feat(servicecontrol)!: update the API

BREAKING CHANGE: This release has breaking changes.

#### servicecontrol:v1

The following keys were deleted:
- schemas.Auth.properties.credentialId.description
- schemas.Auth.properties.credentialId.type

The following keys were changed:
- schemas.Attributes.properties.attributeMap.description
- schemas.CheckError.properties.code.enumDescriptions
- schemas.HttpRequest.properties.referer.description
- schemas.V1HttpRequest.properties.referer.description

#### servicecontrol:v2

The following keys were deleted:
- schemas.Auth.properties.credentialId.description
- schemas.Auth.properties.credentialId.type

The following keys were added:
- schemas.CheckResponse.properties.dynamicMetadata.additionalProperties.description
- schemas.CheckResponse.properties.dynamicMetadata.additionalProperties.type
- schemas.CheckResponse.properties.dynamicMetadata.description
- schemas.CheckResponse.properties.dynamicMetadata.type

The following keys were changed:
- schemas.V2HttpRequest.properties.referer.description

Author: yoshi-automation

discovery/servicecontrol-v1.json

@@ -197,7 +197,7 @@
       }
     }
   },
-  "revision": "20240802",
+  "revision": "20250117",
   "rootUrl": "https://servicecontrol.googleapis.com/",
   "schemas": {
     "AllocateInfo": {
@@ -289,7 +289,7 @@
           "additionalProperties": {
             "$ref": "AttributeValue"
           },
-          "description": "The set of attributes. Each attribute's key can be up to 128 bytes long. The value can be a string up to 256 bytes, a signed 64-bit integer, or the Boolean values `true` and `false`. For example: \"/instance_id\": \"my-instance\" \"/http/user_agent\": \"\" \"/http/request_bytes\": 300 \"abc.com/myattribute\": true",
+          "description": "The set of attributes. Each attribute's key can be up to 128 bytes long. The value can be a string up to 256 bytes, a signed 64-bit integer, or the Boolean values `true` and `false`. For example: \"/instance_id\": \"my-instance\" \"/http/user_agent\": \"\" \"/http/request_bytes\": 300 \"example.com/myattribute\": true",
           "type": "object"
         },
         "droppedAttributesCount": {
@@ -418,10 +418,6 @@
           "description": "Structured claims presented with the credential. JWTs include `{key: value}` pairs for standard and private claims. The following is a subset of the standard required and optional claims that would typically be presented for a Google-based JWT: {'iss': 'accounts.google.com', 'sub': '113289723416554971153', 'aud': ['123456789012', 'pubsub.googleapis.com'], 'azp': '123456789012.apps.googleusercontent.com', 'email': 'jsmith@example.com', 'iat': 1353601026, 'exp': 1353604926} SAML assertions are similarly specified, but with an identity provider dependent structure.",
           "type": "object"
         },
-        "credentialId": {
-          "description": "Identifies the client credential id used for authentication. credential_id is in the format of AUTH_METHOD:IDENTIFIER, e.g. \"serviceaccount:XXXXX, apikey:XXXXX\" where the format of the IDENTIFIER can vary for different AUTH_METHODs.",
-          "type": "string"
-        },
         "presenter": {
           "description": "The authorized presenter of the credential. Reflects the optional Authorized Presenter (`azp`) claim within a JWT or the OAuth client id. For example, a Google Cloud Platform client id looks as follows: \"123456789012.apps.googleusercontent.com\".",
           "type": "string"
@@ -596,7 +592,7 @@
             "The backend server for checking quota limits is unavailable.",
             "The Spanner for looking up LOAS project is unavailable.",
             "Cloud Resource Manager backend server is unavailable.",
-            "NOTE: for customers in the scope of Beta/GA of https://cloud.google.com/vpc-service-controls, this error is no longer returned. If the security backend is unavailable, rpc UNAVAILABLE status will be returned instead. It should be ignored and should not be used to reject client requests.",
+            "NOTE: for customers in the scope of Beta/GA of https://cloud.google.com/vpc-service-controls, this error is no longer returned. If the security backend is unavailable: For Fail open requests, error is ignored and request is allowed. For Fail close requests, rpc UNAVAILABLE status will be returned instead. It should be ignored and should not be used to reject client requests.",
             "Backend server for evaluating location policy is unavailable.",
             "Part of the project of fault injection: go/chemist-slo-validation. To distinguish between artificially injected errors and organic ones, this value will be exported for the per_service_check_error_count streamz. http://google3/apiserving/servicecontrol/server/controller_service.cc;l=196 Rpcinjectz2 works by injecting errors early in the rpc life cycle, before any of the chemist business logic runs."
           ],
@@ -905,7 +901,7 @@
           "type": "string"
         },
         "referer": {
-          "description": "The referer URL of the request, as defined in [HTTP/1.1 Header Field Definitions](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).",
+          "description": "The referer URL of the request, as defined in [HTTP/1.1 Header Field Definitions](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).",
           "type": "string"
         },
         "remoteIp": {
@@ -1994,7 +1990,7 @@
           "type": "string"
         },
         "referer": {
-          "description": "The referer URL of the request, as defined in [HTTP/1.1 Header Field Definitions](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).",
+          "description": "The referer URL of the request, as defined in [HTTP/1.1 Header Field Definitions](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).",
           "type": "string"
         },
         "remoteIp": {

