required.
+     *                                                   [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *                                                   with updated values.
      * @param FieldMask            $updateMask           Required. A list of fields to be updated in this request.
      * @param array                $optionalArgs         {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -2508,7 +2588,8 @@ public function updateCertificateAuthority($certificateAuthority, $updateMask, a
     }
 
     /**
-     * Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Update a
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
      * Sample code:
      * ```
@@ -2547,19 +2628,21 @@ public function updateCertificateAuthority($certificateAuthority, $updateMask, a
      * }
      * ```
      *
-     * @param CertificateRevocationList $certificateRevocationList Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
+     * @param CertificateRevocationList $certificateRevocationList Required.
+     *                                                             [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     *                                                             with updated values.
      * @param FieldMask                 $updateMask                Required. A list of fields to be updated in this request.
      * @param array                     $optionalArgs              {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -2593,7 +2676,8 @@ public function updateCertificateRevocationList($certificateRevocationList, $upd
     }
 
     /**
-     * Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * Update a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
      *
      * Sample code:
      * ```
@@ -2632,19 +2716,21 @@ public function updateCertificateRevocationList($certificateRevocationList, $upd
      * }
      * ```
      *
-     * @param CertificateTemplate $certificateTemplate Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
+     * @param CertificateTemplate $certificateTemplate Required.
+     *                                                 [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     *                                                 with updated values.
      * @param FieldMask           $updateMask          Required. A list of fields to be updated in this request.
      * @param array               $optionalArgs        {
      *     Optional.
      *
      *     @type string $requestId
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
      *
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/GetCaPoolRequest.php b/SecurityPrivateCa/src/V1/GetCaPoolRequest.php
index 91fcacc40ba9..7f450c3c3c96 100644
--- a/SecurityPrivateCa/src/V1/GetCaPoolRequest.php
+++ b/SecurityPrivateCa/src/V1/GetCaPoolRequest.php
@@ -9,14 +9,16 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * Request message for [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
+ * Request message for
+ * [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.GetCaPoolRequest</code>
  */
 class GetCaPoolRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
@@ -29,7 +31,8 @@ class GetCaPoolRequest extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+     *           Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
      * }
      */
     public function __construct($data = NULL) {
@@ -38,7 +41,8 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -49,7 +53,8 @@ public function getName()
     }
 
     /**
-     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
diff --git a/SecurityPrivateCa/src/V1/GetCertificateAuthorityRequest.php b/SecurityPrivateCa/src/V1/GetCertificateAuthorityRequest.php
index af2f8ca4ab53..4c9c33453e53 100644
--- a/SecurityPrivateCa/src/V1/GetCertificateAuthorityRequest.php
+++ b/SecurityPrivateCa/src/V1/GetCertificateAuthorityRequest.php
@@ -9,15 +9,18 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * Request message for [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
+ * Request message for
+ * [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.GetCertificateAuthorityRequest</code>
  */
 class GetCertificateAuthorityRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
-     * get.
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * to get.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
@@ -30,8 +33,10 @@ class GetCertificateAuthorityRequest extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
-     *           get.
+     *           Required. The
+     *           [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           to get.
      * }
      */
     public function __construct($data = NULL) {
@@ -40,8 +45,10 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
-     * get.
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * to get.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -52,8 +59,10 @@ public function getName()
     }
 
     /**
-     * Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
-     * get.
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * to get.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
diff --git a/SecurityPrivateCa/src/V1/GetCertificateRequest.php b/SecurityPrivateCa/src/V1/GetCertificateRequest.php
index 50d9464de60c..49daad9103c8 100644
--- a/SecurityPrivateCa/src/V1/GetCertificateRequest.php
+++ b/SecurityPrivateCa/src/V1/GetCertificateRequest.php
@@ -17,7 +17,9 @@
 class GetCertificateRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
+     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+     * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+     * get.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
@@ -30,7 +32,9 @@ class GetCertificateRequest extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
+     *           Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+     *           of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+     *           get.
      * }
      */
     public function __construct($data = NULL) {
@@ -39,7 +43,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
+     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+     * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+     * get.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -50,7 +56,9 @@ public function getName()
     }
 
     /**
-     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
+     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+     * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+     * get.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
diff --git a/SecurityPrivateCa/src/V1/GetCertificateRevocationListRequest.php b/SecurityPrivateCa/src/V1/GetCertificateRevocationListRequest.php
index 23524613fe8f..43c521e0fd8f 100644
--- a/SecurityPrivateCa/src/V1/GetCertificateRevocationListRequest.php
+++ b/SecurityPrivateCa/src/V1/GetCertificateRevocationListRequest.php
@@ -17,8 +17,11 @@
 class GetCertificateRevocationListRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+     * of the
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * to get.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
@@ -31,8 +34,11 @@ class GetCertificateRevocationListRequest extends \Google\Protobuf\Internal\Mess
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
-     *           [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
+     *           Required. The
+     *           [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+     *           of the
+     *           [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     *           to get.
      * }
      */
     public function __construct($data = NULL) {
@@ -41,8 +47,11 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+     * of the
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * to get.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -53,8 +62,11 @@ public function getName()
     }
 
     /**
-     * Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+     * of the
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * to get.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
diff --git a/SecurityPrivateCa/src/V1/GetCertificateTemplateRequest.php b/SecurityPrivateCa/src/V1/GetCertificateTemplateRequest.php
index 9a9be20b9539..da8cc0144d79 100644
--- a/SecurityPrivateCa/src/V1/GetCertificateTemplateRequest.php
+++ b/SecurityPrivateCa/src/V1/GetCertificateTemplateRequest.php
@@ -17,8 +17,10 @@
 class GetCertificateTemplateRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
-     * get.
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * to get.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
@@ -31,8 +33,10 @@ class GetCertificateTemplateRequest extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
-     *           get.
+     *           Required. The
+     *           [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     *           to get.
      * }
      */
     public function __construct($data = NULL) {
@@ -41,8 +45,10 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
-     * get.
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * to get.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -53,8 +59,10 @@ public function getName()
     }
 
     /**
-     * Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
-     * get.
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * to get.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
diff --git a/SecurityPrivateCa/src/V1/KeyUsage.php b/SecurityPrivateCa/src/V1/KeyUsage.php
index 8db20c703412..505528464bf0 100644
--- a/SecurityPrivateCa/src/V1/KeyUsage.php
+++ b/SecurityPrivateCa/src/V1/KeyUsage.php
@@ -9,8 +9,8 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * A [KeyUsage][google.cloud.security.privateca.v1.KeyUsage] describes key usage values that may appear in an X.509
- * certificate.
+ * A [KeyUsage][google.cloud.security.privateca.v1.KeyUsage] describes key usage
+ * values that may appear in an X.509 certificate.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.KeyUsage</code>
  */
@@ -30,7 +30,8 @@ class KeyUsage extends \Google\Protobuf\Internal\Message
     private $extended_key_usage = null;
     /**
      * Used to describe extended key usages that are not listed in the
-     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions]
+     * message.
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;</code>
      */
@@ -48,7 +49,8 @@ class KeyUsage extends \Google\Protobuf\Internal\Message
      *           Detailed scenarios in which a key may be used.
      *     @type array<\Google\Cloud\Security\PrivateCA\V1\ObjectId>|\Google\Protobuf\Internal\RepeatedField $unknown_extended_key_usages
      *           Used to describe extended key usages that are not listed in the
-     *           [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     *           [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions]
+     *           message.
      * }
      */
     public function __construct($data = NULL) {
@@ -130,7 +132,8 @@ public function setExtendedKeyUsage($var)
 
     /**
      * Used to describe extended key usages that are not listed in the
-     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions]
+     * message.
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;</code>
      * @return \Google\Protobuf\Internal\RepeatedField
@@ -142,7 +145,8 @@ public function getUnknownExtendedKeyUsages()
 
     /**
      * Used to describe extended key usages that are not listed in the
-     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions]
+     * message.
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;</code>
      * @param array<\Google\Cloud\Security\PrivateCA\V1\ObjectId>|\Google\Protobuf\Internal\RepeatedField $var
diff --git a/SecurityPrivateCa/src/V1/KeyUsage/ExtendedKeyUsageOptions.php b/SecurityPrivateCa/src/V1/KeyUsage/ExtendedKeyUsageOptions.php
index d4b3f0f4c3e6..72729d0df8f2 100644
--- a/SecurityPrivateCa/src/V1/KeyUsage/ExtendedKeyUsageOptions.php
+++ b/SecurityPrivateCa/src/V1/KeyUsage/ExtendedKeyUsageOptions.php
@@ -9,8 +9,9 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] has fields that correspond to
- * certain common OIDs that could be specified as an extended key usage value.
+ * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions]
+ * has fields that correspond to certain common OIDs that could be specified
+ * as an extended key usage value.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions</code>
  */
diff --git a/SecurityPrivateCa/src/V1/KeyUsage/KeyUsageOptions.php b/SecurityPrivateCa/src/V1/KeyUsage/KeyUsageOptions.php
index de0938e53a8f..9cb665ad8c27 100644
--- a/SecurityPrivateCa/src/V1/KeyUsage/KeyUsageOptions.php
+++ b/SecurityPrivateCa/src/V1/KeyUsage/KeyUsageOptions.php
@@ -9,8 +9,9 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * [KeyUsage.KeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions] corresponds to the key usage values
- * described in https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
+ * [KeyUsage.KeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions]
+ * corresponds to the key usage values described in
+ * https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions</code>
  */
diff --git a/SecurityPrivateCa/src/V1/ListCaPoolsRequest.php b/SecurityPrivateCa/src/V1/ListCaPoolsRequest.php
index 5ae5c765e259..f30c2d59f647 100644
--- a/SecurityPrivateCa/src/V1/ListCaPoolsRequest.php
+++ b/SecurityPrivateCa/src/V1/ListCaPoolsRequest.php
@@ -25,12 +25,13 @@ class ListCaPoolsRequest extends \Google\Protobuf\Internal\Message
      */
     private $parent = '';
     /**
-     * Optional. Limit on the number of [CaPools][google.cloud.security.privateca.v1.CaPool] to
-     * include in the response.
-     * Further [CaPools][google.cloud.security.privateca.v1.CaPool] can subsequently be
-     * obtained by including the
-     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token] in a subsequent
-     * request. If unspecified, the server will pick an appropriate default.
+     * Optional. Limit on the number of
+     * [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
+     * response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
+     * subsequently be obtained by including the
+     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
      *
      * Generated from protobuf field <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -66,12 +67,13 @@ class ListCaPoolsRequest extends \Google\Protobuf\Internal\Message
      *           [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
      *           `projects/&#42;&#47;locations/&#42;`.
      *     @type int $page_size
-     *           Optional. Limit on the number of [CaPools][google.cloud.security.privateca.v1.CaPool] to
-     *           include in the response.
-     *           Further [CaPools][google.cloud.security.privateca.v1.CaPool] can subsequently be
-     *           obtained by including the
-     *           [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token] in a subsequent
-     *           request. If unspecified, the server will pick an appropriate default.
+     *           Optional. Limit on the number of
+     *           [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
+     *           response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
+     *           subsequently be obtained by including the
+     *           [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
+     *           in a subsequent request. If unspecified, the server will pick an
+     *           appropriate default.
      *     @type string $page_token
      *           Optional. Pagination token, returned earlier via
      *           [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token].
@@ -117,12 +119,13 @@ public function setParent($var)
     }
 
