@google-cloud/dlp 5.0.1 → 5.1.1

package/build/protos/google/privacy/dlp/v2/dlp.proto

@@ -1,4 +1,4 @@
-// Copyright 2022 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -58,7 +58,8 @@ option (google.api.resource_definition) = {
 // https://cloud.google.com/dlp/docs/.
 service DlpService {
   option (google.api.default_host) = "dlp.googleapis.com";
-  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
+  option (google.api.oauth_scopes) =
+      "https://www.googleapis.com/auth/cloud-platform";
 
   // Finds potentially sensitive info in content.
   // This method has limits on input size, processing time, and output size.
@@ -107,7 +108,8 @@ service DlpService {
   // When no InfoTypes or CustomInfoTypes are specified in this request, the
   // system will automatically choose what detectors to run. By default this may
   // be all types, but may change over time as detectors are updated.
-  rpc DeidentifyContent(DeidentifyContentRequest) returns (DeidentifyContentResponse) {
+  rpc DeidentifyContent(DeidentifyContentRequest)
+      returns (DeidentifyContentResponse) {
     option (google.api.http) = {
       post: "/v2/{parent=projects/*}/content:deidentify"
       body: "*"
@@ -122,7 +124,8 @@ service DlpService {
   // See
   // https://cloud.google.com/dlp/docs/pseudonymization#re-identification_in_free_text_code_example
   // to learn more.
-  rpc ReidentifyContent(ReidentifyContentRequest) returns (ReidentifyContentResponse) {
+  rpc ReidentifyContent(ReidentifyContentRequest)
+      returns (ReidentifyContentResponse) {
     option (google.api.http) = {
       post: "/v2/{parent=projects/*}/content:reidentify"
       body: "*"
@@ -139,9 +142,7 @@ service DlpService {
   rpc ListInfoTypes(ListInfoTypesRequest) returns (ListInfoTypesResponse) {
     option (google.api.http) = {
       get: "/v2/infoTypes"
-      additional_bindings {
-        get: "/v2/{parent=locations/*}/infoTypes"
-      }
+      additional_bindings { get: "/v2/{parent=locations/*}/infoTypes" }
     };
     option (google.api.method_signature) = "parent";
   }
@@ -149,7 +150,8 @@ service DlpService {
   // Creates an InspectTemplate for reusing frequently used configuration
   // for inspecting content, images, and storage.
   // See https://cloud.google.com/dlp/docs/creating-templates to learn more.
-  rpc CreateInspectTemplate(CreateInspectTemplateRequest) returns (InspectTemplate) {
+  rpc CreateInspectTemplate(CreateInspectTemplateRequest)
+      returns (InspectTemplate) {
     option (google.api.http) = {
       post: "/v2/{parent=organizations/*}/inspectTemplates"
       body: "*"
@@ -171,7 +173,8 @@ service DlpService {
 
   // Updates the InspectTemplate.
   // See https://cloud.google.com/dlp/docs/creating-templates to learn more.
-  rpc UpdateInspectTemplate(UpdateInspectTemplateRequest) returns (InspectTemplate) {
+  rpc UpdateInspectTemplate(UpdateInspectTemplateRequest)
+      returns (InspectTemplate) {
     option (google.api.http) = {
       patch: "/v2/{name=organizations/*/inspectTemplates/*}"
       body: "*"
@@ -199,9 +202,7 @@ service DlpService {
       additional_bindings {
         get: "/v2/{name=organizations/*/locations/*/inspectTemplates/*}"
       }
-      additional_bindings {
-        get: "/v2/{name=projects/*/inspectTemplates/*}"
-      }
+      additional_bindings { get: "/v2/{name=projects/*/inspectTemplates/*}" }
       additional_bindings {
         get: "/v2/{name=projects/*/locations/*/inspectTemplates/*}"
       }
@@ -211,15 +212,14 @@ service DlpService {
 
   // Lists InspectTemplates.
   // See https://cloud.google.com/dlp/docs/creating-templates to learn more.
-  rpc ListInspectTemplates(ListInspectTemplatesRequest) returns (ListInspectTemplatesResponse) {
+  rpc ListInspectTemplates(ListInspectTemplatesRequest)
+      returns (ListInspectTemplatesResponse) {
     option (google.api.http) = {
       get: "/v2/{parent=organizations/*}/inspectTemplates"
       additional_bindings {
         get: "/v2/{parent=organizations/*/locations/*}/inspectTemplates"
       }
-      additional_bindings {
-        get: "/v2/{parent=projects/*}/inspectTemplates"
-      }
+      additional_bindings { get: "/v2/{parent=projects/*}/inspectTemplates" }
       additional_bindings {
         get: "/v2/{parent=projects/*/locations/*}/inspectTemplates"
       }
@@ -229,15 +229,14 @@ service DlpService {
 
   // Deletes an InspectTemplate.
   // See https://cloud.google.com/dlp/docs/creating-templates to learn more.
-  rpc DeleteInspectTemplate(DeleteInspectTemplateRequest) returns (google.protobuf.Empty) {
+  rpc DeleteInspectTemplate(DeleteInspectTemplateRequest)
+      returns (google.protobuf.Empty) {
     option (google.api.http) = {
       delete: "/v2/{name=organizations/*/inspectTemplates/*}"
       additional_bindings {
         delete: "/v2/{name=organizations/*/locations/*/inspectTemplates/*}"
       }
-      additional_bindings {
-        delete: "/v2/{name=projects/*/inspectTemplates/*}"
-      }
+      additional_bindings { delete: "/v2/{name=projects/*/inspectTemplates/*}" }
       additional_bindings {
         delete: "/v2/{name=projects/*/locations/*/inspectTemplates/*}"
       }
@@ -249,7 +248,8 @@ service DlpService {
   // for de-identifying content, images, and storage.
   // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
   // more.
-  rpc CreateDeidentifyTemplate(CreateDeidentifyTemplateRequest) returns (DeidentifyTemplate) {
+  rpc CreateDeidentifyTemplate(CreateDeidentifyTemplateRequest)
+      returns (DeidentifyTemplate) {
     option (google.api.http) = {
       post: "/v2/{parent=organizations/*}/deidentifyTemplates"
       body: "*"
@@ -272,7 +272,8 @@ service DlpService {
   // Updates the DeidentifyTemplate.
   // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
   // more.
-  rpc UpdateDeidentifyTemplate(UpdateDeidentifyTemplateRequest) returns (DeidentifyTemplate) {
+  rpc UpdateDeidentifyTemplate(UpdateDeidentifyTemplateRequest)
+      returns (DeidentifyTemplate) {
     option (google.api.http) = {
       patch: "/v2/{name=organizations/*/deidentifyTemplates/*}"
       body: "*"
@@ -289,21 +290,21 @@ service DlpService {
         body: "*"
       }
     };
-    option (google.api.method_signature) = "name,deidentify_template,update_mask";
+    option (google.api.method_signature) =
+        "name,deidentify_template,update_mask";
   }
 
