diff --git a/LICENSE b/LICENSE
new file mode 100644
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,367 @@
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
diff --git a/README.md b/README.md
new file mode 100644
--- /dev/null
+++ b/README.md
@@ -0,0 +1,28 @@
+# gogol-accesscontextmanager
+
+* [Version](#version)
+* [Description](#description)
+* [Contribute](#contribute)
+* [Licence](#licence)
+
+
+## Version
+
+`0.3.0`
+
+
+## Description
+
+A client library for the Google Access Context Manager.
+
+
+## Contribute
+
+For any problems, comments, or feedback please create an issue [here on GitHub](https://github.com/brendanhay/gogol/issues).
+
+> _Note:_ this library is an auto-generated Haskell package. Please see `gogol-gen` for more information.
+
+
+## Licence
+
+`gogol-accesscontextmanager` is released under the [Mozilla Public License Version 2.0](http://www.mozilla.org/MPL/).
diff --git a/Setup.hs b/Setup.hs
new file mode 100644
--- /dev/null
+++ b/Setup.hs
@@ -0,0 +1,2 @@
+import           Distribution.Simple
+main = defaultMain
diff --git a/gen/Network/Google/AccessContextManager.hs b/gen/Network/Google/AccessContextManager.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/AccessContextManager.hs
@@ -0,0 +1,252 @@
+{-# LANGUAGE DataKinds         #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# LANGUAGE TypeOperators     #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+
+-- |
+-- Module      : Network.Google.AccessContextManager
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- An API for setting attribute based access control to requests to GCP
+-- services.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference>
+module Network.Google.AccessContextManager
+    (
+    -- * Service Configuration
+      accessContextManagerService
+
+    -- * OAuth Scopes
+    , cloudPlatformScope
+
+    -- * API Declaration
+    , AccessContextManagerAPI
+
+    -- * Resources
+
+    -- ** accesscontextmanager.accessPolicies.accessLevels.create
+    , module Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Create
+
+    -- ** accesscontextmanager.accessPolicies.accessLevels.delete
+    , module Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Delete
+
+    -- ** accesscontextmanager.accessPolicies.accessLevels.get
+    , module Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Get
+
+    -- ** accesscontextmanager.accessPolicies.accessLevels.list
+    , module Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.List
+
+    -- ** accesscontextmanager.accessPolicies.accessLevels.patch
+    , module Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Patch
+
+    -- ** accesscontextmanager.accessPolicies.create
+    , module Network.Google.Resource.AccessContextManager.AccessPolicies.Create
+
+    -- ** accesscontextmanager.accessPolicies.delete
+    , module Network.Google.Resource.AccessContextManager.AccessPolicies.Delete
+
+    -- ** accesscontextmanager.accessPolicies.get
+    , module Network.Google.Resource.AccessContextManager.AccessPolicies.Get
+
+    -- ** accesscontextmanager.accessPolicies.list
+    , module Network.Google.Resource.AccessContextManager.AccessPolicies.List
+
+    -- ** accesscontextmanager.accessPolicies.patch
+    , module Network.Google.Resource.AccessContextManager.AccessPolicies.Patch
+
+    -- ** accesscontextmanager.accessPolicies.servicePerimeters.create
+    , module Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Create
+
+    -- ** accesscontextmanager.accessPolicies.servicePerimeters.delete
+    , module Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Delete
+
+    -- ** accesscontextmanager.accessPolicies.servicePerimeters.get
+    , module Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Get
+
+    -- ** accesscontextmanager.accessPolicies.servicePerimeters.list
+    , module Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.List
+
+    -- ** accesscontextmanager.accessPolicies.servicePerimeters.patch
+    , module Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Patch
+
+    -- ** accesscontextmanager.operations.get
+    , module Network.Google.Resource.AccessContextManager.Operations.Get
+
+    -- * Types
+
+    -- ** Status
+    , Status
+    , status
+    , sDetails
+    , sCode
+    , sMessage
+
+    -- ** BasicLevel
+    , BasicLevel
+    , basicLevel
+    , blConditions
+    , blCombiningFunction
+
+    -- ** AccessLevel
+    , AccessLevel
+    , accessLevel
+    , alBasic
+    , alUpdateTime
+    , alName
+    , alTitle
+    , alDescription
+    , alCreateTime
+
+    -- ** BasicLevelCombiningFunction
+    , BasicLevelCombiningFunction (..)
+
+    -- ** ServicePerimeterConfig
+    , ServicePerimeterConfig
+    , servicePerimeterConfig
+    , spcUnrestrictedServices
+    , spcResources
+    , spcRestrictedServices
+    , spcAccessLevels
+
+    -- ** Operation
+    , Operation
+    , operation
+    , oDone
+    , oError
+    , oResponse
+    , oName
+    , oMetadata
+
+    -- ** ServicePerimeterPerimeterType
+    , ServicePerimeterPerimeterType (..)
+
+    -- ** OSConstraintOSType
+    , OSConstraintOSType (..)
+
+    -- ** ServicePerimeter
+    , ServicePerimeter
+    , servicePerimeter
+    , spStatus
+    , spPerimeterType
+    , spUpdateTime
+    , spName
+    , spTitle
+    , spDescription
+    , spCreateTime
+
+    -- ** ListAccessPoliciesResponse
+    , ListAccessPoliciesResponse
+    , listAccessPoliciesResponse
+    , laprNextPageToken
+    , laprAccessPolicies
+
+    -- ** StatusDetailsItem
+    , StatusDetailsItem
+    , statusDetailsItem
+    , sdiAddtional
+
+    -- ** OSConstraint
+    , OSConstraint
+    , osConstraint
+    , ocOSType
+    , ocMinimumVersion
+
+    -- ** AccessPolicy
+    , AccessPolicy
+    , accessPolicy
+    , apParent
+    , apUpdateTime
+    , apName
+    , apTitle
+    , apCreateTime
+
+    -- ** Xgafv
+    , Xgafv (..)
+
+    -- ** ListServicePerimetersResponse
+    , ListServicePerimetersResponse
+    , listServicePerimetersResponse
+    , lsprNextPageToken
+    , lsprServicePerimeters
+
+    -- ** ListAccessLevelsResponse
+    , ListAccessLevelsResponse
+    , listAccessLevelsResponse
+    , lalrNextPageToken
+    , lalrAccessLevels
+
+    -- ** OperationMetadata
+    , OperationMetadata
+    , operationMetadata
+    , omAddtional
+
+    -- ** DevicePolicy
+    , DevicePolicy
+    , devicePolicy
+    , dpOSConstraints
+    , dpRequireScreenlock
+    , dpAllowedEncryptionStatuses
+    , dpAllowedDeviceManagementLevels
+
+    -- ** Condition
+    , Condition
+    , condition
+    , cMembers
+    , cNegate
+    , cIPSubnetworks
+    , cDevicePolicy
+    , cRequiredAccessLevels
+
+    -- ** OperationResponse
+    , OperationResponse
+    , operationResponse
+    , orAddtional
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+import           Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Create
+import           Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Delete
+import           Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Get
+import           Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.List
+import           Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Patch
+import           Network.Google.Resource.AccessContextManager.AccessPolicies.Create
+import           Network.Google.Resource.AccessContextManager.AccessPolicies.Delete
+import           Network.Google.Resource.AccessContextManager.AccessPolicies.Get
+import           Network.Google.Resource.AccessContextManager.AccessPolicies.List
+import           Network.Google.Resource.AccessContextManager.AccessPolicies.Patch
+import           Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Create
+import           Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Delete
+import           Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Get
+import           Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.List
+import           Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Patch
+import           Network.Google.Resource.AccessContextManager.Operations.Get
+
+{- $resources
+TODO
+-}
+
+-- | Represents the entirety of the methods and resources available for the Access Context Manager API service.
+type AccessContextManagerAPI =
+     AccessPoliciesServicePerimetersListResource :<|>
+       AccessPoliciesServicePerimetersPatchResource
+       :<|> AccessPoliciesServicePerimetersGetResource
+       :<|> AccessPoliciesServicePerimetersCreateResource
+       :<|> AccessPoliciesServicePerimetersDeleteResource
+       :<|> AccessPoliciesAccessLevelsListResource
+       :<|> AccessPoliciesAccessLevelsPatchResource
+       :<|> AccessPoliciesAccessLevelsGetResource
+       :<|> AccessPoliciesAccessLevelsCreateResource
+       :<|> AccessPoliciesAccessLevelsDeleteResource
+       :<|> AccessPoliciesListResource
+       :<|> AccessPoliciesPatchResource
+       :<|> AccessPoliciesGetResource
+       :<|> AccessPoliciesCreateResource
+       :<|> AccessPoliciesDeleteResource
+       :<|> OperationsGetResource
diff --git a/gen/Network/Google/AccessContextManager/Types.hs b/gen/Network/Google/AccessContextManager/Types.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/AccessContextManager/Types.hs
@@ -0,0 +1,167 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Network.Google.AccessContextManager.Types
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+module Network.Google.AccessContextManager.Types
+    (
+    -- * Service Configuration
+      accessContextManagerService
+
+    -- * OAuth Scopes
+    , cloudPlatformScope
+
+    -- * Status
+    , Status
+    , status
+    , sDetails
+    , sCode
+    , sMessage
+
+    -- * BasicLevel
+    , BasicLevel
+    , basicLevel
+    , blConditions
+    , blCombiningFunction
+
+    -- * AccessLevel
+    , AccessLevel
+    , accessLevel
+    , alBasic
+    , alUpdateTime
+    , alName
+    , alTitle
+    , alDescription
+    , alCreateTime
+
+    -- * BasicLevelCombiningFunction
+    , BasicLevelCombiningFunction (..)
+
+    -- * ServicePerimeterConfig
+    , ServicePerimeterConfig
+    , servicePerimeterConfig
+    , spcUnrestrictedServices
+    , spcResources
+    , spcRestrictedServices
+    , spcAccessLevels
+
+    -- * Operation
+    , Operation
+    , operation
+    , oDone
+    , oError
+    , oResponse
+    , oName
+    , oMetadata
+
+    -- * ServicePerimeterPerimeterType
+    , ServicePerimeterPerimeterType (..)
+
+    -- * OSConstraintOSType
+    , OSConstraintOSType (..)
+
+    -- * ServicePerimeter
+    , ServicePerimeter
+    , servicePerimeter
+    , spStatus
+    , spPerimeterType
+    , spUpdateTime
+    , spName
+    , spTitle
+    , spDescription
+    , spCreateTime
+
+    -- * ListAccessPoliciesResponse
+    , ListAccessPoliciesResponse
+    , listAccessPoliciesResponse
+    , laprNextPageToken
+    , laprAccessPolicies
+
+    -- * StatusDetailsItem
+    , StatusDetailsItem
+    , statusDetailsItem
+    , sdiAddtional
+
+    -- * OSConstraint
+    , OSConstraint
+    , osConstraint
+    , ocOSType
+    , ocMinimumVersion
+
+    -- * AccessPolicy
+    , AccessPolicy
+    , accessPolicy
+    , apParent
+    , apUpdateTime
+    , apName
+    , apTitle
+    , apCreateTime
+
+    -- * Xgafv
+    , Xgafv (..)
+
+    -- * ListServicePerimetersResponse
+    , ListServicePerimetersResponse
+    , listServicePerimetersResponse
+    , lsprNextPageToken
+    , lsprServicePerimeters
+
+    -- * ListAccessLevelsResponse
+    , ListAccessLevelsResponse
+    , listAccessLevelsResponse
+    , lalrNextPageToken
+    , lalrAccessLevels
+
+    -- * OperationMetadata
+    , OperationMetadata
+    , operationMetadata
+    , omAddtional
+
+    -- * DevicePolicy
+    , DevicePolicy
+    , devicePolicy
+    , dpOSConstraints
+    , dpRequireScreenlock
+    , dpAllowedEncryptionStatuses
+    , dpAllowedDeviceManagementLevels
+
+    -- * Condition
+    , Condition
+    , condition
+    , cMembers
+    , cNegate
+    , cIPSubnetworks
+    , cDevicePolicy
+    , cRequiredAccessLevels
+
+    -- * OperationResponse
+    , OperationResponse
+    , operationResponse
+    , orAddtional
+    ) where
+
+import           Network.Google.AccessContextManager.Types.Product
+import           Network.Google.AccessContextManager.Types.Sum
+import           Network.Google.Prelude
+
+-- | Default request referring to version 'v1beta' of the Access Context Manager API. This contains the host and root path used as a starting point for constructing service requests.
+accessContextManagerService :: ServiceConfig
+accessContextManagerService
+  = defaultService
+      (ServiceId "accesscontextmanager:v1beta")
+      "accesscontextmanager.googleapis.com"
+
+-- | View and manage your data across Google Cloud Platform services
+cloudPlatformScope :: Proxy '["https://www.googleapis.com/auth/cloud-platform"]
+cloudPlatformScope = Proxy;
diff --git a/gen/Network/Google/AccessContextManager/Types/Product.hs b/gen/Network/Google/AccessContextManager/Types/Product.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/AccessContextManager/Types/Product.hs
@@ -0,0 +1,1207 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Network.Google.AccessContextManager.Types.Product
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+module Network.Google.AccessContextManager.Types.Product where
+
+import           Network.Google.AccessContextManager.Types.Sum
+import           Network.Google.Prelude
+
+-- | The \`Status\` type defines a logical error model that is suitable for
+-- different programming environments, including REST APIs and RPC APIs. It
+-- is used by [gRPC](https:\/\/github.com\/grpc). The error model is
+-- designed to be: - Simple to use and understand for most users - Flexible
+-- enough to meet unexpected needs # Overview The \`Status\` message
+-- contains three pieces of data: error code, error message, and error
+-- details. The error code should be an enum value of google.rpc.Code, but
+-- it may accept additional error codes if needed. The error message should
+-- be a developer-facing English message that helps developers *understand*
+-- and *resolve* the error. If a localized user-facing error message is
+-- needed, put the localized message in the error details or localize it in
+-- the client. The optional error details may contain arbitrary information
+-- about the error. There is a predefined set of error detail types in the
+-- package \`google.rpc\` that can be used for common error conditions. #
+-- Language mapping The \`Status\` message is the logical representation of
+-- the error model, but it is not necessarily the actual wire format. When
+-- the \`Status\` message is exposed in different client libraries and
+-- different wire protocols, it can be mapped differently. For example, it
+-- will likely be mapped to some exceptions in Java, but more likely mapped
+-- to some error codes in C. # Other uses The error model and the
+-- \`Status\` message can be used in a variety of environments, either with
+-- or without APIs, to provide a consistent developer experience across
+-- different environments. Example uses of this error model include: -
+-- Partial errors. If a service needs to return partial errors to the
+-- client, it may embed the \`Status\` in the normal response to indicate
+-- the partial errors. - Workflow errors. A typical workflow has multiple
+-- steps. Each step may have a \`Status\` message for error reporting. -
+-- Batch operations. If a client uses batch request and batch response, the
+-- \`Status\` message should be used directly inside batch response, one
+-- for each error sub-response. - Asynchronous operations. If an API call
+-- embeds asynchronous operation results in its response, the status of
+-- those operations should be represented directly using the \`Status\`
+-- message. - Logging. If some API errors are stored in logs, the message
+-- \`Status\` could be used directly after any stripping needed for
+-- security\/privacy reasons.
+--
+-- /See:/ 'status' smart constructor.
+data Status = Status'
+    { _sDetails :: !(Maybe [StatusDetailsItem])
+    , _sCode    :: !(Maybe (Textual Int32))
+    , _sMessage :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'Status' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'sDetails'
+--
+-- * 'sCode'
+--
+-- * 'sMessage'
+status
+    :: Status
+status =
+    Status'
+    { _sDetails = Nothing
+    , _sCode = Nothing
+    , _sMessage = Nothing
+    }
+
+-- | A list of messages that carry the error details. There is a common set
+-- of message types for APIs to use.
+sDetails :: Lens' Status [StatusDetailsItem]
+sDetails
+  = lens _sDetails (\ s a -> s{_sDetails = a}) .
+      _Default
+      . _Coerce
+
+-- | The status code, which should be an enum value of google.rpc.Code.
+sCode :: Lens' Status (Maybe Int32)
+sCode
+  = lens _sCode (\ s a -> s{_sCode = a}) .
+      mapping _Coerce
+
+-- | A developer-facing error message, which should be in English. Any
+-- user-facing error message should be localized and sent in the
+-- google.rpc.Status.details field, or localized by the client.
+sMessage :: Lens' Status (Maybe Text)
+sMessage = lens _sMessage (\ s a -> s{_sMessage = a})
+
+instance FromJSON Status where
+        parseJSON
+          = withObject "Status"
+              (\ o ->
+                 Status' <$>
+                   (o .:? "details" .!= mempty) <*> (o .:? "code") <*>
+                     (o .:? "message"))
+
+instance ToJSON Status where
+        toJSON Status'{..}
+          = object
+              (catMaybes
+                 [("details" .=) <$> _sDetails,
+                  ("code" .=) <$> _sCode,
+                  ("message" .=) <$> _sMessage])
+
+-- | \`BasicLevel\` is an \`AccessLevel\` using a set of recommended
+-- features.
+--
+-- /See:/ 'basicLevel' smart constructor.
+data BasicLevel = BasicLevel'
+    { _blConditions        :: !(Maybe [Condition])
+    , _blCombiningFunction :: !(Maybe BasicLevelCombiningFunction)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'BasicLevel' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'blConditions'
+--
+-- * 'blCombiningFunction'
+basicLevel
+    :: BasicLevel
+basicLevel =
+    BasicLevel'
+    { _blConditions = Nothing
+    , _blCombiningFunction = Nothing
+    }
+
+-- | Required. A list of requirements for the \`AccessLevel\` to be granted.
+blConditions :: Lens' BasicLevel [Condition]
+blConditions
+  = lens _blConditions (\ s a -> s{_blConditions = a})
+      . _Default
+      . _Coerce
+
+-- | How the \`conditions\` list should be combined to determine if a request
+-- is granted this \`AccessLevel\`. If AND is used, each \`Condition\` in
+-- \`conditions\` must be satisfied for the \`AccessLevel\` to be applied.
+-- If OR is used, at least one \`Condition\` in \`conditions\` must be
+-- satisfied for the \`AccessLevel\` to be applied. Default behavior is
+-- AND.
+blCombiningFunction :: Lens' BasicLevel (Maybe BasicLevelCombiningFunction)
+blCombiningFunction
+  = lens _blCombiningFunction
+      (\ s a -> s{_blCombiningFunction = a})
+
+instance FromJSON BasicLevel where
+        parseJSON
+          = withObject "BasicLevel"
+              (\ o ->
+                 BasicLevel' <$>
+                   (o .:? "conditions" .!= mempty) <*>
+                     (o .:? "combiningFunction"))
+
+instance ToJSON BasicLevel where
+        toJSON BasicLevel'{..}
+          = object
+              (catMaybes
+                 [("conditions" .=) <$> _blConditions,
+                  ("combiningFunction" .=) <$> _blCombiningFunction])
+
+-- | An \`AccessLevel\` is a label that can be applied to requests to GCP
+-- services, along with a list of requirements necessary for the label to
+-- be applied.