     /**
-     * Optional. Limit on the number of [CaPools][google.cloud.security.privateca.v1.CaPool] to
-     * include in the response.
-     * Further [CaPools][google.cloud.security.privateca.v1.CaPool] can subsequently be
-     * obtained by including the
-     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token] in a subsequent
-     * request. If unspecified, the server will pick an appropriate default.
+     * Optional. Limit on the number of
+     * [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
+     * response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
+     * subsequently be obtained by including the
+     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
      *
      * Generated from protobuf field <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return int
@@ -133,12 +136,13 @@ public function getPageSize()
     }
 
     /**
-     * Optional. Limit on the number of [CaPools][google.cloud.security.privateca.v1.CaPool] to
-     * include in the response.
-     * Further [CaPools][google.cloud.security.privateca.v1.CaPool] can subsequently be
-     * obtained by including the
-     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token] in a subsequent
-     * request. If unspecified, the server will pick an appropriate default.
+     * Optional. Limit on the number of
+     * [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
+     * response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
+     * subsequently be obtained by including the
+     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
      *
      * Generated from protobuf field <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param int $var
diff --git a/SecurityPrivateCa/src/V1/ListCertificateAuthoritiesRequest.php b/SecurityPrivateCa/src/V1/ListCertificateAuthoritiesRequest.php
index 830e19f91866..bbf9d98fc09d 100644
--- a/SecurityPrivateCa/src/V1/ListCertificateAuthoritiesRequest.php
+++ b/SecurityPrivateCa/src/V1/ListCertificateAuthoritiesRequest.php
@@ -17,20 +17,23 @@
 class ListCertificateAuthoritiesRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
     private $parent = '';
     /**
-     * Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] to
-     * include in the response.
-     * Further [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] can subsequently be
-     * obtained by including the
-     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent
-     * request. If unspecified, the server will pick an appropriate default.
+     * Optional. Limit on the number of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+     * to include in the response. Further
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+     * can subsequently be obtained by including the
+     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
      *
      * Generated from protobuf field <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -62,16 +65,19 @@ class ListCertificateAuthoritiesRequest extends \Google\Protobuf\Internal\Messag
      *     Optional. Data for populating the Message object.
      *
      *     @type string $parent
-     *           Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     *           [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-     *           `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     *           Required. The resource name of the
+     *           [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     *           [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     *           in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *     @type int $page_size
-     *           Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] to
-     *           include in the response.
-     *           Further [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] can subsequently be
-     *           obtained by including the
-     *           [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent
-     *           request. If unspecified, the server will pick an appropriate default.
+     *           Optional. Limit on the number of
+     *           [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           to include in the response. Further
+     *           [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           can subsequently be obtained by including the
+     *           [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
+     *           in a subsequent request. If unspecified, the server will pick an
+     *           appropriate default.
      *     @type string $page_token
      *           Optional. Pagination token, returned earlier via
      *           [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token].
@@ -87,9 +93,10 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -100,9 +107,10 @@ public function getParent()
     }
 
     /**
-     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -117,12 +125,14 @@ public function setParent($var)
     }
 
     /**
-     * Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] to
-     * include in the response.
-     * Further [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] can subsequently be
-     * obtained by including the
-     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent
-     * request. If unspecified, the server will pick an appropriate default.
+     * Optional. Limit on the number of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+     * to include in the response. Further
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+     * can subsequently be obtained by including the
+     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
      *
      * Generated from protobuf field <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return int
@@ -133,12 +143,14 @@ public function getPageSize()
     }
 
     /**
-     * Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] to
-     * include in the response.
-     * Further [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] can subsequently be
-     * obtained by including the
-     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent
-     * request. If unspecified, the server will pick an appropriate default.
+     * Optional. Limit on the number of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+     * to include in the response. Further
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+     * can subsequently be obtained by including the
+     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
      *
      * Generated from protobuf field <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param int $var
diff --git a/SecurityPrivateCa/src/V1/ListCertificateAuthoritiesResponse.php b/SecurityPrivateCa/src/V1/ListCertificateAuthoritiesResponse.php
index 428b4ef60861..a5a4c172c71d 100644
--- a/SecurityPrivateCa/src/V1/ListCertificateAuthoritiesResponse.php
+++ b/SecurityPrivateCa/src/V1/ListCertificateAuthoritiesResponse.php
@@ -17,7 +17,8 @@
 class ListCertificateAuthoritiesResponse extends \Google\Protobuf\Internal\Message
 {
     /**
-     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;</code>
      */
@@ -44,7 +45,8 @@ class ListCertificateAuthoritiesResponse extends \Google\Protobuf\Internal\Messa
      *     Optional. Data for populating the Message object.
      *
      *     @type array<\Google\Cloud\Security\PrivateCA\V1\CertificateAuthority>|\Google\Protobuf\Internal\RepeatedField $certificate_authorities
-     *           The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     *           The list of
+     *           [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      *     @type string $next_page_token
      *           A token to retrieve next page of results. Pass this value in
      *           [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
@@ -59,7 +61,8 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;</code>
      * @return \Google\Protobuf\Internal\RepeatedField
@@ -70,7 +73,8 @@ public function getCertificateAuthorities()
     }
 
     /**
-     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;</code>
      * @param array<\Google\Cloud\Security\PrivateCA\V1\CertificateAuthority>|\Google\Protobuf\Internal\RepeatedField $var
diff --git a/SecurityPrivateCa/src/V1/ListCertificateRevocationListsRequest.php b/SecurityPrivateCa/src/V1/ListCertificateRevocationListsRequest.php
index 1036bca79077..8a8f95d094b4 100644
--- a/SecurityPrivateCa/src/V1/ListCertificateRevocationListsRequest.php
+++ b/SecurityPrivateCa/src/V1/ListCertificateRevocationListsRequest.php
@@ -18,19 +18,21 @@ class ListCertificateRevocationListsRequest extends \Google\Protobuf\Internal\Me
 {
     /**
      * Required. The resource name of the location associated with the
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
     private $parent = '';
     /**
      * Optional. Limit on the number of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList] to include in the
-     * response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * to include in the response. Further
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
      * can subsequently be obtained by including the
-     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent
-     * request. If unspecified, the server will pick an appropriate default.
+     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
      *
      * Generated from protobuf field <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -63,15 +65,17 @@ class ListCertificateRevocationListsRequest extends \Google\Protobuf\Internal\Me
      *
      *     @type string $parent
      *           Required. The resource name of the location associated with the
-     *           [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
-     *           `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     *           [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+     *           in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *     @type int $page_size
      *           Optional. Limit on the number of
-     *           [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList] to include in the
-     *           response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     *           [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     *           to include in the response. Further
+     *           [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
      *           can subsequently be obtained by including the
-     *           [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent
-     *           request. If unspecified, the server will pick an appropriate default.
+     *           [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
+     *           in a subsequent request. If unspecified, the server will pick an
+     *           appropriate default.
      *     @type string $page_token
      *           Optional. Pagination token, returned earlier via
      *           [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token].
@@ -88,8 +92,8 @@ public function __construct($data = NULL) {
 
     /**
      * Required. The resource name of the location associated with the
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -101,8 +105,8 @@ public function getParent()
 
     /**
      * Required. The resource name of the location associated with the
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -118,11 +122,13 @@ public function setParent($var)
 
     /**
      * Optional. Limit on the number of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList] to include in the
-     * response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * to include in the response. Further
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
      * can subsequently be obtained by including the
-     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent
-     * request. If unspecified, the server will pick an appropriate default.
+     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
      *
      * Generated from protobuf field <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return int
@@ -134,11 +140,13 @@ public function getPageSize()
 
     /**
      * Optional. Limit on the number of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList] to include in the
-     * response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * to include in the response. Further
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
      * can subsequently be obtained by including the
-     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent
-     * request. If unspecified, the server will pick an appropriate default.
+     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
      *
      * Generated from protobuf field <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param int $var
diff --git a/SecurityPrivateCa/src/V1/ListCertificateRevocationListsResponse.php b/SecurityPrivateCa/src/V1/ListCertificateRevocationListsResponse.php
index 3ab58cc70c6b..4554d15d0ce5 100644
--- a/SecurityPrivateCa/src/V1/ListCertificateRevocationListsResponse.php
+++ b/SecurityPrivateCa/src/V1/ListCertificateRevocationListsResponse.php
@@ -17,7 +17,8 @@
 class ListCertificateRevocationListsResponse extends \Google\Protobuf\Internal\Message
 {
     /**
-     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;</code>
      */
@@ -44,7 +45,8 @@ class ListCertificateRevocationListsResponse extends \Google\Protobuf\Internal\M
      *     Optional. Data for populating the Message object.
      *
      *     @type array<\Google\Cloud\Security\PrivateCA\V1\CertificateRevocationList>|\Google\Protobuf\Internal\RepeatedField $certificate_revocation_lists
-     *           The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     *           The list of
+     *           [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      *     @type string $next_page_token
      *           A token to retrieve next page of results. Pass this value in
      *           [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the
@@ -59,7 +61,8 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;</code>
      * @return \Google\Protobuf\Internal\RepeatedField
@@ -70,7 +73,8 @@ public function getCertificateRevocationLists()
     }
 
     /**
-     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;</code>
      * @param array<\Google\Cloud\Security\PrivateCA\V1\CertificateRevocationList>|\Google\Protobuf\Internal\RepeatedField $var
diff --git a/SecurityPrivateCa/src/V1/ListCertificateTemplatesRequest.php b/SecurityPrivateCa/src/V1/ListCertificateTemplatesRequest.php
index 69bfd36b4d0b..846b0752ba2e 100644
--- a/SecurityPrivateCa/src/V1/ListCertificateTemplatesRequest.php
+++ b/SecurityPrivateCa/src/V1/ListCertificateTemplatesRequest.php
@@ -18,19 +18,21 @@ class ListCertificateTemplatesRequest extends \Google\Protobuf\Internal\Message
 {
     /**
      * Required. The resource name of the location associated with the
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-     * `projects/&#42;&#47;locations/&#42;`.
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
     private $parent = '';
     /**
      * Optional. Limit on the number of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] to include in the response.
-     * Further [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] can subsequently be
-     * obtained by including the
-     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token] in a subsequent
-     * request. If unspecified, the server will pick an appropriate default.
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+     * to include in the response. Further
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+     * can subsequently be obtained by including the
+     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
      *
      * Generated from protobuf field <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -63,15 +65,17 @@ class ListCertificateTemplatesRequest extends \Google\Protobuf\Internal\Message
      *
      *     @type string $parent
      *           Required. The resource name of the location associated with the
-     *           [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-     *           `projects/&#42;&#47;locations/&#42;`.
+     *           [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+     *           in the format `projects/&#42;&#47;locations/&#42;`.
      *     @type int $page_size
      *           Optional. Limit on the number of
-     *           [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] to include in the response.
-     *           Further [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] can subsequently be
-     *           obtained by including the
-     *           [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token] in a subsequent
-     *           request. If unspecified, the server will pick an appropriate default.
+     *           [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+     *           to include in the response. Further
+     *           [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+     *           can subsequently be obtained by including the
+     *           [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
+     *           in a subsequent request. If unspecified, the server will pick an
+     *           appropriate default.
      *     @type string $page_token
      *           Optional. Pagination token, returned earlier via
      *           [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token].
@@ -88,8 +92,8 @@ public function __construct($data = NULL) {
 
