diff --git a/LICENSE b/LICENSE
new file mode 100644
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,367 @@
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
diff --git a/README.md b/README.md
new file mode 100644
--- /dev/null
+++ b/README.md
@@ -0,0 +1,28 @@
+# gogol-binaryauthorization
+
+* [Version](#version)
+* [Description](#description)
+* [Contribute](#contribute)
+* [Licence](#licence)
+
+
+## Version
+
+`0.3.0`
+
+
+## Description
+
+A client library for the Google Binary Authorization.
+
+
+## Contribute
+
+For any problems, comments, or feedback please create an issue [here on GitHub](https://github.com/brendanhay/gogol/issues).
+
+> _Note:_ this library is an auto-generated Haskell package. Please see `gogol-gen` for more information.
+
+
+## Licence
+
+`gogol-binaryauthorization` is released under the [Mozilla Public License Version 2.0](http://www.mozilla.org/MPL/).
diff --git a/Setup.hs b/Setup.hs
new file mode 100644
--- /dev/null
+++ b/Setup.hs
@@ -0,0 +1,2 @@
+import           Distribution.Simple
+main = defaultMain
diff --git a/gen/Network/Google/BinaryAuthorization.hs b/gen/Network/Google/BinaryAuthorization.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/BinaryAuthorization.hs
@@ -0,0 +1,214 @@
+{-# LANGUAGE DataKinds         #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# LANGUAGE TypeOperators     #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+
+-- |
+-- Module      : Network.Google.BinaryAuthorization
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- The management interface for Binary Authorization, a system providing
+-- policy control for images deployed to Kubernetes Engine clusters.
+--
+-- /See:/ <https://cloud.google.com/binary-authorization/ Binary Authorization API Reference>
+module Network.Google.BinaryAuthorization
+    (
+    -- * Service Configuration
+      binaryAuthorizationService
+
+    -- * OAuth Scopes
+    , cloudPlatformScope
+
+    -- * API Declaration
+    , BinaryAuthorizationAPI
+
+    -- * Resources
+
+    -- ** binaryauthorization.projects.attestors.create
+    , module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Create
+
+    -- ** binaryauthorization.projects.attestors.delete
+    , module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Delete
+
+    -- ** binaryauthorization.projects.attestors.get
+    , module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Get
+
+    -- ** binaryauthorization.projects.attestors.getIamPolicy
+    , module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.GetIAMPolicy
+
+    -- ** binaryauthorization.projects.attestors.list
+    , module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.List
+
+    -- ** binaryauthorization.projects.attestors.setIamPolicy
+    , module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.SetIAMPolicy
+
+    -- ** binaryauthorization.projects.attestors.testIamPermissions
+    , module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.TestIAMPermissions
+
+    -- ** binaryauthorization.projects.attestors.update
+    , module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Update
+
+    -- ** binaryauthorization.projects.getPolicy
+    , module Network.Google.Resource.BinaryAuthorization.Projects.GetPolicy
+
+    -- ** binaryauthorization.projects.policy.getIamPolicy
+    , module Network.Google.Resource.BinaryAuthorization.Projects.Policy.GetIAMPolicy
+
+    -- ** binaryauthorization.projects.policy.setIamPolicy
+    , module Network.Google.Resource.BinaryAuthorization.Projects.Policy.SetIAMPolicy
+
+    -- ** binaryauthorization.projects.policy.testIamPermissions
+    , module Network.Google.Resource.BinaryAuthorization.Projects.Policy.TestIAMPermissions
+
+    -- ** binaryauthorization.projects.updatePolicy
+    , module Network.Google.Resource.BinaryAuthorization.Projects.UpdatePolicy
+
+    -- * Types
+
+    -- ** Expr
+    , Expr
+    , expr
+    , eLocation
+    , eExpression
+    , eTitle
+    , eDescription
+
+    -- ** UserOwnedDrydockNote
+    , UserOwnedDrydockNote
+    , userOwnedDrydockNote
+    , uodnDelegationServiceAccountEmail
+    , uodnPublicKeys
+    , uodnNoteReference
+
+    -- ** Empty
+    , Empty
+    , empty
+
+    -- ** AdmissionRuleEnforcementMode
+    , AdmissionRuleEnforcementMode (..)
+
+    -- ** SetIAMPolicyRequest
+    , SetIAMPolicyRequest
+    , setIAMPolicyRequest
+    , siprPolicy
+
+    -- ** ListAttestorsResponse
+    , ListAttestorsResponse
+    , listAttestorsResponse
+    , larNextPageToken
+    , larAttestors
+
+    -- ** AdmissionWhiteListPattern
+    , AdmissionWhiteListPattern
+    , admissionWhiteListPattern
+    , awlpNamePattern
+
+    -- ** AdmissionRule
+    , AdmissionRule
+    , admissionRule
+    , arEnforcementMode
+    , arEvaluationMode
+    , arRequireAttestationsBy
+
+    -- ** AdmissionRuleEvaluationMode
+    , AdmissionRuleEvaluationMode (..)
+
+    -- ** Xgafv
+    , Xgafv (..)
+
+    -- ** TestIAMPermissionsRequest
+    , TestIAMPermissionsRequest
+    , testIAMPermissionsRequest
+    , tiprPermissions
+
+    -- ** IAMPolicy
+    , IAMPolicy
+    , iamPolicy
+    , ipEtag
+    , ipVersion
+    , ipBindings
+
+    -- ** AttestorPublicKey
+    , AttestorPublicKey
+    , attestorPublicKey
+    , apkAsciiArmoredPgpPublicKey
+    , apkId
+    , apkComment
+
+    -- ** TestIAMPermissionsResponse
+    , TestIAMPermissionsResponse
+    , testIAMPermissionsResponse
+    , tiamprPermissions
+
+    -- ** Policy
+    , Policy
+    , policy
+    , pDefaultAdmissionRule
+    , pAdmissionWhiteListPatterns
+    , pClusterAdmissionRules
+    , pUpdateTime
+    , pName
+    , pDescription
+
+    -- ** PolicyClusterAdmissionRules
+    , PolicyClusterAdmissionRules
+    , policyClusterAdmissionRules
+    , pcarAddtional
+
+    -- ** Attestor
+    , Attestor
+    , attestor
+    , aUserOwnedDrydockNote
+    , aUpdateTime
+    , aName
+    , aDescription
+
+    -- ** Binding
+    , Binding
+    , binding
+    , bMembers
+    , bRole
+    , bCondition
+    ) where
+
+import           Network.Google.BinaryAuthorization.Types
+import           Network.Google.Prelude
+import           Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Create
+import           Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Delete
+import           Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Get
+import           Network.Google.Resource.BinaryAuthorization.Projects.Attestors.GetIAMPolicy
+import           Network.Google.Resource.BinaryAuthorization.Projects.Attestors.List
+import           Network.Google.Resource.BinaryAuthorization.Projects.Attestors.SetIAMPolicy
+import           Network.Google.Resource.BinaryAuthorization.Projects.Attestors.TestIAMPermissions
+import           Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Update
+import           Network.Google.Resource.BinaryAuthorization.Projects.GetPolicy
+import           Network.Google.Resource.BinaryAuthorization.Projects.Policy.GetIAMPolicy
+import           Network.Google.Resource.BinaryAuthorization.Projects.Policy.SetIAMPolicy
+import           Network.Google.Resource.BinaryAuthorization.Projects.Policy.TestIAMPermissions
+import           Network.Google.Resource.BinaryAuthorization.Projects.UpdatePolicy
+
+{- $resources
+TODO
+-}
+
+-- | Represents the entirety of the methods and resources available for the Binary Authorization API service.
+type BinaryAuthorizationAPI =
+     ProjectsAttestorsListResource :<|>
+       ProjectsAttestorsGetIAMPolicyResource
+       :<|> ProjectsAttestorsGetResource
+       :<|> ProjectsAttestorsCreateResource
+       :<|> ProjectsAttestorsSetIAMPolicyResource
+       :<|> ProjectsAttestorsTestIAMPermissionsResource
+       :<|> ProjectsAttestorsDeleteResource
+       :<|> ProjectsAttestorsUpdateResource
+       :<|> ProjectsPolicyGetIAMPolicyResource
+       :<|> ProjectsPolicySetIAMPolicyResource
+       :<|> ProjectsPolicyTestIAMPermissionsResource
+       :<|> ProjectsUpdatePolicyResource
+       :<|> ProjectsGetPolicyResource
diff --git a/gen/Network/Google/BinaryAuthorization/Types.hs b/gen/Network/Google/BinaryAuthorization/Types.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/BinaryAuthorization/Types.hs
@@ -0,0 +1,144 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Network.Google.BinaryAuthorization.Types
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+module Network.Google.BinaryAuthorization.Types
+    (
+    -- * Service Configuration
+      binaryAuthorizationService
+
+    -- * OAuth Scopes
+    , cloudPlatformScope
+
+    -- * Expr
+    , Expr
+    , expr
+    , eLocation
+    , eExpression
+    , eTitle
+    , eDescription
+
+    -- * UserOwnedDrydockNote
+    , UserOwnedDrydockNote
+    , userOwnedDrydockNote
+    , uodnDelegationServiceAccountEmail
+    , uodnPublicKeys
+    , uodnNoteReference
+
+    -- * Empty
+    , Empty
+    , empty
+
+    -- * AdmissionRuleEnforcementMode
+    , AdmissionRuleEnforcementMode (..)
+
+    -- * SetIAMPolicyRequest
+    , SetIAMPolicyRequest
+    , setIAMPolicyRequest
+    , siprPolicy
+
+    -- * ListAttestorsResponse
+    , ListAttestorsResponse
+    , listAttestorsResponse
+    , larNextPageToken
+    , larAttestors
+
+    -- * AdmissionWhiteListPattern
+    , AdmissionWhiteListPattern
+    , admissionWhiteListPattern
+    , awlpNamePattern
+
+    -- * AdmissionRule
+    , AdmissionRule
+    , admissionRule
+    , arEnforcementMode
+    , arEvaluationMode
+    , arRequireAttestationsBy
+
+    -- * AdmissionRuleEvaluationMode
+    , AdmissionRuleEvaluationMode (..)
+
+    -- * Xgafv
+    , Xgafv (..)
+
+    -- * TestIAMPermissionsRequest
+    , TestIAMPermissionsRequest
+    , testIAMPermissionsRequest
+    , tiprPermissions
+
+    -- * IAMPolicy
+    , IAMPolicy
+    , iamPolicy
+    , ipEtag
+    , ipVersion
+    , ipBindings
+
+    -- * AttestorPublicKey
+    , AttestorPublicKey
+    , attestorPublicKey
+    , apkAsciiArmoredPgpPublicKey
+    , apkId
+    , apkComment
+
+    -- * TestIAMPermissionsResponse
+    , TestIAMPermissionsResponse
+    , testIAMPermissionsResponse
+    , tiamprPermissions
+
+    -- * Policy
+    , Policy
+    , policy
+    , pDefaultAdmissionRule
+    , pAdmissionWhiteListPatterns
+    , pClusterAdmissionRules
+    , pUpdateTime
+    , pName
+    , pDescription
+
+    -- * PolicyClusterAdmissionRules
+    , PolicyClusterAdmissionRules
+    , policyClusterAdmissionRules
+    , pcarAddtional
+
+    -- * Attestor
+    , Attestor
+    , attestor
+    , aUserOwnedDrydockNote
+    , aUpdateTime
+    , aName
+    , aDescription
+
+    -- * Binding
+    , Binding
+    , binding
+    , bMembers
+    , bRole
+    , bCondition
+    ) where
+
+import           Network.Google.BinaryAuthorization.Types.Product
+import           Network.Google.BinaryAuthorization.Types.Sum
+import           Network.Google.Prelude
+
+-- | Default request referring to version 'v1beta1' of the Binary Authorization API. This contains the host and root path used as a starting point for constructing service requests.
+binaryAuthorizationService :: ServiceConfig
+binaryAuthorizationService
+  = defaultService
+      (ServiceId "binaryauthorization:v1beta1")
+      "binaryauthorization.googleapis.com"
+
+-- | View and manage your data across Google Cloud Platform services
+cloudPlatformScope :: Proxy '["https://www.googleapis.com/auth/cloud-platform"]
+cloudPlatformScope = Proxy;
diff --git a/gen/Network/Google/BinaryAuthorization/Types/Product.hs b/gen/Network/Google/BinaryAuthorization/Types/Product.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/BinaryAuthorization/Types/Product.hs
@@ -0,0 +1,943 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Network.Google.BinaryAuthorization.Types.Product
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+module Network.Google.BinaryAuthorization.Types.Product where
+
+import           Network.Google.BinaryAuthorization.Types.Sum
+import           Network.Google.Prelude
+
+-- | Represents an expression text. Example: title: \"User account presence\"
+-- description: \"Determines whether the request has a user account\"
+-- expression: \"size(request.user) > 0\"
+--
+-- /See:/ 'expr' smart constructor.
+data Expr = Expr'
+    { _eLocation    :: !(Maybe Text)
+    , _eExpression  :: !(Maybe Text)
+    , _eTitle       :: !(Maybe Text)
+    , _eDescription :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'Expr' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'eLocation'
+--
+-- * 'eExpression'
+--
+-- * 'eTitle'
+--
+-- * 'eDescription'
+expr
+    :: Expr
+expr =
+    Expr'
+    { _eLocation = Nothing
+    , _eExpression = Nothing
+    , _eTitle = Nothing
+    , _eDescription = Nothing
+    }
+
+-- | An optional string indicating the location of the expression for error
+-- reporting, e.g. a file name and a position in the file.
+eLocation :: Lens' Expr (Maybe Text)
+eLocation
+  = lens _eLocation (\ s a -> s{_eLocation = a})
+
+-- | Textual representation of an expression in Common Expression Language
+-- syntax. The application context of the containing message determines
+-- which well-known feature set of CEL is supported.
+eExpression :: Lens' Expr (Maybe Text)
+eExpression
+  = lens _eExpression (\ s a -> s{_eExpression = a})
+
+-- | An optional title for the expression, i.e. a short string describing its
+-- purpose. This can be used e.g. in UIs which allow to enter the
+-- expression.
+eTitle :: Lens' Expr (Maybe Text)
+eTitle = lens _eTitle (\ s a -> s{_eTitle = a})
+
+-- | An optional description of the expression. This is a longer text which
+-- describes the expression, e.g. when hovered over it in a UI.
+eDescription :: Lens' Expr (Maybe Text)
+eDescription
+  = lens _eDescription (\ s a -> s{_eDescription = a})
+
+instance FromJSON Expr where
+        parseJSON
+          = withObject "Expr"
+              (\ o ->
+                 Expr' <$>
+                   (o .:? "location") <*> (o .:? "expression") <*>
+                     (o .:? "title")
+                     <*> (o .:? "description"))
+
+instance ToJSON Expr where
+        toJSON Expr'{..}
+          = object
+              (catMaybes
+                 [("location" .=) <$> _eLocation,
+                  ("expression" .=) <$> _eExpression,
+                  ("title" .=) <$> _eTitle,
+                  ("description" .=) <$> _eDescription])
+
+-- | An user owned drydock note references a Drydock ATTESTATION_AUTHORITY
+-- Note created by the user.
+--
+-- /See:/ 'userOwnedDrydockNote' smart constructor.
