feat(cloudasset): update the api

#### cloudasset:v1

The following keys were added:
- schemas.GoogleIdentityAccesscontextmanagerV1Condition.properties.vpcNetworkSources (Total Keys: 2)
- schemas.GoogleIdentityAccesscontextmanagerV1EgressFrom.properties.sourceRestriction.type (Total Keys: 1)
- schemas.GoogleIdentityAccesscontextmanagerV1EgressFrom.properties.sources (Total Keys: 2)
- schemas.GoogleIdentityAccesscontextmanagerV1EgressSource (Total Keys: 3)
- schemas.GoogleIdentityAccesscontextmanagerV1VpcNetworkSource (Total Keys: 3)
- schemas.GoogleIdentityAccesscontextmanagerV1VpcSubNetwork (Total Keys: 5)

#### cloudasset:v1beta1

The following keys were added:
- schemas.GoogleIdentityAccesscontextmanagerV1Condition.properties.vpcNetworkSources (Total Keys: 2)
- schemas.GoogleIdentityAccesscontextmanagerV1EgressFrom.properties.sourceRestriction.type (Total Keys: 1)
- schemas.GoogleIdentityAccesscontextmanagerV1EgressFrom.properties.sources (Total Keys: 2)
- schemas.GoogleIdentityAccesscontextmanagerV1EgressSource (Total Keys: 3)
- schemas.GoogleIdentityAccesscontextmanagerV1VpcNetworkSource (Total Keys: 3)
- schemas.GoogleIdentityAccesscontextmanagerV1VpcSubNetwork (Total Keys: 5)

#### cloudasset:v1p1beta1

The following keys were added:
- schemas.GoogleIdentityAccesscontextmanagerV1Condition.properties.vpcNetworkSources (Total Keys: 2)
- schemas.GoogleIdentityAccesscontextmanagerV1EgressFrom.properties.sourceRestriction.type (Total Keys: 1)
- schemas.GoogleIdentityAccesscontextmanagerV1EgressFrom.properties.sources (Total Keys: 2)
- schemas.GoogleIdentityAccesscontextmanagerV1EgressSource (Total Keys: 3)
- schemas.GoogleIdentityAccesscontextmanagerV1VpcNetworkSource (Total Keys: 3)
- schemas.GoogleIdentityAccesscontextmanagerV1VpcSubNetwork (Total Keys: 5)

#### cloudasset:v1p5beta1

The following keys were added:
- schemas.GoogleIdentityAccesscontextmanagerV1Condition.properties.vpcNetworkSources (Total Keys: 2)
- schemas.GoogleIdentityAccesscontextmanagerV1EgressFrom.properties.sourceRestriction.type (Total Keys: 1)
- schemas.GoogleIdentityAccesscontextmanagerV1EgressFrom.properties.sources (Total Keys: 2)
- schemas.GoogleIdentityAccesscontextmanagerV1EgressSource (Total Keys: 3)
- schemas.GoogleIdentityAccesscontextmanagerV1VpcNetworkSource (Total Keys: 3)
- schemas.GoogleIdentityAccesscontextmanagerV1VpcSubNetwork (Total Keys: 5)

#### cloudasset:v1p7beta1

The following keys were added:
- schemas.GoogleIdentityAccesscontextmanagerV1Condition.properties.vpcNetworkSources (Total Keys: 2)
- schemas.GoogleIdentityAccesscontextmanagerV1EgressFrom.properties.sourceRestriction.type (Total Keys: 1)
- schemas.GoogleIdentityAccesscontextmanagerV1EgressFrom.properties.sources (Total Keys: 2)
- schemas.GoogleIdentityAccesscontextmanagerV1EgressSource (Total Keys: 3)
- schemas.GoogleIdentityAccesscontextmanagerV1VpcNetworkSource (Total Keys: 3)
- schemas.GoogleIdentityAccesscontextmanagerV1VpcSubNetwork (Total Keys: 5)

Author: yoshi-automation

docs/dyn/cloudasset_v1.assets.html

@@ -156,6 +156,16 @@ <h3>Method Details</h3>
               &quot;requiredAccessLevels&quot;: [ # A list of other access levels defined in the same `Policy`, referenced by resource name. Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: &quot;`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME&quot;`
                 &quot;A String&quot;,
               ],
+              &quot;vpcNetworkSources&quot;: [ # The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.
+                { # The originating network source in Google Cloud.
+                  &quot;vpcSubnetwork&quot;: { # Sub-segment ranges inside of a VPC Network. # Sub-segment ranges of a VPC network.
+                    &quot;network&quot;: &quot;A String&quot;, # Required. Network name. If the network is not part of the organization, the `compute.network.get` permission must be granted to the caller. Format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NETWORK_NAME}` Example: `//compute.googleapis.com/projects/my-project/global/networks/network-1`
+                    &quot;vpcIpSubnetworks&quot;: [ # CIDR block IP subnetwork specification. The IP address must be an IPv4 address and can be a public or private IP address. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, &quot;192.0.2.0/24&quot; is accepted but &quot;192.0.2.1/24&quot; is not. If empty, all IP addresses are allowed.
+                      &quot;A String&quot;,
+                    ],
+                  },
+                },
+              ],
             },
           ],
         },
@@ -455,6 +465,12 @@ <h3>Method Details</h3>
                   &quot;A String&quot;,
                 ],
                 &quot;identityType&quot;: &quot;A String&quot;, # Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of `identities` field will be allowed access.
+                &quot;sourceRestriction&quot;: &quot;A String&quot;, # Whether to enforce traffic restrictions based on `sources` field. If the `sources` fields is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`.
+                &quot;sources&quot;: [ # Sources that this EgressPolicy authorizes access from. If this field is not empty, then `source_restriction` must be set to `SOURCE_RESTRICTION_ENABLED`.
+                  { # The source that EgressPolicy authorizes access from inside the ServicePerimeter to somewhere outside the ServicePerimeter boundaries.
+                    &quot;accessLevel&quot;: &quot;A String&quot;, # An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed.
+                  },
+                ],
               },
               &quot;egressTo&quot;: { # Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter. # Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
                 &quot;externalResources&quot;: [ # A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently &#x27;*&#x27; is not allowed.
@@ -533,6 +549,12 @@ <h3>Method Details</h3>
                   &quot;A String&quot;,
                 ],
                 &quot;identityType&quot;: &quot;A String&quot;, # Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of `identities` field will be allowed access.
+                &quot;sourceRestriction&quot;: &quot;A String&quot;, # Whether to enforce traffic restrictions based on `sources` field. If the `sources` fields is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`.
+                &quot;sources&quot;: [ # Sources that this EgressPolicy authorizes access from. If this field is not empty, then `source_restriction` must be set to `SOURCE_RESTRICTION_ENABLED`.
+                  { # The source that EgressPolicy authorizes access from inside the ServicePerimeter to somewhere outside the ServicePerimeter boundaries.
+                    &quot;accessLevel&quot;: &quot;A String&quot;, # An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed.
+                  },
+                ],
               },
               &quot;egressTo&quot;: { # Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter. # Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
                 &quot;externalResources&quot;: [ # A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently &#x27;*&#x27; is not allowed.