     /**
      * Required. The resource name of the location associated with the
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-     * `projects/&#42;&#47;locations/&#42;`.
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -101,8 +105,8 @@ public function getParent()
 
     /**
      * Required. The resource name of the location associated with the
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-     * `projects/&#42;&#47;locations/&#42;`.
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -118,11 +122,13 @@ public function setParent($var)
 
     /**
      * Optional. Limit on the number of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] to include in the response.
-     * Further [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] can subsequently be
-     * obtained by including the
-     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token] in a subsequent
-     * request. If unspecified, the server will pick an appropriate default.
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+     * to include in the response. Further
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+     * can subsequently be obtained by including the
+     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
      *
      * Generated from protobuf field <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return int
@@ -134,11 +140,13 @@ public function getPageSize()
 
     /**
      * Optional. Limit on the number of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] to include in the response.
-     * Further [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] can subsequently be
-     * obtained by including the
-     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token] in a subsequent
-     * request. If unspecified, the server will pick an appropriate default.
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+     * to include in the response. Further
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+     * can subsequently be obtained by including the
+     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
      *
      * Generated from protobuf field <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param int $var
diff --git a/SecurityPrivateCa/src/V1/ListCertificateTemplatesResponse.php b/SecurityPrivateCa/src/V1/ListCertificateTemplatesResponse.php
index f9beffc08911..c5043c8031d7 100644
--- a/SecurityPrivateCa/src/V1/ListCertificateTemplatesResponse.php
+++ b/SecurityPrivateCa/src/V1/ListCertificateTemplatesResponse.php
@@ -17,7 +17,8 @@
 class ListCertificateTemplatesResponse extends \Google\Protobuf\Internal\Message
 {
     /**
-     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;</code>
      */
@@ -44,7 +45,8 @@ class ListCertificateTemplatesResponse extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type array<\Google\Cloud\Security\PrivateCA\V1\CertificateTemplate>|\Google\Protobuf\Internal\RepeatedField $certificate_templates
-     *           The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     *           The list of
+     *           [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      *     @type string $next_page_token
      *           A token to retrieve next page of results. Pass this value in
      *           [ListCertificateTemplatesRequest.next_page_token][] to retrieve
@@ -59,7 +61,8 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;</code>
      * @return \Google\Protobuf\Internal\RepeatedField
@@ -70,7 +73,8 @@ public function getCertificateTemplates()
     }
 
     /**
-     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      *
      * Generated from protobuf field <code>repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;</code>
      * @param array<\Google\Cloud\Security\PrivateCA\V1\CertificateTemplate>|\Google\Protobuf\Internal\RepeatedField $var
diff --git a/SecurityPrivateCa/src/V1/ListCertificatesRequest.php b/SecurityPrivateCa/src/V1/ListCertificatesRequest.php
index ebd7c1d5b5b2..7ed89dd1c8b4 100644
--- a/SecurityPrivateCa/src/V1/ListCertificatesRequest.php
+++ b/SecurityPrivateCa/src/V1/ListCertificatesRequest.php
@@ -9,7 +9,8 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * Request message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+ * Request message for
+ * [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.ListCertificatesRequest</code>
  */
@@ -17,19 +18,21 @@ class ListCertificatesRequest extends \Google\Protobuf\Internal\Message
 {
     /**
      * Required. The resource name of the location associated with the
-     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
     private $parent = '';
     /**
      * Optional. Limit on the number of
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] to include in the
-     * response. Further [Certificates][google.cloud.security.privateca.v1.Certificate] can subsequently be obtained
-     * by including the
-     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token] in a subsequent
-     * request. If unspecified, the server will pick an appropriate default.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] to include
+     * in the response. Further
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] can
+     * subsequently be obtained by including the
+     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
      *
      * Generated from protobuf field <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -42,16 +45,16 @@ class ListCertificatesRequest extends \Google\Protobuf\Internal\Message
      */
     private $page_token = '';
     /**
-     * Optional. Only include resources that match the filter in the response. For details
-     * on supported filters and syntax, see [Certificates Filtering
+     * Optional. Only include resources that match the filter in the response. For
+     * details on supported filters and syntax, see [Certificates Filtering
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
      *
      * Generated from protobuf field <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $filter = '';
     /**
-     * Optional. Specify how the results should be sorted. For details on supported fields
-     * and syntax, see [Certificates Sorting
+     * Optional. Specify how the results should be sorted. For details on
+     * supported fields and syntax, see [Certificates Sorting
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
      *
      * Generated from protobuf field <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
@@ -66,25 +69,27 @@ class ListCertificatesRequest extends \Google\Protobuf\Internal\Message
      *
      *     @type string $parent
      *           Required. The resource name of the location associated with the
-     *           [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
-     *           `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     *           [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+     *           format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *     @type int $page_size
      *           Optional. Limit on the number of
-     *           [Certificates][google.cloud.security.privateca.v1.Certificate] to include in the
-     *           response. Further [Certificates][google.cloud.security.privateca.v1.Certificate] can subsequently be obtained
-     *           by including the
-     *           [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token] in a subsequent
-     *           request. If unspecified, the server will pick an appropriate default.
+     *           [Certificates][google.cloud.security.privateca.v1.Certificate] to include
+     *           in the response. Further
+     *           [Certificates][google.cloud.security.privateca.v1.Certificate] can
+     *           subsequently be obtained by including the
+     *           [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
+     *           in a subsequent request. If unspecified, the server will pick an
+     *           appropriate default.
      *     @type string $page_token
      *           Optional. Pagination token, returned earlier via
      *           [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
      *     @type string $filter
-     *           Optional. Only include resources that match the filter in the response. For details
-     *           on supported filters and syntax, see [Certificates Filtering
+     *           Optional. Only include resources that match the filter in the response. For
+     *           details on supported filters and syntax, see [Certificates Filtering
      *           documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
      *     @type string $order_by
-     *           Optional. Specify how the results should be sorted. For details on supported fields
-     *           and syntax, see [Certificates Sorting
+     *           Optional. Specify how the results should be sorted. For details on
+     *           supported fields and syntax, see [Certificates Sorting
      *           documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
      * }
      */
@@ -95,8 +100,8 @@ public function __construct($data = NULL) {
 
     /**
      * Required. The resource name of the location associated with the
-     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -108,8 +113,8 @@ public function getParent()
 
     /**
      * Required. The resource name of the location associated with the
-     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
-     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
      *
      * Generated from protobuf field <code>string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -125,11 +130,13 @@ public function setParent($var)
 
     /**
      * Optional. Limit on the number of
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] to include in the
-     * response. Further [Certificates][google.cloud.security.privateca.v1.Certificate] can subsequently be obtained
-     * by including the
-     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token] in a subsequent
-     * request. If unspecified, the server will pick an appropriate default.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] to include
+     * in the response. Further
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] can
+     * subsequently be obtained by including the
+     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
      *
      * Generated from protobuf field <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return int
@@ -141,11 +148,13 @@ public function getPageSize()
 
     /**
      * Optional. Limit on the number of
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] to include in the
-     * response. Further [Certificates][google.cloud.security.privateca.v1.Certificate] can subsequently be obtained
-     * by including the
-     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token] in a subsequent
-     * request. If unspecified, the server will pick an appropriate default.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] to include
+     * in the response. Further
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] can
+     * subsequently be obtained by including the
+     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
      *
      * Generated from protobuf field <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param int $var
@@ -188,8 +197,8 @@ public function setPageToken($var)
     }
 
     /**
-     * Optional. Only include resources that match the filter in the response. For details
-     * on supported filters and syntax, see [Certificates Filtering
+     * Optional. Only include resources that match the filter in the response. For
+     * details on supported filters and syntax, see [Certificates Filtering
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
      *
      * Generated from protobuf field <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
@@ -201,8 +210,8 @@ public function getFilter()
     }
 
     /**
-     * Optional. Only include resources that match the filter in the response. For details
-     * on supported filters and syntax, see [Certificates Filtering
+     * Optional. Only include resources that match the filter in the response. For
+     * details on supported filters and syntax, see [Certificates Filtering
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
      *
      * Generated from protobuf field <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
@@ -218,8 +227,8 @@ public function setFilter($var)
     }
 
     /**
-     * Optional. Specify how the results should be sorted. For details on supported fields
-     * and syntax, see [Certificates Sorting
+     * Optional. Specify how the results should be sorted. For details on
+     * supported fields and syntax, see [Certificates Sorting
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
      *
      * Generated from protobuf field <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
@@ -231,8 +240,8 @@ public function getOrderBy()
     }
 
     /**
-     * Optional. Specify how the results should be sorted. For details on supported fields
-     * and syntax, see [Certificates Sorting
+     * Optional. Specify how the results should be sorted. For details on
+     * supported fields and syntax, see [Certificates Sorting
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
      *
      * Generated from protobuf field <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
diff --git a/SecurityPrivateCa/src/V1/ListCertificatesResponse.php b/SecurityPrivateCa/src/V1/ListCertificatesResponse.php
index 1ddcd9e50525..1f34fd1fa868 100644
--- a/SecurityPrivateCa/src/V1/ListCertificatesResponse.php
+++ b/SecurityPrivateCa/src/V1/ListCertificatesResponse.php
@@ -9,7 +9,8 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * Response message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+ * Response message for
+ * [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.ListCertificatesResponse</code>
  */
diff --git a/SecurityPrivateCa/src/V1/ObjectId.php b/SecurityPrivateCa/src/V1/ObjectId.php
index aeedba1608c0..7accb80cd63d 100644
--- a/SecurityPrivateCa/src/V1/ObjectId.php
+++ b/SecurityPrivateCa/src/V1/ObjectId.php
@@ -9,16 +9,17 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * An [ObjectId][google.cloud.security.privateca.v1.ObjectId] specifies an object identifier (OID). These provide context
- * and describe types in ASN.1 messages.
+ * An [ObjectId][google.cloud.security.privateca.v1.ObjectId] specifies an
+ * object identifier (OID). These provide context and describe types in ASN.1
+ * messages.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.ObjectId</code>
  */
 class ObjectId extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The parts of an OID path. The most significant parts of the path come
-     * first.
+     * Required. The parts of an OID path. The most significant parts of the path
+     * come first.
      *
      * Generated from protobuf field <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      */
@@ -31,8 +32,8 @@ class ObjectId extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type array<int>|\Google\Protobuf\Internal\RepeatedField $object_id_path
-     *           Required. The parts of an OID path. The most significant parts of the path come
-     *           first.
+     *           Required. The parts of an OID path. The most significant parts of the path
+     *           come first.
      * }
      */
     public function __construct($data = NULL) {
@@ -41,8 +42,8 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The parts of an OID path. The most significant parts of the path come
-     * first.
+     * Required. The parts of an OID path. The most significant parts of the path
+     * come first.
      *
      * Generated from protobuf field <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return \Google\Protobuf\Internal\RepeatedField
@@ -53,8 +54,8 @@ public function getObjectIdPath()
     }
 