+data UserOwnedDrydockNote = UserOwnedDrydockNote'
+    { _uodnDelegationServiceAccountEmail :: !(Maybe Text)
+    , _uodnPublicKeys                    :: !(Maybe [AttestorPublicKey])
+    , _uodnNoteReference                 :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'UserOwnedDrydockNote' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'uodnDelegationServiceAccountEmail'
+--
+-- * 'uodnPublicKeys'
+--
+-- * 'uodnNoteReference'
+userOwnedDrydockNote
+    :: UserOwnedDrydockNote
+userOwnedDrydockNote =
+    UserOwnedDrydockNote'
+    { _uodnDelegationServiceAccountEmail = Nothing
+    , _uodnPublicKeys = Nothing
+    , _uodnNoteReference = Nothing
+    }
+
+-- | Output only. This field will contain the service account email address
+-- that this Attestor will use as the principal when querying Container
+-- Analysis. Attestor administrators must grant this service account the
+-- IAM role needed to read attestations from the note_reference in
+-- Container Analysis (\`containeranalysis.notes.occurrences.viewer\`).
+-- This email address is fixed for the lifetime of the Attestor, but
+-- callers should not make any other assumptions about the service account
+-- email; future versions may use an email based on a different naming
+-- pattern.
+uodnDelegationServiceAccountEmail :: Lens' UserOwnedDrydockNote (Maybe Text)
+uodnDelegationServiceAccountEmail
+  = lens _uodnDelegationServiceAccountEmail
+      (\ s a -> s{_uodnDelegationServiceAccountEmail = a})
+
+-- | Optional. Public keys that verify attestations signed by this attestor.
+-- This field may be updated. If this field is non-empty, one of the
+-- specified public keys must verify that an attestation was signed by this
+-- attestor for the image specified in the admission request. If this field
+-- is empty, this attestor always returns that no valid attestations exist.
+uodnPublicKeys :: Lens' UserOwnedDrydockNote [AttestorPublicKey]
+uodnPublicKeys
+  = lens _uodnPublicKeys
+      (\ s a -> s{_uodnPublicKeys = a})
+      . _Default
+      . _Coerce
+
+-- | Required. The Drydock resource name of a ATTESTATION_AUTHORITY Note,
+-- created by the user, in the format: \`projects\/*\/notes\/*\` (or the
+-- legacy \`providers\/*\/notes\/*\`). This field may not be updated. An
+-- attestation by this attestor is stored as a Drydock
+-- ATTESTATION_AUTHORITY Occurrence that names a container image and that
+-- links to this Note. Drydock is an external dependency.
+uodnNoteReference :: Lens' UserOwnedDrydockNote (Maybe Text)
+uodnNoteReference
+  = lens _uodnNoteReference
+      (\ s a -> s{_uodnNoteReference = a})
+
+instance FromJSON UserOwnedDrydockNote where
+        parseJSON
+          = withObject "UserOwnedDrydockNote"
+              (\ o ->
+                 UserOwnedDrydockNote' <$>
+                   (o .:? "delegationServiceAccountEmail") <*>
+                     (o .:? "publicKeys" .!= mempty)
+                     <*> (o .:? "noteReference"))
+
+instance ToJSON UserOwnedDrydockNote where
+        toJSON UserOwnedDrydockNote'{..}
+          = object
+              (catMaybes
+                 [("delegationServiceAccountEmail" .=) <$>
+                    _uodnDelegationServiceAccountEmail,
+                  ("publicKeys" .=) <$> _uodnPublicKeys,
+                  ("noteReference" .=) <$> _uodnNoteReference])
+
+-- | A generic empty message that you can re-use to avoid defining duplicated
+-- empty messages in your APIs. A typical example is to use it as the
+-- request or the response type of an API method. For instance: service Foo
+-- { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The
+-- JSON representation for \`Empty\` is empty JSON object \`{}\`.
+--
+-- /See:/ 'empty' smart constructor.
+data Empty =
+    Empty'
+    deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'Empty' with the minimum fields required to make a request.
+--
+empty
+    :: Empty
+empty = Empty'
+
+instance FromJSON Empty where
+        parseJSON = withObject "Empty" (\ o -> pure Empty')
+
+instance ToJSON Empty where
+        toJSON = const emptyObject
+
+-- | Request message for \`SetIamPolicy\` method.
+--
+-- /See:/ 'setIAMPolicyRequest' smart constructor.
+newtype SetIAMPolicyRequest = SetIAMPolicyRequest'
+    { _siprPolicy :: Maybe IAMPolicy
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'SetIAMPolicyRequest' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'siprPolicy'
+setIAMPolicyRequest
+    :: SetIAMPolicyRequest
+setIAMPolicyRequest =
+    SetIAMPolicyRequest'
+    { _siprPolicy = Nothing
+    }
+
+-- | REQUIRED: The complete policy to be applied to the \`resource\`. The
+-- size of the policy is limited to a few 10s of KB. An empty policy is a
+-- valid policy but certain Cloud Platform services (such as Projects)
+-- might reject them.
+siprPolicy :: Lens' SetIAMPolicyRequest (Maybe IAMPolicy)
+siprPolicy
+  = lens _siprPolicy (\ s a -> s{_siprPolicy = a})
+
+instance FromJSON SetIAMPolicyRequest where
+        parseJSON
+          = withObject "SetIAMPolicyRequest"
+              (\ o -> SetIAMPolicyRequest' <$> (o .:? "policy"))
+
+instance ToJSON SetIAMPolicyRequest where
+        toJSON SetIAMPolicyRequest'{..}
+          = object (catMaybes [("policy" .=) <$> _siprPolicy])
+
+-- | Response message for BinauthzManagementService.ListAttestors.
+--
+-- /See:/ 'listAttestorsResponse' smart constructor.
+data ListAttestorsResponse = ListAttestorsResponse'
+    { _larNextPageToken :: !(Maybe Text)
+    , _larAttestors     :: !(Maybe [Attestor])
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ListAttestorsResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'larNextPageToken'
+--
+-- * 'larAttestors'
+listAttestorsResponse
+    :: ListAttestorsResponse
+listAttestorsResponse =
+    ListAttestorsResponse'
+    { _larNextPageToken = Nothing
+    , _larAttestors = Nothing
+    }
+
+-- | A token to retrieve the next page of results. Pass this value in the
+-- ListAttestorsRequest.page_token field in the subsequent call to the
+-- \`ListAttestors\` method to retrieve the next page of results.
+larNextPageToken :: Lens' ListAttestorsResponse (Maybe Text)
+larNextPageToken
+  = lens _larNextPageToken
+      (\ s a -> s{_larNextPageToken = a})
+
+-- | The list of attestors.
+larAttestors :: Lens' ListAttestorsResponse [Attestor]
+larAttestors
+  = lens _larAttestors (\ s a -> s{_larAttestors = a})
+      . _Default
+      . _Coerce
+
+instance FromJSON ListAttestorsResponse where
+        parseJSON
+          = withObject "ListAttestorsResponse"
+              (\ o ->
+                 ListAttestorsResponse' <$>
+                   (o .:? "nextPageToken") <*>
+                     (o .:? "attestors" .!= mempty))
+
+instance ToJSON ListAttestorsResponse where
+        toJSON ListAttestorsResponse'{..}
+          = object
+              (catMaybes
+                 [("nextPageToken" .=) <$> _larNextPageToken,
+                  ("attestors" .=) <$> _larAttestors])
+
+-- | An admission whitelist pattern exempts images from checks by admission
+-- rules.
+--
+-- /See:/ 'admissionWhiteListPattern' smart constructor.
+newtype AdmissionWhiteListPattern = AdmissionWhiteListPattern'
+    { _awlpNamePattern :: Maybe Text
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdmissionWhiteListPattern' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'awlpNamePattern'
+admissionWhiteListPattern
+    :: AdmissionWhiteListPattern
+admissionWhiteListPattern =
+    AdmissionWhiteListPattern'
+    { _awlpNamePattern = Nothing
+    }
+
+-- | An image name pattern to whitelist, in the form
+-- \`registry\/path\/to\/image\`. This supports a trailing \`*\` as a
+-- wildcard, but this is allowed only in text after the \`registry\/\`
+-- part.
+awlpNamePattern :: Lens' AdmissionWhiteListPattern (Maybe Text)
+awlpNamePattern
+  = lens _awlpNamePattern
+      (\ s a -> s{_awlpNamePattern = a})
+
+instance FromJSON AdmissionWhiteListPattern where
+        parseJSON
+          = withObject "AdmissionWhiteListPattern"
+              (\ o ->
+                 AdmissionWhiteListPattern' <$> (o .:? "namePattern"))
+
+instance ToJSON AdmissionWhiteListPattern where
+        toJSON AdmissionWhiteListPattern'{..}
+          = object
+              (catMaybes [("namePattern" .=) <$> _awlpNamePattern])
+
+-- | An admission rule specifies either that all container images used in a
+-- pod creation request must be attested to by one or more attestors, that
+-- all pod creations will be allowed, or that all pod creations will be
+-- denied. Images matching an admission whitelist pattern are exempted from
+-- admission rules and will never block a pod creation.
+--
+-- /See:/ 'admissionRule' smart constructor.
+data AdmissionRule = AdmissionRule'
+    { _arEnforcementMode       :: !(Maybe AdmissionRuleEnforcementMode)
+    , _arEvaluationMode        :: !(Maybe AdmissionRuleEvaluationMode)
+    , _arRequireAttestationsBy :: !(Maybe [Text])
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdmissionRule' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'arEnforcementMode'
+--
+-- * 'arEvaluationMode'
+--
+-- * 'arRequireAttestationsBy'
+admissionRule
+    :: AdmissionRule
+admissionRule =
+    AdmissionRule'
+    { _arEnforcementMode = Nothing
+    , _arEvaluationMode = Nothing
+    , _arRequireAttestationsBy = Nothing
+    }
+
+-- | Required. The action when a pod creation is denied by the admission
+-- rule.
+arEnforcementMode :: Lens' AdmissionRule (Maybe AdmissionRuleEnforcementMode)
+arEnforcementMode
+  = lens _arEnforcementMode
+      (\ s a -> s{_arEnforcementMode = a})
+
+-- | Required. How this admission rule will be evaluated.
+arEvaluationMode :: Lens' AdmissionRule (Maybe AdmissionRuleEvaluationMode)
+arEvaluationMode
+  = lens _arEvaluationMode
+      (\ s a -> s{_arEvaluationMode = a})
+
+-- | Optional. The resource names of the attestors that must attest to a
+-- container image, in the format \`projects\/*\/attestors\/*\`. Each
+-- attestor must exist before a policy can reference it. To add an attestor
+-- to a policy the principal issuing the policy change request must be able
+-- to read the attestor resource. Note: this field must be non-empty when
+-- the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it
+-- must be empty.
+arRequireAttestationsBy :: Lens' AdmissionRule [Text]
+arRequireAttestationsBy
+  = lens _arRequireAttestationsBy
+      (\ s a -> s{_arRequireAttestationsBy = a})
+      . _Default
+      . _Coerce
+
+instance FromJSON AdmissionRule where
+        parseJSON
+          = withObject "AdmissionRule"
+              (\ o ->
+                 AdmissionRule' <$>
+                   (o .:? "enforcementMode") <*>
+                     (o .:? "evaluationMode")
+                     <*> (o .:? "requireAttestationsBy" .!= mempty))
+
+instance ToJSON AdmissionRule where
+        toJSON AdmissionRule'{..}
+          = object
+              (catMaybes
+                 [("enforcementMode" .=) <$> _arEnforcementMode,
+                  ("evaluationMode" .=) <$> _arEvaluationMode,
+                  ("requireAttestationsBy" .=) <$>
+                    _arRequireAttestationsBy])
+
+-- | Request message for \`TestIamPermissions\` method.
+--
+-- /See:/ 'testIAMPermissionsRequest' smart constructor.
+newtype TestIAMPermissionsRequest = TestIAMPermissionsRequest'
+    { _tiprPermissions :: Maybe [Text]
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'TestIAMPermissionsRequest' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'tiprPermissions'
+testIAMPermissionsRequest
+    :: TestIAMPermissionsRequest
+testIAMPermissionsRequest =
+    TestIAMPermissionsRequest'
+    { _tiprPermissions = Nothing
+    }
+
+-- | The set of permissions to check for the \`resource\`. Permissions with
+-- wildcards (such as \'*\' or \'storage.*\') are not allowed. For more
+-- information see [IAM
+-- Overview](https:\/\/cloud.google.com\/iam\/docs\/overview#permissions).
+tiprPermissions :: Lens' TestIAMPermissionsRequest [Text]
+tiprPermissions
+  = lens _tiprPermissions
+      (\ s a -> s{_tiprPermissions = a})
+      . _Default
+      . _Coerce
+
+instance FromJSON TestIAMPermissionsRequest where
+        parseJSON
+          = withObject "TestIAMPermissionsRequest"
+              (\ o ->
+                 TestIAMPermissionsRequest' <$>
+                   (o .:? "permissions" .!= mempty))
+
+instance ToJSON TestIAMPermissionsRequest where
+        toJSON TestIAMPermissionsRequest'{..}
+          = object
+              (catMaybes [("permissions" .=) <$> _tiprPermissions])
+
+-- | Defines an Identity and Access Management (IAM) policy. It is used to
+-- specify access control policies for Cloud Platform resources. A
+-- \`Policy\` consists of a list of \`bindings\`. A \`binding\` binds a
+-- list of \`members\` to a \`role\`, where the members can be user
+-- accounts, Google groups, Google domains, and service accounts. A
+-- \`role\` is a named list of permissions defined by IAM. **JSON Example**
+-- { \"bindings\": [ { \"role\": \"roles\/owner\", \"members\": [
+-- \"user:mike\'example.com\", \"group:admins\'example.com\",
+-- \"domain:google.com\",
+-- \"serviceAccount:my-other-app\'appspot.gserviceaccount.com\" ] }, {
+-- \"role\": \"roles\/viewer\", \"members\": [\"user:sean\'example.com\"] }
+-- ] } **YAML Example** bindings: - members: - user:mike\'example.com -
+-- group:admins\'example.com - domain:google.com -
+-- serviceAccount:my-other-app\'appspot.gserviceaccount.com role:
+-- roles\/owner - members: - user:sean\'example.com role: roles\/viewer For
+-- a description of IAM and its features, see the [IAM developer\'s
+-- guide](https:\/\/cloud.google.com\/iam\/docs).
+--
+-- /See:/ 'iamPolicy' smart constructor.
+data IAMPolicy = IAMPolicy'
+    { _ipEtag     :: !(Maybe Bytes)
+    , _ipVersion  :: !(Maybe (Textual Int32))
+    , _ipBindings :: !(Maybe [Binding])
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'IAMPolicy' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'ipEtag'
+--
+-- * 'ipVersion'
+--
+-- * 'ipBindings'
+iamPolicy
+    :: IAMPolicy
+iamPolicy =
+    IAMPolicy'
+    { _ipEtag = Nothing
+    , _ipVersion = Nothing
+    , _ipBindings = Nothing
+    }
+
+-- | \`etag\` is used for optimistic concurrency control as a way to help
+-- prevent simultaneous updates of a policy from overwriting each other. It
+-- is strongly suggested that systems make use of the \`etag\` in the
+-- read-modify-write cycle to perform policy updates in order to avoid race
+-- conditions: An \`etag\` is returned in the response to \`getIamPolicy\`,
+-- and systems are expected to put that etag in the request to
+-- \`setIamPolicy\` to ensure that their change will be applied to the same
+-- version of the policy. If no \`etag\` is provided in the call to
+-- \`setIamPolicy\`, then the existing policy is overwritten blindly.