   // Gets a DeidentifyTemplate.
   // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
   // more.
-  rpc GetDeidentifyTemplate(GetDeidentifyTemplateRequest) returns (DeidentifyTemplate) {
+  rpc GetDeidentifyTemplate(GetDeidentifyTemplateRequest)
+      returns (DeidentifyTemplate) {
     option (google.api.http) = {
       get: "/v2/{name=organizations/*/deidentifyTemplates/*}"
       additional_bindings {
         get: "/v2/{name=organizations/*/locations/*/deidentifyTemplates/*}"
       }
-      additional_bindings {
-        get: "/v2/{name=projects/*/deidentifyTemplates/*}"
-      }
+      additional_bindings { get: "/v2/{name=projects/*/deidentifyTemplates/*}" }
       additional_bindings {
         get: "/v2/{name=projects/*/locations/*/deidentifyTemplates/*}"
       }
@@ -314,15 +315,14 @@ service DlpService {
   // Lists DeidentifyTemplates.
   // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
   // more.
-  rpc ListDeidentifyTemplates(ListDeidentifyTemplatesRequest) returns (ListDeidentifyTemplatesResponse) {
+  rpc ListDeidentifyTemplates(ListDeidentifyTemplatesRequest)
+      returns (ListDeidentifyTemplatesResponse) {
     option (google.api.http) = {
       get: "/v2/{parent=organizations/*}/deidentifyTemplates"
       additional_bindings {
         get: "/v2/{parent=organizations/*/locations/*}/deidentifyTemplates"
       }
-      additional_bindings {
-        get: "/v2/{parent=projects/*}/deidentifyTemplates"
-      }
+      additional_bindings { get: "/v2/{parent=projects/*}/deidentifyTemplates" }
       additional_bindings {
         get: "/v2/{parent=projects/*/locations/*}/deidentifyTemplates"
       }
@@ -333,7 +333,8 @@ service DlpService {
   // Deletes a DeidentifyTemplate.
   // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
   // more.
-  rpc DeleteDeidentifyTemplate(DeleteDeidentifyTemplateRequest) returns (google.protobuf.Empty) {
+  rpc DeleteDeidentifyTemplate(DeleteDeidentifyTemplateRequest)
+      returns (google.protobuf.Empty) {
     option (google.api.http) = {
       delete: "/v2/{name=organizations/*/deidentifyTemplates/*}"
       additional_bindings {
@@ -389,7 +390,8 @@ service DlpService {
   // Inspect hybrid content and store findings to a trigger. The inspection
   // will be processed asynchronously. To review the findings monitor the
   // jobs within the trigger.
-  rpc HybridInspectJobTrigger(HybridInspectJobTriggerRequest) returns (HybridInspectResponse) {
+  rpc HybridInspectJobTrigger(HybridInspectJobTriggerRequest)
+      returns (HybridInspectResponse) {
     option (google.api.http) = {
       post: "/v2/{name=projects/*/locations/*/jobTriggers/*}:hybridInspect"
       body: "*"
@@ -414,7 +416,8 @@ service DlpService {
 
   // Lists job triggers.
   // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
-  rpc ListJobTriggers(ListJobTriggersRequest) returns (ListJobTriggersResponse) {
+  rpc ListJobTriggers(ListJobTriggersRequest)
+      returns (ListJobTriggersResponse) {
     option (google.api.http) = {
       get: "/v2/{parent=projects/*}/jobTriggers"
       additional_bindings {
@@ -429,7 +432,8 @@ service DlpService {
 
   // Deletes a job trigger.
   // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
-  rpc DeleteJobTrigger(DeleteJobTriggerRequest) returns (google.protobuf.Empty) {
+  rpc DeleteJobTrigger(DeleteJobTriggerRequest)
+      returns (google.protobuf.Empty) {
     option (google.api.http) = {
       delete: "/v2/{name=projects/*/jobTriggers/*}"
       additional_bindings {
@@ -455,6 +459,69 @@ service DlpService {
     };
   }
 
+  // Creates a config for discovery to scan and profile storage.
+  rpc CreateDiscoveryConfig(CreateDiscoveryConfigRequest)
+      returns (DiscoveryConfig) {
+    option (google.api.http) = {
+      post: "/v2/{parent=projects/*/locations/*}/discoveryConfigs"
+      body: "*"
+      additional_bindings {
+        post: "/v2/{parent=organizations/*/locations/*}/discoveryConfigs"
+        body: "*"
+      }
+    };
+    option (google.api.method_signature) = "parent,discovery_config";
+  }
+
+  // Updates a discovery configuration.
+  rpc UpdateDiscoveryConfig(UpdateDiscoveryConfigRequest)
+      returns (DiscoveryConfig) {
+    option (google.api.http) = {
+      patch: "/v2/{name=projects/*/locations/*/discoveryConfigs/*}"
+      body: "*"
+      additional_bindings {
+        patch: "/v2/{name=organizations/*/locations/*/discoveryConfigs/*}"
+        body: "*"
+      }
+    };
+    option (google.api.method_signature) = "name,discovery_config,update_mask";
+  }
+
+  // Gets a discovery configuration.
+  rpc GetDiscoveryConfig(GetDiscoveryConfigRequest) returns (DiscoveryConfig) {
+    option (google.api.http) = {
+      get: "/v2/{name=projects/*/locations/*/discoveryConfigs/*}"
+      additional_bindings {
+        get: "/v2/{name=organizations/*/locations/*/discoveryConfigs/*}"
+      }
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Lists discovery configurations.
+  rpc ListDiscoveryConfigs(ListDiscoveryConfigsRequest)
+      returns (ListDiscoveryConfigsResponse) {
+    option (google.api.http) = {
+      get: "/v2/{parent=projects/*/locations/*}/discoveryConfigs"
+      additional_bindings {
+        get: "/v2/{parent=organizations/*/locations/*}/discoveryConfigs"
+      }
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Deletes a discovery configuration.
+  rpc DeleteDiscoveryConfig(DeleteDiscoveryConfigRequest)
+      returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      delete: "/v2/{name=projects/*/locations/*/discoveryConfigs/*}"
+      additional_bindings {
+        delete: "/v2/{name=organizations/*/locations/*/discoveryConfigs/*}"
+      }
+    };
+    option (google.api.method_signature) = "name";
+  }
+
   // Creates a new job to inspect storage or calculate risk metrics.
   // See https://cloud.google.com/dlp/docs/inspecting-storage and
   // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more.
@@ -481,9 +548,7 @@ service DlpService {
   rpc ListDlpJobs(ListDlpJobsRequest) returns (ListDlpJobsResponse) {
     option (google.api.http) = {
       get: "/v2/{parent=projects/*}/dlpJobs"
-      additional_bindings {
-        get: "/v2/{parent=projects/*/locations/*}/dlpJobs"
-      }
+      additional_bindings { get: "/v2/{parent=projects/*/locations/*}/dlpJobs" }
       additional_bindings {
         get: "/v2/{parent=organizations/*/locations/*}/dlpJobs"
       }
@@ -497,9 +562,7 @@ service DlpService {
   rpc GetDlpJob(GetDlpJobRequest) returns (DlpJob) {
     option (google.api.http) = {
       get: "/v2/{name=projects/*/dlpJobs/*}"
-      additional_bindings {
-        get: "/v2/{name=projects/*/locations/*/dlpJobs/*}"
-      }
+      additional_bindings { get: "/v2/{name=projects/*/locations/*/dlpJobs/*}" }
     };
     option (google.api.method_signature) = "name";
   }
@@ -538,7 +601,8 @@ service DlpService {
   // Creates a pre-built stored infoType to be used for inspection.
   // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to
   // learn more.
-  rpc CreateStoredInfoType(CreateStoredInfoTypeRequest) returns (StoredInfoType) {
+  rpc CreateStoredInfoType(CreateStoredInfoTypeRequest)
+      returns (StoredInfoType) {
     option (google.api.http) = {
       post: "/v2/{parent=organizations/*}/storedInfoTypes"
       body: "*"
@@ -562,7 +626,8 @@ service DlpService {
   // will continue to be used until the new version is ready.
   // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to
   // learn more.
-  rpc UpdateStoredInfoType(UpdateStoredInfoTypeRequest) returns (StoredInfoType) {
+  rpc UpdateStoredInfoType(UpdateStoredInfoTypeRequest)
+      returns (StoredInfoType) {
     option (google.api.http) = {
       patch: "/v2/{name=organizations/*/storedInfoTypes/*}"
       body: "*"
@@ -591,9 +656,7 @@ service DlpService {
       additional_bindings {
         get: "/v2/{name=organizations/*/locations/*/storedInfoTypes/*}"
       }
-      additional_bindings {
-        get: "/v2/{name=projects/*/storedInfoTypes/*}"
-      }
+      additional_bindings { get: "/v2/{name=projects/*/storedInfoTypes/*}" }
       additional_bindings {
         get: "/v2/{name=projects/*/locations/*/storedInfoTypes/*}"
       }
@@ -604,15 +667,14 @@ service DlpService {
   // Lists stored infoTypes.
   // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to
   // learn more.
-  rpc ListStoredInfoTypes(ListStoredInfoTypesRequest) returns (ListStoredInfoTypesResponse) {
+  rpc ListStoredInfoTypes(ListStoredInfoTypesRequest)
+      returns (ListStoredInfoTypesResponse) {
     option (google.api.http) = {
       get: "/v2/{parent=organizations/*}/storedInfoTypes"
       additional_bindings {
         get: "/v2/{parent=organizations/*/locations/*}/storedInfoTypes"
       }
-      additional_bindings {
-        get: "/v2/{parent=projects/*}/storedInfoTypes"
-      }
+      additional_bindings { get: "/v2/{parent=projects/*}/storedInfoTypes" }
       additional_bindings {
         get: "/v2/{parent=projects/*/locations/*}/storedInfoTypes"
       }
@@ -623,15 +685,14 @@ service DlpService {
   // Deletes a stored infoType.
   // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to
   // learn more.
-  rpc DeleteStoredInfoType(DeleteStoredInfoTypeRequest) returns (google.protobuf.Empty) {
+  rpc DeleteStoredInfoType(DeleteStoredInfoTypeRequest)
+      returns (google.protobuf.Empty) {
     option (google.api.http) = {
       delete: "/v2/{name=organizations/*/storedInfoTypes/*}"
       additional_bindings {
         delete: "/v2/{name=organizations/*/locations/*/storedInfoTypes/*}"
       }
-      additional_bindings {
-        delete: "/v2/{name=projects/*/storedInfoTypes/*}"
-      }
+      additional_bindings { delete: "/v2/{name=projects/*/storedInfoTypes/*}" }
       additional_bindings {
         delete: "/v2/{name=projects/*/locations/*/storedInfoTypes/*}"
       }
@@ -642,7 +703,8 @@ service DlpService {
   // Inspect hybrid content and store findings to a job.
   // To review the findings, inspect the job. Inspection will occur
   // asynchronously.
-  rpc HybridInspectDlpJob(HybridInspectDlpJobRequest) returns (HybridInspectResponse) {
+  rpc HybridInspectDlpJob(HybridInspectDlpJobRequest)
+      returns (HybridInspectResponse) {
     option (google.api.http) = {
       post: "/v2/{name=projects/*/locations/*/dlpJobs/*}:hybridInspect"
       body: "*"
@@ -675,7 +737,8 @@ message ExcludeInfoTypes {
 