     /**
-     * Required. The parts of an OID path. The most significant parts of the path come
-     * first.
+     * Required. The parts of an OID path. The most significant parts of the path
+     * come first.
      *
      * Generated from protobuf field <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param array<int>|\Google\Protobuf\Internal\RepeatedField $var
diff --git a/SecurityPrivateCa/src/V1/OperationMetadata.php b/SecurityPrivateCa/src/V1/OperationMetadata.php
index dc953d98a1cc..23c73b6b4dd4 100644
--- a/SecurityPrivateCa/src/V1/OperationMetadata.php
+++ b/SecurityPrivateCa/src/V1/OperationMetadata.php
@@ -48,8 +48,9 @@ class OperationMetadata extends \Google\Protobuf\Internal\Message
     /**
      * Output only. Identifies whether the user has requested cancellation
      * of the operation. Operations that have successfully been cancelled
-     * have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
-     * corresponding to `Code.CANCELLED`.
+     * have [Operation.error][] value with a
+     * [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
+     * `Code.CANCELLED`.
      *
      * Generated from protobuf field <code>bool requested_cancellation = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
@@ -80,8 +81,9 @@ class OperationMetadata extends \Google\Protobuf\Internal\Message
      *     @type bool $requested_cancellation
      *           Output only. Identifies whether the user has requested cancellation
      *           of the operation. Operations that have successfully been cancelled
-     *           have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
-     *           corresponding to `Code.CANCELLED`.
+     *           have [Operation.error][] value with a
+     *           [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
+     *           `Code.CANCELLED`.
      *     @type string $api_version
      *           Output only. API version used to start the operation.
      * }
@@ -244,8 +246,9 @@ public function setStatusMessage($var)
     /**
      * Output only. Identifies whether the user has requested cancellation
      * of the operation. Operations that have successfully been cancelled
-     * have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
-     * corresponding to `Code.CANCELLED`.
+     * have [Operation.error][] value with a
+     * [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
+     * `Code.CANCELLED`.
      *
      * Generated from protobuf field <code>bool requested_cancellation = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @return bool
@@ -258,8 +261,9 @@ public function getRequestedCancellation()
     /**
      * Output only. Identifies whether the user has requested cancellation
      * of the operation. Operations that have successfully been cancelled
-     * have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
-     * corresponding to `Code.CANCELLED`.
+     * have [Operation.error][] value with a
+     * [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
+     * `Code.CANCELLED`.
      *
      * Generated from protobuf field <code>bool requested_cancellation = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      * @param bool $var
diff --git a/SecurityPrivateCa/src/V1/PublicKey.php b/SecurityPrivateCa/src/V1/PublicKey.php
index 338b8b3344bc..fdf4537efe6f 100644
--- a/SecurityPrivateCa/src/V1/PublicKey.php
+++ b/SecurityPrivateCa/src/V1/PublicKey.php
@@ -9,7 +9,8 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * A [PublicKey][google.cloud.security.privateca.v1.PublicKey] describes a public key.
+ * A [PublicKey][google.cloud.security.privateca.v1.PublicKey] describes a
+ * public key.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.PublicKey</code>
  */
diff --git a/SecurityPrivateCa/src/V1/RevocationReason.php b/SecurityPrivateCa/src/V1/RevocationReason.php
index aa15cb318a15..919eb2cb9c31 100644
--- a/SecurityPrivateCa/src/V1/RevocationReason.php
+++ b/SecurityPrivateCa/src/V1/RevocationReason.php
@@ -7,25 +7,30 @@
 use UnexpectedValueException;
 
 /**
- * A [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] indicates whether a [Certificate][google.cloud.security.privateca.v1.Certificate] has been revoked,
- * and the reason for revocation. These correspond to standard revocation
- * reasons from RFC 5280. Note that the enum labels and values in this
- * definition are not the same ASN.1 values defined in RFC 5280. These values
- * will be translated to the correct ASN.1 values when a CRL is created.
+ * A [RevocationReason][google.cloud.security.privateca.v1.RevocationReason]
+ * indicates whether a
+ * [Certificate][google.cloud.security.privateca.v1.Certificate] has been
+ * revoked, and the reason for revocation. These correspond to standard
+ * revocation reasons from RFC 5280. Note that the enum labels and values in
+ * this definition are not the same ASN.1 values defined in RFC 5280. These
+ * values will be translated to the correct ASN.1 values when a CRL is created.
  *
  * Protobuf type <code>google.cloud.security.privateca.v1.RevocationReason</code>
  */
 class RevocationReason
 {
     /**
-     * Default unspecified value. This value does indicate that a [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * has been revoked, but that a reason has not been recorded.
+     * Default unspecified value. This value does indicate that a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] has been
+     * revoked, but that a reason has not been recorded.
      *
      * Generated from protobuf enum <code>REVOCATION_REASON_UNSPECIFIED = 0;</code>
      */
     const REVOCATION_REASON_UNSPECIFIED = 0;
     /**
-     * Key material for this [Certificate][google.cloud.security.privateca.v1.Certificate] may have leaked.
+     * Key material for this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] may have
+     * leaked.
      *
      * Generated from protobuf enum <code>KEY_COMPROMISE = 1;</code>
      */
@@ -38,41 +43,45 @@ class RevocationReason
      */
     const CERTIFICATE_AUTHORITY_COMPROMISE = 2;
     /**
-     * The subject or other attributes in this [Certificate][google.cloud.security.privateca.v1.Certificate] have changed.
+     * The subject or other attributes in this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] have changed.
      *
      * Generated from protobuf enum <code>AFFILIATION_CHANGED = 3;</code>
      */
     const AFFILIATION_CHANGED = 3;
     /**
-     * This [Certificate][google.cloud.security.privateca.v1.Certificate] has been superseded.
+     * This [Certificate][google.cloud.security.privateca.v1.Certificate] has been
+     * superseded.
      *
      * Generated from protobuf enum <code>SUPERSEDED = 4;</code>
      */
     const SUPERSEDED = 4;
     /**
-     * This [Certificate][google.cloud.security.privateca.v1.Certificate] or entities in the issuing path have ceased to
-     * operate.
+     * This [Certificate][google.cloud.security.privateca.v1.Certificate] or
+     * entities in the issuing path have ceased to operate.
      *
      * Generated from protobuf enum <code>CESSATION_OF_OPERATION = 5;</code>
      */
     const CESSATION_OF_OPERATION = 5;
     /**
-     * This [Certificate][google.cloud.security.privateca.v1.Certificate] should not be considered valid, it is expected that it
-     * may become valid in the future.
+     * This [Certificate][google.cloud.security.privateca.v1.Certificate] should
+     * not be considered valid, it is expected that it may become valid in the
+     * future.
      *
      * Generated from protobuf enum <code>CERTIFICATE_HOLD = 6;</code>
      */
     const CERTIFICATE_HOLD = 6;
     /**
-     * This [Certificate][google.cloud.security.privateca.v1.Certificate] no longer has permission to assert the listed
-     * attributes.
+     * This [Certificate][google.cloud.security.privateca.v1.Certificate] no
+     * longer has permission to assert the listed attributes.
      *
      * Generated from protobuf enum <code>PRIVILEGE_WITHDRAWN = 7;</code>
      */
     const PRIVILEGE_WITHDRAWN = 7;
     /**
-     * The authority which determines appropriate attributes for a [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * may have been compromised.
+     * The authority which determines appropriate attributes for a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] may have been
+     * compromised.
      *
      * Generated from protobuf enum <code>ATTRIBUTE_AUTHORITY_COMPROMISE = 8;</code>
      */
diff --git a/SecurityPrivateCa/src/V1/RevokeCertificateRequest.php b/SecurityPrivateCa/src/V1/RevokeCertificateRequest.php
index 7240496cbce4..3a7bfa6ba99e 100644
--- a/SecurityPrivateCa/src/V1/RevokeCertificateRequest.php
+++ b/SecurityPrivateCa/src/V1/RevokeCertificateRequest.php
@@ -17,26 +17,28 @@
 class RevokeCertificateRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
-     * format
+     * Required. The resource name for this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
      * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
     private $name = '';
     /**
-     * Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
+     * Required. The
+     * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+     * revoking this certificate.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.RevocationReason reason = 2 [(.google.api.field_behavior) = REQUIRED];</code>
      */
     private $reason = 0;
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -54,18 +56,20 @@ class RevokeCertificateRequest extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
-     *           format
+     *           Required. The resource name for this
+     *           [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
      *           `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
      *     @type int $reason
-     *           Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
+     *           Required. The
+     *           [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+     *           revoking this certificate.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -79,8 +83,8 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
-     * format
+     * Required. The resource name for this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
      * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
@@ -92,8 +96,8 @@ public function getName()
     }
 
     /**
-     * Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
-     * format
+     * Required. The resource name for this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
      * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
@@ -109,7 +113,9 @@ public function setName($var)
     }
 
     /**
-     * Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
+     * Required. The
+     * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+     * revoking this certificate.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.RevocationReason reason = 2 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return int
@@ -120,7 +126,9 @@ public function getReason()
     }
 