+ipEtag :: Lens' IAMPolicy (Maybe ByteString)
+ipEtag
+  = lens _ipEtag (\ s a -> s{_ipEtag = a}) .
+      mapping _Bytes
+
+-- | Deprecated.
+ipVersion :: Lens' IAMPolicy (Maybe Int32)
+ipVersion
+  = lens _ipVersion (\ s a -> s{_ipVersion = a}) .
+      mapping _Coerce
+
+-- | Associates a list of \`members\` to a \`role\`. \`bindings\` with no
+-- members will result in an error.
+ipBindings :: Lens' IAMPolicy [Binding]
+ipBindings
+  = lens _ipBindings (\ s a -> s{_ipBindings = a}) .
+      _Default
+      . _Coerce
+
+instance FromJSON IAMPolicy where
+        parseJSON
+          = withObject "IAMPolicy"
+              (\ o ->
+                 IAMPolicy' <$>
+                   (o .:? "etag") <*> (o .:? "version") <*>
+                     (o .:? "bindings" .!= mempty))
+
+instance ToJSON IAMPolicy where
+        toJSON IAMPolicy'{..}
+          = object
+              (catMaybes
+                 [("etag" .=) <$> _ipEtag,
+                  ("version" .=) <$> _ipVersion,
+                  ("bindings" .=) <$> _ipBindings])
+
+-- | An attestator public key that will be used to verify attestations signed
+-- by this attestor.
+--
+-- /See:/ 'attestorPublicKey' smart constructor.
+data AttestorPublicKey = AttestorPublicKey'
+    { _apkAsciiArmoredPgpPublicKey :: !(Maybe Text)
+    , _apkId                       :: !(Maybe Text)
+    , _apkComment                  :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AttestorPublicKey' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'apkAsciiArmoredPgpPublicKey'
+--
+-- * 'apkId'
+--
+-- * 'apkComment'
+attestorPublicKey
+    :: AttestorPublicKey
+attestorPublicKey =
+    AttestorPublicKey'
+    { _apkAsciiArmoredPgpPublicKey = Nothing
+    , _apkId = Nothing
+    , _apkComment = Nothing
+    }
+
+-- | ASCII-armored representation of a PGP public key, as the entire output
+-- by the command \`gpg --export --armor foo\'example.com\` (either LF or
+-- CRLF line endings).
+apkAsciiArmoredPgpPublicKey :: Lens' AttestorPublicKey (Maybe Text)
+apkAsciiArmoredPgpPublicKey
+  = lens _apkAsciiArmoredPgpPublicKey
+      (\ s a -> s{_apkAsciiArmoredPgpPublicKey = a})
+
+-- | Output only. This field will be overwritten with key ID information, for
+-- example, an identifier extracted from a PGP public key. This field may
+-- not be updated.
+apkId :: Lens' AttestorPublicKey (Maybe Text)
+apkId = lens _apkId (\ s a -> s{_apkId = a})
+
+-- | Optional. A descriptive comment. This field may be updated.
+apkComment :: Lens' AttestorPublicKey (Maybe Text)
+apkComment
+  = lens _apkComment (\ s a -> s{_apkComment = a})
+
+instance FromJSON AttestorPublicKey where
+        parseJSON
+          = withObject "AttestorPublicKey"
+              (\ o ->
+                 AttestorPublicKey' <$>
+                   (o .:? "asciiArmoredPgpPublicKey") <*> (o .:? "id")
+                     <*> (o .:? "comment"))
+
+instance ToJSON AttestorPublicKey where
+        toJSON AttestorPublicKey'{..}
+          = object
+              (catMaybes
+                 [("asciiArmoredPgpPublicKey" .=) <$>
+                    _apkAsciiArmoredPgpPublicKey,
+                  ("id" .=) <$> _apkId,
+                  ("comment" .=) <$> _apkComment])
+
+-- | Response message for \`TestIamPermissions\` method.
+--
+-- /See:/ 'testIAMPermissionsResponse' smart constructor.
+newtype TestIAMPermissionsResponse = TestIAMPermissionsResponse'
+    { _tiamprPermissions :: Maybe [Text]
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'TestIAMPermissionsResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'tiamprPermissions'
+testIAMPermissionsResponse
+    :: TestIAMPermissionsResponse
+testIAMPermissionsResponse =
+    TestIAMPermissionsResponse'
+    { _tiamprPermissions = Nothing
+    }
+
+-- | A subset of \`TestPermissionsRequest.permissions\` that the caller is
+-- allowed.
+tiamprPermissions :: Lens' TestIAMPermissionsResponse [Text]
+tiamprPermissions
+  = lens _tiamprPermissions
+      (\ s a -> s{_tiamprPermissions = a})
+      . _Default
+      . _Coerce
+
+instance FromJSON TestIAMPermissionsResponse where
+        parseJSON
+          = withObject "TestIAMPermissionsResponse"
+              (\ o ->
+                 TestIAMPermissionsResponse' <$>
+                   (o .:? "permissions" .!= mempty))
+
+instance ToJSON TestIAMPermissionsResponse where
+        toJSON TestIAMPermissionsResponse'{..}
+          = object
+              (catMaybes
+                 [("permissions" .=) <$> _tiamprPermissions])
+
+-- | A policy for container image binary authorization.
+--
+-- /See:/ 'policy' smart constructor.
+data Policy = Policy'
+    { _pDefaultAdmissionRule       :: !(Maybe AdmissionRule)
+    , _pAdmissionWhiteListPatterns :: !(Maybe [AdmissionWhiteListPattern])
+    , _pClusterAdmissionRules      :: !(Maybe PolicyClusterAdmissionRules)
+    , _pUpdateTime                 :: !(Maybe DateTime')
+    , _pName                       :: !(Maybe Text)
+    , _pDescription                :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'Policy' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'pDefaultAdmissionRule'
+--
+-- * 'pAdmissionWhiteListPatterns'
+--
+-- * 'pClusterAdmissionRules'
+--
+-- * 'pUpdateTime'
+--
+-- * 'pName'
+--
+-- * 'pDescription'
+policy
+    :: Policy
+policy =
+    Policy'
+    { _pDefaultAdmissionRule = Nothing
+    , _pAdmissionWhiteListPatterns = Nothing
+    , _pClusterAdmissionRules = Nothing
+    , _pUpdateTime = Nothing
+    , _pName = Nothing
+    , _pDescription = Nothing
+    }
+
+-- | Required. Default admission rule for a cluster without a per-cluster
+-- admission rule.
+pDefaultAdmissionRule :: Lens' Policy (Maybe AdmissionRule)
+pDefaultAdmissionRule
+  = lens _pDefaultAdmissionRule
+      (\ s a -> s{_pDefaultAdmissionRule = a})
+
+-- | Optional. Admission policy whitelisting. A matching admission request
+-- will always be permitted. This feature is typically used to exclude
+-- Google or third-party infrastructure images from Binary Authorization
+-- policies.
+pAdmissionWhiteListPatterns :: Lens' Policy [AdmissionWhiteListPattern]
+pAdmissionWhiteListPatterns
+  = lens _pAdmissionWhiteListPatterns
+      (\ s a -> s{_pAdmissionWhiteListPatterns = a})
+      . _Default
+      . _Coerce
+
+-- | Optional. Per-cluster admission rules. Cluster spec format:
+-- \`location.clusterId\`. There can be at most one admission rule per
+-- cluster spec. A \`location\` is either a compute zone (e.g.
+-- us-central1-a) or a region (e.g. us-central1). For \`clusterId\` syntax
+-- restrictions see
+-- https:\/\/cloud.google.com\/container-engine\/reference\/rest\/v1\/projects.zones.clusters.
+pClusterAdmissionRules :: Lens' Policy (Maybe PolicyClusterAdmissionRules)
+pClusterAdmissionRules
+  = lens _pClusterAdmissionRules
+      (\ s a -> s{_pClusterAdmissionRules = a})
+
+-- | Output only. Time when the policy was last updated.
+pUpdateTime :: Lens' Policy (Maybe UTCTime)
+pUpdateTime
+  = lens _pUpdateTime (\ s a -> s{_pUpdateTime = a}) .
+      mapping _DateTime
+
+-- | Output only. The resource name, in the format \`projects\/*\/policy\`.
+-- There is at most one policy per project.
+pName :: Lens' Policy (Maybe Text)
+pName = lens _pName (\ s a -> s{_pName = a})
+
+-- | Optional. A descriptive comment.
+pDescription :: Lens' Policy (Maybe Text)
+pDescription
+  = lens _pDescription (\ s a -> s{_pDescription = a})
+
+instance FromJSON Policy where
+        parseJSON
+          = withObject "Policy"
+              (\ o ->
+                 Policy' <$>
+                   (o .:? "defaultAdmissionRule") <*>
+                     (o .:? "admissionWhitelistPatterns" .!= mempty)
+                     <*> (o .:? "clusterAdmissionRules")
+                     <*> (o .:? "updateTime")
+                     <*> (o .:? "name")
+                     <*> (o .:? "description"))
+
+instance ToJSON Policy where
+        toJSON Policy'{..}
+          = object
+              (catMaybes
+                 [("defaultAdmissionRule" .=) <$>
+                    _pDefaultAdmissionRule,
+                  ("admissionWhitelistPatterns" .=) <$>
+                    _pAdmissionWhiteListPatterns,
+                  ("clusterAdmissionRules" .=) <$>
+                    _pClusterAdmissionRules,
+                  ("updateTime" .=) <$> _pUpdateTime,
+                  ("name" .=) <$> _pName,
+                  ("description" .=) <$> _pDescription])
+
+-- | Optional. Per-cluster admission rules. Cluster spec format:
+-- \`location.clusterId\`. There can be at most one admission rule per
+-- cluster spec. A \`location\` is either a compute zone (e.g.
+-- us-central1-a) or a region (e.g. us-central1). For \`clusterId\` syntax
+-- restrictions see
+-- https:\/\/cloud.google.com\/container-engine\/reference\/rest\/v1\/projects.zones.clusters.
+--
+-- /See:/ 'policyClusterAdmissionRules' smart constructor.
+newtype PolicyClusterAdmissionRules = PolicyClusterAdmissionRules'
+    { _pcarAddtional :: HashMap Text AdmissionRule
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'PolicyClusterAdmissionRules' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'pcarAddtional'
+policyClusterAdmissionRules
+    :: HashMap Text AdmissionRule -- ^ 'pcarAddtional'
+    -> PolicyClusterAdmissionRules
+policyClusterAdmissionRules pPcarAddtional_ =
+    PolicyClusterAdmissionRules'
+    { _pcarAddtional = _Coerce # pPcarAddtional_
+    }
+
+pcarAddtional :: Lens' PolicyClusterAdmissionRules (HashMap Text AdmissionRule)
+pcarAddtional
+  = lens _pcarAddtional
+      (\ s a -> s{_pcarAddtional = a})
+      . _Coerce
+
+instance FromJSON PolicyClusterAdmissionRules where
+        parseJSON
+          = withObject "PolicyClusterAdmissionRules"
+              (\ o ->
+                 PolicyClusterAdmissionRules' <$> (parseJSONObject o))
+
+instance ToJSON PolicyClusterAdmissionRules where
+        toJSON = toJSON . _pcarAddtional
+
+-- | An attestor that attests to container image artifacts. An existing
+-- attestor cannot be modified except where indicated.
+--
+-- /See:/ 'attestor' smart constructor.
+data Attestor = Attestor'
+    { _aUserOwnedDrydockNote :: !(Maybe UserOwnedDrydockNote)
+    , _aUpdateTime           :: !(Maybe DateTime')
+    , _aName                 :: !(Maybe Text)
+    , _aDescription          :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'Attestor' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'aUserOwnedDrydockNote'
+--
+-- * 'aUpdateTime'
+--
+-- * 'aName'
+--
+-- * 'aDescription'
+attestor
+    :: Attestor
+attestor =
+    Attestor'
+    { _aUserOwnedDrydockNote = Nothing
+    , _aUpdateTime = Nothing
+    , _aName = Nothing
+    , _aDescription = Nothing
+    }
+
+-- | A Drydock ATTESTATION_AUTHORITY Note, created by the user.
+aUserOwnedDrydockNote :: Lens' Attestor (Maybe UserOwnedDrydockNote)
+aUserOwnedDrydockNote
+  = lens _aUserOwnedDrydockNote
+      (\ s a -> s{_aUserOwnedDrydockNote = a})
+
+-- | Output only. Time when the attestor was last updated.
+aUpdateTime :: Lens' Attestor (Maybe UTCTime)
+aUpdateTime
+  = lens _aUpdateTime (\ s a -> s{_aUpdateTime = a}) .
+      mapping _DateTime
+
+-- | Required. The resource name, in the format:
+-- \`projects\/*\/attestors\/*\`. This field may not be updated.
+aName :: Lens' Attestor (Maybe Text)
+aName = lens _aName (\ s a -> s{_aName = a})
+
+-- | Optional. A descriptive comment. This field may be updated. The field
+-- may be displayed in chooser dialogs.
+aDescription :: Lens' Attestor (Maybe Text)
+aDescription
+  = lens _aDescription (\ s a -> s{_aDescription = a})
+
+instance FromJSON Attestor where
+        parseJSON
+          = withObject "Attestor"
+              (\ o ->
+                 Attestor' <$>
+                   (o .:? "userOwnedDrydockNote") <*>
+                     (o .:? "updateTime")
+                     <*> (o .:? "name")
+                     <*> (o .:? "description"))
+
+instance ToJSON Attestor where
+        toJSON Attestor'{..}
+          = object
+              (catMaybes
+                 [("userOwnedDrydockNote" .=) <$>
+                    _aUserOwnedDrydockNote,
+                  ("updateTime" .=) <$> _aUpdateTime,
+                  ("name" .=) <$> _aName,
+                  ("description" .=) <$> _aDescription])
+
+-- | Associates \`members\` with a \`role\`.
+--
+-- /See:/ 'binding' smart constructor.
+data Binding = Binding'
+    { _bMembers   :: !(Maybe [Text])
+    , _bRole      :: !(Maybe Text)
+    , _bCondition :: !(Maybe Expr)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'Binding' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'bMembers'
+--
+-- * 'bRole'
+--
+-- * 'bCondition'
+binding
+    :: Binding
+binding =
+    Binding'
+    { _bMembers = Nothing
+    , _bRole = Nothing
+    , _bCondition = Nothing
+    }
+
+-- | Specifies the identities requesting access for a Cloud Platform
+-- resource. \`members\` can have the following values: * \`allUsers\`: A
+-- special identifier that represents anyone who is on the internet; with
+-- or without a Google account. * \`allAuthenticatedUsers\`: A special
+-- identifier that represents anyone who is authenticated with a Google
+-- account or a service account. * \`user:{emailid}\`: An email address
+-- that represents a specific Google account. For example,
+-- \`alice\'gmail.com\` . * \`serviceAccount:{emailid}\`: An email address
+-- that represents a service account. For example,
+-- \`my-other-app\'appspot.gserviceaccount.com\`. * \`group:{emailid}\`: An
+-- email address that represents a Google group. For example,
+-- \`admins\'example.com\`. * \`domain:{domain}\`: A Google Apps domain
+-- name that represents all the users of that domain. For example,
+-- \`google.com\` or \`example.com\`.