+--
+-- /See:/ 'accessLevel' smart constructor.
+data AccessLevel = AccessLevel'
+    { _alBasic       :: !(Maybe BasicLevel)
+    , _alUpdateTime  :: !(Maybe DateTime')
+    , _alName        :: !(Maybe Text)
+    , _alTitle       :: !(Maybe Text)
+    , _alDescription :: !(Maybe Text)
+    , _alCreateTime  :: !(Maybe DateTime')
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessLevel' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'alBasic'
+--
+-- * 'alUpdateTime'
+--
+-- * 'alName'
+--
+-- * 'alTitle'
+--
+-- * 'alDescription'
+--
+-- * 'alCreateTime'
+accessLevel
+    :: AccessLevel
+accessLevel =
+    AccessLevel'
+    { _alBasic = Nothing
+    , _alUpdateTime = Nothing
+    , _alName = Nothing
+    , _alTitle = Nothing
+    , _alDescription = Nothing
+    , _alCreateTime = Nothing
+    }
+
+-- | A \`BasicLevel\` composed of \`Conditions\`.
+alBasic :: Lens' AccessLevel (Maybe BasicLevel)
+alBasic = lens _alBasic (\ s a -> s{_alBasic = a})
+
+-- | Output only. Time the \`AccessLevel\` was updated in UTC.
+alUpdateTime :: Lens' AccessLevel (Maybe UTCTime)
+alUpdateTime
+  = lens _alUpdateTime (\ s a -> s{_alUpdateTime = a})
+      . mapping _DateTime
+
+-- | Required. Resource name for the Access Level. The \`short_name\`
+-- component must begin with a letter and only include alphanumeric and
+-- \'_\'. Format:
+-- \`accessPolicies\/{policy_id}\/accessLevels\/{short_name}\`
+alName :: Lens' AccessLevel (Maybe Text)
+alName = lens _alName (\ s a -> s{_alName = a})
+
+-- | Human readable title. Must be unique within the Policy.
+alTitle :: Lens' AccessLevel (Maybe Text)
+alTitle = lens _alTitle (\ s a -> s{_alTitle = a})
+
+-- | Description of the \`AccessLevel\` and its use. Does not affect
+-- behavior.
+alDescription :: Lens' AccessLevel (Maybe Text)
+alDescription
+  = lens _alDescription
+      (\ s a -> s{_alDescription = a})
+
+-- | Output only. Time the \`AccessLevel\` was created in UTC.
+alCreateTime :: Lens' AccessLevel (Maybe UTCTime)
+alCreateTime
+  = lens _alCreateTime (\ s a -> s{_alCreateTime = a})
+      . mapping _DateTime
+
+instance FromJSON AccessLevel where
+        parseJSON
+          = withObject "AccessLevel"
+              (\ o ->
+                 AccessLevel' <$>
+                   (o .:? "basic") <*> (o .:? "updateTime") <*>
+                     (o .:? "name")
+                     <*> (o .:? "title")
+                     <*> (o .:? "description")
+                     <*> (o .:? "createTime"))
+
+instance ToJSON AccessLevel where
+        toJSON AccessLevel'{..}
+          = object
+              (catMaybes
+                 [("basic" .=) <$> _alBasic,
+                  ("updateTime" .=) <$> _alUpdateTime,
+                  ("name" .=) <$> _alName, ("title" .=) <$> _alTitle,
+                  ("description" .=) <$> _alDescription,
+                  ("createTime" .=) <$> _alCreateTime])
+
+-- | \`ServicePerimeterConfig\` specifies a set of GCP resources that
+-- describe specific Service Perimeter configuration.
+--
+-- /See:/ 'servicePerimeterConfig' smart constructor.
+data ServicePerimeterConfig = ServicePerimeterConfig'
+    { _spcUnrestrictedServices :: !(Maybe [Text])
+    , _spcResources            :: !(Maybe [Text])
+    , _spcRestrictedServices   :: !(Maybe [Text])
+    , _spcAccessLevels         :: !(Maybe [Text])
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ServicePerimeterConfig' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'spcUnrestrictedServices'
+--
+-- * 'spcResources'
+--
+-- * 'spcRestrictedServices'
+--
+-- * 'spcAccessLevels'
+servicePerimeterConfig
+    :: ServicePerimeterConfig
+servicePerimeterConfig =
+    ServicePerimeterConfig'
+    { _spcUnrestrictedServices = Nothing
+    , _spcResources = Nothing
+    , _spcRestrictedServices = Nothing
+    , _spcAccessLevels = Nothing
+    }
+
+-- | GCP services that are not subject to the Service Perimeter restrictions.
+-- May contain a list of services or a single wildcard \"*\". For example,
+-- if \`logging.googleapis.com\` is unrestricted, users can access logs
+-- inside the perimeter as if the perimeter doesn\'t exist, and it also
+-- means VMs inside the perimeter can access logs outside the perimeter.
+-- The wildcard means that unless explicitly specified by
+-- \"restricted_services\" list, any service is treated as unrestricted.
+-- One of the fields \"restricted_services\", \"unrestricted_services\"
+-- must contain a wildcard \"*\", otherwise the Service Perimeter
+-- specification is invalid. It also means that both field being empty is
+-- invalid as well. \"unrestricted_services\" can be empty if and only if
+-- \"restricted_services\" list contains a \"*\" wildcard.
+spcUnrestrictedServices :: Lens' ServicePerimeterConfig [Text]
+spcUnrestrictedServices
+  = lens _spcUnrestrictedServices
+      (\ s a -> s{_spcUnrestrictedServices = a})
+      . _Default
+      . _Coerce
+
+-- | A list of GCP resources that are inside of the service perimeter.
+-- Currently only projects are allowed. Format:
+-- \`projects\/{project_number}\`
+spcResources :: Lens' ServicePerimeterConfig [Text]
+spcResources
+  = lens _spcResources (\ s a -> s{_spcResources = a})
+      . _Default
+      . _Coerce
+
+-- | GCP services that are subject to the Service Perimeter restrictions. May
+-- contain a list of services or a single wildcard \"*\". For example, if
+-- \`storage.googleapis.com\` is specified, access to the storage buckets
+-- inside the perimeter must meet the perimeter\'s access restrictions.
+-- Wildcard means that unless explicitly specified by
+-- \"unrestricted_services\" list, any service is treated as restricted.
+-- One of the fields \"restricted_services\", \"unrestricted_services\"
+-- must contain a wildcard \"*\", otherwise the Service Perimeter
+-- specification is invalid. It also means that both field being empty is
+-- invalid as well. \"restricted_services\" can be empty if and only if
+-- \"unrestricted_services\" list contains a \"*\" wildcard.
+spcRestrictedServices :: Lens' ServicePerimeterConfig [Text]
+spcRestrictedServices
+  = lens _spcRestrictedServices
+      (\ s a -> s{_spcRestrictedServices = a})
+      . _Default
+      . _Coerce
+
+-- | A list of \`AccessLevel\` resource names that allow resources within the
+-- \`ServicePerimeter\` to be accessed from the internet. \`AccessLevels\`
+-- listed must be in the same policy as this \`ServicePerimeter\`.
+-- Referencing a nonexistent \`AccessLevel\` is a syntax error. If no
+-- \`AccessLevel\` names are listed, resources within the perimeter can
+-- only be accessed via GCP calls with request origins within the
+-- perimeter. Example:
+-- \`\"accessPolicies\/MY_POLICY\/accessLevels\/MY_LEVEL\"\`. For Service
+-- Perimeter Bridge, must be empty.
+spcAccessLevels :: Lens' ServicePerimeterConfig [Text]
+spcAccessLevels
+  = lens _spcAccessLevels
+      (\ s a -> s{_spcAccessLevels = a})
+      . _Default
+      . _Coerce
+
+instance FromJSON ServicePerimeterConfig where
+        parseJSON
+          = withObject "ServicePerimeterConfig"
+              (\ o ->
+                 ServicePerimeterConfig' <$>
+                   (o .:? "unrestrictedServices" .!= mempty) <*>
+                     (o .:? "resources" .!= mempty)
+                     <*> (o .:? "restrictedServices" .!= mempty)
+                     <*> (o .:? "accessLevels" .!= mempty))
+
+instance ToJSON ServicePerimeterConfig where
+        toJSON ServicePerimeterConfig'{..}
+          = object
+              (catMaybes
+                 [("unrestrictedServices" .=) <$>
+                    _spcUnrestrictedServices,
+                  ("resources" .=) <$> _spcResources,
+                  ("restrictedServices" .=) <$> _spcRestrictedServices,
+                  ("accessLevels" .=) <$> _spcAccessLevels])
+
+-- | This resource represents a long-running operation that is the result of
+-- a network API call.
+--
+-- /See:/ 'operation' smart constructor.
+data Operation = Operation'
+    { _oDone     :: !(Maybe Bool)
+    , _oError    :: !(Maybe Status)
+    , _oResponse :: !(Maybe OperationResponse)
+    , _oName     :: !(Maybe Text)
+    , _oMetadata :: !(Maybe OperationMetadata)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'Operation' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'oDone'
+--
+-- * 'oError'
+--
+-- * 'oResponse'
+--
+-- * 'oName'
+--
+-- * 'oMetadata'
+operation
+    :: Operation
+operation =
+    Operation'
+    { _oDone = Nothing
+    , _oError = Nothing
+    , _oResponse = Nothing
+    , _oName = Nothing
+    , _oMetadata = Nothing
+    }
+
+-- | If the value is \`false\`, it means the operation is still in progress.
+-- If \`true\`, the operation is completed, and either \`error\` or
+-- \`response\` is available.
+oDone :: Lens' Operation (Maybe Bool)
+oDone = lens _oDone (\ s a -> s{_oDone = a})
+
+-- | The error result of the operation in case of failure or cancellation.
+oError :: Lens' Operation (Maybe Status)
+oError = lens _oError (\ s a -> s{_oError = a})
+
+-- | The normal response of the operation in case of success. If the original
+-- method returns no data on success, such as \`Delete\`, the response is
+-- \`google.protobuf.Empty\`. If the original method is standard
+-- \`Get\`\/\`Create\`\/\`Update\`, the response should be the resource.
+-- For other methods, the response should have the type \`XxxResponse\`,
+-- where \`Xxx\` is the original method name. For example, if the original
+-- method name is \`TakeSnapshot()\`, the inferred response type is
+-- \`TakeSnapshotResponse\`.
+oResponse :: Lens' Operation (Maybe OperationResponse)
+oResponse
+  = lens _oResponse (\ s a -> s{_oResponse = a})
+
+-- | The server-assigned name, which is only unique within the same service
+-- that originally returns it. If you use the default HTTP mapping, the
+-- \`name\` should have the format of \`operations\/some\/unique\/name\`.
+oName :: Lens' Operation (Maybe Text)
+oName = lens _oName (\ s a -> s{_oName = a})
+
+-- | Service-specific metadata associated with the operation. It typically
+-- contains progress information and common metadata such as create time.
+-- Some services might not provide such metadata. Any method that returns a
+-- long-running operation should document the metadata type, if any.
+oMetadata :: Lens' Operation (Maybe OperationMetadata)
+oMetadata
+  = lens _oMetadata (\ s a -> s{_oMetadata = a})
+
+instance FromJSON Operation where
+        parseJSON
+          = withObject "Operation"
+              (\ o ->
+                 Operation' <$>
+                   (o .:? "done") <*> (o .:? "error") <*>
+                     (o .:? "response")
+                     <*> (o .:? "name")
+                     <*> (o .:? "metadata"))
+
+instance ToJSON Operation where
+        toJSON Operation'{..}
+          = object
+              (catMaybes
+                 [("done" .=) <$> _oDone, ("error" .=) <$> _oError,
+                  ("response" .=) <$> _oResponse,
+                  ("name" .=) <$> _oName,
+                  ("metadata" .=) <$> _oMetadata])
+
+-- | \`ServicePerimeter\` describes a set of GCP resources which can freely
+-- import and export data amongst themselves, but not export outside of the
+-- \`ServicePerimeter\`. If a request with a source within this
+-- \`ServicePerimeter\` has a target outside of the \`ServicePerimeter\`,
+-- the request will be blocked. Otherwise the request is allowed. There are
+-- two types of Service Perimeter - Regular and Bridge. Regular Service
+-- Perimeters cannot overlap, a single GCP project can only belong to a
+-- single regular Service Perimeter. Service Perimeter Bridges can contain
+-- only GCP projects as members, a single GCP project may belong to
+-- multiple Service Perimeter Bridges.
+--
+-- /See:/ 'servicePerimeter' smart constructor.
+data ServicePerimeter = ServicePerimeter'
+    { _spStatus        :: !(Maybe ServicePerimeterConfig)
+    , _spPerimeterType :: !(Maybe ServicePerimeterPerimeterType)
+    , _spUpdateTime    :: !(Maybe DateTime')
+    , _spName          :: !(Maybe Text)
+    , _spTitle         :: !(Maybe Text)
+    , _spDescription   :: !(Maybe Text)
+    , _spCreateTime    :: !(Maybe DateTime')
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ServicePerimeter' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'spStatus'
+--
+-- * 'spPerimeterType'
+--
+-- * 'spUpdateTime'
+--
+-- * 'spName'
+--
+-- * 'spTitle'
+--
+-- * 'spDescription'
+--
+-- * 'spCreateTime'
+servicePerimeter
+    :: ServicePerimeter
+servicePerimeter =
+    ServicePerimeter'
+    { _spStatus = Nothing
+    , _spPerimeterType = Nothing
+    , _spUpdateTime = Nothing
+    , _spName = Nothing
+    , _spTitle = Nothing
+    , _spDescription = Nothing
+    , _spCreateTime = Nothing
+    }
+
+-- | Current ServicePerimeter configuration. Specifies sets of resources,
+-- restricted\/unrestricted services and access levels that determine
+-- perimeter content and boundaries.
+spStatus :: Lens' ServicePerimeter (Maybe ServicePerimeterConfig)
+spStatus = lens _spStatus (\ s a -> s{_spStatus = a})
+
+-- | Perimeter type indicator. A single project is allowed to be a member of
+-- single regular perimeter, but multiple service perimeter bridges. A
+-- project cannot be a included in a perimeter bridge without being
+-- included in regular perimeter. For perimeter bridges,
+-- restricted\/unrestricted service lists as well as access lists must be
+-- empty.
+spPerimeterType :: Lens' ServicePerimeter (Maybe ServicePerimeterPerimeterType)
+spPerimeterType
+  = lens _spPerimeterType
+      (\ s a -> s{_spPerimeterType = a})
+
+-- | Output only. Time the \`ServicePerimeter\` was updated in UTC.
+spUpdateTime :: Lens' ServicePerimeter (Maybe UTCTime)
+spUpdateTime
+  = lens _spUpdateTime (\ s a -> s{_spUpdateTime = a})
+      . mapping _DateTime
+
+-- | Required. Resource name for the ServicePerimeter. The \`short_name\`
+-- component must begin with a letter and only include alphanumeric and
+-- \'_\'. Format:
+-- \`accessPolicies\/{policy_id}\/servicePerimeters\/{short_name}\`
+spName :: Lens' ServicePerimeter (Maybe Text)
+spName = lens _spName (\ s a -> s{_spName = a})
+
+-- | Human readable title. Must be unique within the Policy.
+spTitle :: Lens' ServicePerimeter (Maybe Text)
+spTitle = lens _spTitle (\ s a -> s{_spTitle = a})
+
+-- | Description of the \`ServicePerimeter\` and its use. Does not affect
+-- behavior.
+spDescription :: Lens' ServicePerimeter (Maybe Text)
+spDescription
+  = lens _spDescription
+      (\ s a -> s{_spDescription = a})
+
+-- | Output only. Time the \`ServicePerimeter\` was created in UTC.
+spCreateTime :: Lens' ServicePerimeter (Maybe UTCTime)
+spCreateTime
+  = lens _spCreateTime (\ s a -> s{_spCreateTime = a})
+      . mapping _DateTime
+
+instance FromJSON ServicePerimeter where
+        parseJSON
+          = withObject "ServicePerimeter"
+              (\ o ->
+                 ServicePerimeter' <$>
+                   (o .:? "status") <*> (o .:? "perimeterType") <*>
+                     (o .:? "updateTime")
+                     <*> (o .:? "name")
+                     <*> (o .:? "title")
+                     <*> (o .:? "description")
+                     <*> (o .:? "createTime"))
+
+instance ToJSON ServicePerimeter where
+        toJSON ServicePerimeter'{..}
+          = object
+              (catMaybes
+                 [("status" .=) <$> _spStatus,
+                  ("perimeterType" .=) <$> _spPerimeterType,
+                  ("updateTime" .=) <$> _spUpdateTime,
+                  ("name" .=) <$> _spName, ("title" .=) <$> _spTitle,
+                  ("description" .=) <$> _spDescription,
+                  ("createTime" .=) <$> _spCreateTime])
+
+-- | A response to \`ListAccessPoliciesRequest\`.
+--
+-- /See:/ 'listAccessPoliciesResponse' smart constructor.
+data ListAccessPoliciesResponse = ListAccessPoliciesResponse'
+    { _laprNextPageToken  :: !(Maybe Text)
+    , _laprAccessPolicies :: !(Maybe [AccessPolicy])
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ListAccessPoliciesResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'laprNextPageToken'
+--
+-- * 'laprAccessPolicies'
+listAccessPoliciesResponse
+    :: ListAccessPoliciesResponse
+listAccessPoliciesResponse =
+    ListAccessPoliciesResponse'
+    { _laprNextPageToken = Nothing
+    , _laprAccessPolicies = Nothing
+    }
+
+-- | The pagination token to retrieve the next page of results. If the value
+-- is empty, no further results remain.
+laprNextPageToken :: Lens' ListAccessPoliciesResponse (Maybe Text)
+laprNextPageToken
+  = lens _laprNextPageToken
+      (\ s a -> s{_laprNextPageToken = a})
+
+-- | List of the AccessPolicy instances.