     /**
-     * Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
+     * Required. The
+     * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+     * revoking this certificate.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.RevocationReason reason = 2 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param int $var
@@ -135,12 +143,12 @@ public function setReason($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -156,12 +164,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/Subject.php b/SecurityPrivateCa/src/V1/Subject.php
index e2f143bc4d3a..a5c992cfacc1 100644
--- a/SecurityPrivateCa/src/V1/Subject.php
+++ b/SecurityPrivateCa/src/V1/Subject.php
@@ -9,8 +9,8 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * [Subject][google.cloud.security.privateca.v1.Subject] describes parts of a distinguished name that, in turn,
- * describes the subject of the certificate.
+ * [Subject][google.cloud.security.privateca.v1.Subject] describes parts of a
+ * distinguished name that, in turn, describes the subject of the certificate.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.Subject</code>
  */
diff --git a/SecurityPrivateCa/src/V1/SubjectAltNames.php b/SecurityPrivateCa/src/V1/SubjectAltNames.php
index 9bb84527a260..19d765f9240a 100644
--- a/SecurityPrivateCa/src/V1/SubjectAltNames.php
+++ b/SecurityPrivateCa/src/V1/SubjectAltNames.php
@@ -9,9 +9,10 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] corresponds to a more modern way of listing what
- * the asserted identity is in a certificate (i.e., compared to the "common
- * name" in the distinguished name).
+ * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames]
+ * corresponds to a more modern way of listing what the asserted identity is in
+ * a certificate (i.e., compared to the "common name" in the distinguished
+ * name).
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.SubjectAltNames</code>
  */
diff --git a/SecurityPrivateCa/src/V1/SubjectRequestMode.php b/SecurityPrivateCa/src/V1/SubjectRequestMode.php
index e740f5157ebd..c27aed5a4db2 100644
--- a/SecurityPrivateCa/src/V1/SubjectRequestMode.php
+++ b/SecurityPrivateCa/src/V1/SubjectRequestMode.php
@@ -7,8 +7,11 @@
 use UnexpectedValueException;
 
 /**
- * Describes the way in which a [Certificate][google.cloud.security.privateca.v1.Certificate]'s [Subject][google.cloud.security.privateca.v1.Subject] and/or
- * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be resolved.
+ * Describes the way in which a
+ * [Certificate][google.cloud.security.privateca.v1.Certificate]'s
+ * [Subject][google.cloud.security.privateca.v1.Subject] and/or
+ * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be
+ * resolved.
  *
  * Protobuf type <code>google.cloud.security.privateca.v1.SubjectRequestMode</code>
  */
@@ -22,19 +25,23 @@ class SubjectRequestMode
     const SUBJECT_REQUEST_MODE_UNSPECIFIED = 0;
     /**
      * The default mode used in most cases. Indicates that the certificate's
-     * [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] are specified in the certificate
-     * request. This mode requires the caller to have the
-     * `privateca.certificates.create` permission.
+     * [Subject][google.cloud.security.privateca.v1.Subject] and/or
+     * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] are
+     * specified in the certificate request. This mode requires the caller to have
+     * the `privateca.certificates.create` permission.
      *
      * Generated from protobuf enum <code>DEFAULT = 1;</code>
      */
     const PBDEFAULT = 1;
     /**
      * A mode reserved for special cases. Indicates that the certificate should
-     * have one or more SPIFFE [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] set by the service based
-     * on the caller's identity. This mode will ignore any explicitly specified
-     * [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] in the certificate request.
-     * This mode requires the caller to have the
+     * have one or more SPIFFE
+     * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] set
+     * by the service based on the caller's identity. This mode will ignore any
+     * explicitly specified [Subject][google.cloud.security.privateca.v1.Subject]
+     * and/or
+     * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] in
+     * the certificate request. This mode requires the caller to have the
      * `privateca.certificates.createForSelf` permission.
      *
      * Generated from protobuf enum <code>REFLECTED_SPIFFE = 2;</code>
diff --git a/SecurityPrivateCa/src/V1/SubordinateConfig.php b/SecurityPrivateCa/src/V1/SubordinateConfig.php
index 6ba3b9a8c287..7aaf87a26d68 100644
--- a/SecurityPrivateCa/src/V1/SubordinateConfig.php
+++ b/SecurityPrivateCa/src/V1/SubordinateConfig.php
@@ -10,7 +10,9 @@
 
 /**
  * Describes a subordinate CA's issuers. This is either a resource name to a
- * known issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], or a PEM issuer certificate chain.
+ * known issuing
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
+ * or a PEM issuer certificate chain.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.SubordinateConfig</code>
  */
@@ -25,13 +27,17 @@ class SubordinateConfig extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type string $certificate_authority
-     *           Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
-     *           subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
-     *           and usability purposes only. The resource name is in the format
+     *           Required. This can refer to a
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           that was used to create a subordinate
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     *           This field is used for information and usability purposes only. The
+     *           resource name is in the format
      *           `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *     @type \Google\Cloud\Security\PrivateCA\V1\SubordinateConfig\SubordinateConfigChain $pem_issuer_chain
      *           Required. Contains the PEM certificate chain for the issuers of this
-     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
+     *           but not pem certificate for this CA itself.
      * }
      */
     public function __construct($data = NULL) {
@@ -40,9 +46,12 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
-     * subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
-     * and usability purposes only. The resource name is in the format
+     * Required. This can refer to a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that was used to create a subordinate
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * This field is used for information and usability purposes only. The
+     * resource name is in the format
      * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
@@ -59,9 +68,12 @@ public function hasCertificateAuthority()
     }
 
     /**
-     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
-     * subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
-     * and usability purposes only. The resource name is in the format
+     * Required. This can refer to a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that was used to create a subordinate
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * This field is used for information and usability purposes only. The
+     * resource name is in the format
      * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
@@ -78,7 +90,8 @@ public function setCertificateAuthority($var)
 
     /**
      * Required. Contains the PEM certificate chain for the issuers of this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
+     * but not pem certificate for this CA itself.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\SubordinateConfig\SubordinateConfigChain|null
@@ -95,7 +108,8 @@ public function hasPemIssuerChain()
 
     /**
      * Required. Contains the PEM certificate chain for the issuers of this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
+     * but not pem certificate for this CA itself.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\SubordinateConfig\SubordinateConfigChain $var
diff --git a/SecurityPrivateCa/src/V1/UndeleteCertificateAuthorityRequest.php b/SecurityPrivateCa/src/V1/UndeleteCertificateAuthorityRequest.php
index b1759418a2f1..66b89c7e4e96 100644
--- a/SecurityPrivateCa/src/V1/UndeleteCertificateAuthorityRequest.php
+++ b/SecurityPrivateCa/src/V1/UndeleteCertificateAuthorityRequest.php
@@ -17,19 +17,20 @@
 class UndeleteCertificateAuthorityRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      */
     private $name = '';
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -47,15 +48,16 @@ class UndeleteCertificateAuthorityRequest extends \Google\Protobuf\Internal\Mess
      *     Optional. Data for populating the Message object.
      *
      *     @type string $name
-     *           Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     *           format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     *           Required. The resource name for this
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -69,8 +71,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @return string
@@ -81,8 +84,9 @@ public function getName()
     }
 
     /**
-     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
      *
      * Generated from protobuf field <code>string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = {</code>
      * @param string $var
@@ -97,12 +101,12 @@ public function setName($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -118,12 +122,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/UpdateCaPoolRequest.php b/SecurityPrivateCa/src/V1/UpdateCaPoolRequest.php
index cc132ae8c762..ed87277d4629 100644
--- a/SecurityPrivateCa/src/V1/UpdateCaPoolRequest.php
+++ b/SecurityPrivateCa/src/V1/UpdateCaPoolRequest.php
@@ -17,7 +17,8 @@
 class UpdateCaPoolRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+     * values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      */
@@ -29,12 +30,12 @@ class UpdateCaPoolRequest extends \Google\Protobuf\Internal\Message
      */
     private $update_mask = null;
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -52,16 +53,17 @@ class UpdateCaPoolRequest extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type \Google\Cloud\Security\PrivateCA\V1\CaPool $ca_pool
-     *           Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
+     *           Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+     *           values.
      *     @type \Google\Protobuf\FieldMask $update_mask
      *           Required. A list of fields to be updated in this request.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -75,7 +77,8 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+     * values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CaPool|null
@@ -96,7 +99,8 @@ public function clearCaPool()
     }
 
     /**
-     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+     * values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CaPool $var
@@ -147,12 +151,12 @@ public function setUpdateMask($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -168,12 +172,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/UpdateCertificateAuthorityRequest.php b/SecurityPrivateCa/src/V1/UpdateCertificateAuthorityRequest.php
index 32349ae293b4..229d9eeec3ca 100644
--- a/SecurityPrivateCa/src/V1/UpdateCertificateAuthorityRequest.php
+++ b/SecurityPrivateCa/src/V1/UpdateCertificateAuthorityRequest.php
@@ -17,7 +17,9 @@
 class UpdateCertificateAuthorityRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
+     * Required.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with updated values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      */
@@ -29,12 +31,12 @@ class UpdateCertificateAuthorityRequest extends \Google\Protobuf\Internal\Messag
      */
     private $update_mask = null;
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -52,16 +54,18 @@ class UpdateCertificateAuthorityRequest extends \Google\Protobuf\Internal\Messag
      *     Optional. Data for populating the Message object.
      *
      *     @type \Google\Cloud\Security\PrivateCA\V1\CertificateAuthority $certificate_authority
-     *           Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
+     *           Required.
+     *           [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     *           with updated values.
      *     @type \Google\Protobuf\FieldMask $update_mask
      *           Required. A list of fields to be updated in this request.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -75,7 +79,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
+     * Required.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with updated values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CertificateAuthority|null
@@ -96,7 +102,9 @@ public function clearCertificateAuthority()
     }
 
     /**
-     * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
+     * Required.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with updated values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CertificateAuthority $var
@@ -147,12 +155,12 @@ public function setUpdateMask($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -168,12 +176,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/UpdateCertificateRequest.php b/SecurityPrivateCa/src/V1/UpdateCertificateRequest.php
index 4feab3243017..56a47d845c7f 100644
--- a/SecurityPrivateCa/src/V1/UpdateCertificateRequest.php
+++ b/SecurityPrivateCa/src/V1/UpdateCertificateRequest.php
@@ -9,14 +9,16 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * Request message for [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
+ * Request message for
+ * [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.UpdateCertificateRequest</code>
  */
 class UpdateCertificateRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with updated values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      */
@@ -28,12 +30,12 @@ class UpdateCertificateRequest extends \Google\Protobuf\Internal\Message
      */
     private $update_mask = null;
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -51,16 +53,17 @@ class UpdateCertificateRequest extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type \Google\Cloud\Security\PrivateCA\V1\Certificate $certificate
-     *           Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
+     *           Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+     *           with updated values.
      *     @type \Google\Protobuf\FieldMask $update_mask
      *           Required. A list of fields to be updated in this request.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -74,7 +77,8 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with updated values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\Certificate|null
@@ -95,7 +99,8 @@ public function clearCertificate()
     }
 