+bMembers :: Lens' Binding [Text]
+bMembers
+  = lens _bMembers (\ s a -> s{_bMembers = a}) .
+      _Default
+      . _Coerce
+
+-- | Role that is assigned to \`members\`. For example, \`roles\/viewer\`,
+-- \`roles\/editor\`, or \`roles\/owner\`.
+bRole :: Lens' Binding (Maybe Text)
+bRole = lens _bRole (\ s a -> s{_bRole = a})
+
+-- | Unimplemented. The condition that is associated with this binding. NOTE:
+-- an unsatisfied condition will not allow user access via current binding.
+-- Different bindings, including their conditions, are examined
+-- independently.
+bCondition :: Lens' Binding (Maybe Expr)
+bCondition
+  = lens _bCondition (\ s a -> s{_bCondition = a})
+
+instance FromJSON Binding where
+        parseJSON
+          = withObject "Binding"
+              (\ o ->
+                 Binding' <$>
+                   (o .:? "members" .!= mempty) <*> (o .:? "role") <*>
+                     (o .:? "condition"))
+
+instance ToJSON Binding where
+        toJSON Binding'{..}
+          = object
+              (catMaybes
+                 [("members" .=) <$> _bMembers,
+                  ("role" .=) <$> _bRole,
+                  ("condition" .=) <$> _bCondition])
diff --git a/gen/Network/Google/BinaryAuthorization/Types/Sum.hs b/gen/Network/Google/BinaryAuthorization/Types/Sum.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/BinaryAuthorization/Types/Sum.hs
@@ -0,0 +1,119 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE LambdaCase         #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Network.Google.BinaryAuthorization.Types.Sum
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+module Network.Google.BinaryAuthorization.Types.Sum where
+
+import           Network.Google.Prelude hiding (Bytes)
+
+-- | Required. The action when a pod creation is denied by the admission
+-- rule.
+data AdmissionRuleEnforcementMode
+    = EnforcementModeUnspecified
+      -- ^ @ENFORCEMENT_MODE_UNSPECIFIED@
+      -- Mandatory.
+    | EnforcedBlockAndAuditLog
+      -- ^ @ENFORCED_BLOCK_AND_AUDIT_LOG@
+      -- Enforce the admission rule by blocking the pod creation.
+      deriving (Eq, Ord, Enum, Read, Show, Data, Typeable, Generic)
+
+instance Hashable AdmissionRuleEnforcementMode
+
+instance FromHttpApiData AdmissionRuleEnforcementMode where
+    parseQueryParam = \case
+        "ENFORCEMENT_MODE_UNSPECIFIED" -> Right EnforcementModeUnspecified
+        "ENFORCED_BLOCK_AND_AUDIT_LOG" -> Right EnforcedBlockAndAuditLog
+        x -> Left ("Unable to parse AdmissionRuleEnforcementMode from: " <> x)
+
+instance ToHttpApiData AdmissionRuleEnforcementMode where
+    toQueryParam = \case
+        EnforcementModeUnspecified -> "ENFORCEMENT_MODE_UNSPECIFIED"
+        EnforcedBlockAndAuditLog -> "ENFORCED_BLOCK_AND_AUDIT_LOG"
+
+instance FromJSON AdmissionRuleEnforcementMode where
+    parseJSON = parseJSONText "AdmissionRuleEnforcementMode"
+
+instance ToJSON AdmissionRuleEnforcementMode where
+    toJSON = toJSONText
+
+-- | Required. How this admission rule will be evaluated.
+data AdmissionRuleEvaluationMode
+    = EvaluationModeUnspecified
+      -- ^ @EVALUATION_MODE_UNSPECIFIED@
+      -- Mandatory.
+    | AlwaysAllow
+      -- ^ @ALWAYS_ALLOW@
+      -- This rule allows all all pod creations.
+    | RequireAttestation
+      -- ^ @REQUIRE_ATTESTATION@
+      -- This rule allows a pod creation if all the attestors listed in
+      -- \'require_attestations_by\' have valid attestations for all of the
+      -- images in the pod spec.
+    | AlwaysDeny
+      -- ^ @ALWAYS_DENY@
+      -- This rule denies all pod creations.
+      deriving (Eq, Ord, Enum, Read, Show, Data, Typeable, Generic)
+
+instance Hashable AdmissionRuleEvaluationMode
+
+instance FromHttpApiData AdmissionRuleEvaluationMode where
+    parseQueryParam = \case
+        "EVALUATION_MODE_UNSPECIFIED" -> Right EvaluationModeUnspecified
+        "ALWAYS_ALLOW" -> Right AlwaysAllow
+        "REQUIRE_ATTESTATION" -> Right RequireAttestation
+        "ALWAYS_DENY" -> Right AlwaysDeny
+        x -> Left ("Unable to parse AdmissionRuleEvaluationMode from: " <> x)
+
+instance ToHttpApiData AdmissionRuleEvaluationMode where
+    toQueryParam = \case
+        EvaluationModeUnspecified -> "EVALUATION_MODE_UNSPECIFIED"
+        AlwaysAllow -> "ALWAYS_ALLOW"
+        RequireAttestation -> "REQUIRE_ATTESTATION"
+        AlwaysDeny -> "ALWAYS_DENY"
+
+instance FromJSON AdmissionRuleEvaluationMode where
+    parseJSON = parseJSONText "AdmissionRuleEvaluationMode"
+
+instance ToJSON AdmissionRuleEvaluationMode where
+    toJSON = toJSONText
+
+-- | V1 error format.
+data Xgafv
+    = X1
+      -- ^ @1@
+      -- v1 error format
+    | X2
+      -- ^ @2@
+      -- v2 error format
+      deriving (Eq, Ord, Enum, Read, Show, Data, Typeable, Generic)
+
+instance Hashable Xgafv
+
+instance FromHttpApiData Xgafv where
+    parseQueryParam = \case
+        "1" -> Right X1
+        "2" -> Right X2
+        x -> Left ("Unable to parse Xgafv from: " <> x)
+
+instance ToHttpApiData Xgafv where
+    toQueryParam = \case
+        X1 -> "1"
+        X2 -> "2"
+
+instance FromJSON Xgafv where
+    parseJSON = parseJSONText "Xgafv"
+
+instance ToJSON Xgafv where
+    toJSON = toJSONText
diff --git a/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/Create.hs b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/Create.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/Create.hs
@@ -0,0 +1,176 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Create
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates an attestor, and returns a copy of the new attestor. Returns
+-- NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request
+-- is malformed, ALREADY_EXISTS if the attestor already exists.
+--
+-- /See:/ <https://cloud.google.com/binary-authorization/ Binary Authorization API Reference> for @binaryauthorization.projects.attestors.create@.
+module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Create
+    (
+    -- * REST Resource
+      ProjectsAttestorsCreateResource
+
+    -- * Creating a Request
+    , projectsAttestorsCreate
+    , ProjectsAttestorsCreate
+
+    -- * Request Lenses
+    , pacParent
+    , pacXgafv
+    , pacUploadProtocol
+    , pacAccessToken
+    , pacUploadType
+    , pacPayload
+    , pacAttestorId
+    , pacCallback
+    ) where
+
+import           Network.Google.BinaryAuthorization.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @binaryauthorization.projects.attestors.create@ method which the
+-- 'ProjectsAttestorsCreate' request conforms to.
+type ProjectsAttestorsCreateResource =
+     "v1beta1" :>
+       Capture "parent" Text :>
+         "attestors" :>
+           QueryParam "$.xgafv" Xgafv :>
+             QueryParam "upload_protocol" Text :>
+               QueryParam "access_token" Text :>
+                 QueryParam "uploadType" Text :>
+                   QueryParam "attestorId" Text :>
+                     QueryParam "callback" Text :>
+                       QueryParam "alt" AltJSON :>
+                         ReqBody '[JSON] Attestor :> Post '[JSON] Attestor
+
+-- | Creates an attestor, and returns a copy of the new attestor. Returns
+-- NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request
+-- is malformed, ALREADY_EXISTS if the attestor already exists.
+--
+-- /See:/ 'projectsAttestorsCreate' smart constructor.
+data ProjectsAttestorsCreate = ProjectsAttestorsCreate'
+    { _pacParent         :: !Text
+    , _pacXgafv          :: !(Maybe Xgafv)
+    , _pacUploadProtocol :: !(Maybe Text)
+    , _pacAccessToken    :: !(Maybe Text)
+    , _pacUploadType     :: !(Maybe Text)
+    , _pacPayload        :: !Attestor
+    , _pacAttestorId     :: !(Maybe Text)
+    , _pacCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ProjectsAttestorsCreate' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'pacParent'
+--
+-- * 'pacXgafv'
+--
+-- * 'pacUploadProtocol'
+--
+-- * 'pacAccessToken'
+--
+-- * 'pacUploadType'
+--
+-- * 'pacPayload'
+--
+-- * 'pacAttestorId'
+--
+-- * 'pacCallback'
+projectsAttestorsCreate
+    :: Text -- ^ 'pacParent'
+    -> Attestor -- ^ 'pacPayload'
+    -> ProjectsAttestorsCreate
+projectsAttestorsCreate pPacParent_ pPacPayload_ =
+    ProjectsAttestorsCreate'
+    { _pacParent = pPacParent_
+    , _pacXgafv = Nothing
+    , _pacUploadProtocol = Nothing
+    , _pacAccessToken = Nothing
+    , _pacUploadType = Nothing
+    , _pacPayload = pPacPayload_
+    , _pacAttestorId = Nothing
+    , _pacCallback = Nothing
+    }
+
+-- | Required. The parent of this attestor.
+pacParent :: Lens' ProjectsAttestorsCreate Text
+pacParent
+  = lens _pacParent (\ s a -> s{_pacParent = a})
+
+-- | V1 error format.
+pacXgafv :: Lens' ProjectsAttestorsCreate (Maybe Xgafv)
+pacXgafv = lens _pacXgafv (\ s a -> s{_pacXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+pacUploadProtocol :: Lens' ProjectsAttestorsCreate (Maybe Text)
+pacUploadProtocol
+  = lens _pacUploadProtocol
+      (\ s a -> s{_pacUploadProtocol = a})
+
+-- | OAuth access token.
+pacAccessToken :: Lens' ProjectsAttestorsCreate (Maybe Text)
+pacAccessToken
+  = lens _pacAccessToken
+      (\ s a -> s{_pacAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+pacUploadType :: Lens' ProjectsAttestorsCreate (Maybe Text)
+pacUploadType
+  = lens _pacUploadType
+      (\ s a -> s{_pacUploadType = a})
+
+-- | Multipart request metadata.
+pacPayload :: Lens' ProjectsAttestorsCreate Attestor
+pacPayload
+  = lens _pacPayload (\ s a -> s{_pacPayload = a})
+
+-- | Required. The attestors ID.
+pacAttestorId :: Lens' ProjectsAttestorsCreate (Maybe Text)
+pacAttestorId
+  = lens _pacAttestorId
+      (\ s a -> s{_pacAttestorId = a})
+
+-- | JSONP
+pacCallback :: Lens' ProjectsAttestorsCreate (Maybe Text)
+pacCallback
+  = lens _pacCallback (\ s a -> s{_pacCallback = a})
+
+instance GoogleRequest ProjectsAttestorsCreate where
+        type Rs ProjectsAttestorsCreate = Attestor
+        type Scopes ProjectsAttestorsCreate =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient ProjectsAttestorsCreate'{..}
+          = go _pacParent _pacXgafv _pacUploadProtocol
+              _pacAccessToken
+              _pacUploadType
+              _pacAttestorId
+              _pacCallback
+              (Just AltJSON)
+              _pacPayload
+              binaryAuthorizationService
+          where go
+                  = buildClient
+                      (Proxy :: Proxy ProjectsAttestorsCreateResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/Delete.hs b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/Delete.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/Delete.hs
@@ -0,0 +1,145 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Delete
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes an attestor. Returns NOT_FOUND if the attestor does not exist.
+--
+-- /See:/ <https://cloud.google.com/binary-authorization/ Binary Authorization API Reference> for @binaryauthorization.projects.attestors.delete@.
+module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Delete
+    (
+    -- * REST Resource
+      ProjectsAttestorsDeleteResource
+
+    -- * Creating a Request
+    , projectsAttestorsDelete
+    , ProjectsAttestorsDelete
+
+    -- * Request Lenses
+    , padXgafv
+    , padUploadProtocol
+    , padAccessToken
+    , padUploadType
+    , padName
+    , padCallback
+    ) where
+
+import           Network.Google.BinaryAuthorization.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @binaryauthorization.projects.attestors.delete@ method which the
+-- 'ProjectsAttestorsDelete' request conforms to.
+type ProjectsAttestorsDeleteResource =
+     "v1beta1" :>
+       Capture "name" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :> Delete '[JSON] Empty
+
+-- | Deletes an attestor. Returns NOT_FOUND if the attestor does not exist.
+--
+-- /See:/ 'projectsAttestorsDelete' smart constructor.
+data ProjectsAttestorsDelete = ProjectsAttestorsDelete'
+    { _padXgafv          :: !(Maybe Xgafv)
+    , _padUploadProtocol :: !(Maybe Text)
+    , _padAccessToken    :: !(Maybe Text)
+    , _padUploadType     :: !(Maybe Text)
+    , _padName           :: !Text
+    , _padCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ProjectsAttestorsDelete' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'padXgafv'
+--
+-- * 'padUploadProtocol'
+--
+-- * 'padAccessToken'
+--
+-- * 'padUploadType'
+--
+-- * 'padName'
+--
+-- * 'padCallback'
+projectsAttestorsDelete
+    :: Text -- ^ 'padName'
+    -> ProjectsAttestorsDelete
+projectsAttestorsDelete pPadName_ =
+    ProjectsAttestorsDelete'
+    { _padXgafv = Nothing
+    , _padUploadProtocol = Nothing
+    , _padAccessToken = Nothing
+    , _padUploadType = Nothing
+    , _padName = pPadName_
+    , _padCallback = Nothing
+    }
+
+-- | V1 error format.
+padXgafv :: Lens' ProjectsAttestorsDelete (Maybe Xgafv)
+padXgafv = lens _padXgafv (\ s a -> s{_padXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+padUploadProtocol :: Lens' ProjectsAttestorsDelete (Maybe Text)
+padUploadProtocol
+  = lens _padUploadProtocol
+      (\ s a -> s{_padUploadProtocol = a})
+
+-- | OAuth access token.
+padAccessToken :: Lens' ProjectsAttestorsDelete (Maybe Text)
+padAccessToken
+  = lens _padAccessToken
+      (\ s a -> s{_padAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+padUploadType :: Lens' ProjectsAttestorsDelete (Maybe Text)
+padUploadType
+  = lens _padUploadType
+      (\ s a -> s{_padUploadType = a})
+
+-- | Required. The name of the attestors to delete, in the format
+-- \`projects\/*\/attestors\/*\`.