 // The rule to exclude findings based on a hotword. For record inspection of
 // tables, column names are considered hotwords. An example of this is to
-// exclude a finding if a BigQuery column matches a specific pattern.
+// exclude a finding if it belongs to a BigQuery column that matches a specific
+// pattern.
 message ExcludeByHotword {
   // Regular expression pattern defining what qualifies as a hotword.
   CustomInfoType.Regex hotword_regex = 1;
@@ -737,6 +800,22 @@ message InspectionRuleSet {
 // When used with redactContent only info_types and min_likelihood are currently
 // used.
 message InspectConfig {
+  // Configuration for setting a minimum likelihood per infotype. Used to
+  // customize the minimum likelihood level for specific infotypes in the
+  // request. For example, use this if you want to lower the precision for
+  // PERSON_NAME without lowering the precision for the other infotypes in the
+  // request.
+  message InfoTypeLikelihood {
+    // Type of information the likelihood threshold applies to. Only one
+    // likelihood per info_type should be provided. If InfoTypeLikelihood does
+    // not have an info_type, the configuration fails.
+    InfoType info_type = 1;
+
+    // Only returns findings equal to or above this threshold. This field is
+    // required or else the configuration fails.
+    Likelihood min_likelihood = 2;
+  }
+
   // Configuration to control the number of findings returned for inspection.
   // This is not used for de-identification or data profiling.
   //
@@ -759,15 +838,29 @@ message InspectConfig {
       int32 max_findings = 2;
     }
 
-    // Max number of findings that will be returned for each item scanned.
-    // When set within `InspectJobConfig`,
-    // the maximum returned is 2000 regardless if this is set higher.
-    // When set within `InspectContentRequest`, this field is ignored.
+    // Max number of findings that are returned for each item scanned.
+    //
+    // When set within an
+    // [InspectContentRequest][google.privacy.dlp.v2.InspectContentRequest],
+    // this field is ignored.
+    //
+    // This value isn't a hard limit. If the number of findings for an item
+    // reaches this limit, the inspection of that item ends gradually, not
+    // abruptly. Therefore, the actual number of findings that Cloud DLP returns
+    // for the item can be multiple times higher than this value.
     int32 max_findings_per_item = 1;
 
-    // Max number of findings that will be returned per request/job.
-    // When set within `InspectContentRequest`, the maximum returned is 2000
-    // regardless if this is set higher.
+    // Max number of findings that are returned per request or job.
+    //
+    // If you set this field in an
+    // [InspectContentRequest][google.privacy.dlp.v2.InspectContentRequest], the
+    // resulting maximum value is the value that you set or 3,000, whichever is
+    // lower.
+    //
+    // This value isn't a hard limit. If an inspection reaches this limit, the
+    // inspection ends gradually, not abruptly. Therefore, the actual number of
+    // findings that Cloud DLP returns can be multiple times higher than this
+    // value.
     int32 max_findings_per_request = 2;
 
     // Configuration of findings limit given for specified infoTypes.
@@ -779,19 +872,28 @@ message InspectConfig {
   // https://cloud.google.com/dlp/docs/infotypes-reference.
   //
   // When no InfoTypes or CustomInfoTypes are specified in a request, the
-  // system may automatically choose what detectors to run. By default this may
-  // be all types, but may change over time as detectors are updated.
+  // system may automatically choose a default list of detectors to run, which
+  // may change over time.
   //
   // If you need precise control and predictability as to what detectors are
   // run you should specify specific InfoTypes listed in the reference,
   // otherwise a default list will be used, which may change over time.
   repeated InfoType info_types = 1;
 
-  // Only returns findings equal or above this threshold. The default is
+  // Only returns findings equal to or above this threshold. The default is
   // POSSIBLE.
-  // See https://cloud.google.com/dlp/docs/likelihood to learn more.
+  //
+  // In general, the highest likelihood setting yields the fewest findings in
+  // results and the lowest chance of a false positive. For more information,
+  // see [Match likelihood](https://cloud.google.com/dlp/docs/likelihood).
   Likelihood min_likelihood = 2;
 
+  // Minimum likelihood per infotype. For each infotype, a user can specify a
+  // minimum likelihood. The system only returns a finding if its likelihood is
+  // above this threshold. If this field is not set, the system uses the
+  // InspectConfig min_likelihood.
+  repeated InfoTypeLikelihood min_likelihood_per_info_type = 11;
+
   // Configuration to control the number of findings returned.
   // This is not used for data profiling.
   //
@@ -800,11 +902,19 @@ message InspectConfig {
   // redacted. Don't include finding limits in
   // [RedactImage][google.privacy.dlp.v2.DlpService.RedactImage]
   // requests. Otherwise, Cloud DLP returns an error.
+  //
+  // When set within an
+  // [InspectJobConfig][google.privacy.dlp.v2.InspectJobConfig], the specified
+  // maximum values aren't hard limits. If an inspection job reaches these
+  // limits, the job ends gradually, not abruptly. Therefore, the actual number
+  // of findings that Cloud DLP returns can be multiple times higher than these
+  // maximum values.
   FindingLimits limits = 3;
 
   // When true, a contextual quote from the data that triggered a finding is
-  // included in the response; see [Finding.quote][google.privacy.dlp.v2.Finding.quote].
-  // This is not used for data profiling.
+  // included in the response; see
+  // [Finding.quote][google.privacy.dlp.v2.Finding.quote]. This is not used for
+  // data profiling.
   bool include_quote = 4;
 
   // When true, excludes type information of the findings.
@@ -965,14 +1075,13 @@ message Finding {
   QuoteInfo quote_info = 7;
 
   // The job that stored the finding.
-  string resource_name = 8 [(google.api.resource_reference) = {
-                              type: "dlp.googleapis.com/DlpJob"
-                            }];
+  string resource_name = 8
+      [(google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" }];
 
   // Job trigger name, if applicable, for this finding.
-  string trigger_name = 9 [(google.api.resource_reference) = {
-                             type: "dlp.googleapis.com/JobTrigger"
-                           }];
+  string trigger_name = 9 [
+    (google.api.resource_reference) = { type: "dlp.googleapis.com/JobTrigger" }
+  ];
 
   // The labels associated with this `Finding`.
   //
@@ -993,9 +1102,8 @@ message Finding {
   google.protobuf.Timestamp job_create_time = 11;
 
   // The job that stored the finding.
-  string job_name = 13 [(google.api.resource_reference) = {
-                          type: "dlp.googleapis.com/DlpJob"
-                        }];
+  string job_name = 13
+      [(google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" }];
 
   // The unique finding id.
   string finding_id = 15;
@@ -1227,8 +1335,8 @@ message RedactImageRequest {
   //
   //     parent=projects/example-project/locations/europe-west3
   string parent = 1 [(google.api.resource_reference) = {
-                       child_type: "dlp.googleapis.com/DlpContent"
-                     }];
+    child_type: "dlp.googleapis.com/DlpContent"
+  }];
 