+laprAccessPolicies :: Lens' ListAccessPoliciesResponse [AccessPolicy]
+laprAccessPolicies
+  = lens _laprAccessPolicies
+      (\ s a -> s{_laprAccessPolicies = a})
+      . _Default
+      . _Coerce
+
+instance FromJSON ListAccessPoliciesResponse where
+        parseJSON
+          = withObject "ListAccessPoliciesResponse"
+              (\ o ->
+                 ListAccessPoliciesResponse' <$>
+                   (o .:? "nextPageToken") <*>
+                     (o .:? "accessPolicies" .!= mempty))
+
+instance ToJSON ListAccessPoliciesResponse where
+        toJSON ListAccessPoliciesResponse'{..}
+          = object
+              (catMaybes
+                 [("nextPageToken" .=) <$> _laprNextPageToken,
+                  ("accessPolicies" .=) <$> _laprAccessPolicies])
+
+--
+-- /See:/ 'statusDetailsItem' smart constructor.
+newtype StatusDetailsItem = StatusDetailsItem'
+    { _sdiAddtional :: HashMap Text JSONValue
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'StatusDetailsItem' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'sdiAddtional'
+statusDetailsItem
+    :: HashMap Text JSONValue -- ^ 'sdiAddtional'
+    -> StatusDetailsItem
+statusDetailsItem pSdiAddtional_ =
+    StatusDetailsItem'
+    { _sdiAddtional = _Coerce # pSdiAddtional_
+    }
+
+-- | Properties of the object. Contains field \'type with type URL.
+sdiAddtional :: Lens' StatusDetailsItem (HashMap Text JSONValue)
+sdiAddtional
+  = lens _sdiAddtional (\ s a -> s{_sdiAddtional = a})
+      . _Coerce
+
+instance FromJSON StatusDetailsItem where
+        parseJSON
+          = withObject "StatusDetailsItem"
+              (\ o -> StatusDetailsItem' <$> (parseJSONObject o))
+
+instance ToJSON StatusDetailsItem where
+        toJSON = toJSON . _sdiAddtional
+
+-- | A restriction on the OS type and version of devices making requests.
+--
+-- /See:/ 'osConstraint' smart constructor.
+data OSConstraint = OSConstraint'
+    { _ocOSType         :: !(Maybe OSConstraintOSType)
+    , _ocMinimumVersion :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'OSConstraint' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'ocOSType'
+--
+-- * 'ocMinimumVersion'
+osConstraint
+    :: OSConstraint
+osConstraint =
+    OSConstraint'
+    { _ocOSType = Nothing
+    , _ocMinimumVersion = Nothing
+    }
+
+-- | Required. The allowed OS type.
+ocOSType :: Lens' OSConstraint (Maybe OSConstraintOSType)
+ocOSType = lens _ocOSType (\ s a -> s{_ocOSType = a})
+
+-- | The minimum allowed OS version. If not set, any version of this OS
+-- satisfies the constraint. Format: \`\"major.minor.patch\"\`. Examples:
+-- \`\"10.5.301\"\`, \`\"9.2.1\"\`.
+ocMinimumVersion :: Lens' OSConstraint (Maybe Text)
+ocMinimumVersion
+  = lens _ocMinimumVersion
+      (\ s a -> s{_ocMinimumVersion = a})
+
+instance FromJSON OSConstraint where
+        parseJSON
+          = withObject "OSConstraint"
+              (\ o ->
+                 OSConstraint' <$>
+                   (o .:? "osType") <*> (o .:? "minimumVersion"))
+
+instance ToJSON OSConstraint where
+        toJSON OSConstraint'{..}
+          = object
+              (catMaybes
+                 [("osType" .=) <$> _ocOSType,
+                  ("minimumVersion" .=) <$> _ocMinimumVersion])
+
+-- | \`AccessPolicy\` is a container for \`AccessLevels\` (which define the
+-- necessary attributes to use GCP services) and \`ServicePerimeters\`
+-- (which define regions of services able to freely pass data within a
+-- perimeter). An access policy is globally visible within an organization,
+-- and the restrictions it specifies apply to all projects within an
+-- organization.
+--
+-- /See:/ 'accessPolicy' smart constructor.
+data AccessPolicy = AccessPolicy'
+    { _apParent     :: !(Maybe Text)
+    , _apUpdateTime :: !(Maybe DateTime')
+    , _apName       :: !(Maybe Text)
+    , _apTitle      :: !(Maybe Text)
+    , _apCreateTime :: !(Maybe DateTime')
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPolicy' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'apParent'
+--
+-- * 'apUpdateTime'
+--
+-- * 'apName'
+--
+-- * 'apTitle'
+--
+-- * 'apCreateTime'
+accessPolicy
+    :: AccessPolicy
+accessPolicy =
+    AccessPolicy'
+    { _apParent = Nothing
+    , _apUpdateTime = Nothing
+    , _apName = Nothing
+    , _apTitle = Nothing
+    , _apCreateTime = Nothing
+    }
+
+-- | Required. The parent of this \`AccessPolicy\` in the Cloud Resource
+-- Hierarchy. Currently immutable once created. Format:
+-- \`organizations\/{organization_id}\`
+apParent :: Lens' AccessPolicy (Maybe Text)
+apParent = lens _apParent (\ s a -> s{_apParent = a})
+
+-- | Output only. Time the \`AccessPolicy\` was updated in UTC.
+apUpdateTime :: Lens' AccessPolicy (Maybe UTCTime)
+apUpdateTime
+  = lens _apUpdateTime (\ s a -> s{_apUpdateTime = a})
+      . mapping _DateTime
+
+-- | Output only. Resource name of the \`AccessPolicy\`. Format:
+-- \`accessPolicies\/{policy_id}\`
+apName :: Lens' AccessPolicy (Maybe Text)
+apName = lens _apName (\ s a -> s{_apName = a})
+
+-- | Required. Human readable title. Does not affect behavior.
+apTitle :: Lens' AccessPolicy (Maybe Text)
+apTitle = lens _apTitle (\ s a -> s{_apTitle = a})
+
+-- | Output only. Time the \`AccessPolicy\` was created in UTC.
+apCreateTime :: Lens' AccessPolicy (Maybe UTCTime)
+apCreateTime
+  = lens _apCreateTime (\ s a -> s{_apCreateTime = a})
+      . mapping _DateTime
+
+instance FromJSON AccessPolicy where
+        parseJSON
+          = withObject "AccessPolicy"
+              (\ o ->
+                 AccessPolicy' <$>
+                   (o .:? "parent") <*> (o .:? "updateTime") <*>
+                     (o .:? "name")
+                     <*> (o .:? "title")
+                     <*> (o .:? "createTime"))
+
+instance ToJSON AccessPolicy where
+        toJSON AccessPolicy'{..}
+          = object
+              (catMaybes
+                 [("parent" .=) <$> _apParent,
+                  ("updateTime" .=) <$> _apUpdateTime,
+                  ("name" .=) <$> _apName, ("title" .=) <$> _apTitle,
+                  ("createTime" .=) <$> _apCreateTime])
+
+-- | A response to \`ListServicePerimetersRequest\`.
+--
+-- /See:/ 'listServicePerimetersResponse' smart constructor.
+data ListServicePerimetersResponse = ListServicePerimetersResponse'
+    { _lsprNextPageToken     :: !(Maybe Text)
+    , _lsprServicePerimeters :: !(Maybe [ServicePerimeter])
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ListServicePerimetersResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'lsprNextPageToken'
+--
+-- * 'lsprServicePerimeters'
+listServicePerimetersResponse
+    :: ListServicePerimetersResponse
+listServicePerimetersResponse =
+    ListServicePerimetersResponse'
+    { _lsprNextPageToken = Nothing
+    , _lsprServicePerimeters = Nothing
+    }
+
+-- | The pagination token to retrieve the next page of results. If the value
+-- is empty, no further results remain.
+lsprNextPageToken :: Lens' ListServicePerimetersResponse (Maybe Text)
+lsprNextPageToken
+  = lens _lsprNextPageToken
+      (\ s a -> s{_lsprNextPageToken = a})
+
+-- | List of the Service Perimeter instances.
+lsprServicePerimeters :: Lens' ListServicePerimetersResponse [ServicePerimeter]
+lsprServicePerimeters
+  = lens _lsprServicePerimeters
+      (\ s a -> s{_lsprServicePerimeters = a})
+      . _Default
+      . _Coerce
+
+instance FromJSON ListServicePerimetersResponse where
+        parseJSON
+          = withObject "ListServicePerimetersResponse"
+              (\ o ->
+                 ListServicePerimetersResponse' <$>
+                   (o .:? "nextPageToken") <*>
+                     (o .:? "servicePerimeters" .!= mempty))
+
+instance ToJSON ListServicePerimetersResponse where
+        toJSON ListServicePerimetersResponse'{..}
+          = object
+              (catMaybes
+                 [("nextPageToken" .=) <$> _lsprNextPageToken,
+                  ("servicePerimeters" .=) <$> _lsprServicePerimeters])
+
+-- | A response to \`ListAccessLevelsRequest\`.
+--
+-- /See:/ 'listAccessLevelsResponse' smart constructor.
+data ListAccessLevelsResponse = ListAccessLevelsResponse'
+    { _lalrNextPageToken :: !(Maybe Text)
+    , _lalrAccessLevels  :: !(Maybe [AccessLevel])
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ListAccessLevelsResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'lalrNextPageToken'
+--
+-- * 'lalrAccessLevels'
+listAccessLevelsResponse
+    :: ListAccessLevelsResponse
+listAccessLevelsResponse =
+    ListAccessLevelsResponse'
+    { _lalrNextPageToken = Nothing
+    , _lalrAccessLevels = Nothing
+    }
+
+-- | The pagination token to retrieve the next page of results. If the value
+-- is empty, no further results remain.
+lalrNextPageToken :: Lens' ListAccessLevelsResponse (Maybe Text)
+lalrNextPageToken
+  = lens _lalrNextPageToken
+      (\ s a -> s{_lalrNextPageToken = a})
+
+-- | List of the Access Level instances.
+lalrAccessLevels :: Lens' ListAccessLevelsResponse [AccessLevel]
+lalrAccessLevels
+  = lens _lalrAccessLevels
+      (\ s a -> s{_lalrAccessLevels = a})
+      . _Default
+      . _Coerce
+
+instance FromJSON ListAccessLevelsResponse where
+        parseJSON
+          = withObject "ListAccessLevelsResponse"
+              (\ o ->
+                 ListAccessLevelsResponse' <$>
+                   (o .:? "nextPageToken") <*>
+                     (o .:? "accessLevels" .!= mempty))
+
+instance ToJSON ListAccessLevelsResponse where
+        toJSON ListAccessLevelsResponse'{..}
+          = object
+              (catMaybes
+                 [("nextPageToken" .=) <$> _lalrNextPageToken,
+                  ("accessLevels" .=) <$> _lalrAccessLevels])
+
+-- | Service-specific metadata associated with the operation. It typically
+-- contains progress information and common metadata such as create time.
+-- Some services might not provide such metadata. Any method that returns a
+-- long-running operation should document the metadata type, if any.
+--
+-- /See:/ 'operationMetadata' smart constructor.
+newtype OperationMetadata = OperationMetadata'
+    { _omAddtional :: HashMap Text JSONValue
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'OperationMetadata' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'omAddtional'
+operationMetadata
+    :: HashMap Text JSONValue -- ^ 'omAddtional'
+    -> OperationMetadata
+operationMetadata pOmAddtional_ =
+    OperationMetadata'
+    { _omAddtional = _Coerce # pOmAddtional_
+    }
+
+-- | Properties of the object. Contains field \'type with type URL.
+omAddtional :: Lens' OperationMetadata (HashMap Text JSONValue)
+omAddtional
+  = lens _omAddtional (\ s a -> s{_omAddtional = a}) .
+      _Coerce
+
+instance FromJSON OperationMetadata where
+        parseJSON
+          = withObject "OperationMetadata"
+              (\ o -> OperationMetadata' <$> (parseJSONObject o))
+
+instance ToJSON OperationMetadata where
+        toJSON = toJSON . _omAddtional
+
+-- | \`DevicePolicy\` specifies device specific restrictions necessary to
+-- acquire a given access level. A \`DevicePolicy\` specifies requirements
+-- for requests from devices to be granted access levels, it does not do
+-- any enforcement on the device. \`DevicePolicy\` acts as an AND over all
+-- specified fields, and each repeated field is an OR over its elements.
+-- Any unset fields are ignored. For example, if the proto is { os_type :
+-- DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status: ENCRYPTED},
+-- then the DevicePolicy will be true for requests originating from
+-- encrypted Linux desktops and encrypted Windows desktops.
+--
+-- /See:/ 'devicePolicy' smart constructor.
+data DevicePolicy = DevicePolicy'
+    { _dpOSConstraints                 :: !(Maybe [OSConstraint])
+    , _dpRequireScreenlock             :: !(Maybe Bool)
+    , _dpAllowedEncryptionStatuses     :: !(Maybe [Text])
+    , _dpAllowedDeviceManagementLevels :: !(Maybe [Text])
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'DevicePolicy' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'dpOSConstraints'
+--
+-- * 'dpRequireScreenlock'
+--
+-- * 'dpAllowedEncryptionStatuses'
+--
+-- * 'dpAllowedDeviceManagementLevels'
+devicePolicy
+    :: DevicePolicy
+devicePolicy =
+    DevicePolicy'
+    { _dpOSConstraints = Nothing
+    , _dpRequireScreenlock = Nothing
+    , _dpAllowedEncryptionStatuses = Nothing
+    , _dpAllowedDeviceManagementLevels = Nothing
+    }
+
+-- | Allowed OS versions, an empty list allows all types and all versions.
+dpOSConstraints :: Lens' DevicePolicy [OSConstraint]
+dpOSConstraints
+  = lens _dpOSConstraints
+      (\ s a -> s{_dpOSConstraints = a})
+      . _Default
+      . _Coerce
+
+-- | Whether or not screenlock is required for the DevicePolicy to be true.
+-- Defaults to \`false\`.
+dpRequireScreenlock :: Lens' DevicePolicy (Maybe Bool)
+dpRequireScreenlock
+  = lens _dpRequireScreenlock
+      (\ s a -> s{_dpRequireScreenlock = a})
+
+-- | Allowed encryptions statuses, an empty list allows all statuses.
+dpAllowedEncryptionStatuses :: Lens' DevicePolicy [Text]
+dpAllowedEncryptionStatuses
+  = lens _dpAllowedEncryptionStatuses
+      (\ s a -> s{_dpAllowedEncryptionStatuses = a})
+      . _Default
+      . _Coerce
+
+-- | Allowed device management levels, an empty list allows all management
+-- levels.
+dpAllowedDeviceManagementLevels :: Lens' DevicePolicy [Text]
+dpAllowedDeviceManagementLevels
+  = lens _dpAllowedDeviceManagementLevels
+      (\ s a -> s{_dpAllowedDeviceManagementLevels = a})
+      . _Default
+      . _Coerce
+
+instance FromJSON DevicePolicy where
+        parseJSON
+          = withObject "DevicePolicy"
+              (\ o ->
+                 DevicePolicy' <$>
+                   (o .:? "osConstraints" .!= mempty) <*>
+                     (o .:? "requireScreenlock")
+                     <*> (o .:? "allowedEncryptionStatuses" .!= mempty)
+                     <*>
+                     (o .:? "allowedDeviceManagementLevels" .!= mempty))
+
+instance ToJSON DevicePolicy where
+        toJSON DevicePolicy'{..}
+          = object
+              (catMaybes
+                 [("osConstraints" .=) <$> _dpOSConstraints,
+                  ("requireScreenlock" .=) <$> _dpRequireScreenlock,
+                  ("allowedEncryptionStatuses" .=) <$>
+                    _dpAllowedEncryptionStatuses,
+                  ("allowedDeviceManagementLevels" .=) <$>
+                    _dpAllowedDeviceManagementLevels])
+
+-- | A condition necessary for an \`AccessLevel\` to be granted. The
+-- Condition is an AND over its fields. So a Condition is true if: 1) the
+-- request IP is from one of the listed subnetworks AND 2) the originating
+-- device complies with the listed device policy AND 3) all listed access
+-- levels are granted AND 4) the request was sent at a time allowed by the
+-- DateTimeRestriction.
+--
+-- /See:/ 'condition' smart constructor.
+data Condition = Condition'
+    { _cMembers              :: !(Maybe [Text])
+    , _cNegate               :: !(Maybe Bool)
+    , _cIPSubnetworks        :: !(Maybe [Text])
+    , _cDevicePolicy         :: !(Maybe DevicePolicy)
+    , _cRequiredAccessLevels :: !(Maybe [Text])
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'Condition' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'cMembers'
+--
+-- * 'cNegate'
+--
+-- * 'cIPSubnetworks'
+--
+-- * 'cDevicePolicy'
+--
+-- * 'cRequiredAccessLevels'
+condition
+    :: Condition
+condition =
+    Condition'
+    { _cMembers = Nothing
+    , _cNegate = Nothing
+    , _cIPSubnetworks = Nothing
+    , _cDevicePolicy = Nothing
+    , _cRequiredAccessLevels = Nothing
+    }
+
+-- | The signed-in user originating the request must be a part of one of the
+-- provided members. Syntax: \`user:{emailid}\` \`group:{emailid}\`
+-- \`serviceAccount:{emailid}\` If not specified, a request may come from
+-- any user (logged in\/not logged in, not present in any groups, etc.).
+cMembers :: Lens' Condition [Text]
+cMembers
+  = lens _cMembers (\ s a -> s{_cMembers = a}) .
+      _Default
+      . _Coerce
+
+-- | Whether to negate the Condition. If true, the Condition becomes a NAND
+-- over its non-empty fields, each field must be false for the Condition
+-- overall to be satisfied. Defaults to false.
+cNegate :: Lens' Condition (Maybe Bool)
+cNegate = lens _cNegate (\ s a -> s{_cNegate = a})
+
+-- | CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that
+-- for a CIDR IP address block, the specified IP address portion must be
+-- properly truncated (i.e. all the host bits must be zero) or the input is
+-- considered malformed. For example, \"192.0.2.0\/24\" is accepted but
+-- \"192.0.2.1\/24\" is not. Similarly, for IPv6, \"2001:db8::\/32\" is
+-- accepted whereas \"2001:db8::1\/32\" is not. The originating IP of a
+-- request must be in one of the listed subnets in order for this Condition
+-- to be true. If empty, all IP addresses are allowed.
+cIPSubnetworks :: Lens' Condition [Text]
+cIPSubnetworks
+  = lens _cIPSubnetworks
+      (\ s a -> s{_cIPSubnetworks = a})
+      . _Default
+      . _Coerce
+
+-- | Device specific restrictions, all restrictions must hold for the
+-- Condition to be true. If not specified, all devices are allowed.