+padName :: Lens' ProjectsAttestorsDelete Text
+padName = lens _padName (\ s a -> s{_padName = a})
+
+-- | JSONP
+padCallback :: Lens' ProjectsAttestorsDelete (Maybe Text)
+padCallback
+  = lens _padCallback (\ s a -> s{_padCallback = a})
+
+instance GoogleRequest ProjectsAttestorsDelete where
+        type Rs ProjectsAttestorsDelete = Empty
+        type Scopes ProjectsAttestorsDelete =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient ProjectsAttestorsDelete'{..}
+          = go _padName _padXgafv _padUploadProtocol
+              _padAccessToken
+              _padUploadType
+              _padCallback
+              (Just AltJSON)
+              binaryAuthorizationService
+          where go
+                  = buildClient
+                      (Proxy :: Proxy ProjectsAttestorsDeleteResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/Get.hs b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/Get.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/Get.hs
@@ -0,0 +1,145 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Get
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets an attestor. Returns NOT_FOUND if the attestor does not exist.
+--
+-- /See:/ <https://cloud.google.com/binary-authorization/ Binary Authorization API Reference> for @binaryauthorization.projects.attestors.get@.
+module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Get
+    (
+    -- * REST Resource
+      ProjectsAttestorsGetResource
+
+    -- * Creating a Request
+    , projectsAttestorsGet
+    , ProjectsAttestorsGet
+
+    -- * Request Lenses
+    , pagXgafv
+    , pagUploadProtocol
+    , pagAccessToken
+    , pagUploadType
+    , pagName
+    , pagCallback
+    ) where
+
+import           Network.Google.BinaryAuthorization.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @binaryauthorization.projects.attestors.get@ method which the
+-- 'ProjectsAttestorsGet' request conforms to.
+type ProjectsAttestorsGetResource =
+     "v1beta1" :>
+       Capture "name" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :> Get '[JSON] Attestor
+
+-- | Gets an attestor. Returns NOT_FOUND if the attestor does not exist.
+--
+-- /See:/ 'projectsAttestorsGet' smart constructor.
+data ProjectsAttestorsGet = ProjectsAttestorsGet'
+    { _pagXgafv          :: !(Maybe Xgafv)
+    , _pagUploadProtocol :: !(Maybe Text)
+    , _pagAccessToken    :: !(Maybe Text)
+    , _pagUploadType     :: !(Maybe Text)
+    , _pagName           :: !Text
+    , _pagCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ProjectsAttestorsGet' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'pagXgafv'
+--
+-- * 'pagUploadProtocol'
+--
+-- * 'pagAccessToken'
+--
+-- * 'pagUploadType'
+--
+-- * 'pagName'
+--
+-- * 'pagCallback'
+projectsAttestorsGet
+    :: Text -- ^ 'pagName'
+    -> ProjectsAttestorsGet
+projectsAttestorsGet pPagName_ =
+    ProjectsAttestorsGet'
+    { _pagXgafv = Nothing
+    , _pagUploadProtocol = Nothing
+    , _pagAccessToken = Nothing
+    , _pagUploadType = Nothing
+    , _pagName = pPagName_
+    , _pagCallback = Nothing
+    }
+
+-- | V1 error format.
+pagXgafv :: Lens' ProjectsAttestorsGet (Maybe Xgafv)
+pagXgafv = lens _pagXgafv (\ s a -> s{_pagXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+pagUploadProtocol :: Lens' ProjectsAttestorsGet (Maybe Text)
+pagUploadProtocol
+  = lens _pagUploadProtocol
+      (\ s a -> s{_pagUploadProtocol = a})
+
+-- | OAuth access token.
+pagAccessToken :: Lens' ProjectsAttestorsGet (Maybe Text)
+pagAccessToken
+  = lens _pagAccessToken
+      (\ s a -> s{_pagAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+pagUploadType :: Lens' ProjectsAttestorsGet (Maybe Text)
+pagUploadType
+  = lens _pagUploadType
+      (\ s a -> s{_pagUploadType = a})
+
+-- | Required. The name of the attestor to retrieve, in the format
+-- \`projects\/*\/attestors\/*\`.
+pagName :: Lens' ProjectsAttestorsGet Text
+pagName = lens _pagName (\ s a -> s{_pagName = a})
+
+-- | JSONP
+pagCallback :: Lens' ProjectsAttestorsGet (Maybe Text)
+pagCallback
+  = lens _pagCallback (\ s a -> s{_pagCallback = a})
+
+instance GoogleRequest ProjectsAttestorsGet where
+        type Rs ProjectsAttestorsGet = Attestor
+        type Scopes ProjectsAttestorsGet =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient ProjectsAttestorsGet'{..}
+          = go _pagName _pagXgafv _pagUploadProtocol
+              _pagAccessToken
+              _pagUploadType
+              _pagCallback
+              (Just AltJSON)
+              binaryAuthorizationService
+          where go
+                  = buildClient
+                      (Proxy :: Proxy ProjectsAttestorsGetResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/GetIAMPolicy.hs b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/GetIAMPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/GetIAMPolicy.hs
@@ -0,0 +1,153 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.BinaryAuthorization.Projects.Attestors.GetIAMPolicy
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets the access control policy for a resource. Returns an empty policy
+-- if the resource exists and does not have a policy set.
+--
+-- /See:/ <https://cloud.google.com/binary-authorization/ Binary Authorization API Reference> for @binaryauthorization.projects.attestors.getIamPolicy@.
+module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.GetIAMPolicy
+    (
+    -- * REST Resource
+      ProjectsAttestorsGetIAMPolicyResource
+
+    -- * Creating a Request
+    , projectsAttestorsGetIAMPolicy
+    , ProjectsAttestorsGetIAMPolicy
+
+    -- * Request Lenses
+    , pagipXgafv
+    , pagipUploadProtocol
+    , pagipAccessToken
+    , pagipUploadType
+    , pagipResource
+    , pagipCallback
+    ) where
+
+import           Network.Google.BinaryAuthorization.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @binaryauthorization.projects.attestors.getIamPolicy@ method which the
+-- 'ProjectsAttestorsGetIAMPolicy' request conforms to.
+type ProjectsAttestorsGetIAMPolicyResource =
+     "v1beta1" :>
+       CaptureMode "resource" "getIamPolicy" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :> Get '[JSON] IAMPolicy
+
+-- | Gets the access control policy for a resource. Returns an empty policy
+-- if the resource exists and does not have a policy set.
+--
+-- /See:/ 'projectsAttestorsGetIAMPolicy' smart constructor.
+data ProjectsAttestorsGetIAMPolicy = ProjectsAttestorsGetIAMPolicy'
+    { _pagipXgafv          :: !(Maybe Xgafv)
+    , _pagipUploadProtocol :: !(Maybe Text)
+    , _pagipAccessToken    :: !(Maybe Text)
+    , _pagipUploadType     :: !(Maybe Text)
+    , _pagipResource       :: !Text
+    , _pagipCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ProjectsAttestorsGetIAMPolicy' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'pagipXgafv'
+--
+-- * 'pagipUploadProtocol'
+--
+-- * 'pagipAccessToken'
+--
+-- * 'pagipUploadType'
+--
+-- * 'pagipResource'
+--
+-- * 'pagipCallback'
+projectsAttestorsGetIAMPolicy
+    :: Text -- ^ 'pagipResource'
+    -> ProjectsAttestorsGetIAMPolicy
+projectsAttestorsGetIAMPolicy pPagipResource_ =
+    ProjectsAttestorsGetIAMPolicy'
+    { _pagipXgafv = Nothing
+    , _pagipUploadProtocol = Nothing
+    , _pagipAccessToken = Nothing
+    , _pagipUploadType = Nothing
+    , _pagipResource = pPagipResource_
+    , _pagipCallback = Nothing
+    }
+
+-- | V1 error format.
+pagipXgafv :: Lens' ProjectsAttestorsGetIAMPolicy (Maybe Xgafv)
+pagipXgafv
+  = lens _pagipXgafv (\ s a -> s{_pagipXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+pagipUploadProtocol :: Lens' ProjectsAttestorsGetIAMPolicy (Maybe Text)
+pagipUploadProtocol
+  = lens _pagipUploadProtocol
+      (\ s a -> s{_pagipUploadProtocol = a})
+
+-- | OAuth access token.
+pagipAccessToken :: Lens' ProjectsAttestorsGetIAMPolicy (Maybe Text)
+pagipAccessToken
+  = lens _pagipAccessToken
+      (\ s a -> s{_pagipAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+pagipUploadType :: Lens' ProjectsAttestorsGetIAMPolicy (Maybe Text)
+pagipUploadType
+  = lens _pagipUploadType
+      (\ s a -> s{_pagipUploadType = a})
+
+-- | REQUIRED: The resource for which the policy is being requested. See the
+-- operation documentation for the appropriate value for this field.
+pagipResource :: Lens' ProjectsAttestorsGetIAMPolicy Text
+pagipResource
+  = lens _pagipResource
+      (\ s a -> s{_pagipResource = a})
+
+-- | JSONP
+pagipCallback :: Lens' ProjectsAttestorsGetIAMPolicy (Maybe Text)
+pagipCallback
+  = lens _pagipCallback
+      (\ s a -> s{_pagipCallback = a})
+
+instance GoogleRequest ProjectsAttestorsGetIAMPolicy
+         where
+        type Rs ProjectsAttestorsGetIAMPolicy = IAMPolicy
+        type Scopes ProjectsAttestorsGetIAMPolicy =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient ProjectsAttestorsGetIAMPolicy'{..}
+          = go _pagipResource _pagipXgafv _pagipUploadProtocol
+              _pagipAccessToken
+              _pagipUploadType
+              _pagipCallback
+              (Just AltJSON)
+              binaryAuthorizationService
+          where go
+                  = buildClient
+                      (Proxy ::
+                         Proxy ProjectsAttestorsGetIAMPolicyResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/List.hs b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/List.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/List.hs
@@ -0,0 +1,176 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.BinaryAuthorization.Projects.Attestors.List
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists attestors. Returns INVALID_ARGUMENT if the project does not exist.
+--
+-- /See:/ <https://cloud.google.com/binary-authorization/ Binary Authorization API Reference> for @binaryauthorization.projects.attestors.list@.
+module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.List
+    (
+    -- * REST Resource
+      ProjectsAttestorsListResource
+
+    -- * Creating a Request
+    , projectsAttestorsList
+    , ProjectsAttestorsList
+
+    -- * Request Lenses
+    , palParent
+    , palXgafv
+    , palUploadProtocol
+    , palAccessToken
+    , palUploadType
+    , palPageToken
+    , palPageSize
+    , palCallback
+    ) where
+
+import           Network.Google.BinaryAuthorization.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @binaryauthorization.projects.attestors.list@ method which the
+-- 'ProjectsAttestorsList' request conforms to.
+type ProjectsAttestorsListResource =
+     "v1beta1" :>
+       Capture "parent" Text :>
+         "attestors" :>
+           QueryParam "$.xgafv" Xgafv :>
+             QueryParam "upload_protocol" Text :>
+               QueryParam "access_token" Text :>
+                 QueryParam "uploadType" Text :>
+                   QueryParam "pageToken" Text :>
+                     QueryParam "pageSize" (Textual Int32) :>
+                       QueryParam "callback" Text :>
+                         QueryParam "alt" AltJSON :>
+                           Get '[JSON] ListAttestorsResponse
+
+-- | Lists attestors. Returns INVALID_ARGUMENT if the project does not exist.
+--
+-- /See:/ 'projectsAttestorsList' smart constructor.
+data ProjectsAttestorsList = ProjectsAttestorsList'
+    { _palParent         :: !Text
+    , _palXgafv          :: !(Maybe Xgafv)
+    , _palUploadProtocol :: !(Maybe Text)
+    , _palAccessToken    :: !(Maybe Text)
+    , _palUploadType     :: !(Maybe Text)
+    , _palPageToken      :: !(Maybe Text)
+    , _palPageSize       :: !(Maybe (Textual Int32))
+    , _palCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ProjectsAttestorsList' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'palParent'
+--
+-- * 'palXgafv'
+--
+-- * 'palUploadProtocol'
+--
+-- * 'palAccessToken'
+--
+-- * 'palUploadType'
+--
+-- * 'palPageToken'
+--
+-- * 'palPageSize'
+--
+-- * 'palCallback'
+projectsAttestorsList
+    :: Text -- ^ 'palParent'
+    -> ProjectsAttestorsList
+projectsAttestorsList pPalParent_ =
+    ProjectsAttestorsList'
+    { _palParent = pPalParent_
+    , _palXgafv = Nothing
+    , _palUploadProtocol = Nothing
+    , _palAccessToken = Nothing
+    , _palUploadType = Nothing
+    , _palPageToken = Nothing
+    , _palPageSize = Nothing
+    , _palCallback = Nothing
+    }
+
+-- | Required. The resource name of the project associated with the
+-- attestors, in the format \`projects\/*\`.
+palParent :: Lens' ProjectsAttestorsList Text
+palParent
+  = lens _palParent (\ s a -> s{_palParent = a})
+
+-- | V1 error format.
+palXgafv :: Lens' ProjectsAttestorsList (Maybe Xgafv)
+palXgafv = lens _palXgafv (\ s a -> s{_palXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+palUploadProtocol :: Lens' ProjectsAttestorsList (Maybe Text)
+palUploadProtocol
+  = lens _palUploadProtocol
+      (\ s a -> s{_palUploadProtocol = a})
+
+-- | OAuth access token.
+palAccessToken :: Lens' ProjectsAttestorsList (Maybe Text)
+palAccessToken
+  = lens _palAccessToken
+      (\ s a -> s{_palAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+palUploadType :: Lens' ProjectsAttestorsList (Maybe Text)
+palUploadType
+  = lens _palUploadType
+      (\ s a -> s{_palUploadType = a})
+
+-- | A token identifying a page of results the server should return.
+-- Typically, this is the value of ListAttestorsResponse.next_page_token
+-- returned from the previous call to the \`ListAttestors\` method.
+palPageToken :: Lens' ProjectsAttestorsList (Maybe Text)
+palPageToken
+  = lens _palPageToken (\ s a -> s{_palPageToken = a})
+
+-- | Requested page size. The server may return fewer results than requested.
+-- If unspecified, the server will pick an appropriate default.
+palPageSize :: Lens' ProjectsAttestorsList (Maybe Int32)
+palPageSize
+  = lens _palPageSize (\ s a -> s{_palPageSize = a}) .
+      mapping _Coerce
+
+-- | JSONP
+palCallback :: Lens' ProjectsAttestorsList (Maybe Text)
+palCallback
+  = lens _palCallback (\ s a -> s{_palCallback = a})
+
+instance GoogleRequest ProjectsAttestorsList where
+        type Rs ProjectsAttestorsList = ListAttestorsResponse
+        type Scopes ProjectsAttestorsList =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient ProjectsAttestorsList'{..}
+          = go _palParent _palXgafv _palUploadProtocol
+              _palAccessToken
+              _palUploadType
+              _palPageToken
+              _palPageSize
+              _palCallback
+              (Just AltJSON)
+              binaryAuthorizationService
+          where go
+                  = buildClient
+                      (Proxy :: Proxy ProjectsAttestorsListResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/SetIAMPolicy.hs b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/SetIAMPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/SetIAMPolicy.hs
@@ -0,0 +1,167 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.BinaryAuthorization.Projects.Attestors.SetIAMPolicy
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Sets the access control policy on the specified resource. Replaces any
+-- existing policy.
+--
+-- /See:/ <https://cloud.google.com/binary-authorization/ Binary Authorization API Reference> for @binaryauthorization.projects.attestors.setIamPolicy@.