   // Deprecated. This field has no effect.
   string location_id = 8;
@@ -1292,8 +1400,8 @@ message DeidentifyContentRequest {
   //
   //     parent=projects/example-project/locations/europe-west3
   string parent = 1 [(google.api.resource_reference) = {
-                       child_type: "dlp.googleapis.com/DlpContent"
-                     }];
+    child_type: "dlp.googleapis.com/DlpContent"
+  }];
 
   // Configuration for the de-identification of the content item.
   // Items specified here will override the template referenced by the
@@ -1433,8 +1541,8 @@ message InspectContentRequest {
   //
   //     parent=projects/example-project/locations/europe-west3
   string parent = 1 [(google.api.resource_reference) = {
-                       child_type: "dlp.googleapis.com/DlpContent"
-                     }];
+    child_type: "dlp.googleapis.com/DlpContent"
+  }];
 
   // Configuration for the inspector. What specified here will override
   // the template referenced by the inspect_template_name argument.
@@ -1561,6 +1669,18 @@ message InspectDataSourceDetails {
   Result result = 3;
 }
 
+// The schema of data to be saved to the BigQuery table when the
+// `DataProfileAction` is enabled.
+message DataProfileBigQueryRowSchema {
+  oneof data_profile {
+    // Table data profile column
+    TableDataProfile table_profile = 1;
+
+    // Column data profile column
+    ColumnDataProfile column_profile = 2;
+  }
+}
+
 // Statistics related to processing hybrid inspect requests.
 message HybridInspectStatistics {
   // The number of hybrid inspection requests processed within this job.
@@ -1578,6 +1698,53 @@ message HybridInspectStatistics {
   int64 pending_count = 3;
 }
 
+// The results of an [Action][google.privacy.dlp.v2.Action].
+message ActionDetails {
+  // Summary of what occurred in the actions.
+  oneof details {
+    // Outcome of a de-identification action.
+    DeidentifyDataSourceDetails deidentify_details = 1;
+  }
+}
+
+// Summary of what was modified during a transformation.
+message DeidentifyDataSourceStats {
+  // Total size in bytes that were transformed in some way.
+  int64 transformed_bytes = 1;
+
+  // Number of successfully applied transformations.
+  int64 transformation_count = 2;
+
+  // Number of errors encountered while trying to apply transformations.
+  int64 transformation_error_count = 3;
+}
+
+// The results of a [Deidentify][google.privacy.dlp.v2.Action.Deidentify] action
+// from an inspect job.
+message DeidentifyDataSourceDetails {
+  // De-identification options.
+  message RequestedDeidentifyOptions {
+    // Snapshot of the state of the `DeidentifyTemplate` from the
+    // [Deidentify][google.privacy.dlp.v2.Action.Deidentify] action at the time
+    // this job was run.
+    DeidentifyTemplate snapshot_deidentify_template = 1;
+
+    // Snapshot of the state of the structured `DeidentifyTemplate` from the
+    // `Deidentify` action at the time this job was run.
+    DeidentifyTemplate snapshot_structured_deidentify_template = 2;
+
+    // Snapshot of the state of the image transformation `DeidentifyTemplate`
+    // from the `Deidentify` action at the time this job was run.
+    DeidentifyTemplate snapshot_image_redact_template = 3;
+  }
+
+  // De-identification config used for the request.
+  RequestedDeidentifyOptions requested_options = 1;
+
+  // Stats about the de-identification operation.
+  DeidentifyDataSourceStats deidentify_stats = 2;
+}
+
 // InfoType description.
 message InfoTypeDescription {
   // Internal name of the infoType.
@@ -1598,6 +1765,9 @@ message InfoTypeDescription {
 
   // The category of the infoType.
   repeated InfoTypeCategory categories = 10;
+
+  // The default sensitivity of the infoType.
+  SensitivityScore sensitivity_score = 11;
 }
 
 // Classification of infoTypes to organize them according to geographic
@@ -1637,6 +1807,9 @@ message InfoTypeCategory {
     // The infoType is typically used in Colombia.
     COLOMBIA = 9;
 
+    // The infoType is typically used in Croatia.
+    CROATIA = 42;
+
     // The infoType is typically used in Denmark.
     DENMARK = 10;
 
@@ -1679,6 +1852,9 @@ message InfoTypeCategory {
     // The infoType is typically used in the Netherlands.
     THE_NETHERLANDS = 23;
 
+    // The infoType is typically used in New Zealand.
+    NEW_ZEALAND = 41;
+
     // The infoType is typically used in Norway.
     NORWAY = 24;
 
@@ -1706,6 +1882,9 @@ message InfoTypeCategory {
     // The infoType is typically used in Sweden.
     SWEDEN = 32;
 
+    // The infoType is typically used in Switzerland.
+    SWITZERLAND = 43;
+
     // The infoType is typically used in Taiwan.
     TAIWAN = 33;
 
@@ -1729,9 +1908,6 @@ message InfoTypeCategory {
 
     // The infoType is typically used in Google internally.
     INTERNAL = 40;
-
-    // The infoType is typically used in New Zealand.
-    NEW_ZEALAND = 41;
   }
 
   // Enum of the current industries in the category.
@@ -1897,10 +2073,11 @@ message StatisticalTable {
   BigQueryTable table = 3 [(google.api.field_behavior) = REQUIRED];
 
   // Required. Quasi-identifier columns.
-  repeated QuasiIdentifierField quasi_ids = 1 [(google.api.field_behavior) = REQUIRED];
+  repeated QuasiIdentifierField quasi_ids = 1
+      [(google.api.field_behavior) = REQUIRED];
 
-  // Required. The relative frequency column must contain a floating-point number
-  // between 0 and 1 (inclusive). Null values are assumed to be zero.
+  // Required. The relative frequency column must contain a floating-point
+  // number between 0 and 1 (inclusive). Null values are assumed to be zero.
   FieldId relative_frequency = 2 [(google.api.field_behavior) = REQUIRED];
 }
 
@@ -2013,15 +2190,16 @@ message PrivacyMetric {
       BigQueryTable table = 3 [(google.api.field_behavior) = REQUIRED];
 
       // Required. Quasi-identifier columns.
-      repeated QuasiIdField quasi_ids = 1 [(google.api.field_behavior) = REQUIRED];
+      repeated QuasiIdField quasi_ids = 1
+          [(google.api.field_behavior) = REQUIRED];
 
-      // Required. The relative frequency column must contain a floating-point number
-      // between 0 and 1 (inclusive). Null values are assumed to be zero.
+      // Required. The relative frequency column must contain a floating-point
+      // number between 0 and 1 (inclusive). Null values are assumed to be zero.
       FieldId relative_frequency = 2 [(google.api.field_behavior) = REQUIRED];
     }
 
-    // Required. Fields considered to be quasi-identifiers. No two columns can have the
-    // same tag.
+    // Required. Fields considered to be quasi-identifiers. No two columns can
+    // have the same tag.
     repeated TaggedField quasi_ids = 1 [(google.api.field_behavior) = REQUIRED];
 
     // ISO 3166-1 alpha-2 region code to use in the statistical modeling.
@@ -2040,8 +2218,8 @@ message PrivacyMetric {
   // Similarly to the k-map metric, we cannot compute δ-presence exactly without
   // knowing the attack dataset, so we use a statistical model instead.
   message DeltaPresenceEstimationConfig {
-    // Required. Fields considered to be quasi-identifiers. No two fields can have the
-    // same tag.
+    // Required. Fields considered to be quasi-identifiers. No two fields can
+    // have the same tag.
     repeated QuasiId quasi_ids = 1 [(google.api.field_behavior) = REQUIRED];
 
     // ISO 3166-1 alpha-2 region code to use in the statistical modeling.
@@ -2114,7 +2292,8 @@ message AnalyzeDataSourceRiskDetails {
     }
 
     // Histogram of value frequencies in the column.
-    repeated CategoricalStatsHistogramBucket value_frequency_histogram_buckets = 5;
+    repeated CategoricalStatsHistogramBucket value_frequency_histogram_buckets =
+        5;
   }
 
   // Result of the k-anonymity computation.
@@ -2194,7 +2373,8 @@ message AnalyzeDataSourceRiskDetails {
     }
 