+cDevicePolicy :: Lens' Condition (Maybe DevicePolicy)
+cDevicePolicy
+  = lens _cDevicePolicy
+      (\ s a -> s{_cDevicePolicy = a})
+
+-- | A list of other access levels defined in the same \`Policy\`, referenced
+-- by resource name. Referencing an \`AccessLevel\` which does not exist is
+-- an error. All access levels listed must be granted for the Condition to
+-- be true. Example:
+-- \"\`accessPolicies\/MY_POLICY\/accessLevels\/LEVEL_NAME\"\`
+cRequiredAccessLevels :: Lens' Condition [Text]
+cRequiredAccessLevels
+  = lens _cRequiredAccessLevels
+      (\ s a -> s{_cRequiredAccessLevels = a})
+      . _Default
+      . _Coerce
+
+instance FromJSON Condition where
+        parseJSON
+          = withObject "Condition"
+              (\ o ->
+                 Condition' <$>
+                   (o .:? "members" .!= mempty) <*> (o .:? "negate") <*>
+                     (o .:? "ipSubnetworks" .!= mempty)
+                     <*> (o .:? "devicePolicy")
+                     <*> (o .:? "requiredAccessLevels" .!= mempty))
+
+instance ToJSON Condition where
+        toJSON Condition'{..}
+          = object
+              (catMaybes
+                 [("members" .=) <$> _cMembers,
+                  ("negate" .=) <$> _cNegate,
+                  ("ipSubnetworks" .=) <$> _cIPSubnetworks,
+                  ("devicePolicy" .=) <$> _cDevicePolicy,
+                  ("requiredAccessLevels" .=) <$>
+                    _cRequiredAccessLevels])
+
+-- | The normal response of the operation in case of success. If the original
+-- method returns no data on success, such as \`Delete\`, the response is
+-- \`google.protobuf.Empty\`. If the original method is standard
+-- \`Get\`\/\`Create\`\/\`Update\`, the response should be the resource.
+-- For other methods, the response should have the type \`XxxResponse\`,
+-- where \`Xxx\` is the original method name. For example, if the original
+-- method name is \`TakeSnapshot()\`, the inferred response type is
+-- \`TakeSnapshotResponse\`.
+--
+-- /See:/ 'operationResponse' smart constructor.
+newtype OperationResponse = OperationResponse'
+    { _orAddtional :: HashMap Text JSONValue
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'OperationResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'orAddtional'
+operationResponse
+    :: HashMap Text JSONValue -- ^ 'orAddtional'
+    -> OperationResponse
+operationResponse pOrAddtional_ =
+    OperationResponse'
+    { _orAddtional = _Coerce # pOrAddtional_
+    }
+
+-- | Properties of the object. Contains field \'type with type URL.
+orAddtional :: Lens' OperationResponse (HashMap Text JSONValue)
+orAddtional
+  = lens _orAddtional (\ s a -> s{_orAddtional = a}) .
+      _Coerce
+
+instance FromJSON OperationResponse where
+        parseJSON
+          = withObject "OperationResponse"
+              (\ o -> OperationResponse' <$> (parseJSONObject o))
+
+instance ToJSON OperationResponse where
+        toJSON = toJSON . _orAddtional
diff --git a/gen/Network/Google/AccessContextManager/Types/Sum.hs b/gen/Network/Google/AccessContextManager/Types/Sum.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/AccessContextManager/Types/Sum.hs
@@ -0,0 +1,170 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE LambdaCase         #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Network.Google.AccessContextManager.Types.Sum
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+module Network.Google.AccessContextManager.Types.Sum where
+
+import           Network.Google.Prelude hiding (Bytes)
+
+-- | How the \`conditions\` list should be combined to determine if a request
+-- is granted this \`AccessLevel\`. If AND is used, each \`Condition\` in
+-- \`conditions\` must be satisfied for the \`AccessLevel\` to be applied.
+-- If OR is used, at least one \`Condition\` in \`conditions\` must be
+-- satisfied for the \`AccessLevel\` to be applied. Default behavior is
+-- AND.
+data BasicLevelCombiningFunction
+    = And
+      -- ^ @AND@
+      -- All \`Conditions\` must be true for the \`BasicLevel\` to be true.
+    | OR
+      -- ^ @OR@
+      -- If at least one \`Condition\` is true, then the \`BasicLevel\` is true.
+      deriving (Eq, Ord, Enum, Read, Show, Data, Typeable, Generic)
+
+instance Hashable BasicLevelCombiningFunction
+
+instance FromHttpApiData BasicLevelCombiningFunction where
+    parseQueryParam = \case
+        "AND" -> Right And
+        "OR" -> Right OR
+        x -> Left ("Unable to parse BasicLevelCombiningFunction from: " <> x)
+
+instance ToHttpApiData BasicLevelCombiningFunction where
+    toQueryParam = \case
+        And -> "AND"
+        OR -> "OR"
+
+instance FromJSON BasicLevelCombiningFunction where
+    parseJSON = parseJSONText "BasicLevelCombiningFunction"
+
+instance ToJSON BasicLevelCombiningFunction where
+    toJSON = toJSONText
+
+-- | Perimeter type indicator. A single project is allowed to be a member of
+-- single regular perimeter, but multiple service perimeter bridges. A
+-- project cannot be a included in a perimeter bridge without being
+-- included in regular perimeter. For perimeter bridges,
+-- restricted\/unrestricted service lists as well as access lists must be
+-- empty.
+data ServicePerimeterPerimeterType
+    = PerimeterTypeRegular
+      -- ^ @PERIMETER_TYPE_REGULAR@
+      -- Regular Perimeter.
+    | PerimeterTypeBridge
+      -- ^ @PERIMETER_TYPE_BRIDGE@
+      -- Perimeter Bridge.
+      deriving (Eq, Ord, Enum, Read, Show, Data, Typeable, Generic)
+
+instance Hashable ServicePerimeterPerimeterType
+
+instance FromHttpApiData ServicePerimeterPerimeterType where
+    parseQueryParam = \case
+        "PERIMETER_TYPE_REGULAR" -> Right PerimeterTypeRegular
+        "PERIMETER_TYPE_BRIDGE" -> Right PerimeterTypeBridge
+        x -> Left ("Unable to parse ServicePerimeterPerimeterType from: " <> x)
+
+instance ToHttpApiData ServicePerimeterPerimeterType where
+    toQueryParam = \case
+        PerimeterTypeRegular -> "PERIMETER_TYPE_REGULAR"
+        PerimeterTypeBridge -> "PERIMETER_TYPE_BRIDGE"
+
+instance FromJSON ServicePerimeterPerimeterType where
+    parseJSON = parseJSONText "ServicePerimeterPerimeterType"
+
+instance ToJSON ServicePerimeterPerimeterType where
+    toJSON = toJSONText
+
+-- | Required. The allowed OS type.
+data OSConstraintOSType
+    = OSUnspecified
+      -- ^ @OS_UNSPECIFIED@
+      -- The operating system of the device is not specified or not known.
+    | DesktopMAC
+      -- ^ @DESKTOP_MAC@
+      -- A desktop Mac operating system.
+    | DesktopWindows
+      -- ^ @DESKTOP_WINDOWS@
+      -- A desktop Windows operating system.
+    | DesktopLinux
+      -- ^ @DESKTOP_LINUX@
+      -- A desktop Linux operating system.
+    | DesktopChromeOS
+      -- ^ @DESKTOP_CHROME_OS@
+      -- A desktop ChromeOS operating system.
+    | Android
+      -- ^ @ANDROID@
+      -- An Android operating system.
+    | Ios
+      -- ^ @IOS@
+      -- An iOS operating system.
+      deriving (Eq, Ord, Enum, Read, Show, Data, Typeable, Generic)
+
+instance Hashable OSConstraintOSType
+
+instance FromHttpApiData OSConstraintOSType where
+    parseQueryParam = \case
+        "OS_UNSPECIFIED" -> Right OSUnspecified
+        "DESKTOP_MAC" -> Right DesktopMAC
+        "DESKTOP_WINDOWS" -> Right DesktopWindows
+        "DESKTOP_LINUX" -> Right DesktopLinux
+        "DESKTOP_CHROME_OS" -> Right DesktopChromeOS
+        "ANDROID" -> Right Android
+        "IOS" -> Right Ios
+        x -> Left ("Unable to parse OSConstraintOSType from: " <> x)
+
+instance ToHttpApiData OSConstraintOSType where
+    toQueryParam = \case
+        OSUnspecified -> "OS_UNSPECIFIED"
+        DesktopMAC -> "DESKTOP_MAC"
+        DesktopWindows -> "DESKTOP_WINDOWS"
+        DesktopLinux -> "DESKTOP_LINUX"
+        DesktopChromeOS -> "DESKTOP_CHROME_OS"
+        Android -> "ANDROID"
+        Ios -> "IOS"
+
+instance FromJSON OSConstraintOSType where
+    parseJSON = parseJSONText "OSConstraintOSType"
+
+instance ToJSON OSConstraintOSType where
+    toJSON = toJSONText
+
+-- | V1 error format.
+data Xgafv
+    = X1
+      -- ^ @1@
+      -- v1 error format
+    | X2
+      -- ^ @2@
+      -- v2 error format
+      deriving (Eq, Ord, Enum, Read, Show, Data, Typeable, Generic)
+
+instance Hashable Xgafv
+
+instance FromHttpApiData Xgafv where
+    parseQueryParam = \case
+        "1" -> Right X1
+        "2" -> Right X2
+        x -> Left ("Unable to parse Xgafv from: " <> x)
+
+instance ToHttpApiData Xgafv where
+    toQueryParam = \case
+        X1 -> "1"
+        X2 -> "2"
+
+instance FromJSON Xgafv where
+    parseJSON = parseJSONText "Xgafv"
+
+instance ToJSON Xgafv where
+    toJSON = toJSONText
diff --git a/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/AccessLevels/Create.hs b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/AccessLevels/Create.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/AccessLevels/Create.hs
@@ -0,0 +1,170 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Create
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Create an Access Level. The longrunning operation from this RPC will
+-- have a successful status once the Access Level has propagated to
+-- long-lasting storage. Access Levels containing errors will result in an
+-- error response for the first error encountered.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.accessPolicies.accessLevels.create@.
+module Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Create
+    (
+    -- * REST Resource
+      AccessPoliciesAccessLevelsCreateResource
+
+    -- * Creating a Request
+    , accessPoliciesAccessLevelsCreate
+    , AccessPoliciesAccessLevelsCreate
+
+    -- * Request Lenses
+    , apalcParent
+    , apalcXgafv
+    , apalcUploadProtocol
+    , apalcAccessToken
+    , apalcUploadType
+    , apalcPayload
+    , apalcCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.accessPolicies.accessLevels.create@ method which the
+-- 'AccessPoliciesAccessLevelsCreate' request conforms to.
+type AccessPoliciesAccessLevelsCreateResource =
+     "v1beta" :>
+       Capture "parent" Text :>
+         "accessLevels" :>
+           QueryParam "$.xgafv" Xgafv :>
+             QueryParam "upload_protocol" Text :>
+               QueryParam "access_token" Text :>
+                 QueryParam "uploadType" Text :>
+                   QueryParam "callback" Text :>
+                     QueryParam "alt" AltJSON :>
+                       ReqBody '[JSON] AccessLevel :> Post '[JSON] Operation
+
+-- | Create an Access Level. The longrunning operation from this RPC will
+-- have a successful status once the Access Level has propagated to
+-- long-lasting storage. Access Levels containing errors will result in an
+-- error response for the first error encountered.
+--
+-- /See:/ 'accessPoliciesAccessLevelsCreate' smart constructor.
+data AccessPoliciesAccessLevelsCreate = AccessPoliciesAccessLevelsCreate'
+    { _apalcParent         :: !Text
+    , _apalcXgafv          :: !(Maybe Xgafv)
+    , _apalcUploadProtocol :: !(Maybe Text)
+    , _apalcAccessToken    :: !(Maybe Text)
+    , _apalcUploadType     :: !(Maybe Text)
+    , _apalcPayload        :: !AccessLevel
+    , _apalcCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPoliciesAccessLevelsCreate' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'apalcParent'
+--
+-- * 'apalcXgafv'
+--
+-- * 'apalcUploadProtocol'
+--
+-- * 'apalcAccessToken'
+--
+-- * 'apalcUploadType'
+--
+-- * 'apalcPayload'
+--
+-- * 'apalcCallback'
+accessPoliciesAccessLevelsCreate
+    :: Text -- ^ 'apalcParent'
+    -> AccessLevel -- ^ 'apalcPayload'
+    -> AccessPoliciesAccessLevelsCreate
+accessPoliciesAccessLevelsCreate pApalcParent_ pApalcPayload_ =
+    AccessPoliciesAccessLevelsCreate'
+    { _apalcParent = pApalcParent_
+    , _apalcXgafv = Nothing
+    , _apalcUploadProtocol = Nothing
+    , _apalcAccessToken = Nothing
+    , _apalcUploadType = Nothing
+    , _apalcPayload = pApalcPayload_
+    , _apalcCallback = Nothing
+    }
+
+-- | Required. Resource name for the access policy which owns this Access
+-- Level. Format: \`accessPolicies\/{policy_id}\`
+apalcParent :: Lens' AccessPoliciesAccessLevelsCreate Text
+apalcParent
+  = lens _apalcParent (\ s a -> s{_apalcParent = a})
+
+-- | V1 error format.
+apalcXgafv :: Lens' AccessPoliciesAccessLevelsCreate (Maybe Xgafv)
+apalcXgafv
+  = lens _apalcXgafv (\ s a -> s{_apalcXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+apalcUploadProtocol :: Lens' AccessPoliciesAccessLevelsCreate (Maybe Text)
+apalcUploadProtocol
+  = lens _apalcUploadProtocol
+      (\ s a -> s{_apalcUploadProtocol = a})
+
+-- | OAuth access token.
+apalcAccessToken :: Lens' AccessPoliciesAccessLevelsCreate (Maybe Text)
+apalcAccessToken
+  = lens _apalcAccessToken
+      (\ s a -> s{_apalcAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+apalcUploadType :: Lens' AccessPoliciesAccessLevelsCreate (Maybe Text)
+apalcUploadType
+  = lens _apalcUploadType
+      (\ s a -> s{_apalcUploadType = a})
+
+-- | Multipart request metadata.
+apalcPayload :: Lens' AccessPoliciesAccessLevelsCreate AccessLevel
+apalcPayload
+  = lens _apalcPayload (\ s a -> s{_apalcPayload = a})
+
+-- | JSONP
+apalcCallback :: Lens' AccessPoliciesAccessLevelsCreate (Maybe Text)
+apalcCallback
+  = lens _apalcCallback
+      (\ s a -> s{_apalcCallback = a})
+
+instance GoogleRequest
+         AccessPoliciesAccessLevelsCreate where
+        type Rs AccessPoliciesAccessLevelsCreate = Operation
+        type Scopes AccessPoliciesAccessLevelsCreate =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient AccessPoliciesAccessLevelsCreate'{..}
+          = go _apalcParent _apalcXgafv _apalcUploadProtocol
+              _apalcAccessToken
+              _apalcUploadType
+              _apalcCallback
+              (Just AltJSON)
+              _apalcPayload
+              accessContextManagerService
+          where go
+                  = buildClient
+                      (Proxy ::
+                         Proxy AccessPoliciesAccessLevelsCreateResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/AccessLevels/Delete.hs b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/AccessLevels/Delete.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/AccessLevels/Delete.hs
@@ -0,0 +1,154 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Delete
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Delete an Access Level by resource name. The longrunning operation from
+-- this RPC will have a successful status once the Access Level has been
+-- removed from long-lasting storage.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.accessPolicies.accessLevels.delete@.
+module Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Delete
+    (
+    -- * REST Resource
+      AccessPoliciesAccessLevelsDeleteResource
+
+    -- * Creating a Request
+    , accessPoliciesAccessLevelsDelete
+    , AccessPoliciesAccessLevelsDelete
+
+    -- * Request Lenses
+    , apaldXgafv
+    , apaldUploadProtocol
+    , apaldAccessToken
+    , apaldUploadType
+    , apaldName
+    , apaldCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.accessPolicies.accessLevels.delete@ method which the
+-- 'AccessPoliciesAccessLevelsDelete' request conforms to.
+type AccessPoliciesAccessLevelsDeleteResource =
+     "v1beta" :>
+       Capture "name" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :> Delete '[JSON] Operation
+
+-- | Delete an Access Level by resource name. The longrunning operation from
+-- this RPC will have a successful status once the Access Level has been
+-- removed from long-lasting storage.
+--
+-- /See:/ 'accessPoliciesAccessLevelsDelete' smart constructor.
+data AccessPoliciesAccessLevelsDelete = AccessPoliciesAccessLevelsDelete'
+    { _apaldXgafv          :: !(Maybe Xgafv)
+    , _apaldUploadProtocol :: !(Maybe Text)
+    , _apaldAccessToken    :: !(Maybe Text)
+    , _apaldUploadType     :: !(Maybe Text)
+    , _apaldName           :: !Text
+    , _apaldCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPoliciesAccessLevelsDelete' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'apaldXgafv'
+--
+-- * 'apaldUploadProtocol'
+--
+-- * 'apaldAccessToken'
+--
+-- * 'apaldUploadType'
+--
+-- * 'apaldName'
+--
+-- * 'apaldCallback'
+accessPoliciesAccessLevelsDelete
+    :: Text -- ^ 'apaldName'
+    -> AccessPoliciesAccessLevelsDelete
+accessPoliciesAccessLevelsDelete pApaldName_ =
+    AccessPoliciesAccessLevelsDelete'
+    { _apaldXgafv = Nothing
+    , _apaldUploadProtocol = Nothing
+    , _apaldAccessToken = Nothing
+    , _apaldUploadType = Nothing
+    , _apaldName = pApaldName_
+    , _apaldCallback = Nothing
+    }
+
+-- | V1 error format.
+apaldXgafv :: Lens' AccessPoliciesAccessLevelsDelete (Maybe Xgafv)
+apaldXgafv
+  = lens _apaldXgafv (\ s a -> s{_apaldXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+apaldUploadProtocol :: Lens' AccessPoliciesAccessLevelsDelete (Maybe Text)
+apaldUploadProtocol
+  = lens _apaldUploadProtocol
+      (\ s a -> s{_apaldUploadProtocol = a})
+
+-- | OAuth access token.