+module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.SetIAMPolicy
+    (
+    -- * REST Resource
+      ProjectsAttestorsSetIAMPolicyResource
+
+    -- * Creating a Request
+    , projectsAttestorsSetIAMPolicy
+    , ProjectsAttestorsSetIAMPolicy
+
+    -- * Request Lenses
+    , pasipXgafv
+    , pasipUploadProtocol
+    , pasipAccessToken
+    , pasipUploadType
+    , pasipPayload
+    , pasipResource
+    , pasipCallback
+    ) where
+
+import           Network.Google.BinaryAuthorization.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @binaryauthorization.projects.attestors.setIamPolicy@ method which the
+-- 'ProjectsAttestorsSetIAMPolicy' request conforms to.
+type ProjectsAttestorsSetIAMPolicyResource =
+     "v1beta1" :>
+       CaptureMode "resource" "setIamPolicy" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :>
+                     ReqBody '[JSON] SetIAMPolicyRequest :>
+                       Post '[JSON] IAMPolicy
+
+-- | Sets the access control policy on the specified resource. Replaces any
+-- existing policy.
+--
+-- /See:/ 'projectsAttestorsSetIAMPolicy' smart constructor.
+data ProjectsAttestorsSetIAMPolicy = ProjectsAttestorsSetIAMPolicy'
+    { _pasipXgafv          :: !(Maybe Xgafv)
+    , _pasipUploadProtocol :: !(Maybe Text)
+    , _pasipAccessToken    :: !(Maybe Text)
+    , _pasipUploadType     :: !(Maybe Text)
+    , _pasipPayload        :: !SetIAMPolicyRequest
+    , _pasipResource       :: !Text
+    , _pasipCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ProjectsAttestorsSetIAMPolicy' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'pasipXgafv'
+--
+-- * 'pasipUploadProtocol'
+--
+-- * 'pasipAccessToken'
+--
+-- * 'pasipUploadType'
+--
+-- * 'pasipPayload'
+--
+-- * 'pasipResource'
+--
+-- * 'pasipCallback'
+projectsAttestorsSetIAMPolicy
+    :: SetIAMPolicyRequest -- ^ 'pasipPayload'
+    -> Text -- ^ 'pasipResource'
+    -> ProjectsAttestorsSetIAMPolicy
+projectsAttestorsSetIAMPolicy pPasipPayload_ pPasipResource_ =
+    ProjectsAttestorsSetIAMPolicy'
+    { _pasipXgafv = Nothing
+    , _pasipUploadProtocol = Nothing
+    , _pasipAccessToken = Nothing
+    , _pasipUploadType = Nothing
+    , _pasipPayload = pPasipPayload_
+    , _pasipResource = pPasipResource_
+    , _pasipCallback = Nothing
+    }
+
+-- | V1 error format.
+pasipXgafv :: Lens' ProjectsAttestorsSetIAMPolicy (Maybe Xgafv)
+pasipXgafv
+  = lens _pasipXgafv (\ s a -> s{_pasipXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+pasipUploadProtocol :: Lens' ProjectsAttestorsSetIAMPolicy (Maybe Text)
+pasipUploadProtocol
+  = lens _pasipUploadProtocol
+      (\ s a -> s{_pasipUploadProtocol = a})
+
+-- | OAuth access token.
+pasipAccessToken :: Lens' ProjectsAttestorsSetIAMPolicy (Maybe Text)
+pasipAccessToken
+  = lens _pasipAccessToken
+      (\ s a -> s{_pasipAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+pasipUploadType :: Lens' ProjectsAttestorsSetIAMPolicy (Maybe Text)
+pasipUploadType
+  = lens _pasipUploadType
+      (\ s a -> s{_pasipUploadType = a})
+
+-- | Multipart request metadata.
+pasipPayload :: Lens' ProjectsAttestorsSetIAMPolicy SetIAMPolicyRequest
+pasipPayload
+  = lens _pasipPayload (\ s a -> s{_pasipPayload = a})
+
+-- | REQUIRED: The resource for which the policy is being specified. See the
+-- operation documentation for the appropriate value for this field.
+pasipResource :: Lens' ProjectsAttestorsSetIAMPolicy Text
+pasipResource
+  = lens _pasipResource
+      (\ s a -> s{_pasipResource = a})
+
+-- | JSONP
+pasipCallback :: Lens' ProjectsAttestorsSetIAMPolicy (Maybe Text)
+pasipCallback
+  = lens _pasipCallback
+      (\ s a -> s{_pasipCallback = a})
+
+instance GoogleRequest ProjectsAttestorsSetIAMPolicy
+         where
+        type Rs ProjectsAttestorsSetIAMPolicy = IAMPolicy
+        type Scopes ProjectsAttestorsSetIAMPolicy =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient ProjectsAttestorsSetIAMPolicy'{..}
+          = go _pasipResource _pasipXgafv _pasipUploadProtocol
+              _pasipAccessToken
+              _pasipUploadType
+              _pasipCallback
+              (Just AltJSON)
+              _pasipPayload
+              binaryAuthorizationService
+          where go
+                  = buildClient
+                      (Proxy ::
+                         Proxy ProjectsAttestorsSetIAMPolicyResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/TestIAMPermissions.hs b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/TestIAMPermissions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/TestIAMPermissions.hs
@@ -0,0 +1,178 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.BinaryAuthorization.Projects.Attestors.TestIAMPermissions
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns permissions that a caller has on the specified resource. If the
+-- resource does not exist, this will return an empty set of permissions,
+-- not a NOT_FOUND error. Note: This operation is designed to be used for
+-- building permission-aware UIs and command-line tools, not for
+-- authorization checking. This operation may \"fail open\" without
+-- warning.
+--
+-- /See:/ <https://cloud.google.com/binary-authorization/ Binary Authorization API Reference> for @binaryauthorization.projects.attestors.testIamPermissions@.
+module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.TestIAMPermissions
+    (
+    -- * REST Resource
+      ProjectsAttestorsTestIAMPermissionsResource
+
+    -- * Creating a Request
+    , projectsAttestorsTestIAMPermissions
+    , ProjectsAttestorsTestIAMPermissions
+
+    -- * Request Lenses
+    , patipXgafv
+    , patipUploadProtocol
+    , patipAccessToken
+    , patipUploadType
+    , patipPayload
+    , patipResource
+    , patipCallback
+    ) where
+
+import           Network.Google.BinaryAuthorization.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @binaryauthorization.projects.attestors.testIamPermissions@ method which the
+-- 'ProjectsAttestorsTestIAMPermissions' request conforms to.
+type ProjectsAttestorsTestIAMPermissionsResource =
+     "v1beta1" :>
+       CaptureMode "resource" "testIamPermissions" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :>
+                     ReqBody '[JSON] TestIAMPermissionsRequest :>
+                       Post '[JSON] TestIAMPermissionsResponse
+
+-- | Returns permissions that a caller has on the specified resource. If the
+-- resource does not exist, this will return an empty set of permissions,
+-- not a NOT_FOUND error. Note: This operation is designed to be used for
+-- building permission-aware UIs and command-line tools, not for
+-- authorization checking. This operation may \"fail open\" without
+-- warning.
+--
+-- /See:/ 'projectsAttestorsTestIAMPermissions' smart constructor.
+data ProjectsAttestorsTestIAMPermissions = ProjectsAttestorsTestIAMPermissions'
+    { _patipXgafv          :: !(Maybe Xgafv)
+    , _patipUploadProtocol :: !(Maybe Text)
+    , _patipAccessToken    :: !(Maybe Text)
+    , _patipUploadType     :: !(Maybe Text)
+    , _patipPayload        :: !TestIAMPermissionsRequest
+    , _patipResource       :: !Text
+    , _patipCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ProjectsAttestorsTestIAMPermissions' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'patipXgafv'
+--
+-- * 'patipUploadProtocol'
+--
+-- * 'patipAccessToken'
+--
+-- * 'patipUploadType'
+--
+-- * 'patipPayload'
+--
+-- * 'patipResource'
+--
+-- * 'patipCallback'
+projectsAttestorsTestIAMPermissions
+    :: TestIAMPermissionsRequest -- ^ 'patipPayload'
+    -> Text -- ^ 'patipResource'
+    -> ProjectsAttestorsTestIAMPermissions
+projectsAttestorsTestIAMPermissions pPatipPayload_ pPatipResource_ =
+    ProjectsAttestorsTestIAMPermissions'
+    { _patipXgafv = Nothing
+    , _patipUploadProtocol = Nothing
+    , _patipAccessToken = Nothing
+    , _patipUploadType = Nothing
+    , _patipPayload = pPatipPayload_
+    , _patipResource = pPatipResource_
+    , _patipCallback = Nothing
+    }
+
+-- | V1 error format.
+patipXgafv :: Lens' ProjectsAttestorsTestIAMPermissions (Maybe Xgafv)
+patipXgafv
+  = lens _patipXgafv (\ s a -> s{_patipXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+patipUploadProtocol :: Lens' ProjectsAttestorsTestIAMPermissions (Maybe Text)
+patipUploadProtocol
+  = lens _patipUploadProtocol
+      (\ s a -> s{_patipUploadProtocol = a})
+
+-- | OAuth access token.
+patipAccessToken :: Lens' ProjectsAttestorsTestIAMPermissions (Maybe Text)
+patipAccessToken
+  = lens _patipAccessToken
+      (\ s a -> s{_patipAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+patipUploadType :: Lens' ProjectsAttestorsTestIAMPermissions (Maybe Text)
+patipUploadType
+  = lens _patipUploadType
+      (\ s a -> s{_patipUploadType = a})
+
+-- | Multipart request metadata.
+patipPayload :: Lens' ProjectsAttestorsTestIAMPermissions TestIAMPermissionsRequest
+patipPayload
+  = lens _patipPayload (\ s a -> s{_patipPayload = a})
+
+-- | REQUIRED: The resource for which the policy detail is being requested.
+-- See the operation documentation for the appropriate value for this
+-- field.
+patipResource :: Lens' ProjectsAttestorsTestIAMPermissions Text
+patipResource
+  = lens _patipResource
+      (\ s a -> s{_patipResource = a})
+
+-- | JSONP
+patipCallback :: Lens' ProjectsAttestorsTestIAMPermissions (Maybe Text)
+patipCallback
+  = lens _patipCallback
+      (\ s a -> s{_patipCallback = a})
+
+instance GoogleRequest
+         ProjectsAttestorsTestIAMPermissions where
+        type Rs ProjectsAttestorsTestIAMPermissions =
+             TestIAMPermissionsResponse
+        type Scopes ProjectsAttestorsTestIAMPermissions =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient
+          ProjectsAttestorsTestIAMPermissions'{..}
+          = go _patipResource _patipXgafv _patipUploadProtocol
+              _patipAccessToken
+              _patipUploadType
+              _patipCallback
+              (Just AltJSON)
+              _patipPayload
+              binaryAuthorizationService
+          where go
+                  = buildClient
+                      (Proxy ::
+                         Proxy ProjectsAttestorsTestIAMPermissionsResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/Update.hs b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/Update.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Attestors/Update.hs
@@ -0,0 +1,158 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Update
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates an attestor. Returns NOT_FOUND if the attestor does not exist.
+--
+-- /See:/ <https://cloud.google.com/binary-authorization/ Binary Authorization API Reference> for @binaryauthorization.projects.attestors.update@.
+module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Update
+    (
+    -- * REST Resource
+      ProjectsAttestorsUpdateResource
+
+    -- * Creating a Request
+    , projectsAttestorsUpdate
+    , ProjectsAttestorsUpdate
+
+    -- * Request Lenses
+    , pauXgafv
+    , pauUploadProtocol
+    , pauAccessToken
+    , pauUploadType
+    , pauPayload
+    , pauName
+    , pauCallback
+    ) where
+
+import           Network.Google.BinaryAuthorization.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @binaryauthorization.projects.attestors.update@ method which the
+-- 'ProjectsAttestorsUpdate' request conforms to.
+type ProjectsAttestorsUpdateResource =
+     "v1beta1" :>
+       Capture "name" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :>
+                     ReqBody '[JSON] Attestor :> Put '[JSON] Attestor
+
+-- | Updates an attestor. Returns NOT_FOUND if the attestor does not exist.
+--
+-- /See:/ 'projectsAttestorsUpdate' smart constructor.
+data ProjectsAttestorsUpdate = ProjectsAttestorsUpdate'
+    { _pauXgafv          :: !(Maybe Xgafv)
+    , _pauUploadProtocol :: !(Maybe Text)
+    , _pauAccessToken    :: !(Maybe Text)
+    , _pauUploadType     :: !(Maybe Text)
+    , _pauPayload        :: !Attestor
+    , _pauName           :: !Text
+    , _pauCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ProjectsAttestorsUpdate' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'pauXgafv'
+--
+-- * 'pauUploadProtocol'
+--
+-- * 'pauAccessToken'
+--
+-- * 'pauUploadType'
+--
+-- * 'pauPayload'
+--
+-- * 'pauName'
+--
+-- * 'pauCallback'
+projectsAttestorsUpdate
+    :: Attestor -- ^ 'pauPayload'
+    -> Text -- ^ 'pauName'
+    -> ProjectsAttestorsUpdate
+projectsAttestorsUpdate pPauPayload_ pPauName_ =
+    ProjectsAttestorsUpdate'
+    { _pauXgafv = Nothing
+    , _pauUploadProtocol = Nothing
+    , _pauAccessToken = Nothing
+    , _pauUploadType = Nothing
+    , _pauPayload = pPauPayload_
+    , _pauName = pPauName_
+    , _pauCallback = Nothing
+    }
+
+-- | V1 error format.
+pauXgafv :: Lens' ProjectsAttestorsUpdate (Maybe Xgafv)
+pauXgafv = lens _pauXgafv (\ s a -> s{_pauXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+pauUploadProtocol :: Lens' ProjectsAttestorsUpdate (Maybe Text)
+pauUploadProtocol
+  = lens _pauUploadProtocol
+      (\ s a -> s{_pauUploadProtocol = a})
+
+-- | OAuth access token.
+pauAccessToken :: Lens' ProjectsAttestorsUpdate (Maybe Text)
+pauAccessToken
+  = lens _pauAccessToken
+      (\ s a -> s{_pauAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+pauUploadType :: Lens' ProjectsAttestorsUpdate (Maybe Text)
+pauUploadType
+  = lens _pauUploadType
+      (\ s a -> s{_pauUploadType = a})
+
+-- | Multipart request metadata.
+pauPayload :: Lens' ProjectsAttestorsUpdate Attestor
+pauPayload
+  = lens _pauPayload (\ s a -> s{_pauPayload = a})
+
+-- | Required. The resource name, in the format:
+-- \`projects\/*\/attestors\/*\`. This field may not be updated.