     // Histogram of l-diversity equivalence class sensitive value frequencies.
-    repeated LDiversityHistogramBucket sensitive_value_frequency_histogram_buckets = 5;
+    repeated LDiversityHistogramBucket
+        sensitive_value_frequency_histogram_buckets = 5;
   }
 
   // Result of the reidentifiability analysis. Note that these results are an
@@ -2300,7 +2480,8 @@ message AnalyzeDataSourceRiskDetails {
     //   {min_probability: 0.3, max_probability: 0.4, frequency: 99}
     // mean that there are no record with an estimated probability in [0.1, 0.2)
     // nor larger or equal to 0.4.
-    repeated DeltaPresenceEstimationHistogramBucket delta_presence_estimation_histogram = 1;
+    repeated DeltaPresenceEstimationHistogramBucket
+        delta_presence_estimation_histogram = 1;
   }
 
   // Risk analysis options.
@@ -2444,20 +2625,16 @@ message ImageTransformations {
   message ImageTransformation {
     // Apply transformation to the selected info_types.
     message SelectedInfoTypes {
-      // Required. InfoTypes to apply the transformation to. Required. Provided InfoType
-      // must be unique within the ImageTransformations message.
+      // Required. InfoTypes to apply the transformation to. Required. Provided
+      // InfoType must be unique within the ImageTransformations message.
       repeated InfoType info_types = 5 [(google.api.field_behavior) = REQUIRED];
     }
 
     // Apply transformation to all findings.
-    message AllInfoTypes {
-
-    }
+    message AllInfoTypes {}
 
     // Apply to all text.
-    message AllText {
-
-    }
+    message AllText {}
 
     oneof target {
       // Apply transformation to the selected info_types.
@@ -2491,17 +2668,13 @@ message ImageTransformations {
 // `TransformationOverviews`.
 message TransformationErrorHandling {
   // Throw an error and fail the request when a transformation error occurs.
-  message ThrowError {
-
-  }
+  message ThrowError {}
 
   // Skips the data without modifying it if the requested transformation would
   // cause an error. For example, if a `DateShift` transformation were applied
   // an an IP address, this mode would leave the IP address unchanged in the
   // response.
-  message LeaveUntransformed {
-
-  }
+  message LeaveUntransformed {}
 
   // How transformation errors should be handled.
   oneof mode {
@@ -2678,16 +2851,12 @@ message ReplaceDictionaryConfig {
 }
 
 // Replace each matching finding with the name of the info_type.
-message ReplaceWithInfoTypeConfig {
-
-}
+message ReplaceWithInfoTypeConfig {}
 
 // Redact a given value. For example, if used with an `InfoTypeTransformation`
 // transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
 // output would be 'My phone number is '.
-message RedactConfig {
-
-}
+message RedactConfig {}
 
 // Characters to skip when doing deidentification of a value. These will be left
 // alone and skipped.
@@ -2786,18 +2955,18 @@ message CharacterMaskConfig {
 //
 // See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
 message FixedSizeBucketingConfig {
-  // Required. Lower bound value of buckets. All values less than `lower_bound` are
-  // grouped together into a single bucket; for example if `lower_bound` = 10,
-  // then all values less than 10 are replaced with the value "-10".
+  // Required. Lower bound value of buckets. All values less than `lower_bound`
+  // are grouped together into a single bucket; for example if `lower_bound` =
+  // 10, then all values less than 10 are replaced with the value "-10".
   Value lower_bound = 1 [(google.api.field_behavior) = REQUIRED];
 
-  // Required. Upper bound value of buckets. All values greater than upper_bound are
-  // grouped together into a single bucket; for example if `upper_bound` = 89,
-  // then all values greater than 89 are replaced with the value "89+".
+  // Required. Upper bound value of buckets. All values greater than upper_bound
+  // are grouped together into a single bucket; for example if `upper_bound` =
+  // 89, then all values greater than 89 are replaced with the value "89+".
   Value upper_bound = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Required. Size of each bucket (except for minimum and maximum buckets). So if
-  // `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+  // Required. Size of each bucket (except for minimum and maximum buckets). So
+  // if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
   // following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
   // 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
   double bucket_size = 3 [(google.api.field_behavior) = REQUIRED];
@@ -3000,14 +3169,15 @@ message KmsWrappedCryptoKey {
 // same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
 // to learn more.
 message DateShiftConfig {
-  // Required. Range of shift in days. Actual shift will be selected at random within this
-  // range (inclusive ends). Negative means shift to earlier in time. Must not
-  // be more than 365250 days (1000 years) each direction.
+  // Required. Range of shift in days. Actual shift will be selected at random
+  // within this range (inclusive ends). Negative means shift to earlier in
+  // time. Must not be more than 365250 days (1000 years) each direction.
   //
   // For example, 3 means shift date to at most 3 days into the future.
   int32 upper_bound_days = 1 [(google.api.field_behavior) = REQUIRED];
 
-  // Required. For example, -5 means shift date to at most 5 days back in the past.
+  // Required. For example, -5 means shift date to at most 5 days back in the
+  // past.
   int32 lower_bound_days = 2 [(google.api.field_behavior) = REQUIRED];
 
   // Points to the field that contains the context, for example, an entity id.
@@ -3039,12 +3209,14 @@ message InfoTypeTransformations {
     repeated InfoType info_types = 1;
 
     // Required. Primitive transformation to apply to the infoType.
-    PrimitiveTransformation primitive_transformation = 2 [(google.api.field_behavior) = REQUIRED];
+    PrimitiveTransformation primitive_transformation = 2
+        [(google.api.field_behavior) = REQUIRED];
   }
 
   // Required. Transformation for each infoType. Cannot specify more than one
   // for a given infoType.
-  repeated InfoTypeTransformation transformations = 1 [(google.api.field_behavior) = REQUIRED];
+  repeated InfoTypeTransformation transformations = 1
+      [(google.api.field_behavior) = REQUIRED];
 }
 
 // The transformation to apply to the field.
@@ -3440,9 +3612,7 @@ message Schedule {
 
 // Job trigger option for hybrid jobs. Jobs must be manually created
 // and finished.
-message Manual {
-
-}
+message Manual {}
 
 // The inspectTemplate contains a configuration (set of types of sensitive data
 // to be detected) to be used anywhere you otherwise would normally specify
@@ -3471,10 +3641,12 @@ message InspectTemplate {
   string description = 3;
 
   // Output only. The creation timestamp of an inspectTemplate.
-  google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp create_time = 4
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Output only. The last update timestamp of an inspectTemplate.
-  google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp update_time = 5
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // The core content of the template. Configuration of the scanning process.
   InspectConfig inspect_config = 6;
@@ -3505,10 +3677,12 @@ message DeidentifyTemplate {
   string description = 3;
 
   // Output only. The creation timestamp of an inspectTemplate.
-  google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp create_time = 4
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Output only. The last update timestamp of an inspectTemplate.
-  google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp update_time = 5
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // The core content of the template.
   DeidentifyConfig deidentify_config = 6;
@@ -3520,7 +3694,8 @@ message Error {
   // Detailed error codes and messages.
   google.rpc.Status details = 1;
 
-  // The times the error occurred.
+  // The times the error occurred. List includes the oldest timestamp and the
+  // last 9 timestamps.
   repeated google.protobuf.Timestamp timestamps = 2;
 }
 
@@ -3584,20 +3759,23 @@ message JobTrigger {
   // a single Schedule trigger and must have at least one object.
   repeated Trigger triggers = 5;
 
-  // Output only. A stream of errors encountered when the trigger was activated. Repeated
-  // errors may result in the JobTrigger automatically being paused.
+  // Output only. A stream of errors encountered when the trigger was activated.
+  // Repeated errors may result in the JobTrigger automatically being paused.
   // Will return the last 100 errors. Whenever the JobTrigger is modified
   // this list will be cleared.
   repeated Error errors = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Output only. The creation timestamp of a triggeredJob.
-  google.protobuf.Timestamp create_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp create_time = 7
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Output only. The last update timestamp of a triggeredJob.
-  google.protobuf.Timestamp update_time = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp update_time = 8
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Output only. The timestamp of the last time this trigger executed.
-  google.protobuf.Timestamp last_run_time = 9 [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp last_run_time = 9
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Required. A status for this trigger.
   Status status = 10 [(google.api.field_behavior) = REQUIRED];
@@ -3628,19 +3806,15 @@ message Action {
     string topic = 1;
   }
 