     /**
-     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with updated values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\Certificate $var
@@ -146,12 +151,12 @@ public function setUpdateMask($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -167,12 +172,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/UpdateCertificateRevocationListRequest.php b/SecurityPrivateCa/src/V1/UpdateCertificateRevocationListRequest.php
index 12ff9c12f618..d90adac12a32 100644
--- a/SecurityPrivateCa/src/V1/UpdateCertificateRevocationListRequest.php
+++ b/SecurityPrivateCa/src/V1/UpdateCertificateRevocationListRequest.php
@@ -17,7 +17,9 @@
 class UpdateCertificateRevocationListRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
+     * Required.
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * with updated values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      */
@@ -29,12 +31,12 @@ class UpdateCertificateRevocationListRequest extends \Google\Protobuf\Internal\M
      */
     private $update_mask = null;
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -52,16 +54,18 @@ class UpdateCertificateRevocationListRequest extends \Google\Protobuf\Internal\M
      *     Optional. Data for populating the Message object.
      *
      *     @type \Google\Cloud\Security\PrivateCA\V1\CertificateRevocationList $certificate_revocation_list
-     *           Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
+     *           Required.
+     *           [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     *           with updated values.
      *     @type \Google\Protobuf\FieldMask $update_mask
      *           Required. A list of fields to be updated in this request.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -75,7 +79,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
+     * Required.
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * with updated values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CertificateRevocationList|null
@@ -96,7 +102,9 @@ public function clearCertificateRevocationList()
     }
 
     /**
-     * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
+     * Required.
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * with updated values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CertificateRevocationList $var
@@ -147,12 +155,12 @@ public function setUpdateMask($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -168,12 +176,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/UpdateCertificateTemplateRequest.php b/SecurityPrivateCa/src/V1/UpdateCertificateTemplateRequest.php
index 7a4a066ece1f..4eb6fac01dde 100644
--- a/SecurityPrivateCa/src/V1/UpdateCertificateTemplateRequest.php
+++ b/SecurityPrivateCa/src/V1/UpdateCertificateTemplateRequest.php
@@ -17,7 +17,9 @@
 class UpdateCertificateTemplateRequest extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
+     * Required.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with updated values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      */
@@ -29,12 +31,12 @@ class UpdateCertificateTemplateRequest extends \Google\Protobuf\Internal\Message
      */
     private $update_mask = null;
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -52,16 +54,18 @@ class UpdateCertificateTemplateRequest extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type \Google\Cloud\Security\PrivateCA\V1\CertificateTemplate $certificate_template
-     *           Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
+     *           Required.
+     *           [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     *           with updated values.
      *     @type \Google\Protobuf\FieldMask $update_mask
      *           Required. A list of fields to be updated in this request.
      *     @type string $request_id
-     *           Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     *           retry your request, the server will know to ignore the request if it has
-     *           already been completed. The server will guarantee that for at least 60
-     *           minutes since the first request.
-     *           For example, consider a situation where you make an initial request and t
-     *           he request times out. If you make the request again with the same request
+     *           Optional. An ID to identify requests. Specify a unique request ID so that
+     *           if you must retry your request, the server will know to ignore the request
+     *           if it has already been completed. The server will guarantee that for at
+     *           least 60 minutes since the first request.
+     *           For example, consider a situation where you make an initial request and
+     *           the request times out. If you make the request again with the same request
      *           ID, the server can check if original operation with the same request ID
      *           was received, and if so, will ignore the second request. This prevents
      *           clients from accidentally creating duplicate commitments.
@@ -75,7 +79,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
+     * Required.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with updated values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\CertificateTemplate|null
@@ -96,7 +102,9 @@ public function clearCertificateTemplate()
     }
 
     /**
-     * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
+     * Required.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with updated values.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\CertificateTemplate $var
@@ -147,12 +155,12 @@ public function setUpdateMask($var)
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
@@ -168,12 +176,12 @@ public function getRequestId()
     }
 
     /**
-     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
-     * retry your request, the server will know to ignore the request if it has
-     * already been completed. The server will guarantee that for at least 60
-     * minutes since the first request.
-     * For example, consider a situation where you make an initial request and t
-     * he request times out. If you make the request again with the same request
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and
+     * the request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
      * was received, and if so, will ignore the second request. This prevents
      * clients from accidentally creating duplicate commitments.
diff --git a/SecurityPrivateCa/src/V1/X509Extension.php b/SecurityPrivateCa/src/V1/X509Extension.php
index 69041ee8b93e..bd6fd6e6436c 100644
--- a/SecurityPrivateCa/src/V1/X509Extension.php
+++ b/SecurityPrivateCa/src/V1/X509Extension.php
@@ -9,8 +9,9 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * An [X509Extension][google.cloud.security.privateca.v1.X509Extension] specifies an X.509 extension, which may be used in
- * different parts of X.509 objects like certificates, CSRs, and CRLs.
+ * An [X509Extension][google.cloud.security.privateca.v1.X509Extension]
+ * specifies an X.509 extension, which may be used in different parts of X.509
+ * objects like certificates, CSRs, and CRLs.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.X509Extension</code>
  */
@@ -23,9 +24,9 @@ class X509Extension extends \Google\Protobuf\Internal\Message
      */
     private $object_id = null;
     /**
-     * Optional. Indicates whether or not this extension is critical (i.e., if the client
-     * does not know how to handle this extension, the client should consider this
-     * to be an error).
+     * Optional. Indicates whether or not this extension is critical (i.e., if the
+     * client does not know how to handle this extension, the client should
+     * consider this to be an error).
      *
      * Generated from protobuf field <code>bool critical = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -46,9 +47,9 @@ class X509Extension extends \Google\Protobuf\Internal\Message
      *     @type \Google\Cloud\Security\PrivateCA\V1\ObjectId $object_id
      *           Required. The OID for this X.509 extension.
      *     @type bool $critical
-     *           Optional. Indicates whether or not this extension is critical (i.e., if the client
-     *           does not know how to handle this extension, the client should consider this
-     *           to be an error).
+     *           Optional. Indicates whether or not this extension is critical (i.e., if the
+     *           client does not know how to handle this extension, the client should
+     *           consider this to be an error).
      *     @type string $value
      *           Required. The value of this X.509 extension.
      * }
@@ -95,9 +96,9 @@ public function setObjectId($var)
     }
 
     /**
-     * Optional. Indicates whether or not this extension is critical (i.e., if the client
-     * does not know how to handle this extension, the client should consider this
-     * to be an error).
+     * Optional. Indicates whether or not this extension is critical (i.e., if the
+     * client does not know how to handle this extension, the client should
+     * consider this to be an error).
      *
      * Generated from protobuf field <code>bool critical = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return bool
@@ -108,9 +109,9 @@ public function getCritical()
     }
 
     /**
-     * Optional. Indicates whether or not this extension is critical (i.e., if the client
-     * does not know how to handle this extension, the client should consider this
-     * to be an error).
+     * Optional. Indicates whether or not this extension is critical (i.e., if the
+     * client does not know how to handle this extension, the client should
+     * consider this to be an error).
      *
      * Generated from protobuf field <code>bool critical = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param bool $var
diff --git a/SecurityPrivateCa/src/V1/X509Parameters.php b/SecurityPrivateCa/src/V1/X509Parameters.php
index 61e3b6c80f78..074520a2b450 100644
--- a/SecurityPrivateCa/src/V1/X509Parameters.php
+++ b/SecurityPrivateCa/src/V1/X509Parameters.php
@@ -9,23 +9,26 @@
 use Google\Protobuf\Internal\GPBUtil;
 
 /**
- * An [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] is used to describe certain fields of an
- * X.509 certificate, such as the key usage fields, fields specific to CA
- * certificates, certificate policy extensions and custom extensions.
+ * An [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] is
+ * used to describe certain fields of an X.509 certificate, such as the key
+ * usage fields, fields specific to CA certificates, certificate policy
+ * extensions and custom extensions.
  *
  * Generated from protobuf message <code>google.cloud.security.privateca.v1.X509Parameters</code>
  */
 class X509Parameters extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Optional. Indicates the intended use for keys that correspond to a certificate.
+     * Optional. Indicates the intended use for keys that correspond to a
+     * certificate.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $key_usage = null;
     /**
-     * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
-     * certificate.
+     * Optional. Describes options in this
+     * [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that
+     * are relevant in a CA certificate.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -38,13 +41,19 @@ class X509Parameters extends \Google\Protobuf\Internal\Message
      */
     private $policy_ids;
     /**
-     * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
-     * that appear in the "Authority Information Access" extension in the
-     * certificate.
+     * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint
+     * addresses that appear in the "Authority Information Access" extension in
+     * the certificate.
      *
      * Generated from protobuf field <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
     private $aia_ocsp_servers;
+    /**
+     * Optional. Describes the X.509 name constraints extension.
+     *
+     * Generated from protobuf field <code>.google.cloud.security.privateca.v1.X509Parameters.NameConstraints name_constraints = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    private $name_constraints = null;
     /**
      * Optional. Describes custom X.509 extensions.
      *
@@ -59,17 +68,21 @@ class X509Parameters extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type \Google\Cloud\Security\PrivateCA\V1\KeyUsage $key_usage
-     *           Optional. Indicates the intended use for keys that correspond to a certificate.
-     *     @type \Google\Cloud\Security\PrivateCA\V1\X509Parameters\CaOptions $ca_options
-     *           Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+     *           Optional. Indicates the intended use for keys that correspond to a
      *           certificate.
+     *     @type \Google\Cloud\Security\PrivateCA\V1\X509Parameters\CaOptions $ca_options
+     *           Optional. Describes options in this
+     *           [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that
+     *           are relevant in a CA certificate.
      *     @type array<\Google\Cloud\Security\PrivateCA\V1\ObjectId>|\Google\Protobuf\Internal\RepeatedField $policy_ids
      *           Optional. Describes the X.509 certificate policy object identifiers, per
      *           https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
      *     @type array<string>|\Google\Protobuf\Internal\RepeatedField $aia_ocsp_servers
-     *           Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
-     *           that appear in the "Authority Information Access" extension in the
-     *           certificate.
+     *           Optional. Describes Online Certificate Status Protocol (OCSP) endpoint
+     *           addresses that appear in the "Authority Information Access" extension in
+     *           the certificate.
+     *     @type \Google\Cloud\Security\PrivateCA\V1\X509Parameters\NameConstraints $name_constraints
+     *           Optional. Describes the X.509 name constraints extension.
      *     @type array<\Google\Cloud\Security\PrivateCA\V1\X509Extension>|\Google\Protobuf\Internal\RepeatedField $additional_extensions
      *           Optional. Describes custom X.509 extensions.
      * }
@@ -80,7 +93,8 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Optional. Indicates the intended use for keys that correspond to a certificate.
+     * Optional. Indicates the intended use for keys that correspond to a
+     * certificate.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\KeyUsage|null
@@ -101,7 +115,8 @@ public function clearKeyUsage()
     }
 
     /**
-     * Optional. Indicates the intended use for keys that correspond to a certificate.
+     * Optional. Indicates the intended use for keys that correspond to a
+     * certificate.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\KeyUsage $var
@@ -116,8 +131,9 @@ public function setKeyUsage($var)
     }
 
     /**
-     * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
-     * certificate.
+     * Optional. Describes options in this
+     * [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that
+     * are relevant in a CA certificate.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Cloud\Security\PrivateCA\V1\X509Parameters\CaOptions|null
@@ -138,8 +154,9 @@ public function clearCaOptions()
     }
 