+pauName :: Lens' ProjectsAttestorsUpdate Text
+pauName = lens _pauName (\ s a -> s{_pauName = a})
+
+-- | JSONP
+pauCallback :: Lens' ProjectsAttestorsUpdate (Maybe Text)
+pauCallback
+  = lens _pauCallback (\ s a -> s{_pauCallback = a})
+
+instance GoogleRequest ProjectsAttestorsUpdate where
+        type Rs ProjectsAttestorsUpdate = Attestor
+        type Scopes ProjectsAttestorsUpdate =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient ProjectsAttestorsUpdate'{..}
+          = go _pauName _pauXgafv _pauUploadProtocol
+              _pauAccessToken
+              _pauUploadType
+              _pauCallback
+              (Just AltJSON)
+              _pauPayload
+              binaryAuthorizationService
+          where go
+                  = buildClient
+                      (Proxy :: Proxy ProjectsAttestorsUpdateResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/BinaryAuthorization/Projects/GetPolicy.hs b/gen/Network/Google/Resource/BinaryAuthorization/Projects/GetPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/BinaryAuthorization/Projects/GetPolicy.hs
@@ -0,0 +1,147 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.BinaryAuthorization.Projects.GetPolicy
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets the policy for this project. Returns a default policy if the
+-- project does not have one.
+--
+-- /See:/ <https://cloud.google.com/binary-authorization/ Binary Authorization API Reference> for @binaryauthorization.projects.getPolicy@.
+module Network.Google.Resource.BinaryAuthorization.Projects.GetPolicy
+    (
+    -- * REST Resource
+      ProjectsGetPolicyResource
+
+    -- * Creating a Request
+    , projectsGetPolicy
+    , ProjectsGetPolicy
+
+    -- * Request Lenses
+    , pgpXgafv
+    , pgpUploadProtocol
+    , pgpAccessToken
+    , pgpUploadType
+    , pgpName
+    , pgpCallback
+    ) where
+
+import           Network.Google.BinaryAuthorization.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @binaryauthorization.projects.getPolicy@ method which the
+-- 'ProjectsGetPolicy' request conforms to.
+type ProjectsGetPolicyResource =
+     "v1beta1" :>
+       Capture "name" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :> Get '[JSON] Policy
+
+-- | Gets the policy for this project. Returns a default policy if the
+-- project does not have one.
+--
+-- /See:/ 'projectsGetPolicy' smart constructor.
+data ProjectsGetPolicy = ProjectsGetPolicy'
+    { _pgpXgafv          :: !(Maybe Xgafv)
+    , _pgpUploadProtocol :: !(Maybe Text)
+    , _pgpAccessToken    :: !(Maybe Text)
+    , _pgpUploadType     :: !(Maybe Text)
+    , _pgpName           :: !Text
+    , _pgpCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ProjectsGetPolicy' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'pgpXgafv'
+--
+-- * 'pgpUploadProtocol'
+--
+-- * 'pgpAccessToken'
+--
+-- * 'pgpUploadType'
+--
+-- * 'pgpName'
+--
+-- * 'pgpCallback'
+projectsGetPolicy
+    :: Text -- ^ 'pgpName'
+    -> ProjectsGetPolicy
+projectsGetPolicy pPgpName_ =
+    ProjectsGetPolicy'
+    { _pgpXgafv = Nothing
+    , _pgpUploadProtocol = Nothing
+    , _pgpAccessToken = Nothing
+    , _pgpUploadType = Nothing
+    , _pgpName = pPgpName_
+    , _pgpCallback = Nothing
+    }
+
+-- | V1 error format.
+pgpXgafv :: Lens' ProjectsGetPolicy (Maybe Xgafv)
+pgpXgafv = lens _pgpXgafv (\ s a -> s{_pgpXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+pgpUploadProtocol :: Lens' ProjectsGetPolicy (Maybe Text)
+pgpUploadProtocol
+  = lens _pgpUploadProtocol
+      (\ s a -> s{_pgpUploadProtocol = a})
+
+-- | OAuth access token.
+pgpAccessToken :: Lens' ProjectsGetPolicy (Maybe Text)
+pgpAccessToken
+  = lens _pgpAccessToken
+      (\ s a -> s{_pgpAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+pgpUploadType :: Lens' ProjectsGetPolicy (Maybe Text)
+pgpUploadType
+  = lens _pgpUploadType
+      (\ s a -> s{_pgpUploadType = a})
+
+-- | Required. The resource name of the policy to retrieve, in the format
+-- \`projects\/*\/policy\`.
+pgpName :: Lens' ProjectsGetPolicy Text
+pgpName = lens _pgpName (\ s a -> s{_pgpName = a})
+
+-- | JSONP
+pgpCallback :: Lens' ProjectsGetPolicy (Maybe Text)
+pgpCallback
+  = lens _pgpCallback (\ s a -> s{_pgpCallback = a})
+
+instance GoogleRequest ProjectsGetPolicy where
+        type Rs ProjectsGetPolicy = Policy
+        type Scopes ProjectsGetPolicy =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient ProjectsGetPolicy'{..}
+          = go _pgpName _pgpXgafv _pgpUploadProtocol
+              _pgpAccessToken
+              _pgpUploadType
+              _pgpCallback
+              (Just AltJSON)
+              binaryAuthorizationService
+          where go
+                  = buildClient
+                      (Proxy :: Proxy ProjectsGetPolicyResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/BinaryAuthorization/Projects/Policy/GetIAMPolicy.hs b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Policy/GetIAMPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Policy/GetIAMPolicy.hs
@@ -0,0 +1,152 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.BinaryAuthorization.Projects.Policy.GetIAMPolicy
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets the access control policy for a resource. Returns an empty policy
+-- if the resource exists and does not have a policy set.
+--
+-- /See:/ <https://cloud.google.com/binary-authorization/ Binary Authorization API Reference> for @binaryauthorization.projects.policy.getIamPolicy@.
+module Network.Google.Resource.BinaryAuthorization.Projects.Policy.GetIAMPolicy
+    (
+    -- * REST Resource
+      ProjectsPolicyGetIAMPolicyResource
+
+    -- * Creating a Request
+    , projectsPolicyGetIAMPolicy
+    , ProjectsPolicyGetIAMPolicy
+
+    -- * Request Lenses
+    , ppgipXgafv
+    , ppgipUploadProtocol
+    , ppgipAccessToken
+    , ppgipUploadType
+    , ppgipResource
+    , ppgipCallback
+    ) where
+
+import           Network.Google.BinaryAuthorization.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @binaryauthorization.projects.policy.getIamPolicy@ method which the
+-- 'ProjectsPolicyGetIAMPolicy' request conforms to.
+type ProjectsPolicyGetIAMPolicyResource =
+     "v1beta1" :>
+       CaptureMode "resource" "getIamPolicy" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :> Get '[JSON] IAMPolicy
+
+-- | Gets the access control policy for a resource. Returns an empty policy
+-- if the resource exists and does not have a policy set.
+--
+-- /See:/ 'projectsPolicyGetIAMPolicy' smart constructor.
+data ProjectsPolicyGetIAMPolicy = ProjectsPolicyGetIAMPolicy'
+    { _ppgipXgafv          :: !(Maybe Xgafv)
+    , _ppgipUploadProtocol :: !(Maybe Text)
+    , _ppgipAccessToken    :: !(Maybe Text)
+    , _ppgipUploadType     :: !(Maybe Text)
+    , _ppgipResource       :: !Text
+    , _ppgipCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ProjectsPolicyGetIAMPolicy' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'ppgipXgafv'
+--
+-- * 'ppgipUploadProtocol'
+--
+-- * 'ppgipAccessToken'
+--
+-- * 'ppgipUploadType'
+--
+-- * 'ppgipResource'
+--
+-- * 'ppgipCallback'
+projectsPolicyGetIAMPolicy
+    :: Text -- ^ 'ppgipResource'
+    -> ProjectsPolicyGetIAMPolicy
+projectsPolicyGetIAMPolicy pPpgipResource_ =
+    ProjectsPolicyGetIAMPolicy'
+    { _ppgipXgafv = Nothing
+    , _ppgipUploadProtocol = Nothing
+    , _ppgipAccessToken = Nothing
+    , _ppgipUploadType = Nothing
+    , _ppgipResource = pPpgipResource_
+    , _ppgipCallback = Nothing
+    }
+
+-- | V1 error format.
+ppgipXgafv :: Lens' ProjectsPolicyGetIAMPolicy (Maybe Xgafv)
+ppgipXgafv
+  = lens _ppgipXgafv (\ s a -> s{_ppgipXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+ppgipUploadProtocol :: Lens' ProjectsPolicyGetIAMPolicy (Maybe Text)
+ppgipUploadProtocol
+  = lens _ppgipUploadProtocol
+      (\ s a -> s{_ppgipUploadProtocol = a})
+
+-- | OAuth access token.
+ppgipAccessToken :: Lens' ProjectsPolicyGetIAMPolicy (Maybe Text)
+ppgipAccessToken
+  = lens _ppgipAccessToken
+      (\ s a -> s{_ppgipAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+ppgipUploadType :: Lens' ProjectsPolicyGetIAMPolicy (Maybe Text)
+ppgipUploadType
+  = lens _ppgipUploadType
+      (\ s a -> s{_ppgipUploadType = a})
+
+-- | REQUIRED: The resource for which the policy is being requested. See the
+-- operation documentation for the appropriate value for this field.
+ppgipResource :: Lens' ProjectsPolicyGetIAMPolicy Text
+ppgipResource
+  = lens _ppgipResource
+      (\ s a -> s{_ppgipResource = a})
+
+-- | JSONP
+ppgipCallback :: Lens' ProjectsPolicyGetIAMPolicy (Maybe Text)
+ppgipCallback
+  = lens _ppgipCallback
+      (\ s a -> s{_ppgipCallback = a})
+
+instance GoogleRequest ProjectsPolicyGetIAMPolicy
+         where
+        type Rs ProjectsPolicyGetIAMPolicy = IAMPolicy
+        type Scopes ProjectsPolicyGetIAMPolicy =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient ProjectsPolicyGetIAMPolicy'{..}
+          = go _ppgipResource _ppgipXgafv _ppgipUploadProtocol
+              _ppgipAccessToken
+              _ppgipUploadType
+              _ppgipCallback
+              (Just AltJSON)
+              binaryAuthorizationService
+          where go
+                  = buildClient
+                      (Proxy :: Proxy ProjectsPolicyGetIAMPolicyResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/BinaryAuthorization/Projects/Policy/SetIAMPolicy.hs b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Policy/SetIAMPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Policy/SetIAMPolicy.hs
@@ -0,0 +1,166 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.BinaryAuthorization.Projects.Policy.SetIAMPolicy
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Sets the access control policy on the specified resource. Replaces any
+-- existing policy.
+--
+-- /See:/ <https://cloud.google.com/binary-authorization/ Binary Authorization API Reference> for @binaryauthorization.projects.policy.setIamPolicy@.
+module Network.Google.Resource.BinaryAuthorization.Projects.Policy.SetIAMPolicy
+    (
+    -- * REST Resource
+      ProjectsPolicySetIAMPolicyResource
+
+    -- * Creating a Request
+    , projectsPolicySetIAMPolicy
+    , ProjectsPolicySetIAMPolicy
+
+    -- * Request Lenses
+    , ppsipXgafv
+    , ppsipUploadProtocol
+    , ppsipAccessToken
+    , ppsipUploadType
+    , ppsipPayload
+    , ppsipResource
+    , ppsipCallback
+    ) where
+
+import           Network.Google.BinaryAuthorization.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @binaryauthorization.projects.policy.setIamPolicy@ method which the
+-- 'ProjectsPolicySetIAMPolicy' request conforms to.
+type ProjectsPolicySetIAMPolicyResource =
+     "v1beta1" :>
+       CaptureMode "resource" "setIamPolicy" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :>
+                     ReqBody '[JSON] SetIAMPolicyRequest :>
+                       Post '[JSON] IAMPolicy
+
+-- | Sets the access control policy on the specified resource. Replaces any
+-- existing policy.
+--
+-- /See:/ 'projectsPolicySetIAMPolicy' smart constructor.
+data ProjectsPolicySetIAMPolicy = ProjectsPolicySetIAMPolicy'
+    { _ppsipXgafv          :: !(Maybe Xgafv)
+    , _ppsipUploadProtocol :: !(Maybe Text)
+    , _ppsipAccessToken    :: !(Maybe Text)
+    , _ppsipUploadType     :: !(Maybe Text)
+    , _ppsipPayload        :: !SetIAMPolicyRequest
+    , _ppsipResource       :: !Text
+    , _ppsipCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ProjectsPolicySetIAMPolicy' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'ppsipXgafv'
+--
+-- * 'ppsipUploadProtocol'
+--
+-- * 'ppsipAccessToken'
+--
+-- * 'ppsipUploadType'
+--
+-- * 'ppsipPayload'
+--
+-- * 'ppsipResource'
+--
+-- * 'ppsipCallback'
+projectsPolicySetIAMPolicy
+    :: SetIAMPolicyRequest -- ^ 'ppsipPayload'
+    -> Text -- ^ 'ppsipResource'
+    -> ProjectsPolicySetIAMPolicy
+projectsPolicySetIAMPolicy pPpsipPayload_ pPpsipResource_ =
+    ProjectsPolicySetIAMPolicy'
+    { _ppsipXgafv = Nothing
+    , _ppsipUploadProtocol = Nothing
+    , _ppsipAccessToken = Nothing
+    , _ppsipUploadType = Nothing
+    , _ppsipPayload = pPpsipPayload_
+    , _ppsipResource = pPpsipResource_
+    , _ppsipCallback = Nothing
+    }
+
+-- | V1 error format.
+ppsipXgafv :: Lens' ProjectsPolicySetIAMPolicy (Maybe Xgafv)
+ppsipXgafv
+  = lens _ppsipXgafv (\ s a -> s{_ppsipXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+ppsipUploadProtocol :: Lens' ProjectsPolicySetIAMPolicy (Maybe Text)
+ppsipUploadProtocol
+  = lens _ppsipUploadProtocol
+      (\ s a -> s{_ppsipUploadProtocol = a})
+
+-- | OAuth access token.
+ppsipAccessToken :: Lens' ProjectsPolicySetIAMPolicy (Maybe Text)
+ppsipAccessToken
+  = lens _ppsipAccessToken
+      (\ s a -> s{_ppsipAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+ppsipUploadType :: Lens' ProjectsPolicySetIAMPolicy (Maybe Text)
+ppsipUploadType
+  = lens _ppsipUploadType
+      (\ s a -> s{_ppsipUploadType = a})
+
+-- | Multipart request metadata.
+ppsipPayload :: Lens' ProjectsPolicySetIAMPolicy SetIAMPolicyRequest
+ppsipPayload
+  = lens _ppsipPayload (\ s a -> s{_ppsipPayload = a})
+
+-- | REQUIRED: The resource for which the policy is being specified. See the
+-- operation documentation for the appropriate value for this field.
+ppsipResource :: Lens' ProjectsPolicySetIAMPolicy Text
+ppsipResource
+  = lens _ppsipResource
+      (\ s a -> s{_ppsipResource = a})
+
+-- | JSONP
+ppsipCallback :: Lens' ProjectsPolicySetIAMPolicy (Maybe Text)
+ppsipCallback
+  = lens _ppsipCallback
+      (\ s a -> s{_ppsipCallback = a})
+
+instance GoogleRequest ProjectsPolicySetIAMPolicy
+         where
+        type Rs ProjectsPolicySetIAMPolicy = IAMPolicy
+        type Scopes ProjectsPolicySetIAMPolicy =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient ProjectsPolicySetIAMPolicy'{..}
+          = go _ppsipResource _ppsipXgafv _ppsipUploadProtocol
+              _ppsipAccessToken
+              _ppsipUploadType
+              _ppsipCallback
+              (Just AltJSON)
+              _ppsipPayload
+              binaryAuthorizationService
+          where go
+                  = buildClient
+                      (Proxy :: Proxy ProjectsPolicySetIAMPolicyResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/BinaryAuthorization/Projects/Policy/TestIAMPermissions.hs b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Policy/TestIAMPermissions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/BinaryAuthorization/Projects/Policy/TestIAMPermissions.hs
@@ -0,0 +1,177 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.BinaryAuthorization.Projects.Policy.TestIAMPermissions
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns permissions that a caller has on the specified resource. If the
+-- resource does not exist, this will return an empty set of permissions,
+-- not a NOT_FOUND error. Note: This operation is designed to be used for
+-- building permission-aware UIs and command-line tools, not for
+-- authorization checking. This operation may \"fail open\" without
+-- warning.