discovery/servicecontrol-v2.json

@@ -169,7 +169,7 @@
       }
     }
   },
-  "revision": "20240802",
+  "revision": "20250103",
   "rootUrl": "https://servicecontrol.googleapis.com/",
   "schemas": {
     "Api": {
@@ -359,10 +359,6 @@
           "description": "Structured claims presented with the credential. JWTs include `{key: value}` pairs for standard and private claims. The following is a subset of the standard required and optional claims that would typically be presented for a Google-based JWT: {'iss': 'accounts.google.com', 'sub': '113289723416554971153', 'aud': ['123456789012', 'pubsub.googleapis.com'], 'azp': '123456789012.apps.googleusercontent.com', 'email': 'jsmith@example.com', 'iat': 1353601026, 'exp': 1353604926} SAML assertions are similarly specified, but with an identity provider dependent structure.",
           "type": "object"
         },
-        "credentialId": {
-          "description": "Identifies the client credential id used for authentication. credential_id is in the format of AUTH_METHOD:IDENTIFIER, e.g. \"serviceaccount:XXXXX, apikey:XXXXX\" where the format of the IDENTIFIER can vary for different AUTH_METHODs.",
-          "type": "string"
-        },
         "presenter": {
           "description": "The authorized presenter of the credential. Reflects the optional Authorized Presenter (`azp`) claim within a JWT or the OAuth client id. For example, a Google Cloud Platform client id looks as follows: \"123456789012.apps.googleusercontent.com\".",
           "type": "string"
@@ -487,6 +483,14 @@
       "description": "Response message for the Check method.",
       "id": "CheckResponse",
       "properties": {
+        "dynamicMetadata": {
+          "additionalProperties": {
+            "description": "Properties of the object.",
+            "type": "any"
+          },
+          "description": "Optional response metadata that will be emitted as dynamic metadata to be consumed by the caller of ServiceController. For compatibility with the ext_authz interface.",
+          "type": "object"
+        },
         "headers": {
           "additionalProperties": {
             "type": "string"
@@ -1007,7 +1011,7 @@
           "type": "string"
         },
         "referer": {
-          "description": "The referer URL of the request, as defined in [HTTP/1.1 Header Field Definitions](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).",
+          "description": "The referer URL of the request, as defined in [HTTP/1.1 Header Field Definitions](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).",
           "type": "string"
         },
         "remoteIp": {