+apaldAccessToken :: Lens' AccessPoliciesAccessLevelsDelete (Maybe Text)
+apaldAccessToken
+  = lens _apaldAccessToken
+      (\ s a -> s{_apaldAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+apaldUploadType :: Lens' AccessPoliciesAccessLevelsDelete (Maybe Text)
+apaldUploadType
+  = lens _apaldUploadType
+      (\ s a -> s{_apaldUploadType = a})
+
+-- | Required. Resource name for the Access Level. Format:
+-- \`accessPolicies\/{policy_id}\/accessLevels\/{access_level_id}\`
+apaldName :: Lens' AccessPoliciesAccessLevelsDelete Text
+apaldName
+  = lens _apaldName (\ s a -> s{_apaldName = a})
+
+-- | JSONP
+apaldCallback :: Lens' AccessPoliciesAccessLevelsDelete (Maybe Text)
+apaldCallback
+  = lens _apaldCallback
+      (\ s a -> s{_apaldCallback = a})
+
+instance GoogleRequest
+         AccessPoliciesAccessLevelsDelete where
+        type Rs AccessPoliciesAccessLevelsDelete = Operation
+        type Scopes AccessPoliciesAccessLevelsDelete =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient AccessPoliciesAccessLevelsDelete'{..}
+          = go _apaldName _apaldXgafv _apaldUploadProtocol
+              _apaldAccessToken
+              _apaldUploadType
+              _apaldCallback
+              (Just AltJSON)
+              accessContextManagerService
+          where go
+                  = buildClient
+                      (Proxy ::
+                         Proxy AccessPoliciesAccessLevelsDeleteResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/AccessLevels/Get.hs b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/AccessLevels/Get.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/AccessLevels/Get.hs
@@ -0,0 +1,168 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Get
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Get an Access Level by resource name.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.accessPolicies.accessLevels.get@.
+module Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Get
+    (
+    -- * REST Resource
+      AccessPoliciesAccessLevelsGetResource
+
+    -- * Creating a Request
+    , accessPoliciesAccessLevelsGet
+    , AccessPoliciesAccessLevelsGet
+
+    -- * Request Lenses
+    , apalgXgafv
+    , apalgUploadProtocol
+    , apalgAccessToken
+    , apalgUploadType
+    , apalgAccessLevelFormat
+    , apalgName
+    , apalgCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.accessPolicies.accessLevels.get@ method which the
+-- 'AccessPoliciesAccessLevelsGet' request conforms to.
+type AccessPoliciesAccessLevelsGetResource =
+     "v1beta" :>
+       Capture "name" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "accessLevelFormat" Text :>
+                   QueryParam "callback" Text :>
+                     QueryParam "alt" AltJSON :> Get '[JSON] AccessLevel
+
+-- | Get an Access Level by resource name.
+--
+-- /See:/ 'accessPoliciesAccessLevelsGet' smart constructor.
+data AccessPoliciesAccessLevelsGet = AccessPoliciesAccessLevelsGet'
+    { _apalgXgafv             :: !(Maybe Xgafv)
+    , _apalgUploadProtocol    :: !(Maybe Text)
+    , _apalgAccessToken       :: !(Maybe Text)
+    , _apalgUploadType        :: !(Maybe Text)
+    , _apalgAccessLevelFormat :: !(Maybe Text)
+    , _apalgName              :: !Text
+    , _apalgCallback          :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPoliciesAccessLevelsGet' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'apalgXgafv'
+--
+-- * 'apalgUploadProtocol'
+--
+-- * 'apalgAccessToken'
+--
+-- * 'apalgUploadType'
+--
+-- * 'apalgAccessLevelFormat'
+--
+-- * 'apalgName'
+--
+-- * 'apalgCallback'
+accessPoliciesAccessLevelsGet
+    :: Text -- ^ 'apalgName'
+    -> AccessPoliciesAccessLevelsGet
+accessPoliciesAccessLevelsGet pApalgName_ =
+    AccessPoliciesAccessLevelsGet'
+    { _apalgXgafv = Nothing
+    , _apalgUploadProtocol = Nothing
+    , _apalgAccessToken = Nothing
+    , _apalgUploadType = Nothing
+    , _apalgAccessLevelFormat = Nothing
+    , _apalgName = pApalgName_
+    , _apalgCallback = Nothing
+    }
+
+-- | V1 error format.
+apalgXgafv :: Lens' AccessPoliciesAccessLevelsGet (Maybe Xgafv)
+apalgXgafv
+  = lens _apalgXgafv (\ s a -> s{_apalgXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+apalgUploadProtocol :: Lens' AccessPoliciesAccessLevelsGet (Maybe Text)
+apalgUploadProtocol
+  = lens _apalgUploadProtocol
+      (\ s a -> s{_apalgUploadProtocol = a})
+
+-- | OAuth access token.
+apalgAccessToken :: Lens' AccessPoliciesAccessLevelsGet (Maybe Text)
+apalgAccessToken
+  = lens _apalgAccessToken
+      (\ s a -> s{_apalgAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+apalgUploadType :: Lens' AccessPoliciesAccessLevelsGet (Maybe Text)
+apalgUploadType
+  = lens _apalgUploadType
+      (\ s a -> s{_apalgUploadType = a})
+
+-- | Whether to return \`BasicLevels\` in the Cloud Common Expression
+-- Language rather than as \`BasicLevels\`. Defaults to AS_DEFINED, where
+-- Access Levels are returned as \`BasicLevels\` or \`CustomLevels\` based
+-- on how they were created. If set to CEL, all Access Levels are returned
+-- as \`CustomLevels\`. In the CEL case, \`BasicLevels\` are translated to
+-- equivalent \`CustomLevels\`.
+apalgAccessLevelFormat :: Lens' AccessPoliciesAccessLevelsGet (Maybe Text)
+apalgAccessLevelFormat
+  = lens _apalgAccessLevelFormat
+      (\ s a -> s{_apalgAccessLevelFormat = a})
+
+-- | Required. Resource name for the Access Level. Format:
+-- \`accessPolicies\/{policy_id}\/accessLevels\/{access_level_id}\`
+apalgName :: Lens' AccessPoliciesAccessLevelsGet Text
+apalgName
+  = lens _apalgName (\ s a -> s{_apalgName = a})
+
+-- | JSONP
+apalgCallback :: Lens' AccessPoliciesAccessLevelsGet (Maybe Text)
+apalgCallback
+  = lens _apalgCallback
+      (\ s a -> s{_apalgCallback = a})
+
+instance GoogleRequest AccessPoliciesAccessLevelsGet
+         where
+        type Rs AccessPoliciesAccessLevelsGet = AccessLevel
+        type Scopes AccessPoliciesAccessLevelsGet =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient AccessPoliciesAccessLevelsGet'{..}
+          = go _apalgName _apalgXgafv _apalgUploadProtocol
+              _apalgAccessToken
+              _apalgUploadType
+              _apalgAccessLevelFormat
+              _apalgCallback
+              (Just AltJSON)
+              accessContextManagerService
+          where go
+                  = buildClient
+                      (Proxy ::
+                         Proxy AccessPoliciesAccessLevelsGetResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/AccessLevels/List.hs b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/AccessLevels/List.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/AccessLevels/List.hs
@@ -0,0 +1,196 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.List
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- List all Access Levels for an access policy.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.accessPolicies.accessLevels.list@.
+module Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.List
+    (
+    -- * REST Resource
+      AccessPoliciesAccessLevelsListResource
+
+    -- * Creating a Request
+    , accessPoliciesAccessLevelsList
+    , AccessPoliciesAccessLevelsList
+
+    -- * Request Lenses
+    , apallParent
+    , apallXgafv
+    , apallUploadProtocol
+    , apallAccessToken
+    , apallUploadType
+    , apallAccessLevelFormat
+    , apallPageToken
+    , apallPageSize
+    , apallCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.accessPolicies.accessLevels.list@ method which the
+-- 'AccessPoliciesAccessLevelsList' request conforms to.
+type AccessPoliciesAccessLevelsListResource =
+     "v1beta" :>
+       Capture "parent" Text :>
+         "accessLevels" :>
+           QueryParam "$.xgafv" Xgafv :>
+             QueryParam "upload_protocol" Text :>
+               QueryParam "access_token" Text :>
+                 QueryParam "uploadType" Text :>
+                   QueryParam "accessLevelFormat" Text :>
+                     QueryParam "pageToken" Text :>
+                       QueryParam "pageSize" (Textual Int32) :>
+                         QueryParam "callback" Text :>
+                           QueryParam "alt" AltJSON :>
+                             Get '[JSON] ListAccessLevelsResponse
+
+-- | List all Access Levels for an access policy.
+--
+-- /See:/ 'accessPoliciesAccessLevelsList' smart constructor.
+data AccessPoliciesAccessLevelsList = AccessPoliciesAccessLevelsList'
+    { _apallParent            :: !Text
+    , _apallXgafv             :: !(Maybe Xgafv)
+    , _apallUploadProtocol    :: !(Maybe Text)
+    , _apallAccessToken       :: !(Maybe Text)
+    , _apallUploadType        :: !(Maybe Text)
+    , _apallAccessLevelFormat :: !(Maybe Text)
+    , _apallPageToken         :: !(Maybe Text)
+    , _apallPageSize          :: !(Maybe (Textual Int32))
+    , _apallCallback          :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPoliciesAccessLevelsList' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'apallParent'
+--
+-- * 'apallXgafv'
+--
+-- * 'apallUploadProtocol'
+--
+-- * 'apallAccessToken'
+--
+-- * 'apallUploadType'
+--
+-- * 'apallAccessLevelFormat'
+--
+-- * 'apallPageToken'
+--
+-- * 'apallPageSize'
+--
+-- * 'apallCallback'
+accessPoliciesAccessLevelsList
+    :: Text -- ^ 'apallParent'
+    -> AccessPoliciesAccessLevelsList
+accessPoliciesAccessLevelsList pApallParent_ =
+    AccessPoliciesAccessLevelsList'
+    { _apallParent = pApallParent_
+    , _apallXgafv = Nothing
+    , _apallUploadProtocol = Nothing
+    , _apallAccessToken = Nothing
+    , _apallUploadType = Nothing
+    , _apallAccessLevelFormat = Nothing
+    , _apallPageToken = Nothing
+    , _apallPageSize = Nothing
+    , _apallCallback = Nothing
+    }
+
+-- | Required. Resource name for the access policy to list Access Levels
+-- from. Format: \`accessPolicies\/{policy_id}\`
+apallParent :: Lens' AccessPoliciesAccessLevelsList Text
+apallParent
+  = lens _apallParent (\ s a -> s{_apallParent = a})
+
+-- | V1 error format.
+apallXgafv :: Lens' AccessPoliciesAccessLevelsList (Maybe Xgafv)
+apallXgafv
+  = lens _apallXgafv (\ s a -> s{_apallXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+apallUploadProtocol :: Lens' AccessPoliciesAccessLevelsList (Maybe Text)
+apallUploadProtocol
+  = lens _apallUploadProtocol
+      (\ s a -> s{_apallUploadProtocol = a})
+
+-- | OAuth access token.
+apallAccessToken :: Lens' AccessPoliciesAccessLevelsList (Maybe Text)
+apallAccessToken
+  = lens _apallAccessToken
+      (\ s a -> s{_apallAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+apallUploadType :: Lens' AccessPoliciesAccessLevelsList (Maybe Text)
+apallUploadType
+  = lens _apallUploadType
+      (\ s a -> s{_apallUploadType = a})
+
+-- | Whether to return \`BasicLevels\` in the Cloud Common Expression
+-- language, as \`CustomLevels\`, rather than as \`BasicLevels\`. Defaults
+-- to returning \`AccessLevels\` in the format they were defined.
+apallAccessLevelFormat :: Lens' AccessPoliciesAccessLevelsList (Maybe Text)
+apallAccessLevelFormat
+  = lens _apallAccessLevelFormat
+      (\ s a -> s{_apallAccessLevelFormat = a})
+
+-- | Next page token for the next batch of Access Level instances. Defaults
+-- to the first page of results.
+apallPageToken :: Lens' AccessPoliciesAccessLevelsList (Maybe Text)
+apallPageToken
+  = lens _apallPageToken
+      (\ s a -> s{_apallPageToken = a})
+
+-- | Number of Access Levels to include in the list. Default 100.
+apallPageSize :: Lens' AccessPoliciesAccessLevelsList (Maybe Int32)
+apallPageSize
+  = lens _apallPageSize
+      (\ s a -> s{_apallPageSize = a})
+      . mapping _Coerce
+
+-- | JSONP
+apallCallback :: Lens' AccessPoliciesAccessLevelsList (Maybe Text)
+apallCallback
+  = lens _apallCallback
+      (\ s a -> s{_apallCallback = a})
+
+instance GoogleRequest AccessPoliciesAccessLevelsList
+         where
+        type Rs AccessPoliciesAccessLevelsList =
+             ListAccessLevelsResponse
+        type Scopes AccessPoliciesAccessLevelsList =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient AccessPoliciesAccessLevelsList'{..}
+          = go _apallParent _apallXgafv _apallUploadProtocol
+              _apallAccessToken
+              _apallUploadType
+              _apallAccessLevelFormat
+              _apallPageToken
+              _apallPageSize
+              _apallCallback
+              (Just AltJSON)
+              accessContextManagerService
+          where go
+                  = buildClient
+                      (Proxy ::
+                         Proxy AccessPoliciesAccessLevelsListResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/AccessLevels/Patch.hs b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/AccessLevels/Patch.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/AccessLevels/Patch.hs
@@ -0,0 +1,185 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Patch
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Update an Access Level. The longrunning operation from this RPC will
+-- have a successful status once the changes to the Access Level have
+-- propagated to long-lasting storage. Access Levels containing errors will
+-- result in an error response for the first error encountered.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.accessPolicies.accessLevels.patch@.
+module Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Patch
+    (
+    -- * REST Resource
+      AccessPoliciesAccessLevelsPatchResource
+
+    -- * Creating a Request
+    , accessPoliciesAccessLevelsPatch
+    , AccessPoliciesAccessLevelsPatch
+
+    -- * Request Lenses
+    , apalpXgafv
+    , apalpUploadProtocol
+    , apalpUpdateMask
+    , apalpAccessToken
+    , apalpUploadType
+    , apalpPayload
+    , apalpName
+    , apalpCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.accessPolicies.accessLevels.patch@ method which the
+-- 'AccessPoliciesAccessLevelsPatch' request conforms to.
+type AccessPoliciesAccessLevelsPatchResource =
+     "v1beta" :>
+       Capture "name" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "updateMask" GFieldMask :>
+               QueryParam "access_token" Text :>
+                 QueryParam "uploadType" Text :>
+                   QueryParam "callback" Text :>
+                     QueryParam "alt" AltJSON :>
+                       ReqBody '[JSON] AccessLevel :>
+                         Patch '[JSON] Operation
+
+-- | Update an Access Level. The longrunning operation from this RPC will
+-- have a successful status once the changes to the Access Level have
+-- propagated to long-lasting storage. Access Levels containing errors will
+-- result in an error response for the first error encountered.
+--
+-- /See:/ 'accessPoliciesAccessLevelsPatch' smart constructor.
+data AccessPoliciesAccessLevelsPatch = AccessPoliciesAccessLevelsPatch'
+    { _apalpXgafv          :: !(Maybe Xgafv)
+    , _apalpUploadProtocol :: !(Maybe Text)
+    , _apalpUpdateMask     :: !(Maybe GFieldMask)
+    , _apalpAccessToken    :: !(Maybe Text)
+    , _apalpUploadType     :: !(Maybe Text)
+    , _apalpPayload        :: !AccessLevel
+    , _apalpName           :: !Text
+    , _apalpCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPoliciesAccessLevelsPatch' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'apalpXgafv'
+--
+-- * 'apalpUploadProtocol'
+--
+-- * 'apalpUpdateMask'
+--
+-- * 'apalpAccessToken'
+--
+-- * 'apalpUploadType'
+--
+-- * 'apalpPayload'
+--
+-- * 'apalpName'
+--
+-- * 'apalpCallback'
+accessPoliciesAccessLevelsPatch
+    :: AccessLevel -- ^ 'apalpPayload'
+    -> Text -- ^ 'apalpName'
+    -> AccessPoliciesAccessLevelsPatch
+accessPoliciesAccessLevelsPatch pApalpPayload_ pApalpName_ =
+    AccessPoliciesAccessLevelsPatch'
+    { _apalpXgafv = Nothing
+    , _apalpUploadProtocol = Nothing
+    , _apalpUpdateMask = Nothing
+    , _apalpAccessToken = Nothing
+    , _apalpUploadType = Nothing
+    , _apalpPayload = pApalpPayload_
+    , _apalpName = pApalpName_
+    , _apalpCallback = Nothing
+    }
+
+-- | V1 error format.
+apalpXgafv :: Lens' AccessPoliciesAccessLevelsPatch (Maybe Xgafv)
+apalpXgafv
+  = lens _apalpXgafv (\ s a -> s{_apalpXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+apalpUploadProtocol :: Lens' AccessPoliciesAccessLevelsPatch (Maybe Text)
+apalpUploadProtocol
+  = lens _apalpUploadProtocol
+      (\ s a -> s{_apalpUploadProtocol = a})
+
+-- | Required. Mask to control which fields get updated. Must be non-empty.
+apalpUpdateMask :: Lens' AccessPoliciesAccessLevelsPatch (Maybe GFieldMask)
+apalpUpdateMask
+  = lens _apalpUpdateMask
+      (\ s a -> s{_apalpUpdateMask = a})
+
+-- | OAuth access token.
+apalpAccessToken :: Lens' AccessPoliciesAccessLevelsPatch (Maybe Text)
+apalpAccessToken
+  = lens _apalpAccessToken
+      (\ s a -> s{_apalpAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+apalpUploadType :: Lens' AccessPoliciesAccessLevelsPatch (Maybe Text)
+apalpUploadType
+  = lens _apalpUploadType
+      (\ s a -> s{_apalpUploadType = a})
+
+-- | Multipart request metadata.
+apalpPayload :: Lens' AccessPoliciesAccessLevelsPatch AccessLevel
+apalpPayload
+  = lens _apalpPayload (\ s a -> s{_apalpPayload = a})
+
+-- | Required. Resource name for the Access Level. The \`short_name\`
+-- component must begin with a letter and only include alphanumeric and
+-- \'_\'. Format:
+-- \`accessPolicies\/{policy_id}\/accessLevels\/{short_name}\`
+apalpName :: Lens' AccessPoliciesAccessLevelsPatch Text
+apalpName
+  = lens _apalpName (\ s a -> s{_apalpName = a})
+
+-- | JSONP
+apalpCallback :: Lens' AccessPoliciesAccessLevelsPatch (Maybe Text)
+apalpCallback
+  = lens _apalpCallback
+      (\ s a -> s{_apalpCallback = a})
+
+instance GoogleRequest
+         AccessPoliciesAccessLevelsPatch where
+        type Rs AccessPoliciesAccessLevelsPatch = Operation
+        type Scopes AccessPoliciesAccessLevelsPatch =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient AccessPoliciesAccessLevelsPatch'{..}
+          = go _apalpName _apalpXgafv _apalpUploadProtocol
+              _apalpUpdateMask
+              _apalpAccessToken
+              _apalpUploadType
+              _apalpCallback
+              (Just AltJSON)
+              _apalpPayload
+              accessContextManagerService
+          where go
+                  = buildClient
+                      (Proxy ::
+                         Proxy AccessPoliciesAccessLevelsPatchResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/Create.hs b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/Create.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/Create.hs
@@ -0,0 +1,155 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.AccessPolicies.Create
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Create an \`AccessPolicy\`. Fails if this organization already has a
+-- \`AccessPolicy\`. The longrunning Operation will have a successful
+-- status once the \`AccessPolicy\` has propagated to long-lasting storage.