-  // Publish the result summary of a DlpJob to the Cloud Security
-  // Command Center (CSCC Alpha).
-  // This action is only available for projects which are parts of
-  // an organization and whitelisted for the alpha Cloud Security Command
-  // Center.
-  // The action will publish the count of finding instances and their info
-  // types. The summary of findings will be persisted in CSCC and are governed
-  // by CSCC service-specific policy, see
-  // https://cloud.google.com/terms/service-terms Only a single instance of this
-  // action can be specified. Compatible with: Inspect
-  message PublishSummaryToCscc {
-
-  }
+  // Publish the result summary of a DlpJob to [Security Command
+  // Center](https://cloud.google.com/security-command-center). This action is
+  // available for only projects that belong to an organization. This action
+  // publishes the count of finding instances and their infoTypes. The summary
+  // of findings are persisted in Security Command Center and are governed by
+  // [service-specific policies for Security Command
+  // Center](https://cloud.google.com/terms/service-terms). Only a single
+  // instance of this action can be specified. Compatible with: Inspect
+  message PublishSummaryToCscc {}
 
   // Publish findings of a DlpJob to Data Catalog. In Data Catalog, tag
   // templates are applied to the resource that Cloud DLP scanned. Data
@@ -3660,9 +3834,7 @@ message Action {
   // Only a single instance of this action can be specified. This action is
   // allowed only if all resources being scanned are BigQuery tables.
   // Compatible with: Inspect
-  message PublishFindingsToCloudDataCatalog {
-
-  }
+  message PublishFindingsToCloudDataCatalog {}
 
   // Create a de-identified copy of the requested table or files.
   //
@@ -3690,13 +3862,15 @@ message Action {
     // of each transformation (see
     // [TransformationDetails][google.privacy.dlp.v2.TransformationDetails]
     // message for more information about what is noted).
-    TransformationDetailsStorageConfig transformation_details_storage_config = 3;
+    TransformationDetailsStorageConfig transformation_details_storage_config =
+        3;
 
     oneof output {
-      // Required. User settable Cloud Storage bucket and folders to store de-identified
-      // files. This field must be set for cloud storage deidentification. The
-      // output Cloud Storage bucket must be different from the input bucket.
-      // De-identified files will overwrite files in the output path.
+      // Required. User settable Cloud Storage bucket and folders to store
+      // de-identified files. This field must be set for cloud storage
+      // deidentification. The output Cloud Storage bucket must be different
+      // from the input bucket. De-identified files will overwrite files in the
+      // output path.
       //
       // Form of: gs://bucket/folder/ or gs://bucket
       string cloud_storage_output = 9 [(google.api.field_behavior) = REQUIRED];
@@ -3715,17 +3889,13 @@ message Action {
   // Sends an email when the job completes. The email goes to IAM project owners
   // and technical [Essential
   // Contacts](https://cloud.google.com/resource-manager/docs/managing-notification-contacts).
-  message JobNotificationEmails {
-
-  }
+  message JobNotificationEmails {}
 
   // Enable Stackdriver metric dlp.googleapis.com/finding_count. This
   // will publish a metric to stack driver on each infotype requested and
   // how many findings were found for it. CustomDetectors will be bucketed
   // as 'Custom' under the Stackdriver label 'info_type'.
-  message PublishToStackdriver {
-
-  }
+  message PublishToStackdriver {}
 
   oneof action {
     // Save resulting findings in a provided location.
@@ -3738,7 +3908,8 @@ message Action {
     PublishSummaryToCscc publish_summary_to_cscc = 3;
 
     // Publish findings to Cloud Datahub.
-    PublishFindingsToCloudDataCatalog publish_findings_to_cloud_data_catalog = 5;
+    PublishFindingsToCloudDataCatalog publish_findings_to_cloud_data_catalog =
+        5;
 
     // Create a de-identified copy of the input data.
     Deidentify deidentify = 7;
@@ -3825,8 +3996,8 @@ message CreateInspectTemplateRequest {
 
 // Request message for UpdateInspectTemplate.
 message UpdateInspectTemplateRequest {
-  // Required. Resource name of organization and inspectTemplate to be updated, for
-  // example `organizations/433245324/inspectTemplates/432452342` or
+  // Required. Resource name of organization and inspectTemplate to be updated,
+  // for example `organizations/433245324/inspectTemplates/432452342` or
   // projects/project-id/inspectTemplates/432452342.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
@@ -3844,8 +4015,8 @@ message UpdateInspectTemplateRequest {
 
 // Request message for GetInspectTemplate.
 message GetInspectTemplateRequest {
-  // Required. Resource name of the organization and inspectTemplate to be read, for
-  // example `organizations/433245324/inspectTemplates/432452342` or
+  // Required. Resource name of the organization and inspectTemplate to be read,
+  // for example `organizations/433245324/inspectTemplates/432452342` or
   // projects/project-id/inspectTemplates/432452342.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
@@ -3884,17 +4055,17 @@ message ListInspectTemplatesRequest {
     }
   ];
 
-  // Page token to continue retrieval. Comes from previous call
+  // Page token to continue retrieval. Comes from the previous call
   // to `ListInspectTemplates`.
   string page_token = 2;
 
-  // Size of the page, can be limited by the server. If zero server returns
-  // a page of max size 100.
+  // Size of the page. This value can be limited by the server. If zero server
+  // returns a page of max size 100.
   int32 page_size = 3;
 
   // Comma separated list of fields to order by,
-  // followed by `asc` or `desc` postfix. This list is case-insensitive,
-  // default sorting order is ascending, redundant space characters are
+  // followed by `asc` or `desc` postfix. This list is case insensitive. The
+  // default sorting order is ascending. Redundant space characters are
   // insignificant.
   //
   // Example: `name asc,update_time, create_time desc`
@@ -3916,16 +4087,16 @@ message ListInspectTemplatesResponse {
   // List of inspectTemplates, up to page_size in ListInspectTemplatesRequest.
   repeated InspectTemplate inspect_templates = 1;
 
-  // If the next page is available then the next page token to be used
-  // in following ListInspectTemplates request.
+  // If the next page is available then the next page token to be used in the
+  // following ListInspectTemplates request.
   string next_page_token = 2;
 }
 
 // Request message for DeleteInspectTemplate.
 message DeleteInspectTemplateRequest {
-  // Required. Resource name of the organization and inspectTemplate to be deleted, for
-  // example `organizations/433245324/inspectTemplates/432452342` or
-  // projects/project-id/inspectTemplates/432452342.
+  // Required. Resource name of the organization and inspectTemplate to be
+  // deleted, for example `organizations/433245324/inspectTemplates/432452342`
+  // or projects/project-id/inspectTemplates/432452342.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -3978,9 +4149,7 @@ message ActivateJobTriggerRequest {
   // `projects/dlp-test-project/jobTriggers/53234423`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "dlp.googleapis.com/JobTrigger"
-    }
+    (google.api.resource_reference) = { type: "dlp.googleapis.com/JobTrigger" }
   ];
 }
 
@@ -3990,9 +4159,7 @@ message UpdateJobTriggerRequest {
   // `projects/dlp-test-project/jobTriggers/53234423`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "dlp.googleapis.com/JobTrigger"
-    }
+    (google.api.resource_reference) = { type: "dlp.googleapis.com/JobTrigger" }
   ];
 