src/apis/servicecontrol/v1.ts

@@ -173,7 +173,7 @@ export namespace servicecontrol_v1 {
    */
   export interface Schema$Attributes {
     /**
-     * The set of attributes. Each attribute's key can be up to 128 bytes long. The value can be a string up to 256 bytes, a signed 64-bit integer, or the Boolean values `true` and `false`. For example: "/instance_id": "my-instance" "/http/user_agent": "" "/http/request_bytes": 300 "abc.com/myattribute": true
+     * The set of attributes. Each attribute's key can be up to 128 bytes long. The value can be a string up to 256 bytes, a signed 64-bit integer, or the Boolean values `true` and `false`. For example: "/instance_id": "my-instance" "/http/user_agent": "" "/http/request_bytes": 300 "example.com/myattribute": true
      */
     attributeMap?: {[key: string]: Schema$AttributeValue} | null;
     /**
@@ -279,10 +279,6 @@ export namespace servicecontrol_v1 {
      * Structured claims presented with the credential. JWTs include `{key: value\}` pairs for standard and private claims. The following is a subset of the standard required and optional claims that would typically be presented for a Google-based JWT: {'iss': 'accounts.google.com', 'sub': '113289723416554971153', 'aud': ['123456789012', 'pubsub.googleapis.com'], 'azp': '123456789012.apps.googleusercontent.com', 'email': 'jsmith@example.com', 'iat': 1353601026, 'exp': 1353604926\} SAML assertions are similarly specified, but with an identity provider dependent structure.
      */
     claims?: {[key: string]: any} | null;
-    /**
-     * Identifies the client credential id used for authentication. credential_id is in the format of AUTH_METHOD:IDENTIFIER, e.g. "serviceaccount:XXXXX, apikey:XXXXX" where the format of the IDENTIFIER can vary for different AUTH_METHODs.
-     */
-    credentialId?: string | null;
     /**
      * The authorized presenter of the credential. Reflects the optional Authorized Presenter (`azp`) claim within a JWT or the OAuth client id. For example, a Google Cloud Platform client id looks as follows: "123456789012.apps.googleusercontent.com".
      */
@@ -585,7 +581,7 @@ export namespace servicecontrol_v1 {
      */
     protocol?: string | null;
     /**
-     * The referer URL of the request, as defined in [HTTP/1.1 Header Field Definitions](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).
+     * The referer URL of the request, as defined in [HTTP/1.1 Header Field Definitions](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).
      */
     referer?: string | null;
     /**
@@ -1369,7 +1365,7 @@ export namespace servicecontrol_v1 {
      */
     protocol?: string | null;
     /**
-     * The referer URL of the request, as defined in [HTTP/1.1 Header Field Definitions](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).
+     * The referer URL of the request, as defined in [HTTP/1.1 Header Field Definitions](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).
      */
     referer?: string | null;
     /**

src/apis/servicecontrol/v2.ts

@@ -263,10 +263,6 @@ export namespace servicecontrol_v2 {
      * Structured claims presented with the credential. JWTs include `{key: value\}` pairs for standard and private claims. The following is a subset of the standard required and optional claims that would typically be presented for a Google-based JWT: {'iss': 'accounts.google.com', 'sub': '113289723416554971153', 'aud': ['123456789012', 'pubsub.googleapis.com'], 'azp': '123456789012.apps.googleusercontent.com', 'email': 'jsmith@example.com', 'iat': 1353601026, 'exp': 1353604926\} SAML assertions are similarly specified, but with an identity provider dependent structure.
      */
     claims?: {[key: string]: any} | null;
-    /**
-     * Identifies the client credential id used for authentication. credential_id is in the format of AUTH_METHOD:IDENTIFIER, e.g. "serviceaccount:XXXXX, apikey:XXXXX" where the format of the IDENTIFIER can vary for different AUTH_METHODs.
-     */
-    credentialId?: string | null;
     /**
      * The authorized presenter of the credential. Reflects the optional Authorized Presenter (`azp`) claim within a JWT or the OAuth client id. For example, a Google Cloud Platform client id looks as follows: "123456789012.apps.googleusercontent.com".
      */
@@ -359,6 +355,10 @@ export namespace servicecontrol_v2 {
    * Response message for the Check method.
    */
   export interface Schema$CheckResponse {
+    /**
+     * Optional response metadata that will be emitted as dynamic metadata to be consumed by the caller of ServiceController. For compatibility with the ext_authz interface.
+     */
+    dynamicMetadata?: {[key: string]: any} | null;
     /**
      * Returns a set of request contexts generated from the `CheckRequest`.
      */
@@ -763,7 +763,7 @@ export namespace servicecontrol_v2 {
      */
     protocol?: string | null;
     /**
-     * The referer URL of the request, as defined in [HTTP/1.1 Header Field Definitions](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).
+     * The referer URL of the request, as defined in [HTTP/1.1 Header Field Definitions](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).
      */
     referer?: string | null;
     /**