     /**
-     * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
-     * certificate.
+     * Optional. Describes options in this
+     * [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that
+     * are relevant in a CA certificate.
      *
      * Generated from protobuf field <code>.google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param \Google\Cloud\Security\PrivateCA\V1\X509Parameters\CaOptions $var
@@ -182,9 +199,9 @@ public function setPolicyIds($var)
     }
 
     /**
-     * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
-     * that appear in the "Authority Information Access" extension in the
-     * certificate.
+     * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint
+     * addresses that appear in the "Authority Information Access" extension in
+     * the certificate.
      *
      * Generated from protobuf field <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return \Google\Protobuf\Internal\RepeatedField
@@ -195,9 +212,9 @@ public function getAiaOcspServers()
     }
 
     /**
-     * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
-     * that appear in the "Authority Information Access" extension in the
-     * certificate.
+     * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint
+     * addresses that appear in the "Authority Information Access" extension in
+     * the certificate.
      *
      * Generated from protobuf field <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param array<string>|\Google\Protobuf\Internal\RepeatedField $var
@@ -211,6 +228,42 @@ public function setAiaOcspServers($var)
         return $this;
     }
 
+    /**
+     * Optional. Describes the X.509 name constraints extension.
+     *
+     * Generated from protobuf field <code>.google.cloud.security.privateca.v1.X509Parameters.NameConstraints name_constraints = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+     * @return \Google\Cloud\Security\PrivateCA\V1\X509Parameters\NameConstraints|null
+     */
+    public function getNameConstraints()
+    {
+        return $this->name_constraints;
+    }
+
+    public function hasNameConstraints()
+    {
+        return isset($this->name_constraints);
+    }
+
+    public function clearNameConstraints()
+    {
+        unset($this->name_constraints);
+    }
+
+    /**
+     * Optional. Describes the X.509 name constraints extension.
+     *
+     * Generated from protobuf field <code>.google.cloud.security.privateca.v1.X509Parameters.NameConstraints name_constraints = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+     * @param \Google\Cloud\Security\PrivateCA\V1\X509Parameters\NameConstraints $var
+     * @return $this
+     */
+    public function setNameConstraints($var)
+    {
+        GPBUtil::checkMessage($var, \Google\Cloud\Security\PrivateCA\V1\X509Parameters\NameConstraints::class);
+        $this->name_constraints = $var;
+
+        return $this;
+    }
+
     /**
      * Optional. Describes custom X.509 extensions.
      *
diff --git a/SecurityPrivateCa/src/V1/X509Parameters/CaOptions.php b/SecurityPrivateCa/src/V1/X509Parameters/CaOptions.php
index d0ab717080d0..cc7af8c21554 100644
--- a/SecurityPrivateCa/src/V1/X509Parameters/CaOptions.php
+++ b/SecurityPrivateCa/src/V1/X509Parameters/CaOptions.php
@@ -16,8 +16,9 @@
 class CaOptions extends \Google\Protobuf\Internal\Message
 {
     /**
-     * Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
-     * value is missing, the extension will be omitted from the CA certificate.
+     * Optional. Refers to the "CA" X.509 extension, which is a boolean value.
+     * When this value is missing, the extension will be omitted from the CA
+     * certificate.
      *
      * Generated from protobuf field <code>optional bool is_ca = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      */
@@ -41,8 +42,9 @@ class CaOptions extends \Google\Protobuf\Internal\Message
      *     Optional. Data for populating the Message object.
      *
      *     @type bool $is_ca
-     *           Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
-     *           value is missing, the extension will be omitted from the CA certificate.
+     *           Optional. Refers to the "CA" X.509 extension, which is a boolean value.
+     *           When this value is missing, the extension will be omitted from the CA
+     *           certificate.
      *     @type int $max_issuer_path_length
      *           Optional. Refers to the path length restriction X.509 extension. For a CA
      *           certificate, this value describes the depth of subordinate CA
@@ -58,8 +60,9 @@ public function __construct($data = NULL) {
     }
 
     /**
-     * Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
-     * value is missing, the extension will be omitted from the CA certificate.
+     * Optional. Refers to the "CA" X.509 extension, which is a boolean value.
+     * When this value is missing, the extension will be omitted from the CA
+     * certificate.
      *
      * Generated from protobuf field <code>optional bool is_ca = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @return bool
@@ -80,8 +83,9 @@ public function clearIsCa()
     }
 