+--
+-- /See:/ <https://cloud.google.com/binary-authorization/ Binary Authorization API Reference> for @binaryauthorization.projects.policy.testIamPermissions@.
+module Network.Google.Resource.BinaryAuthorization.Projects.Policy.TestIAMPermissions
+    (
+    -- * REST Resource
+      ProjectsPolicyTestIAMPermissionsResource
+
+    -- * Creating a Request
+    , projectsPolicyTestIAMPermissions
+    , ProjectsPolicyTestIAMPermissions
+
+    -- * Request Lenses
+    , pptipXgafv
+    , pptipUploadProtocol
+    , pptipAccessToken
+    , pptipUploadType
+    , pptipPayload
+    , pptipResource
+    , pptipCallback
+    ) where
+
+import           Network.Google.BinaryAuthorization.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @binaryauthorization.projects.policy.testIamPermissions@ method which the
+-- 'ProjectsPolicyTestIAMPermissions' request conforms to.
+type ProjectsPolicyTestIAMPermissionsResource =
+     "v1beta1" :>
+       CaptureMode "resource" "testIamPermissions" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :>
+                     ReqBody '[JSON] TestIAMPermissionsRequest :>
+                       Post '[JSON] TestIAMPermissionsResponse
+
+-- | Returns permissions that a caller has on the specified resource. If the
+-- resource does not exist, this will return an empty set of permissions,
+-- not a NOT_FOUND error. Note: This operation is designed to be used for
+-- building permission-aware UIs and command-line tools, not for
+-- authorization checking. This operation may \"fail open\" without
+-- warning.
+--
+-- /See:/ 'projectsPolicyTestIAMPermissions' smart constructor.
+data ProjectsPolicyTestIAMPermissions = ProjectsPolicyTestIAMPermissions'
+    { _pptipXgafv          :: !(Maybe Xgafv)
+    , _pptipUploadProtocol :: !(Maybe Text)
+    , _pptipAccessToken    :: !(Maybe Text)
+    , _pptipUploadType     :: !(Maybe Text)
+    , _pptipPayload        :: !TestIAMPermissionsRequest
+    , _pptipResource       :: !Text
+    , _pptipCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ProjectsPolicyTestIAMPermissions' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'pptipXgafv'
+--
+-- * 'pptipUploadProtocol'
+--
+-- * 'pptipAccessToken'
+--
+-- * 'pptipUploadType'
+--
+-- * 'pptipPayload'
+--
+-- * 'pptipResource'
+--
+-- * 'pptipCallback'
+projectsPolicyTestIAMPermissions
+    :: TestIAMPermissionsRequest -- ^ 'pptipPayload'
+    -> Text -- ^ 'pptipResource'
+    -> ProjectsPolicyTestIAMPermissions
+projectsPolicyTestIAMPermissions pPptipPayload_ pPptipResource_ =
+    ProjectsPolicyTestIAMPermissions'
+    { _pptipXgafv = Nothing
+    , _pptipUploadProtocol = Nothing
+    , _pptipAccessToken = Nothing
+    , _pptipUploadType = Nothing
+    , _pptipPayload = pPptipPayload_
+    , _pptipResource = pPptipResource_
+    , _pptipCallback = Nothing
+    }
+
+-- | V1 error format.
+pptipXgafv :: Lens' ProjectsPolicyTestIAMPermissions (Maybe Xgafv)
+pptipXgafv
+  = lens _pptipXgafv (\ s a -> s{_pptipXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+pptipUploadProtocol :: Lens' ProjectsPolicyTestIAMPermissions (Maybe Text)
+pptipUploadProtocol
+  = lens _pptipUploadProtocol
+      (\ s a -> s{_pptipUploadProtocol = a})
+
+-- | OAuth access token.
+pptipAccessToken :: Lens' ProjectsPolicyTestIAMPermissions (Maybe Text)
+pptipAccessToken
+  = lens _pptipAccessToken
+      (\ s a -> s{_pptipAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+pptipUploadType :: Lens' ProjectsPolicyTestIAMPermissions (Maybe Text)
+pptipUploadType
+  = lens _pptipUploadType
+      (\ s a -> s{_pptipUploadType = a})
+
+-- | Multipart request metadata.
+pptipPayload :: Lens' ProjectsPolicyTestIAMPermissions TestIAMPermissionsRequest
+pptipPayload
+  = lens _pptipPayload (\ s a -> s{_pptipPayload = a})
+
+-- | REQUIRED: The resource for which the policy detail is being requested.
+-- See the operation documentation for the appropriate value for this
+-- field.
+pptipResource :: Lens' ProjectsPolicyTestIAMPermissions Text
+pptipResource
+  = lens _pptipResource
+      (\ s a -> s{_pptipResource = a})
+
+-- | JSONP
+pptipCallback :: Lens' ProjectsPolicyTestIAMPermissions (Maybe Text)
+pptipCallback
+  = lens _pptipCallback
+      (\ s a -> s{_pptipCallback = a})
+
+instance GoogleRequest
+         ProjectsPolicyTestIAMPermissions where
+        type Rs ProjectsPolicyTestIAMPermissions =
+             TestIAMPermissionsResponse
+        type Scopes ProjectsPolicyTestIAMPermissions =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient ProjectsPolicyTestIAMPermissions'{..}
+          = go _pptipResource _pptipXgafv _pptipUploadProtocol
+              _pptipAccessToken
+              _pptipUploadType
+              _pptipCallback
+              (Just AltJSON)
+              _pptipPayload
+              binaryAuthorizationService
+          where go
+                  = buildClient
+                      (Proxy ::
+                         Proxy ProjectsPolicyTestIAMPermissionsResource)
+                      mempty
diff --git a/gen/Network/Google/Resource/BinaryAuthorization/Projects/UpdatePolicy.hs b/gen/Network/Google/Resource/BinaryAuthorization/Projects/UpdatePolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/Google/Resource/BinaryAuthorization/Projects/UpdatePolicy.hs
@@ -0,0 +1,166 @@
+{-# LANGUAGE DataKinds          #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE FlexibleInstances  #-}
+{-# LANGUAGE NoImplicitPrelude  #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+{-# LANGUAGE TypeOperators      #-}
+
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds      #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+
+-- |
+-- Module      : Network.Google.Resource.BinaryAuthorization.Projects.UpdatePolicy
+-- Copyright   : (c) 2015-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates or updates a project\'s policy, and returns a copy of the new
+-- policy. A policy is always updated as a whole, to avoid race conditions
+-- with concurrent policy enforcement (or management!) requests. Returns
+-- NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request
+-- is malformed.
+--
+-- /See:/ <https://cloud.google.com/binary-authorization/ Binary Authorization API Reference> for @binaryauthorization.projects.updatePolicy@.
+module Network.Google.Resource.BinaryAuthorization.Projects.UpdatePolicy
+    (
+    -- * REST Resource
+      ProjectsUpdatePolicyResource
+
+    -- * Creating a Request
+    , projectsUpdatePolicy
+    , ProjectsUpdatePolicy
+
+    -- * Request Lenses
+    , pupXgafv
+    , pupUploadProtocol
+    , pupAccessToken
+    , pupUploadType
+    , pupPayload
+    , pupName
+    , pupCallback
+    ) where
+
+import           Network.Google.BinaryAuthorization.Types
+import           Network.Google.Prelude
+
+-- | A resource alias for @binaryauthorization.projects.updatePolicy@ method which the
+-- 'ProjectsUpdatePolicy' request conforms to.
+type ProjectsUpdatePolicyResource =
+     "v1beta1" :>
+       Capture "name" Text :>
+         QueryParam "$.xgafv" Xgafv :>
+           QueryParam "upload_protocol" Text :>
+             QueryParam "access_token" Text :>
+               QueryParam "uploadType" Text :>
+                 QueryParam "callback" Text :>
+                   QueryParam "alt" AltJSON :>
+                     ReqBody '[JSON] Policy :> Put '[JSON] Policy
+
+-- | Creates or updates a project\'s policy, and returns a copy of the new
+-- policy. A policy is always updated as a whole, to avoid race conditions
+-- with concurrent policy enforcement (or management!) requests. Returns
+-- NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request
+-- is malformed.
+--
+-- /See:/ 'projectsUpdatePolicy' smart constructor.
+data ProjectsUpdatePolicy = ProjectsUpdatePolicy'
+    { _pupXgafv          :: !(Maybe Xgafv)
+    , _pupUploadProtocol :: !(Maybe Text)
+    , _pupAccessToken    :: !(Maybe Text)
+    , _pupUploadType     :: !(Maybe Text)
+    , _pupPayload        :: !Policy
+    , _pupName           :: !Text
+    , _pupCallback       :: !(Maybe Text)
+    } deriving (Eq,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ProjectsUpdatePolicy' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'pupXgafv'
+--
+-- * 'pupUploadProtocol'
+--
+-- * 'pupAccessToken'
+--
+-- * 'pupUploadType'
+--
+-- * 'pupPayload'
+--
+-- * 'pupName'
+--
+-- * 'pupCallback'
+projectsUpdatePolicy
+    :: Policy -- ^ 'pupPayload'
+    -> Text -- ^ 'pupName'
+    -> ProjectsUpdatePolicy
+projectsUpdatePolicy pPupPayload_ pPupName_ =
+    ProjectsUpdatePolicy'
+    { _pupXgafv = Nothing
+    , _pupUploadProtocol = Nothing
+    , _pupAccessToken = Nothing
+    , _pupUploadType = Nothing
+    , _pupPayload = pPupPayload_
+    , _pupName = pPupName_
+    , _pupCallback = Nothing
+    }
+
+-- | V1 error format.
+pupXgafv :: Lens' ProjectsUpdatePolicy (Maybe Xgafv)
+pupXgafv = lens _pupXgafv (\ s a -> s{_pupXgafv = a})
+
+-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
+pupUploadProtocol :: Lens' ProjectsUpdatePolicy (Maybe Text)
+pupUploadProtocol
+  = lens _pupUploadProtocol
+      (\ s a -> s{_pupUploadProtocol = a})
+
+-- | OAuth access token.
+pupAccessToken :: Lens' ProjectsUpdatePolicy (Maybe Text)
+pupAccessToken
+  = lens _pupAccessToken
+      (\ s a -> s{_pupAccessToken = a})
+
+-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
+pupUploadType :: Lens' ProjectsUpdatePolicy (Maybe Text)
+pupUploadType
+  = lens _pupUploadType
+      (\ s a -> s{_pupUploadType = a})
+
+-- | Multipart request metadata.
+pupPayload :: Lens' ProjectsUpdatePolicy Policy
+pupPayload
+  = lens _pupPayload (\ s a -> s{_pupPayload = a})
+
+-- | Output only. The resource name, in the format \`projects\/*\/policy\`.
+-- There is at most one policy per project.
+pupName :: Lens' ProjectsUpdatePolicy Text
+pupName = lens _pupName (\ s a -> s{_pupName = a})
+
+-- | JSONP
+pupCallback :: Lens' ProjectsUpdatePolicy (Maybe Text)
+pupCallback
+  = lens _pupCallback (\ s a -> s{_pupCallback = a})
+
+instance GoogleRequest ProjectsUpdatePolicy where
+        type Rs ProjectsUpdatePolicy = Policy
+        type Scopes ProjectsUpdatePolicy =
+             '["https://www.googleapis.com/auth/cloud-platform"]
+        requestClient ProjectsUpdatePolicy'{..}
+          = go _pupName _pupXgafv _pupUploadProtocol
+              _pupAccessToken
+              _pupUploadType
+              _pupCallback
+              (Just AltJSON)
+              _pupPayload
+              binaryAuthorizationService
+          where go
+                  = buildClient
+                      (Proxy :: Proxy ProjectsUpdatePolicyResource)
+                      mempty
diff --git a/gogol-binaryauthorization.cabal b/gogol-binaryauthorization.cabal
new file mode 100644
--- /dev/null
+++ b/gogol-binaryauthorization.cabal
@@ -0,0 +1,59 @@
+name:                  gogol-binaryauthorization
+version:               0.4.0
+synopsis:              Google Binary Authorization SDK.
+homepage:              https://github.com/brendanhay/gogol
+bug-reports:           https://github.com/brendanhay/gogol/issues
+license:               OtherLicense
+license-file:          LICENSE
+author:                Brendan Hay
+maintainer:            Brendan Hay <brendan.g.hay@gmail.com>
+copyright:             Copyright (c) 2015-2016 Brendan Hay
+category:              Network, Google, Cloud
+build-type:            Simple
+cabal-version:         >= 1.10
+extra-source-files:    README.md src/.gitkeep
+
+description:
+    The management interface for Binary Authorization, a system providing
+    policy control for images deployed to Kubernetes Engine clusters.
+    .
+    /Warning:/ This is an experimental prototype/preview release which is still
+    under exploratory development and not intended for public use, caveat emptor!
+    .
+    This library is compatible with version @v1beta1@
+    of the API.
+
+source-repository head
+    type:     git
+    location: git://github.com/brendanhay/gogol.git
+
+library
+    default-language:  Haskell2010
+    hs-source-dirs:    src gen
+
+    ghc-options:       -Wall
+
+    exposed-modules:
+          Network.Google.BinaryAuthorization
+        , Network.Google.BinaryAuthorization.Types
+        , Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Create
+        , Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Delete
+        , Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Get
+        , Network.Google.Resource.BinaryAuthorization.Projects.Attestors.GetIAMPolicy
+        , Network.Google.Resource.BinaryAuthorization.Projects.Attestors.List
+        , Network.Google.Resource.BinaryAuthorization.Projects.Attestors.SetIAMPolicy
+        , Network.Google.Resource.BinaryAuthorization.Projects.Attestors.TestIAMPermissions
+        , Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Update
+        , Network.Google.Resource.BinaryAuthorization.Projects.GetPolicy
+        , Network.Google.Resource.BinaryAuthorization.Projects.Policy.GetIAMPolicy
+        , Network.Google.Resource.BinaryAuthorization.Projects.Policy.SetIAMPolicy
+        , Network.Google.Resource.BinaryAuthorization.Projects.Policy.TestIAMPermissions
+        , Network.Google.Resource.BinaryAuthorization.Projects.UpdatePolicy
+
+    other-modules:
+          Network.Google.BinaryAuthorization.Types.Product
+        , Network.Google.BinaryAuthorization.Types.Sum
+
+    build-depends:
+          gogol-core == 0.4.0.*
+        , base       >= 4.7 && < 5
diff --git a/src/.gitkeep b/src/.gitkeep
new file mode 100644
--- /dev/null
+++ b/src/.gitkeep