+-- Syntactic and basic semantic errors will be returned in \`metadata\` as
+-- a BadRequest proto.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.accessPolicies.create@.
+module Network.Google.Resource.AccessContextManager.AccessPolicies.Create
+    (
+    -- * REST Resource
+      AccessPoliciesCreateResource
+
+    -- * Creating a Request
+    , accessPoliciesCreate
+    , AccessPoliciesCreate
+
+    -- * Request Lenses
+    , apcXgafv
+    , apcUploadProtocol
+    , apcAccessToken
+    , apcUploadType
+    , apcPayload
+    , apcCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.accessPolicies.create@ method which the
+-- 'AccessPoliciesCreate' request conforms to.
+type AccessPoliciesCreateResource =
+     "v1beta" :>
+       "accessPolicies" :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :>
+                     ReqBody '[JSON] AccessPolicy :>
+                       Post '[JSON] Operation
+
+-- | Create an \`AccessPolicy\`. Fails if this organization already has a
+-- \`AccessPolicy\`. The longrunning Operation will have a successful
+-- status once the \`AccessPolicy\` has propagated to long-lasting storage.
+-- Syntactic and basic semantic errors will be returned in \`metadata\` as
+-- a BadRequest proto.
+--
+-- /See:/ 'accessPoliciesCreate' smart constructor.
+data AccessPoliciesCreate = AccessPoliciesCreate'
+    { _apcXgafv          :: !(Maybe Xgafv)
+    , _apcUploadProtocol :: !(Maybe Text)
+    , _apcAccessToken    :: !(Maybe Text)
+    , _apcUploadType     :: !(Maybe Text)
+    , _apcPayload        :: !AccessPolicy
+    , _apcCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPoliciesCreate' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'apcXgafv'
+--
+-- * 'apcUploadProtocol'
+--
+-- * 'apcAccessToken'
+--
+-- * 'apcUploadType'
+--
+-- * 'apcPayload'
+--
+-- * 'apcCallback'
+accessPoliciesCreate
+    :: AccessPolicy -- ^ 'apcPayload'
+    -> AccessPoliciesCreate
+accessPoliciesCreate pApcPayload_ =
+    AccessPoliciesCreate'
+    { _apcXgafv = Nothing
+    , _apcUploadProtocol = Nothing
+    , _apcAccessToken = Nothing
+    , _apcUploadType = Nothing
+    , _apcPayload = pApcPayload_
+    , _apcCallback = Nothing
+    }
+
+-- | V1 error format.
+apcXgafv :: Lens' AccessPoliciesCreate (Maybe Xgafv)
+apcXgafv = lens _apcXgafv (\ s a -> s{_apcXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+apcUploadProtocol :: Lens' AccessPoliciesCreate (Maybe Text)
+apcUploadProtocol
+  = lens _apcUploadProtocol
+      (\ s a -> s{_apcUploadProtocol = a})
+
+-- | OAuth access token.
+apcAccessToken :: Lens' AccessPoliciesCreate (Maybe Text)
+apcAccessToken
+  = lens _apcAccessToken
+      (\ s a -> s{_apcAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+apcUploadType :: Lens' AccessPoliciesCreate (Maybe Text)
+apcUploadType
+  = lens _apcUploadType
+      (\ s a -> s{_apcUploadType = a})
+
+-- | Multipart request metadata.
+apcPayload :: Lens' AccessPoliciesCreate AccessPolicy
+apcPayload
+  = lens _apcPayload (\ s a -> s{_apcPayload = a})
+
+-- | JSONP
+apcCallback :: Lens' AccessPoliciesCreate (Maybe Text)
+apcCallback
+  = lens _apcCallback (\ s a -> s{_apcCallback = a})
+
+instance GoogleRequest AccessPoliciesCreate where
+        type Rs AccessPoliciesCreate = Operation
+        type Scopes AccessPoliciesCreate =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient AccessPoliciesCreate'{..}
+          = go _apcXgafv _apcUploadProtocol _apcAccessToken
+              _apcUploadType
+              _apcCallback
+              (Just AltJSON)
+              _apcPayload
+              accessContextManagerService
+          where go
+                  = buildClient
+                      (Proxy :: Proxy AccessPoliciesCreateResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/Delete.hs b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/Delete.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/Delete.hs
@@ -0,0 +1,149 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.AccessPolicies.Delete
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Delete an AccessPolicy by resource name. The longrunning Operation will
+-- have a successful status once the AccessPolicy has been removed from
+-- long-lasting storage.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.accessPolicies.delete@.
+module Network.Google.Resource.AccessContextManager.AccessPolicies.Delete
+    (
+    -- * REST Resource
+      AccessPoliciesDeleteResource
+
+    -- * Creating a Request
+    , accessPoliciesDelete
+    , AccessPoliciesDelete
+
+    -- * Request Lenses
+    , apdXgafv
+    , apdUploadProtocol
+    , apdAccessToken
+    , apdUploadType
+    , apdName
+    , apdCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.accessPolicies.delete@ method which the
+-- 'AccessPoliciesDelete' request conforms to.
+type AccessPoliciesDeleteResource =
+     "v1beta" :>
+       Capture "name" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :> Delete '[JSON] Operation
+
+-- | Delete an AccessPolicy by resource name. The longrunning Operation will
+-- have a successful status once the AccessPolicy has been removed from
+-- long-lasting storage.
+--
+-- /See:/ 'accessPoliciesDelete' smart constructor.
+data AccessPoliciesDelete = AccessPoliciesDelete'
+    { _apdXgafv          :: !(Maybe Xgafv)
+    , _apdUploadProtocol :: !(Maybe Text)
+    , _apdAccessToken    :: !(Maybe Text)
+    , _apdUploadType     :: !(Maybe Text)
+    , _apdName           :: !Text
+    , _apdCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPoliciesDelete' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'apdXgafv'
+--
+-- * 'apdUploadProtocol'
+--
+-- * 'apdAccessToken'
+--
+-- * 'apdUploadType'
+--
+-- * 'apdName'
+--
+-- * 'apdCallback'
+accessPoliciesDelete
+    :: Text -- ^ 'apdName'
+    -> AccessPoliciesDelete
+accessPoliciesDelete pApdName_ =
+    AccessPoliciesDelete'
+    { _apdXgafv = Nothing
+    , _apdUploadProtocol = Nothing
+    , _apdAccessToken = Nothing
+    , _apdUploadType = Nothing
+    , _apdName = pApdName_
+    , _apdCallback = Nothing
+    }
+
+-- | V1 error format.
+apdXgafv :: Lens' AccessPoliciesDelete (Maybe Xgafv)
+apdXgafv = lens _apdXgafv (\ s a -> s{_apdXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+apdUploadProtocol :: Lens' AccessPoliciesDelete (Maybe Text)
+apdUploadProtocol
+  = lens _apdUploadProtocol
+      (\ s a -> s{_apdUploadProtocol = a})
+
+-- | OAuth access token.
+apdAccessToken :: Lens' AccessPoliciesDelete (Maybe Text)
+apdAccessToken
+  = lens _apdAccessToken
+      (\ s a -> s{_apdAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+apdUploadType :: Lens' AccessPoliciesDelete (Maybe Text)
+apdUploadType
+  = lens _apdUploadType
+      (\ s a -> s{_apdUploadType = a})
+
+-- | Required. Resource name for the access policy to delete. Format
+-- \`accessPolicies\/{policy_id}\`
+apdName :: Lens' AccessPoliciesDelete Text
+apdName = lens _apdName (\ s a -> s{_apdName = a})
+
+-- | JSONP
+apdCallback :: Lens' AccessPoliciesDelete (Maybe Text)
+apdCallback
+  = lens _apdCallback (\ s a -> s{_apdCallback = a})
+
+instance GoogleRequest AccessPoliciesDelete where
+        type Rs AccessPoliciesDelete = Operation
+        type Scopes AccessPoliciesDelete =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient AccessPoliciesDelete'{..}
+          = go _apdName _apdXgafv _apdUploadProtocol
+              _apdAccessToken
+              _apdUploadType
+              _apdCallback
+              (Just AltJSON)
+              accessContextManagerService
+          where go
+                  = buildClient
+                      (Proxy :: Proxy AccessPoliciesDeleteResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/Get.hs b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/Get.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/Get.hs
@@ -0,0 +1,145 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.AccessPolicies.Get
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Get an AccessPolicy by name.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.accessPolicies.get@.
+module Network.Google.Resource.AccessContextManager.AccessPolicies.Get
+    (
+    -- * REST Resource
+      AccessPoliciesGetResource
+
+    -- * Creating a Request
+    , accessPoliciesGet
+    , AccessPoliciesGet
+
+    -- * Request Lenses
+    , apgXgafv
+    , apgUploadProtocol
+    , apgAccessToken
+    , apgUploadType
+    , apgName
+    , apgCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.accessPolicies.get@ method which the
+-- 'AccessPoliciesGet' request conforms to.
+type AccessPoliciesGetResource =
+     "v1beta" :>
+       Capture "name" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :> Get '[JSON] AccessPolicy
+
+-- | Get an AccessPolicy by name.
+--
+-- /See:/ 'accessPoliciesGet' smart constructor.
+data AccessPoliciesGet = AccessPoliciesGet'
+    { _apgXgafv          :: !(Maybe Xgafv)
+    , _apgUploadProtocol :: !(Maybe Text)
+    , _apgAccessToken    :: !(Maybe Text)
+    , _apgUploadType     :: !(Maybe Text)
+    , _apgName           :: !Text
+    , _apgCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPoliciesGet' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'apgXgafv'
+--
+-- * 'apgUploadProtocol'
+--
+-- * 'apgAccessToken'
+--
+-- * 'apgUploadType'
+--
+-- * 'apgName'
+--
+-- * 'apgCallback'
+accessPoliciesGet
+    :: Text -- ^ 'apgName'
+    -> AccessPoliciesGet
+accessPoliciesGet pApgName_ =
+    AccessPoliciesGet'
+    { _apgXgafv = Nothing
+    , _apgUploadProtocol = Nothing
+    , _apgAccessToken = Nothing
+    , _apgUploadType = Nothing
+    , _apgName = pApgName_
+    , _apgCallback = Nothing
+    }
+
+-- | V1 error format.
+apgXgafv :: Lens' AccessPoliciesGet (Maybe Xgafv)
+apgXgafv = lens _apgXgafv (\ s a -> s{_apgXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+apgUploadProtocol :: Lens' AccessPoliciesGet (Maybe Text)
+apgUploadProtocol
+  = lens _apgUploadProtocol
+      (\ s a -> s{_apgUploadProtocol = a})
+
+-- | OAuth access token.
+apgAccessToken :: Lens' AccessPoliciesGet (Maybe Text)
+apgAccessToken
+  = lens _apgAccessToken
+      (\ s a -> s{_apgAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+apgUploadType :: Lens' AccessPoliciesGet (Maybe Text)
+apgUploadType
+  = lens _apgUploadType
+      (\ s a -> s{_apgUploadType = a})
+
+-- | Required. Resource name for the access policy to get. Format
+-- \`accessPolicies\/{policy_id}\`
+apgName :: Lens' AccessPoliciesGet Text
+apgName = lens _apgName (\ s a -> s{_apgName = a})
+
+-- | JSONP
+apgCallback :: Lens' AccessPoliciesGet (Maybe Text)
+apgCallback
+  = lens _apgCallback (\ s a -> s{_apgCallback = a})
+
+instance GoogleRequest AccessPoliciesGet where
+        type Rs AccessPoliciesGet = AccessPolicy
+        type Scopes AccessPoliciesGet =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient AccessPoliciesGet'{..}
+          = go _apgName _apgXgafv _apgUploadProtocol
+              _apgAccessToken
+              _apgUploadType
+              _apgCallback
+              (Just AltJSON)
+              accessContextManagerService
+          where go
+                  = buildClient
+                      (Proxy :: Proxy AccessPoliciesGetResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/List.hs b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/List.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/List.hs
@@ -0,0 +1,174 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.AccessPolicies.List
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- List all AccessPolicies under a container.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.accessPolicies.list@.
+module Network.Google.Resource.AccessContextManager.AccessPolicies.List
+    (
+    -- * REST Resource
+      AccessPoliciesListResource
+
+    -- * Creating a Request
+    , accessPoliciesList
+    , AccessPoliciesList
+
+    -- * Request Lenses
+    , aplParent
+    , aplXgafv
+    , aplUploadProtocol
+    , aplAccessToken
+    , aplUploadType
+    , aplPageToken
+    , aplPageSize
+    , aplCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.accessPolicies.list@ method which the
+-- 'AccessPoliciesList' request conforms to.
+type AccessPoliciesListResource =
+     "v1beta" :>
+       "accessPolicies" :>
+         QueryParam "parent" Text :>
+           QueryParam "$.xgafv" Xgafv :>
+             QueryParam "upload_protocol" Text :>
+               QueryParam "access_token" Text :>
+                 QueryParam "uploadType" Text :>
+                   QueryParam "pageToken" Text :>
+                     QueryParam "pageSize" (Textual Int32) :>
+                       QueryParam "callback" Text :>
+                         QueryParam "alt" AltJSON :>
+                           Get '[JSON] ListAccessPoliciesResponse
+
+-- | List all AccessPolicies under a container.
+--
+-- /See:/ 'accessPoliciesList' smart constructor.
+data AccessPoliciesList = AccessPoliciesList'
+    { _aplParent         :: !(Maybe Text)
+    , _aplXgafv          :: !(Maybe Xgafv)
+    , _aplUploadProtocol :: !(Maybe Text)
+    , _aplAccessToken    :: !(Maybe Text)
+    , _aplUploadType     :: !(Maybe Text)
+    , _aplPageToken      :: !(Maybe Text)
+    , _aplPageSize       :: !(Maybe (Textual Int32))
+    , _aplCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPoliciesList' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'aplParent'
+--
+-- * 'aplXgafv'
+--
+-- * 'aplUploadProtocol'
+--
+-- * 'aplAccessToken'
+--
+-- * 'aplUploadType'
+--
+-- * 'aplPageToken'
+--
+-- * 'aplPageSize'
+--
+-- * 'aplCallback'
+accessPoliciesList
+    :: AccessPoliciesList
+accessPoliciesList =
+    AccessPoliciesList'
+    { _aplParent = Nothing
+    , _aplXgafv = Nothing
+    , _aplUploadProtocol = Nothing
+    , _aplAccessToken = Nothing
+    , _aplUploadType = Nothing
+    , _aplPageToken = Nothing
+    , _aplPageSize = Nothing
+    , _aplCallback = Nothing
+    }
+
+-- | Required. Resource name for the container to list AccessPolicy instances
+-- from. Format: \`organizations\/{org_id}\`
+aplParent :: Lens' AccessPoliciesList (Maybe Text)
+aplParent
+  = lens _aplParent (\ s a -> s{_aplParent = a})
+
+-- | V1 error format.
+aplXgafv :: Lens' AccessPoliciesList (Maybe Xgafv)
+aplXgafv = lens _aplXgafv (\ s a -> s{_aplXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+aplUploadProtocol :: Lens' AccessPoliciesList (Maybe Text)
+aplUploadProtocol
+  = lens _aplUploadProtocol
+      (\ s a -> s{_aplUploadProtocol = a})
+
+-- | OAuth access token.
+aplAccessToken :: Lens' AccessPoliciesList (Maybe Text)
+aplAccessToken
+  = lens _aplAccessToken
+      (\ s a -> s{_aplAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+aplUploadType :: Lens' AccessPoliciesList (Maybe Text)
+aplUploadType
+  = lens _aplUploadType
+      (\ s a -> s{_aplUploadType = a})
+
+-- | Next page token for the next batch of AccessPolicy instances. Defaults
+-- to the first page of results.
+aplPageToken :: Lens' AccessPoliciesList (Maybe Text)
+aplPageToken
+  = lens _aplPageToken (\ s a -> s{_aplPageToken = a})
+
+-- | Number of AccessPolicy instances to include in the list. Default 100.
+aplPageSize :: Lens' AccessPoliciesList (Maybe Int32)
+aplPageSize
+  = lens _aplPageSize (\ s a -> s{_aplPageSize = a}) .
+      mapping _Coerce
+
+-- | JSONP
+aplCallback :: Lens' AccessPoliciesList (Maybe Text)
+aplCallback
+  = lens _aplCallback (\ s a -> s{_aplCallback = a})
+
+instance GoogleRequest AccessPoliciesList where
+        type Rs AccessPoliciesList =
+             ListAccessPoliciesResponse
+        type Scopes AccessPoliciesList =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient AccessPoliciesList'{..}
+          = go _aplParent _aplXgafv _aplUploadProtocol
+              _aplAccessToken
+              _aplUploadType
+              _aplPageToken
+              _aplPageSize
+              _aplCallback
+              (Just AltJSON)
+              accessContextManagerService
+          where go
+                  = buildClient
+                      (Proxy :: Proxy AccessPoliciesListResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/Patch.hs b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/Patch.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/Patch.hs
@@ -0,0 +1,178 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.AccessPolicies.Patch
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Update an AccessPolicy. The longrunning Operation from this RPC will
+-- have a successful status once the changes to the AccessPolicy have
+-- propagated to long-lasting storage. Syntactic and basic semantic errors
+-- will be returned in \`metadata\` as a BadRequest proto.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.accessPolicies.patch@.
+module Network.Google.Resource.AccessContextManager.AccessPolicies.Patch
+    (
+    -- * REST Resource
+      AccessPoliciesPatchResource
+
+    -- * Creating a Request
+    , accessPoliciesPatch
+    , AccessPoliciesPatch
+
+    -- * Request Lenses
+    , appXgafv
+    , appUploadProtocol
+    , appUpdateMask
+    , appAccessToken
+    , appUploadType
+    , appPayload
+    , appName
+    , appCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.accessPolicies.patch@ method which the
+-- 'AccessPoliciesPatch' request conforms to.
+type AccessPoliciesPatchResource =
+     "v1beta" :>
+       Capture "name" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "updateMask" GFieldMask :>
+               QueryParam "access_token" Text :>
+                 QueryParam "uploadType" Text :>
+                   QueryParam "callback" Text :>
+                     QueryParam "alt" AltJSON :>
+                       ReqBody '[JSON] AccessPolicy :>
+                         Patch '[JSON] Operation
+
+-- | Update an AccessPolicy. The longrunning Operation from this RPC will
+-- have a successful status once the changes to the AccessPolicy have
+-- propagated to long-lasting storage. Syntactic and basic semantic errors
+-- will be returned in \`metadata\` as a BadRequest proto.