   // New JobTrigger value.
@@ -4006,10 +4173,131 @@ message UpdateJobTriggerRequest {
 message GetJobTriggerRequest {
   // Required. Resource name of the project and the triggeredJob, for example
   // `projects/dlp-test-project/jobTriggers/53234423`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = { type: "dlp.googleapis.com/JobTrigger" }
+  ];
+}
+
+// Request message for CreateDiscoveryConfig.
+message CreateDiscoveryConfigRequest {
+  // Required. Parent resource name.
+  //
+  // The format of this value is as follows:
+  // `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //
+  // The following example `parent` string specifies a parent project with the
+  // identifier `example-project`, and specifies the `europe-west3` location
+  // for processing data:
+  //
+  //     parent=projects/example-project/locations/europe-west3
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "dlp.googleapis.com/DiscoveryConfig"
+    }
+  ];
+
+  // Required. The DiscoveryConfig to create.
+  DiscoveryConfig discovery_config = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // The config ID can contain uppercase and lowercase letters,
+  // numbers, and hyphens; that is, it must match the regular
+  // expression: `[a-zA-Z\d-_]+`. The maximum length is 100
+  // characters. Can be empty to allow the system to generate one.
+  string config_id = 3;
+}
+
+// Request message for UpdateDiscoveryConfig.
+message UpdateDiscoveryConfigRequest {
+  // Required. Resource name of the project and the configuration, for example
+  // `projects/dlp-test-project/discoveryConfigs/53234423`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "dlp.googleapis.com/DiscoveryConfig"
+    }
+  ];
+
+  // Required. New DiscoveryConfig value.
+  DiscoveryConfig discovery_config = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Mask to control which fields get updated.
+  google.protobuf.FieldMask update_mask = 3;
+}
+
+// Request message for GetDiscoveryConfig.
+message GetDiscoveryConfigRequest {
+  // Required. Resource name of the project and the configuration, for example
+  // `projects/dlp-test-project/discoveryConfigs/53234423`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "dlp.googleapis.com/DiscoveryConfig"
+    }
+  ];
+}
+
+// Request message for ListDiscoveryConfigs.
+message ListDiscoveryConfigsRequest {
+  // Required. Parent resource name.
+  //
+  // The format of this value is as follows:
+  // `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //
+  // The following example `parent` string specifies a parent project with the
+  // identifier `example-project`, and specifies the `europe-west3` location
+  // for processing data:
+  //
+  //     parent=projects/example-project/locations/europe-west3
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "dlp.googleapis.com/DiscoveryConfig"
+    }
+  ];
+
+  // Page token to continue retrieval. Comes from the previous call
+  // to ListDiscoveryConfigs. `order_by` field must not
+  // change for subsequent calls.
+  string page_token = 2;
+
+  // Size of the page. This value can be limited by a server.
+  int32 page_size = 3;
+
+  // Comma separated list of config fields to order by,
+  // followed by `asc` or `desc` postfix. This list is case insensitive. The
+  // default sorting order is ascending. Redundant space characters are
+  // insignificant.
+  //
+  // Example: `name asc,update_time, create_time desc`
+  //
+  // Supported fields are:
+  //
+  // - `last_run_time`: corresponds to the last time the DiscoveryConfig ran.
+  // - `name`: corresponds to the DiscoveryConfig's name.
+  // - `status`: corresponds to DiscoveryConfig's status.
+  string order_by = 4;
+}
+
+// Response message for ListDiscoveryConfigs.
+message ListDiscoveryConfigsResponse {
+  // List of configs, up to page_size in ListDiscoveryConfigsRequest.
+  repeated DiscoveryConfig discovery_configs = 1;
+
+  // If the next page is available then this value is the next page token to be
+  // used in the following ListDiscoveryConfigs request.
+  string next_page_token = 2;
+}
+
+// Request message for DeleteDiscoveryConfig.
+message DeleteDiscoveryConfigRequest {
+  // Required. Resource name of the project and the config, for example
+  // `projects/dlp-test-project/discoveryConfigs/53234423`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
-      type: "dlp.googleapis.com/JobTrigger"
+      type: "dlp.googleapis.com/DiscoveryConfig"
     }
   ];
 }
@@ -4086,17 +4374,17 @@ message ListJobTriggersRequest {
     }
   ];
 
-  // Page token to continue retrieval. Comes from previous call
+  // Page token to continue retrieval. Comes from the previous call
   // to ListJobTriggers. `order_by` field must not
   // change for subsequent calls.
   string page_token = 2;
 
-  // Size of the page, can be limited by a server.
+  // Size of the page. This value can be limited by a server.
   int32 page_size = 3;
 
   // Comma separated list of triggeredJob fields to order by,
-  // followed by `asc` or `desc` postfix. This list is case-insensitive,
-  // default sorting order is ascending, redundant space characters are
+  // followed by `asc` or `desc` postfix. This list is case insensitive. The
+  // default sorting order is ascending. Redundant space characters are
   // insignificant.
   //
   // Example: `name asc,update_time, create_time desc`
@@ -4149,8 +4437,8 @@ message ListJobTriggersResponse {
   // List of triggeredJobs, up to page_size in ListJobTriggersRequest.
   repeated JobTrigger job_triggers = 1;
 
-  // If the next page is available then the next page token to be used
-  // in following ListJobTriggers request.
+  // If the next page is available then this value is the next page token to be
+  // used in the following ListJobTriggers request.
   string next_page_token = 2;
 }
 
@@ -4160,9 +4448,7 @@ message DeleteJobTriggerRequest {
   // `projects/dlp-test-project/jobTriggers/53234423`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "dlp.googleapis.com/JobTrigger"
-    }
+    (google.api.resource_reference) = { type: "dlp.googleapis.com/JobTrigger" }
   ];
 }
 
@@ -4292,13 +4578,95 @@ message DataProfileJobConfig {
   // scanned.
   //
   // For more information, see
-  // https://cloud.google.com/dlp/docs/data-profiles#data_residency.
+  // https://cloud.google.com/dlp/docs/data-profiles#data-residency.
   repeated string inspect_templates = 7;
 
   // Actions to execute at the completion of the job.
   repeated DataProfileAction data_profile_actions = 6;
 }
 
+// A pattern to match against one or more tables, datasets, or projects that
+// contain BigQuery tables. At least one pattern must be specified.
+// Regular expressions use RE2
+// [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found
+// under the google/re2 repository on GitHub.
+message BigQueryRegex {
+  // For organizations, if unset, will match all projects. Has no effect
+  // for data profile configurations created within a project.
+  string project_id_regex = 1;
+
+  // If unset, this property matches all datasets.
+  string dataset_id_regex = 2;
+
+  // If unset, this property matches all tables.
+  string table_id_regex = 3;
+}
+
+// A collection of regular expressions to determine what tables to match
+// against.
+message BigQueryRegexes {
+  // A single BigQuery regular expression pattern to match against one or more
+  // tables, datasets, or projects that contain BigQuery tables.
+  repeated BigQueryRegex patterns = 1;
+}
+
+// The types of BigQuery tables supported by Cloud DLP.
+message BigQueryTableTypes {
+  // A set of BigQuery table types.
+  repeated BigQueryTableType types = 1;
+}
+
+// Over time new types may be added. Currently VIEW, MATERIALIZED_VIEW,
+// and SNAPSHOT are not supported.
+enum BigQueryTableTypeCollection {
+  // Unused.
+  BIG_QUERY_COLLECTION_UNSPECIFIED = 0;
+
+  // Automatically generate profiles for all tables, even if the table type is
+  // not yet fully supported for analysis. Profiles for unsupported tables will
+  // be generated with errors to indicate their partial support. When full
+  // support is added, the tables will automatically be profiled during the next
+  // scheduled run.
+  BIG_QUERY_COLLECTION_ALL_TYPES = 1;
+
+  // Only those types fully supported will be profiled. Will expand
+  // automatically as Cloud DLP adds support for new table types. Unsupported
+  // table types will not have partial profiles generated.
+  BIG_QUERY_COLLECTION_ONLY_SUPPORTED_TYPES = 2;
+}
+
+// Over time new types may be added. Currently VIEW, MATERIALIZED_VIEW,
+// SNAPSHOT, and non-BigLake external tables are not supported.
+enum BigQueryTableType {
+  // Unused.
+  BIG_QUERY_TABLE_TYPE_UNSPECIFIED = 0;
+
+  // A normal BigQuery table.
+  BIG_QUERY_TABLE_TYPE_TABLE = 1;
+
+  // A table that references data stored in Cloud Storage.
+  BIG_QUERY_TABLE_TYPE_EXTERNAL_BIG_LAKE = 2;
+}
+
+// How frequently data profiles can be updated. New options can be added at a
+// later time.
+enum DataProfileUpdateFrequency {
+  // Unspecified.
+  UPDATE_FREQUENCY_UNSPECIFIED = 0;
+
+  // After the data profile is created, it will never be updated.
+  UPDATE_FREQUENCY_NEVER = 1;
+
+  // The data profile can be updated up to once every 24 hours.
+  UPDATE_FREQUENCY_DAILY = 2;
+
+  // The data profile can be updated up to once every 30 days. Default.
+  UPDATE_FREQUENCY_MONTHLY = 4;
+}
+
+// Do not profile the tables.
+message Disabled {}
+
 // The data that will be profiled.
 message DataProfileLocation {
   // The location to be scanned.
@@ -4311,6 +4679,283 @@ message DataProfileLocation {
   }
 }
 