     /**
-     * Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
-     * value is missing, the extension will be omitted from the CA certificate.
+     * Optional. Refers to the "CA" X.509 extension, which is a boolean value.
+     * When this value is missing, the extension will be omitted from the CA
+     * certificate.
      *
      * Generated from protobuf field <code>optional bool is_ca = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
      * @param bool $var
diff --git a/SecurityPrivateCa/src/V1/X509Parameters/NameConstraints.php b/SecurityPrivateCa/src/V1/X509Parameters/NameConstraints.php
new file mode 100644
index 000000000000..2233aee0ed26
--- /dev/null
+++ b/SecurityPrivateCa/src/V1/X509Parameters/NameConstraints.php
@@ -0,0 +1,437 @@
+<?php
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/security/privateca/v1/resources.proto
+
+namespace Google\Cloud\Security\PrivateCA\V1\X509Parameters;
+
+use Google\Protobuf\Internal\GPBType;
+use Google\Protobuf\Internal\RepeatedField;
+use Google\Protobuf\Internal\GPBUtil;
+
+/**
+ * Describes the X.509 name constraints extension, per
+ * https://tools.ietf.org/html/rfc5280#section-4.2.1.10
+ *
+ * Generated from protobuf message <code>google.cloud.security.privateca.v1.X509Parameters.NameConstraints</code>
+ */
+class NameConstraints extends \Google\Protobuf\Internal\Message
+{
+    /**
+     * Indicates whether or not the name constraints are marked critical.
+     *
+     * Generated from protobuf field <code>bool critical = 1;</code>
+     */
+    private $critical = false;
+    /**
+     * Contains permitted DNS names. Any DNS name that can be
+     * constructed by simply adding zero or more labels to
+     * the left-hand side of the name satisfies the name constraint.
+     * For example, `example.com`, `www.example.com`, `www.sub.example.com`
+     * would satisfy `example.com` while `example1.com` does not.
+     *
+     * Generated from protobuf field <code>repeated string permitted_dns_names = 2;</code>
+     */
+    private $permitted_dns_names;
+    /**
+     * Contains excluded DNS names. Any DNS name that can be
+     * constructed by simply adding zero or more labels to
+     * the left-hand side of the name satisfies the name constraint.
+     * For example, `example.com`, `www.example.com`, `www.sub.example.com`
+     * would satisfy `example.com` while `example1.com` does not.
+     *
+     * Generated from protobuf field <code>repeated string excluded_dns_names = 3;</code>
+     */
+    private $excluded_dns_names;
+    /**
+     * Contains the permitted IP ranges. For IPv4 addresses, the ranges
+     * are expressed using CIDR notation as specified in RFC 4632.
+     * For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
+     * addresses.
+     *
+     * Generated from protobuf field <code>repeated string permitted_ip_ranges = 4;</code>
+     */
+    private $permitted_ip_ranges;
+    /**
+     * Contains the excluded IP ranges. For IPv4 addresses, the ranges
+     * are expressed using CIDR notation as specified in RFC 4632.
+     * For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
+     * addresses.
+     *
+     * Generated from protobuf field <code>repeated string excluded_ip_ranges = 5;</code>
+     */
+    private $excluded_ip_ranges;
+    /**
+     * Contains the permitted email addresses. The value can be a particular
+     * email address, a hostname to indicate all email addresses on that host or
+     * a domain with a leading period (e.g. `.example.com`) to indicate
+     * all email addresses in that domain.
+     *
+     * Generated from protobuf field <code>repeated string permitted_email_addresses = 6;</code>
+     */
+    private $permitted_email_addresses;
+    /**
+     * Contains the excluded email addresses. The value can be a particular
+     * email address, a hostname to indicate all email addresses on that host or
+     * a domain with a leading period (e.g. `.example.com`) to indicate
+     * all email addresses in that domain.
+     *
+     * Generated from protobuf field <code>repeated string excluded_email_addresses = 7;</code>
+     */
+    private $excluded_email_addresses;
+    /**
+     * Contains the permitted URIs that apply to the host part of the name.
+     * The value can be a hostname or a domain with a
+     * leading period (like `.example.com`)
+     *
+     * Generated from protobuf field <code>repeated string permitted_uris = 8;</code>
+     */
+    private $permitted_uris;
+    /**
+     * Contains the excluded URIs that apply to the host part of the name.
+     * The value can be a hostname or a domain with a
+     * leading period (like `.example.com`)
+     *
+     * Generated from protobuf field <code>repeated string excluded_uris = 9;</code>
+     */
+    private $excluded_uris;
+
+    /**
+     * Constructor.
+     *
+     * @param array $data {
+     *     Optional. Data for populating the Message object.
+     *
+     *     @type bool $critical
+     *           Indicates whether or not the name constraints are marked critical.
+     *     @type array<string>|\Google\Protobuf\Internal\RepeatedField $permitted_dns_names
+     *           Contains permitted DNS names. Any DNS name that can be
+     *           constructed by simply adding zero or more labels to
+     *           the left-hand side of the name satisfies the name constraint.
+     *           For example, `example.com`, `www.example.com`, `www.sub.example.com`
+     *           would satisfy `example.com` while `example1.com` does not.
+     *     @type array<string>|\Google\Protobuf\Internal\RepeatedField $excluded_dns_names
+     *           Contains excluded DNS names. Any DNS name that can be
+     *           constructed by simply adding zero or more labels to
+     *           the left-hand side of the name satisfies the name constraint.
+     *           For example, `example.com`, `www.example.com`, `www.sub.example.com`
+     *           would satisfy `example.com` while `example1.com` does not.
+     *     @type array<string>|\Google\Protobuf\Internal\RepeatedField $permitted_ip_ranges
+     *           Contains the permitted IP ranges. For IPv4 addresses, the ranges
+     *           are expressed using CIDR notation as specified in RFC 4632.
+     *           For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
+     *           addresses.
+     *     @type array<string>|\Google\Protobuf\Internal\RepeatedField $excluded_ip_ranges
+     *           Contains the excluded IP ranges. For IPv4 addresses, the ranges
+     *           are expressed using CIDR notation as specified in RFC 4632.
+     *           For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
+     *           addresses.
+     *     @type array<string>|\Google\Protobuf\Internal\RepeatedField $permitted_email_addresses
+     *           Contains the permitted email addresses. The value can be a particular
+     *           email address, a hostname to indicate all email addresses on that host or
+     *           a domain with a leading period (e.g. `.example.com`) to indicate
+     *           all email addresses in that domain.
+     *     @type array<string>|\Google\Protobuf\Internal\RepeatedField $excluded_email_addresses
+     *           Contains the excluded email addresses. The value can be a particular
+     *           email address, a hostname to indicate all email addresses on that host or
+     *           a domain with a leading period (e.g. `.example.com`) to indicate
+     *           all email addresses in that domain.
+     *     @type array<string>|\Google\Protobuf\Internal\RepeatedField $permitted_uris
+     *           Contains the permitted URIs that apply to the host part of the name.
+     *           The value can be a hostname or a domain with a
+     *           leading period (like `.example.com`)
+     *     @type array<string>|\Google\Protobuf\Internal\RepeatedField $excluded_uris
+     *           Contains the excluded URIs that apply to the host part of the name.
+     *           The value can be a hostname or a domain with a
+     *           leading period (like `.example.com`)
+     * }
+     */
+    public function __construct($data = NULL) {
+        \GPBMetadata\Google\Cloud\Security\Privateca\V1\Resources::initOnce();
+        parent::__construct($data);
+    }
+
+    /**
+     * Indicates whether or not the name constraints are marked critical.
+     *
+     * Generated from protobuf field <code>bool critical = 1;</code>
+     * @return bool
+     */
+    public function getCritical()
+    {
+        return $this->critical;
+    }
+
+    /**
+     * Indicates whether or not the name constraints are marked critical.
+     *
+     * Generated from protobuf field <code>bool critical = 1;</code>
+     * @param bool $var
+     * @return $this
+     */
+    public function setCritical($var)
+    {
+        GPBUtil::checkBool($var);
+        $this->critical = $var;
+
+        return $this;
+    }
+
+    /**
+     * Contains permitted DNS names. Any DNS name that can be
+     * constructed by simply adding zero or more labels to
+     * the left-hand side of the name satisfies the name constraint.
+     * For example, `example.com`, `www.example.com`, `www.sub.example.com`
+     * would satisfy `example.com` while `example1.com` does not.
+     *
+     * Generated from protobuf field <code>repeated string permitted_dns_names = 2;</code>
+     * @return \Google\Protobuf\Internal\RepeatedField
+     */
+    public function getPermittedDnsNames()
+    {
+        return $this->permitted_dns_names;
+    }
+
+    /**
+     * Contains permitted DNS names. Any DNS name that can be
+     * constructed by simply adding zero or more labels to
+     * the left-hand side of the name satisfies the name constraint.
+     * For example, `example.com`, `www.example.com`, `www.sub.example.com`
+     * would satisfy `example.com` while `example1.com` does not.
+     *
+     * Generated from protobuf field <code>repeated string permitted_dns_names = 2;</code>
+     * @param array<string>|\Google\Protobuf\Internal\RepeatedField $var
+     * @return $this
+     */
+    public function setPermittedDnsNames($var)
+    {
+        $arr = GPBUtil::checkRepeatedField($var, \Google\Protobuf\Internal\GPBType::STRING);
+        $this->permitted_dns_names = $arr;
+
+        return $this;
+    }
+
+    /**
+     * Contains excluded DNS names. Any DNS name that can be
+     * constructed by simply adding zero or more labels to
+     * the left-hand side of the name satisfies the name constraint.
+     * For example, `example.com`, `www.example.com`, `www.sub.example.com`
+     * would satisfy `example.com` while `example1.com` does not.
+     *
+     * Generated from protobuf field <code>repeated string excluded_dns_names = 3;</code>
+     * @return \Google\Protobuf\Internal\RepeatedField
+     */
+    public function getExcludedDnsNames()
+    {
+        return $this->excluded_dns_names;
+    }
+
+    /**
+     * Contains excluded DNS names. Any DNS name that can be
+     * constructed by simply adding zero or more labels to
+     * the left-hand side of the name satisfies the name constraint.
+     * For example, `example.com`, `www.example.com`, `www.sub.example.com`
+     * would satisfy `example.com` while `example1.com` does not.
+     *
+     * Generated from protobuf field <code>repeated string excluded_dns_names = 3;</code>
+     * @param array<string>|\Google\Protobuf\Internal\RepeatedField $var
+     * @return $this
+     */
+    public function setExcludedDnsNames($var)
+    {
+        $arr = GPBUtil::checkRepeatedField($var, \Google\Protobuf\Internal\GPBType::STRING);
+        $this->excluded_dns_names = $arr;
+
+        return $this;
+    }
+
+    /**
+     * Contains the permitted IP ranges. For IPv4 addresses, the ranges
+     * are expressed using CIDR notation as specified in RFC 4632.
+     * For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
+     * addresses.
+     *
+     * Generated from protobuf field <code>repeated string permitted_ip_ranges = 4;</code>
+     * @return \Google\Protobuf\Internal\RepeatedField
+     */
+    public function getPermittedIpRanges()
+    {
+        return $this->permitted_ip_ranges;
+    }
+
+    /**
+     * Contains the permitted IP ranges. For IPv4 addresses, the ranges
+     * are expressed using CIDR notation as specified in RFC 4632.
+     * For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
+     * addresses.
+     *
+     * Generated from protobuf field <code>repeated string permitted_ip_ranges = 4;</code>
+     * @param array<string>|\Google\Protobuf\Internal\RepeatedField $var
+     * @return $this
+     */
+    public function setPermittedIpRanges($var)
+    {
+        $arr = GPBUtil::checkRepeatedField($var, \Google\Protobuf\Internal\GPBType::STRING);
+        $this->permitted_ip_ranges = $arr;
+
+        return $this;
+    }
+
+    /**
+     * Contains the excluded IP ranges. For IPv4 addresses, the ranges
+     * are expressed using CIDR notation as specified in RFC 4632.
+     * For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
+     * addresses.
+     *
+     * Generated from protobuf field <code>repeated string excluded_ip_ranges = 5;</code>
+     * @return \Google\Protobuf\Internal\RepeatedField
+     */
+    public function getExcludedIpRanges()
+    {
+        return $this->excluded_ip_ranges;
+    }
+
+    /**
+     * Contains the excluded IP ranges. For IPv4 addresses, the ranges
+     * are expressed using CIDR notation as specified in RFC 4632.
+     * For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
+     * addresses.
+     *
+     * Generated from protobuf field <code>repeated string excluded_ip_ranges = 5;</code>
+     * @param array<string>|\Google\Protobuf\Internal\RepeatedField $var
+     * @return $this
+     */
+    public function setExcludedIpRanges($var)
+    {
+        $arr = GPBUtil::checkRepeatedField($var, \Google\Protobuf\Internal\GPBType::STRING);
+        $this->excluded_ip_ranges = $arr;
+
+        return $this;
+    }
+
+    /**
+     * Contains the permitted email addresses. The value can be a particular
+     * email address, a hostname to indicate all email addresses on that host or
+     * a domain with a leading period (e.g. `.example.com`) to indicate
+     * all email addresses in that domain.
+     *
+     * Generated from protobuf field <code>repeated string permitted_email_addresses = 6;</code>
+     * @return \Google\Protobuf\Internal\RepeatedField
+     */
+    public function getPermittedEmailAddresses()
+    {
+        return $this->permitted_email_addresses;
+    }
+
+    /**
+     * Contains the permitted email addresses. The value can be a particular
+     * email address, a hostname to indicate all email addresses on that host or
+     * a domain with a leading period (e.g. `.example.com`) to indicate
+     * all email addresses in that domain.
+     *
+     * Generated from protobuf field <code>repeated string permitted_email_addresses = 6;</code>
+     * @param array<string>|\Google\Protobuf\Internal\RepeatedField $var
+     * @return $this
+     */
+    public function setPermittedEmailAddresses($var)
+    {
+        $arr = GPBUtil::checkRepeatedField($var, \Google\Protobuf\Internal\GPBType::STRING);
+        $this->permitted_email_addresses = $arr;
+
+        return $this;
+    }
+
+    /**
+     * Contains the excluded email addresses. The value can be a particular
+     * email address, a hostname to indicate all email addresses on that host or
+     * a domain with a leading period (e.g. `.example.com`) to indicate
+     * all email addresses in that domain.
+     *
+     * Generated from protobuf field <code>repeated string excluded_email_addresses = 7;</code>
+     * @return \Google\Protobuf\Internal\RepeatedField
+     */
+    public function getExcludedEmailAddresses()
+    {
+        return $this->excluded_email_addresses;
+    }
+
+    /**
+     * Contains the excluded email addresses. The value can be a particular
+     * email address, a hostname to indicate all email addresses on that host or
+     * a domain with a leading period (e.g. `.example.com`) to indicate
+     * all email addresses in that domain.
+     *
+     * Generated from protobuf field <code>repeated string excluded_email_addresses = 7;</code>
+     * @param array<string>|\Google\Protobuf\Internal\RepeatedField $var
+     * @return $this
+     */
+    public function setExcludedEmailAddresses($var)
+    {
+        $arr = GPBUtil::checkRepeatedField($var, \Google\Protobuf\Internal\GPBType::STRING);
+        $this->excluded_email_addresses = $arr;
+
+        return $this;
+    }
+
+    /**
+     * Contains the permitted URIs that apply to the host part of the name.
+     * The value can be a hostname or a domain with a
+     * leading period (like `.example.com`)
+     *
+     * Generated from protobuf field <code>repeated string permitted_uris = 8;</code>
+     * @return \Google\Protobuf\Internal\RepeatedField
+     */
+    public function getPermittedUris()
+    {
+        return $this->permitted_uris;
+    }
+
+    /**
+     * Contains the permitted URIs that apply to the host part of the name.
+     * The value can be a hostname or a domain with a
+     * leading period (like `.example.com`)
+     *
+     * Generated from protobuf field <code>repeated string permitted_uris = 8;</code>
+     * @param array<string>|\Google\Protobuf\Internal\RepeatedField $var
+     * @return $this
+     */
+    public function setPermittedUris($var)
+    {
+        $arr = GPBUtil::checkRepeatedField($var, \Google\Protobuf\Internal\GPBType::STRING);
+        $this->permitted_uris = $arr;
+
+        return $this;
+    }
+
+    /**
+     * Contains the excluded URIs that apply to the host part of the name.
+     * The value can be a hostname or a domain with a
+     * leading period (like `.example.com`)
+     *
+     * Generated from protobuf field <code>repeated string excluded_uris = 9;</code>
+     * @return \Google\Protobuf\Internal\RepeatedField
+     */
+    public function getExcludedUris()
+    {
+        return $this->excluded_uris;
+    }
+
+    /**
+     * Contains the excluded URIs that apply to the host part of the name.
+     * The value can be a hostname or a domain with a
+     * leading period (like `.example.com`)
+     *
+     * Generated from protobuf field <code>repeated string excluded_uris = 9;</code>
+     * @param array<string>|\Google\Protobuf\Internal\RepeatedField $var
+     * @return $this
+     */
+    public function setExcludedUris($var)
+    {
+        $arr = GPBUtil::checkRepeatedField($var, \Google\Protobuf\Internal\GPBType::STRING);
+        $this->excluded_uris = $arr;
+
+        return $this;
+    }
+
+}
+
+