+--
+-- /See:/ 'accessPoliciesPatch' smart constructor.
+data AccessPoliciesPatch = AccessPoliciesPatch'
+    { _appXgafv          :: !(Maybe Xgafv)
+    , _appUploadProtocol :: !(Maybe Text)
+    , _appUpdateMask     :: !(Maybe GFieldMask)
+    , _appAccessToken    :: !(Maybe Text)
+    , _appUploadType     :: !(Maybe Text)
+    , _appPayload        :: !AccessPolicy
+    , _appName           :: !Text
+    , _appCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPoliciesPatch' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'appXgafv'
+--
+-- * 'appUploadProtocol'
+--
+-- * 'appUpdateMask'
+--
+-- * 'appAccessToken'
+--
+-- * 'appUploadType'
+--
+-- * 'appPayload'
+--
+-- * 'appName'
+--
+-- * 'appCallback'
+accessPoliciesPatch
+    :: AccessPolicy -- ^ 'appPayload'
+    -> Text -- ^ 'appName'
+    -> AccessPoliciesPatch
+accessPoliciesPatch pAppPayload_ pAppName_ =
+    AccessPoliciesPatch'
+    { _appXgafv = Nothing
+    , _appUploadProtocol = Nothing
+    , _appUpdateMask = Nothing
+    , _appAccessToken = Nothing
+    , _appUploadType = Nothing
+    , _appPayload = pAppPayload_
+    , _appName = pAppName_
+    , _appCallback = Nothing
+    }
+
+-- | V1 error format.
+appXgafv :: Lens' AccessPoliciesPatch (Maybe Xgafv)
+appXgafv = lens _appXgafv (\ s a -> s{_appXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+appUploadProtocol :: Lens' AccessPoliciesPatch (Maybe Text)
+appUploadProtocol
+  = lens _appUploadProtocol
+      (\ s a -> s{_appUploadProtocol = a})
+
+-- | Required. Mask to control which fields get updated. Must be non-empty.
+appUpdateMask :: Lens' AccessPoliciesPatch (Maybe GFieldMask)
+appUpdateMask
+  = lens _appUpdateMask
+      (\ s a -> s{_appUpdateMask = a})
+
+-- | OAuth access token.
+appAccessToken :: Lens' AccessPoliciesPatch (Maybe Text)
+appAccessToken
+  = lens _appAccessToken
+      (\ s a -> s{_appAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+appUploadType :: Lens' AccessPoliciesPatch (Maybe Text)
+appUploadType
+  = lens _appUploadType
+      (\ s a -> s{_appUploadType = a})
+
+-- | Multipart request metadata.
+appPayload :: Lens' AccessPoliciesPatch AccessPolicy
+appPayload
+  = lens _appPayload (\ s a -> s{_appPayload = a})
+
+-- | Output only. Resource name of the \`AccessPolicy\`. Format:
+-- \`accessPolicies\/{policy_id}\`
+appName :: Lens' AccessPoliciesPatch Text
+appName = lens _appName (\ s a -> s{_appName = a})
+
+-- | JSONP
+appCallback :: Lens' AccessPoliciesPatch (Maybe Text)
+appCallback
+  = lens _appCallback (\ s a -> s{_appCallback = a})
+
+instance GoogleRequest AccessPoliciesPatch where
+        type Rs AccessPoliciesPatch = Operation
+        type Scopes AccessPoliciesPatch =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient AccessPoliciesPatch'{..}
+          = go _appName _appXgafv _appUploadProtocol
+              _appUpdateMask
+              _appAccessToken
+              _appUploadType
+              _appCallback
+              (Just AltJSON)
+              _appPayload
+              accessContextManagerService
+          where go
+                  = buildClient
+                      (Proxy :: Proxy AccessPoliciesPatchResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/ServicePerimeters/Create.hs b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/ServicePerimeters/Create.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/ServicePerimeters/Create.hs
@@ -0,0 +1,173 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Create
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Create an Service Perimeter. The longrunning operation from this RPC
+-- will have a successful status once the Service Perimeter has propagated
+-- to long-lasting storage. Service Perimeters containing errors will
+-- result in an error response for the first error encountered.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.accessPolicies.servicePerimeters.create@.
+module Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Create
+    (
+    -- * REST Resource
+      AccessPoliciesServicePerimetersCreateResource
+
+    -- * Creating a Request
+    , accessPoliciesServicePerimetersCreate
+    , AccessPoliciesServicePerimetersCreate
+
+    -- * Request Lenses
+    , apspcParent
+    , apspcXgafv
+    , apspcUploadProtocol
+    , apspcAccessToken
+    , apspcUploadType
+    , apspcPayload
+    , apspcCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.accessPolicies.servicePerimeters.create@ method which the
+-- 'AccessPoliciesServicePerimetersCreate' request conforms to.
+type AccessPoliciesServicePerimetersCreateResource =
+     "v1beta" :>
+       Capture "parent" Text :>
+         "servicePerimeters" :>
+           QueryParam "$.xgafv" Xgafv :>
+             QueryParam "upload_protocol" Text :>
+               QueryParam "access_token" Text :>
+                 QueryParam "uploadType" Text :>
+                   QueryParam "callback" Text :>
+                     QueryParam "alt" AltJSON :>
+                       ReqBody '[JSON] ServicePerimeter :>
+                         Post '[JSON] Operation
+
+-- | Create an Service Perimeter. The longrunning operation from this RPC
+-- will have a successful status once the Service Perimeter has propagated
+-- to long-lasting storage. Service Perimeters containing errors will
+-- result in an error response for the first error encountered.
+--
+-- /See:/ 'accessPoliciesServicePerimetersCreate' smart constructor.
+data AccessPoliciesServicePerimetersCreate = AccessPoliciesServicePerimetersCreate'
+    { _apspcParent         :: !Text
+    , _apspcXgafv          :: !(Maybe Xgafv)
+    , _apspcUploadProtocol :: !(Maybe Text)
+    , _apspcAccessToken    :: !(Maybe Text)
+    , _apspcUploadType     :: !(Maybe Text)
+    , _apspcPayload        :: !ServicePerimeter
+    , _apspcCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPoliciesServicePerimetersCreate' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'apspcParent'
+--
+-- * 'apspcXgafv'
+--
+-- * 'apspcUploadProtocol'
+--
+-- * 'apspcAccessToken'
+--
+-- * 'apspcUploadType'
+--
+-- * 'apspcPayload'
+--
+-- * 'apspcCallback'
+accessPoliciesServicePerimetersCreate
+    :: Text -- ^ 'apspcParent'
+    -> ServicePerimeter -- ^ 'apspcPayload'
+    -> AccessPoliciesServicePerimetersCreate
+accessPoliciesServicePerimetersCreate pApspcParent_ pApspcPayload_ =
+    AccessPoliciesServicePerimetersCreate'
+    { _apspcParent = pApspcParent_
+    , _apspcXgafv = Nothing
+    , _apspcUploadProtocol = Nothing
+    , _apspcAccessToken = Nothing
+    , _apspcUploadType = Nothing
+    , _apspcPayload = pApspcPayload_
+    , _apspcCallback = Nothing
+    }
+
+-- | Required. Resource name for the access policy which owns this Service
+-- Perimeter. Format: \`accessPolicies\/{policy_id}\`
+apspcParent :: Lens' AccessPoliciesServicePerimetersCreate Text
+apspcParent
+  = lens _apspcParent (\ s a -> s{_apspcParent = a})
+
+-- | V1 error format.
+apspcXgafv :: Lens' AccessPoliciesServicePerimetersCreate (Maybe Xgafv)
+apspcXgafv
+  = lens _apspcXgafv (\ s a -> s{_apspcXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+apspcUploadProtocol :: Lens' AccessPoliciesServicePerimetersCreate (Maybe Text)
+apspcUploadProtocol
+  = lens _apspcUploadProtocol
+      (\ s a -> s{_apspcUploadProtocol = a})
+
+-- | OAuth access token.
+apspcAccessToken :: Lens' AccessPoliciesServicePerimetersCreate (Maybe Text)
+apspcAccessToken
+  = lens _apspcAccessToken
+      (\ s a -> s{_apspcAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+apspcUploadType :: Lens' AccessPoliciesServicePerimetersCreate (Maybe Text)
+apspcUploadType
+  = lens _apspcUploadType
+      (\ s a -> s{_apspcUploadType = a})
+
+-- | Multipart request metadata.
+apspcPayload :: Lens' AccessPoliciesServicePerimetersCreate ServicePerimeter
+apspcPayload
+  = lens _apspcPayload (\ s a -> s{_apspcPayload = a})
+
+-- | JSONP
+apspcCallback :: Lens' AccessPoliciesServicePerimetersCreate (Maybe Text)
+apspcCallback
+  = lens _apspcCallback
+      (\ s a -> s{_apspcCallback = a})
+
+instance GoogleRequest
+         AccessPoliciesServicePerimetersCreate where
+        type Rs AccessPoliciesServicePerimetersCreate =
+             Operation
+        type Scopes AccessPoliciesServicePerimetersCreate =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient
+          AccessPoliciesServicePerimetersCreate'{..}
+          = go _apspcParent _apspcXgafv _apspcUploadProtocol
+              _apspcAccessToken
+              _apspcUploadType
+              _apspcCallback
+              (Just AltJSON)
+              _apspcPayload
+              accessContextManagerService
+          where go
+                  = buildClient
+                      (Proxy ::
+                         Proxy AccessPoliciesServicePerimetersCreateResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/ServicePerimeters/Delete.hs b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/ServicePerimeters/Delete.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/ServicePerimeters/Delete.hs
@@ -0,0 +1,156 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Delete
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Delete an Service Perimeter by resource name. The longrunning operation
+-- from this RPC will have a successful status once the Service Perimeter
+-- has been removed from long-lasting storage.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.accessPolicies.servicePerimeters.delete@.
+module Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Delete
+    (
+    -- * REST Resource
+      AccessPoliciesServicePerimetersDeleteResource
+
+    -- * Creating a Request
+    , accessPoliciesServicePerimetersDelete
+    , AccessPoliciesServicePerimetersDelete
+
+    -- * Request Lenses
+    , apspdXgafv
+    , apspdUploadProtocol
+    , apspdAccessToken
+    , apspdUploadType
+    , apspdName
+    , apspdCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.accessPolicies.servicePerimeters.delete@ method which the
+-- 'AccessPoliciesServicePerimetersDelete' request conforms to.
+type AccessPoliciesServicePerimetersDeleteResource =
+     "v1beta" :>
+       Capture "name" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :> Delete '[JSON] Operation
+
+-- | Delete an Service Perimeter by resource name. The longrunning operation
+-- from this RPC will have a successful status once the Service Perimeter
+-- has been removed from long-lasting storage.
+--
+-- /See:/ 'accessPoliciesServicePerimetersDelete' smart constructor.
+data AccessPoliciesServicePerimetersDelete = AccessPoliciesServicePerimetersDelete'
+    { _apspdXgafv          :: !(Maybe Xgafv)
+    , _apspdUploadProtocol :: !(Maybe Text)
+    , _apspdAccessToken    :: !(Maybe Text)
+    , _apspdUploadType     :: !(Maybe Text)
+    , _apspdName           :: !Text
+    , _apspdCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPoliciesServicePerimetersDelete' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'apspdXgafv'
+--
+-- * 'apspdUploadProtocol'
+--
+-- * 'apspdAccessToken'
+--
+-- * 'apspdUploadType'
+--
+-- * 'apspdName'
+--
+-- * 'apspdCallback'
+accessPoliciesServicePerimetersDelete
+    :: Text -- ^ 'apspdName'
+    -> AccessPoliciesServicePerimetersDelete
+accessPoliciesServicePerimetersDelete pApspdName_ =
+    AccessPoliciesServicePerimetersDelete'
+    { _apspdXgafv = Nothing
+    , _apspdUploadProtocol = Nothing
+    , _apspdAccessToken = Nothing
+    , _apspdUploadType = Nothing
+    , _apspdName = pApspdName_
+    , _apspdCallback = Nothing
+    }
+
+-- | V1 error format.
+apspdXgafv :: Lens' AccessPoliciesServicePerimetersDelete (Maybe Xgafv)
+apspdXgafv
+  = lens _apspdXgafv (\ s a -> s{_apspdXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+apspdUploadProtocol :: Lens' AccessPoliciesServicePerimetersDelete (Maybe Text)
+apspdUploadProtocol
+  = lens _apspdUploadProtocol
+      (\ s a -> s{_apspdUploadProtocol = a})
+
+-- | OAuth access token.
+apspdAccessToken :: Lens' AccessPoliciesServicePerimetersDelete (Maybe Text)
+apspdAccessToken
+  = lens _apspdAccessToken
+      (\ s a -> s{_apspdAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+apspdUploadType :: Lens' AccessPoliciesServicePerimetersDelete (Maybe Text)
+apspdUploadType
+  = lens _apspdUploadType
+      (\ s a -> s{_apspdUploadType = a})
+
+-- | Required. Resource name for the Service Perimeter. Format:
+-- \`accessPolicies\/{policy_id}\/servicePerimeters\/{service_perimeter_id}\`
+apspdName :: Lens' AccessPoliciesServicePerimetersDelete Text
+apspdName
+  = lens _apspdName (\ s a -> s{_apspdName = a})
+
+-- | JSONP
+apspdCallback :: Lens' AccessPoliciesServicePerimetersDelete (Maybe Text)
+apspdCallback
+  = lens _apspdCallback
+      (\ s a -> s{_apspdCallback = a})
+
+instance GoogleRequest
+         AccessPoliciesServicePerimetersDelete where
+        type Rs AccessPoliciesServicePerimetersDelete =
+             Operation
+        type Scopes AccessPoliciesServicePerimetersDelete =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient
+          AccessPoliciesServicePerimetersDelete'{..}
+          = go _apspdName _apspdXgafv _apspdUploadProtocol
+              _apspdAccessToken
+              _apspdUploadType
+              _apspdCallback
+              (Just AltJSON)
+              accessContextManagerService
+          where go
+                  = buildClient
+                      (Proxy ::
+                         Proxy AccessPoliciesServicePerimetersDeleteResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/ServicePerimeters/Get.hs b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/ServicePerimeters/Get.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/ServicePerimeters/Get.hs
@@ -0,0 +1,152 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Get
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Get an Service Perimeter by resource name.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.accessPolicies.servicePerimeters.get@.
+module Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Get
+    (
+    -- * REST Resource
+      AccessPoliciesServicePerimetersGetResource
+
+    -- * Creating a Request
+    , accessPoliciesServicePerimetersGet
+    , AccessPoliciesServicePerimetersGet
+
+    -- * Request Lenses
+    , apspgXgafv
+    , apspgUploadProtocol
+    , apspgAccessToken
+    , apspgUploadType
+    , apspgName
+    , apspgCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.accessPolicies.servicePerimeters.get@ method which the
+-- 'AccessPoliciesServicePerimetersGet' request conforms to.
+type AccessPoliciesServicePerimetersGetResource =
+     "v1beta" :>
+       Capture "name" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :>
+                     Get '[JSON] ServicePerimeter
+
+-- | Get an Service Perimeter by resource name.
+--
+-- /See:/ 'accessPoliciesServicePerimetersGet' smart constructor.
+data AccessPoliciesServicePerimetersGet = AccessPoliciesServicePerimetersGet'
+    { _apspgXgafv          :: !(Maybe Xgafv)
+    , _apspgUploadProtocol :: !(Maybe Text)
+    , _apspgAccessToken    :: !(Maybe Text)
+    , _apspgUploadType     :: !(Maybe Text)
+    , _apspgName           :: !Text
+    , _apspgCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPoliciesServicePerimetersGet' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'apspgXgafv'
+--
+-- * 'apspgUploadProtocol'
+--
+-- * 'apspgAccessToken'
+--
+-- * 'apspgUploadType'
+--
+-- * 'apspgName'
+--
+-- * 'apspgCallback'
+accessPoliciesServicePerimetersGet
+    :: Text -- ^ 'apspgName'
+    -> AccessPoliciesServicePerimetersGet
+accessPoliciesServicePerimetersGet pApspgName_ =
+    AccessPoliciesServicePerimetersGet'
+    { _apspgXgafv = Nothing
+    , _apspgUploadProtocol = Nothing
+    , _apspgAccessToken = Nothing
+    , _apspgUploadType = Nothing
+    , _apspgName = pApspgName_
+    , _apspgCallback = Nothing
+    }
+
+-- | V1 error format.
+apspgXgafv :: Lens' AccessPoliciesServicePerimetersGet (Maybe Xgafv)
+apspgXgafv
+  = lens _apspgXgafv (\ s a -> s{_apspgXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+apspgUploadProtocol :: Lens' AccessPoliciesServicePerimetersGet (Maybe Text)
+apspgUploadProtocol
+  = lens _apspgUploadProtocol
+      (\ s a -> s{_apspgUploadProtocol = a})
+
+-- | OAuth access token.
+apspgAccessToken :: Lens' AccessPoliciesServicePerimetersGet (Maybe Text)
+apspgAccessToken
+  = lens _apspgAccessToken
+      (\ s a -> s{_apspgAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+apspgUploadType :: Lens' AccessPoliciesServicePerimetersGet (Maybe Text)
+apspgUploadType
+  = lens _apspgUploadType
+      (\ s a -> s{_apspgUploadType = a})
+
+-- | Required. Resource name for the Service Perimeter. Format:
+-- \`accessPolicies\/{policy_id}\/servicePerimeters\/{service_perimeters_id}\`
+apspgName :: Lens' AccessPoliciesServicePerimetersGet Text
+apspgName
+  = lens _apspgName (\ s a -> s{_apspgName = a})
+
+-- | JSONP
+apspgCallback :: Lens' AccessPoliciesServicePerimetersGet (Maybe Text)
+apspgCallback
+  = lens _apspgCallback
+      (\ s a -> s{_apspgCallback = a})
+
+instance GoogleRequest
+         AccessPoliciesServicePerimetersGet where
+        type Rs AccessPoliciesServicePerimetersGet =
+             ServicePerimeter
+        type Scopes AccessPoliciesServicePerimetersGet =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient AccessPoliciesServicePerimetersGet'{..}
+          = go _apspgName _apspgXgafv _apspgUploadProtocol
+              _apspgAccessToken
+              _apspgUploadType
+              _apspgCallback
+              (Just AltJSON)
+              accessContextManagerService
+          where go
+                  = buildClient
+                      (Proxy ::
+                         Proxy AccessPoliciesServicePerimetersGetResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/ServicePerimeters/List.hs b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/ServicePerimeters/List.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/ServicePerimeters/List.hs
@@ -0,0 +1,182 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.List
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- List all Service Perimeters for an access policy.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.accessPolicies.servicePerimeters.list@.
+module Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.List
+    (
+    -- * REST Resource
+      AccessPoliciesServicePerimetersListResource
+
+    -- * Creating a Request
+    , accessPoliciesServicePerimetersList
+    , AccessPoliciesServicePerimetersList
+
+    -- * Request Lenses
+    , apsplParent
+    , apsplXgafv
+    , apsplUploadProtocol
+    , apsplAccessToken
+    , apsplUploadType
+    , apsplPageToken
+    , apsplPageSize
+    , apsplCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.accessPolicies.servicePerimeters.list@ method which the
+-- 'AccessPoliciesServicePerimetersList' request conforms to.
+type AccessPoliciesServicePerimetersListResource =
+     "v1beta" :>
+       Capture "parent" Text :>
+         "servicePerimeters" :>
+           QueryParam "$.xgafv" Xgafv :>
+             QueryParam "upload_protocol" Text :>
+               QueryParam "access_token" Text :>
+                 QueryParam "uploadType" Text :>
+                   QueryParam "pageToken" Text :>
+                     QueryParam "pageSize" (Textual Int32) :>
+                       QueryParam "callback" Text :>
+                         QueryParam "alt" AltJSON :>
+                           Get '[JSON] ListServicePerimetersResponse
+
+-- | List all Service Perimeters for an access policy.
+--
+-- /See:/ 'accessPoliciesServicePerimetersList' smart constructor.
+data AccessPoliciesServicePerimetersList = AccessPoliciesServicePerimetersList'
+    { _apsplParent         :: !Text
+    , _apsplXgafv          :: !(Maybe Xgafv)
+    , _apsplUploadProtocol :: !(Maybe Text)
+    , _apsplAccessToken    :: !(Maybe Text)
+    , _apsplUploadType     :: !(Maybe Text)
+    , _apsplPageToken      :: !(Maybe Text)
+    , _apsplPageSize       :: !(Maybe (Textual Int32))
+    , _apsplCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPoliciesServicePerimetersList' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'apsplParent'
+--
+-- * 'apsplXgafv'
+--
+-- * 'apsplUploadProtocol'
+--
+-- * 'apsplAccessToken'
+--
+-- * 'apsplUploadType'
+--
+-- * 'apsplPageToken'
+--
+-- * 'apsplPageSize'
+--
+-- * 'apsplCallback'
+accessPoliciesServicePerimetersList
+    :: Text -- ^ 'apsplParent'
+    -> AccessPoliciesServicePerimetersList
+accessPoliciesServicePerimetersList pApsplParent_ =
+    AccessPoliciesServicePerimetersList'
+    { _apsplParent = pApsplParent_
+    , _apsplXgafv = Nothing
+    , _apsplUploadProtocol = Nothing
+    , _apsplAccessToken = Nothing
+    , _apsplUploadType = Nothing
+    , _apsplPageToken = Nothing
+    , _apsplPageSize = Nothing
+    , _apsplCallback = Nothing
+    }
+
+-- | Required. Resource name for the access policy to list Service Perimeters
+-- from. Format: \`accessPolicies\/{policy_id}\`
+apsplParent :: Lens' AccessPoliciesServicePerimetersList Text
+apsplParent
+  = lens _apsplParent (\ s a -> s{_apsplParent = a})
+
+-- | V1 error format.
+apsplXgafv :: Lens' AccessPoliciesServicePerimetersList (Maybe Xgafv)
+apsplXgafv
+  = lens _apsplXgafv (\ s a -> s{_apsplXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+apsplUploadProtocol :: Lens' AccessPoliciesServicePerimetersList (Maybe Text)
+apsplUploadProtocol
+  = lens _apsplUploadProtocol
+      (\ s a -> s{_apsplUploadProtocol = a})
+
+-- | OAuth access token.
+apsplAccessToken :: Lens' AccessPoliciesServicePerimetersList (Maybe Text)
+apsplAccessToken
+  = lens _apsplAccessToken
+      (\ s a -> s{_apsplAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+apsplUploadType :: Lens' AccessPoliciesServicePerimetersList (Maybe Text)
+apsplUploadType
+  = lens _apsplUploadType
+      (\ s a -> s{_apsplUploadType = a})
+
+-- | Next page token for the next batch of Service Perimeter instances.
+-- Defaults to the first page of results.
+apsplPageToken :: Lens' AccessPoliciesServicePerimetersList (Maybe Text)
+apsplPageToken
+  = lens _apsplPageToken
+      (\ s a -> s{_apsplPageToken = a})
+
+-- | Number of Service Perimeters to include in the list. Default 100.
+apsplPageSize :: Lens' AccessPoliciesServicePerimetersList (Maybe Int32)
+apsplPageSize
+  = lens _apsplPageSize
+      (\ s a -> s{_apsplPageSize = a})
+      . mapping _Coerce
+
+-- | JSONP
+apsplCallback :: Lens' AccessPoliciesServicePerimetersList (Maybe Text)
+apsplCallback
+  = lens _apsplCallback
+      (\ s a -> s{_apsplCallback = a})
+
+instance GoogleRequest
+         AccessPoliciesServicePerimetersList where
+        type Rs AccessPoliciesServicePerimetersList =
+             ListServicePerimetersResponse
+        type Scopes AccessPoliciesServicePerimetersList =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient
+          AccessPoliciesServicePerimetersList'{..}
+          = go _apsplParent _apsplXgafv _apsplUploadProtocol
+              _apsplAccessToken
+              _apsplUploadType
+              _apsplPageToken
+              _apsplPageSize
+              _apsplCallback
+              (Just AltJSON)
+              accessContextManagerService
+          where go
+                  = buildClient
+                      (Proxy ::
+                         Proxy AccessPoliciesServicePerimetersListResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/ServicePerimeters/Patch.hs b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/ServicePerimeters/Patch.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/AccessPolicies/ServicePerimeters/Patch.hs
@@ -0,0 +1,187 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Patch
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Update an Service Perimeter. The longrunning operation from this RPC
+-- will have a successful status once the changes to the Service Perimeter
+-- have propagated to long-lasting storage. Service Perimeter containing
+-- errors will result in an error response for the first error encountered.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.accessPolicies.servicePerimeters.patch@.
+module Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Patch
+    (
+    -- * REST Resource
+      AccessPoliciesServicePerimetersPatchResource
+
+    -- * Creating a Request
+    , accessPoliciesServicePerimetersPatch
+    , AccessPoliciesServicePerimetersPatch
+
+    -- * Request Lenses
+    , apsppXgafv
+    , apsppUploadProtocol
+    , apsppUpdateMask
+    , apsppAccessToken
+    , apsppUploadType
+    , apsppPayload
+    , apsppName
+    , apsppCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.accessPolicies.servicePerimeters.patch@ method which the
+-- 'AccessPoliciesServicePerimetersPatch' request conforms to.
+type AccessPoliciesServicePerimetersPatchResource =
+     "v1beta" :>
+       Capture "name" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "updateMask" GFieldMask :>
+               QueryParam "access_token" Text :>
+                 QueryParam "uploadType" Text :>
+                   QueryParam "callback" Text :>
+                     QueryParam "alt" AltJSON :>
+                       ReqBody '[JSON] ServicePerimeter :>
+                         Patch '[JSON] Operation
+
+-- | Update an Service Perimeter. The longrunning operation from this RPC
+-- will have a successful status once the changes to the Service Perimeter
+-- have propagated to long-lasting storage. Service Perimeter containing
+-- errors will result in an error response for the first error encountered.
+--
+-- /See:/ 'accessPoliciesServicePerimetersPatch' smart constructor.
+data AccessPoliciesServicePerimetersPatch = AccessPoliciesServicePerimetersPatch'
+    { _apsppXgafv          :: !(Maybe Xgafv)
+    , _apsppUploadProtocol :: !(Maybe Text)
+    , _apsppUpdateMask     :: !(Maybe GFieldMask)
+    , _apsppAccessToken    :: !(Maybe Text)
+    , _apsppUploadType     :: !(Maybe Text)
+    , _apsppPayload        :: !ServicePerimeter
+    , _apsppName           :: !Text
+    , _apsppCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AccessPoliciesServicePerimetersPatch' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'apsppXgafv'
+--
+-- * 'apsppUploadProtocol'
+--
+-- * 'apsppUpdateMask'
+--
+-- * 'apsppAccessToken'
+--
+-- * 'apsppUploadType'
+--
+-- * 'apsppPayload'
+--
+-- * 'apsppName'
+--
+-- * 'apsppCallback'
+accessPoliciesServicePerimetersPatch
+    :: ServicePerimeter -- ^ 'apsppPayload'
+    -> Text -- ^ 'apsppName'
+    -> AccessPoliciesServicePerimetersPatch
+accessPoliciesServicePerimetersPatch pApsppPayload_ pApsppName_ =
+    AccessPoliciesServicePerimetersPatch'
+    { _apsppXgafv = Nothing
+    , _apsppUploadProtocol = Nothing
+    , _apsppUpdateMask = Nothing
+    , _apsppAccessToken = Nothing
+    , _apsppUploadType = Nothing
+    , _apsppPayload = pApsppPayload_
+    , _apsppName = pApsppName_
+    , _apsppCallback = Nothing
+    }
+
+-- | V1 error format.
+apsppXgafv :: Lens' AccessPoliciesServicePerimetersPatch (Maybe Xgafv)
+apsppXgafv
+  = lens _apsppXgafv (\ s a -> s{_apsppXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+apsppUploadProtocol :: Lens' AccessPoliciesServicePerimetersPatch (Maybe Text)
+apsppUploadProtocol
+  = lens _apsppUploadProtocol
+      (\ s a -> s{_apsppUploadProtocol = a})
+
+-- | Required. Mask to control which fields get updated. Must be non-empty.
+apsppUpdateMask :: Lens' AccessPoliciesServicePerimetersPatch (Maybe GFieldMask)
+apsppUpdateMask
+  = lens _apsppUpdateMask
+      (\ s a -> s{_apsppUpdateMask = a})
+
+-- | OAuth access token.
+apsppAccessToken :: Lens' AccessPoliciesServicePerimetersPatch (Maybe Text)
+apsppAccessToken
+  = lens _apsppAccessToken
+      (\ s a -> s{_apsppAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+apsppUploadType :: Lens' AccessPoliciesServicePerimetersPatch (Maybe Text)
+apsppUploadType
+  = lens _apsppUploadType
+      (\ s a -> s{_apsppUploadType = a})
+
+-- | Multipart request metadata.
+apsppPayload :: Lens' AccessPoliciesServicePerimetersPatch ServicePerimeter
+apsppPayload
+  = lens _apsppPayload (\ s a -> s{_apsppPayload = a})
+
+-- | Required. Resource name for the ServicePerimeter. The \`short_name\`
+-- component must begin with a letter and only include alphanumeric and
+-- \'_\'. Format:
+-- \`accessPolicies\/{policy_id}\/servicePerimeters\/{short_name}\`
+apsppName :: Lens' AccessPoliciesServicePerimetersPatch Text
+apsppName
+  = lens _apsppName (\ s a -> s{_apsppName = a})
+
+-- | JSONP
+apsppCallback :: Lens' AccessPoliciesServicePerimetersPatch (Maybe Text)
+apsppCallback
+  = lens _apsppCallback
+      (\ s a -> s{_apsppCallback = a})
+
+instance GoogleRequest
+         AccessPoliciesServicePerimetersPatch where
+        type Rs AccessPoliciesServicePerimetersPatch =
+             Operation
+        type Scopes AccessPoliciesServicePerimetersPatch =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient
+          AccessPoliciesServicePerimetersPatch'{..}
+          = go _apsppName _apsppXgafv _apsppUploadProtocol
+              _apsppUpdateMask
+              _apsppAccessToken
+              _apsppUploadType
+              _apsppCallback
+              (Just AltJSON)
+              _apsppPayload
+              accessContextManagerService
+          where go
+                  = buildClient
+                      (Proxy ::
+                         Proxy AccessPoliciesServicePerimetersPatchResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/AccessContextManager/Operations/Get.hs b/gen/Network/Google/Resource/AccessContextManager/Operations/Get.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/AccessContextManager/Operations/Get.hs
@@ -0,0 +1,146 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.AccessContextManager.Operations.Get
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets the latest state of a long-running operation. Clients can use this
+-- method to poll the operation result at intervals as recommended by the
+-- API service.
+--
+-- /See:/ <https://cloud.google.com/access-context-manager/docs/reference/rest/ Access Context Manager API Reference> for @accesscontextmanager.operations.get@.
+module Network.Google.Resource.AccessContextManager.Operations.Get
+    (
+    -- * REST Resource
+      OperationsGetResource
+
+    -- * Creating a Request
+    , operationsGet
+    , OperationsGet
+
+    -- * Request Lenses
+    , ogXgafv
+    , ogUploadProtocol
+    , ogAccessToken
+    , ogUploadType
+    , ogName
+    , ogCallback
+    ) where
+
+import           Network.Google.AccessContextManager.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @accesscontextmanager.operations.get@ method which the
+-- 'OperationsGet' request conforms to.
+type OperationsGetResource =
+     "v1beta" :>
+       Capture "name" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :> Get '[JSON] Operation
+
+-- | Gets the latest state of a long-running operation. Clients can use this
+-- method to poll the operation result at intervals as recommended by the
+-- API service.
+--
+-- /See:/ 'operationsGet' smart constructor.
+data OperationsGet = OperationsGet'
+    { _ogXgafv          :: !(Maybe Xgafv)
+    , _ogUploadProtocol :: !(Maybe Text)
+    , _ogAccessToken    :: !(Maybe Text)
+    , _ogUploadType     :: !(Maybe Text)
+    , _ogName           :: !Text
+    , _ogCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'OperationsGet' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'ogXgafv'
+--
+-- * 'ogUploadProtocol'
+--
+-- * 'ogAccessToken'
+--
+-- * 'ogUploadType'
+--
+-- * 'ogName'
+--
+-- * 'ogCallback'
+operationsGet
+    :: Text -- ^ 'ogName'
+    -> OperationsGet
+operationsGet pOgName_ =
+    OperationsGet'
+    { _ogXgafv = Nothing
+    , _ogUploadProtocol = Nothing
+    , _ogAccessToken = Nothing
+    , _ogUploadType = Nothing
+    , _ogName = pOgName_
+    , _ogCallback = Nothing
+    }
+
+-- | V1 error format.
+ogXgafv :: Lens' OperationsGet (Maybe Xgafv)
+ogXgafv = lens _ogXgafv (\ s a -> s{_ogXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+ogUploadProtocol :: Lens' OperationsGet (Maybe Text)
+ogUploadProtocol
+  = lens _ogUploadProtocol
+      (\ s a -> s{_ogUploadProtocol = a})
+
+-- | OAuth access token.
+ogAccessToken :: Lens' OperationsGet (Maybe Text)
+ogAccessToken
+  = lens _ogAccessToken
+      (\ s a -> s{_ogAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+ogUploadType :: Lens' OperationsGet (Maybe Text)
+ogUploadType
+  = lens _ogUploadType (\ s a -> s{_ogUploadType = a})
+
+-- | The name of the operation resource.
+ogName :: Lens' OperationsGet Text
+ogName = lens _ogName (\ s a -> s{_ogName = a})
+
+-- | JSONP
+ogCallback :: Lens' OperationsGet (Maybe Text)
+ogCallback
+  = lens _ogCallback (\ s a -> s{_ogCallback = a})
+
+instance GoogleRequest OperationsGet where
+        type Rs OperationsGet = Operation
+        type Scopes OperationsGet =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient OperationsGet'{..}
+          = go _ogName _ogXgafv _ogUploadProtocol
+              _ogAccessToken
+              _ogUploadType
+              _ogCallback
+              (Just AltJSON)
+              accessContextManagerService
+          where go
+                  = buildClient (Proxy :: Proxy OperationsGetResource)
+                      mempty
diff --git a/gogol-accesscontextmanager.cabal b/gogol-accesscontextmanager.cabal
new file mode 100644
--- /dev/null
+++ b/gogol-accesscontextmanager.cabal
@@ -0,0 +1,62 @@
+name:                  gogol-accesscontextmanager
+version:               0.4.0
+synopsis:              Google Access Context Manager SDK.
+homepage:              https://github.com/brendanhay/gogol
+bug-reports:           https://github.com/brendanhay/gogol/issues
+license:               OtherLicense
+license-file:          LICENSE
+author:                Brendan Hay
+maintainer:            Brendan Hay <brendan.g.hay@gmail.com>
+copyright:             Copyright (c) 2015-2016 Brendan Hay
+category:              Network, Google, Cloud
+build-type:            Simple
+cabal-version:         >= 1.10
+extra-source-files:    README.md src/.gitkeep
+
+description:
+    An API for setting attribute based access control to requests to GCP
+    services.
+    .
+    /Warning:/ This is an experimental prototype/preview release which is still
+    under exploratory development and not intended for public use, caveat emptor!
+    .
+    This library is compatible with version @v1beta@
+    of the API.
+
+source-repository head
+    type:     git
+    location: git://github.com/brendanhay/gogol.git
+
+library
+    default-language:  Haskell2010
+    hs-source-dirs:    src gen
+
+    ghc-options:       -Wall
+
+    exposed-modules:
+          Network.Google.AccessContextManager
+        , Network.Google.AccessContextManager.Types
+        , Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Create
+        , Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Delete
+        , Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Get
+        , Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.List
+        , Network.Google.Resource.AccessContextManager.AccessPolicies.AccessLevels.Patch
+        , Network.Google.Resource.AccessContextManager.AccessPolicies.Create
+        , Network.Google.Resource.AccessContextManager.AccessPolicies.Delete
+        , Network.Google.Resource.AccessContextManager.AccessPolicies.Get
+        , Network.Google.Resource.AccessContextManager.AccessPolicies.List
+        , Network.Google.Resource.AccessContextManager.AccessPolicies.Patch
+        , Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Create
+        , Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Delete
+        , Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Get
+        , Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.List
+        , Network.Google.Resource.AccessContextManager.AccessPolicies.ServicePerimeters.Patch
+        , Network.Google.Resource.AccessContextManager.Operations.Get
+
+    other-modules:
+          Network.Google.AccessContextManager.Types.Product
+        , Network.Google.AccessContextManager.Types.Sum
+
+    build-depends:
+          gogol-core == 0.4.0.*
+        , base       >= 4.7 && < 5
diff --git a/src/.gitkeep b/src/.gitkeep
new file mode 100644
--- /dev/null
+++ b/src/.gitkeep