+// Configuration for discovery to scan resources for profile generation.
+// Only one discovery configuration may exist per organization, folder,
+// or project.
+//
+// The generated data profiles are retained according to the
+// [data retention policy]
+// (https://cloud.google.com/dlp/docs/data-profiles#retention).
+message DiscoveryConfig {
+  option (google.api.resource) = {
+    type: "dlp.googleapis.com/DiscoveryConfig"
+    pattern: "projects/{project}/locations/{location}/discoveryConfigs/{discovery_config}"
+  };
+
+  // Project and scan location information. Only set when the parent is an org.
+  message OrgConfig {
+    // The data to scan: folder, org, or project
+    DiscoveryStartingLocation location = 1;
+
+    // The project that will run the scan. The DLP service
+    // account that exists within this project must have access to all resources
+    // that are profiled, and the Cloud DLP API must be enabled.
+    string project_id = 2;
+  }
+
+  // Whether the discovery config is currently active. New options may be added
+  // at a later time.
+  enum Status {
+    // Unused
+    STATUS_UNSPECIFIED = 0;
+
+    // The discovery config is currently active.
+    RUNNING = 1;
+
+    // The discovery config is paused temporarily.
+    PAUSED = 2;
+  }
+
+  // Unique resource name for the DiscoveryConfig, assigned by the service when
+  // the DiscoveryConfig is created, for example
+  // `projects/dlp-test-project/locations/global/discoveryConfigs/53234423`.
+  string name = 1;
+
+  // Display name (max 100 chars)
+  string display_name = 11;
+
+  // Only set when the parent is an org.
+  OrgConfig org_config = 2;
+
+  // Detection logic for profile generation.
+  //
+  // Not all template features are used by Discovery. FindingLimits,
+  // include_quote and exclude_info_types have no impact on
+  // Discovery.
+  //
+  // Multiple templates may be provided if there is data in multiple regions.
+  // At most one template must be specified per-region (including "global").
+  // Each region is scanned using the applicable template. If no region-specific
+  // template is specified, but a "global" template is specified, it will be
+  // copied to that region and used instead. If no global or region-specific
+  // template is provided for a region with data, that region's data will not be
+  // scanned.
+  //
+  // For more information, see
+  // https://cloud.google.com/dlp/docs/data-profiles#data-residency.
+  repeated string inspect_templates = 3;
+
+  // Actions to execute at the completion of scanning.
+  repeated DataProfileAction actions = 4;
+
+  // Target to match against for determining what to scan and how frequently.
+  repeated DiscoveryTarget targets = 5;
+
+  // Output only. A stream of errors encountered when the config was activated.
+  // Repeated errors may result in the config automatically being paused. Output
+  // only field. Will return the last 100 errors. Whenever the config is
+  // modified this list will be cleared.
+  repeated Error errors = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The creation timestamp of a DiscoveryConfig.
+  google.protobuf.Timestamp create_time = 7
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The last update timestamp of a DiscoveryConfig.
+  google.protobuf.Timestamp update_time = 8
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The timestamp of the last time this config was executed.
+  google.protobuf.Timestamp last_run_time = 9
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Required. A status for this configuration.
+  Status status = 10 [(google.api.field_behavior) = REQUIRED];
+}
+
+// Target used to match against for Discovery.
+message DiscoveryTarget {
+  // A target to match against for Discovery.
+  oneof target {
+    // BigQuery target for Discovery. The first target to match a table will be
+    // the one applied.
+    BigQueryDiscoveryTarget big_query_target = 1;
+  }
+}
+
+// Target used to match against for discovery with BigQuery tables
+message BigQueryDiscoveryTarget {
+  // Required. The tables the discovery cadence applies to. The first target
+  // with a matching filter will be the one to apply to a table.
+  DiscoveryBigQueryFilter filter = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // In addition to matching the filter, these conditions must be true
+  // before a profile is generated.
+  DiscoveryBigQueryConditions conditions = 2;
+
+  // The generation rule includes the logic on how frequently
+  // to update the data profiles. If not specified, discovery will re-run and
+  // update no more than once a month if new columns appear in the table.
+  oneof frequency {
+    // How often and when to update profiles. New tables that match both the
+    // filter and conditions are scanned as quickly as possible depending on
+    // system capacity.
+    DiscoveryGenerationCadence cadence = 3;
+
+    // Tables that match this filter will not have profiles created.
+    Disabled disabled = 4;
+  }
+}
+
+// Determines what tables will have profiles generated within an organization
+// or project. Includes the ability to filter by regular expression patterns
+// on project ID, dataset ID, and table ID.
+message DiscoveryBigQueryFilter {
+  // Catch-all for all other tables not specified by other filters. Should
+  // always be last, except for single-table configurations, which will only
+  // have a TableReference target.
+  message AllOtherBigQueryTables {}
+
+  // Whether the filter applies to a specific set of tables or all other tables
+  // within the location being profiled. The first filter to match will be
+  // applied, regardless of the condition. If none is set, will default to
+  // `other_tables`.
+  oneof filter {
+    // A specific set of tables for this filter to apply to. A table collection
+    // must be specified in only one filter per config.
+    // If a table id or dataset is empty, Cloud DLP assumes all tables in that
+    // collection must be profiled. Must specify a project ID.
+    BigQueryTableCollection tables = 1;
+
+    // Catch-all. This should always be the last filter in the list because
+    // anything above it will apply first. Should only appear once in a
+    // configuration. If none is specified, a default one will be added
+    // automatically.
+    AllOtherBigQueryTables other_tables = 2;
+  }
+}
+
+// Specifies a collection of BigQuery tables. Used for Discovery.
+message BigQueryTableCollection {
+  // Maximum of 100 entries.
+  // The first filter containing a pattern that matches a table will be used.
+  oneof pattern {
+    // A collection of regular expressions to match a BigQuery table against.
+    BigQueryRegexes include_regexes = 1;
+  }
+}
+
+// Requirements that must be true before a table is scanned in discovery for the
+// first time. There is an AND relationship between the top-level attributes.
+// Additionally, minimum conditions with an OR relationship that must be met
+// before Cloud DLP scans a table can be set (like a minimum row count or a
+// minimum table age).
+message DiscoveryBigQueryConditions {
+  // There is an OR relationship between these attributes. They are used to
+  // determine if a table should be scanned or not in Discovery.
+  message OrConditions {
+    // Minimum number of rows that should be present before Cloud DLP
+    // profiles a table
+    int32 min_row_count = 1;
+
+    // Minimum age a table must have before Cloud DLP can profile it. Value must
+    // be 1 hour or greater.
+    google.protobuf.Duration min_age = 2;
+  }
+
+  // BigQuery table must have been created after this date. Used to avoid
+  // backfilling.
+  google.protobuf.Timestamp created_after = 1;
+
+  // The type of BigQuery tables to scan. If nothing is set the default
+  // behavior is to scan only tables of type TABLE and to give errors
+  // for all unsupported tables.
+  oneof included_types {
+    // Restrict discovery to specific table types.
+    BigQueryTableTypes types = 2;
+
+    // Restrict discovery to categories of table types.
+    BigQueryTableTypeCollection type_collection = 3;
+  }
+
+  // At least one of the conditions must be true for a table to be scanned.
+  OrConditions or_conditions = 4;
+}
+
+// What must take place for a profile to be updated and how
+// frequently it should occur.
+// New tables are scanned as quickly as possible depending on system
+// capacity.
+message DiscoveryGenerationCadence {
+  // Governs when to update data profiles when a schema is modified.
+  DiscoverySchemaModifiedCadence schema_modified_cadence = 1;
+
+  // Governs when to update data profiles when a table is modified.
+  DiscoveryTableModifiedCadence table_modified_cadence = 2;
+}
+
+// The cadence at which to update data profiles when a table is modified.
+message DiscoveryTableModifiedCadence {
+  // The type of events to consider when deciding if the table has been
+  // modified and should have the profile updated. Defaults to
+  // MODIFIED_TIMESTAMP.
+  repeated BigQueryTableModification types = 1;
+
+  // How frequently data profiles can be updated when tables are modified.
+  // Defaults to never.
+  DataProfileUpdateFrequency frequency = 2;
+}
+
+// Attributes evaluated to determine if a table has been modified. New values
+// may be added at a later time.
+enum BigQueryTableModification {
+  // Unused.
+  TABLE_MODIFICATION_UNSPECIFIED = 0;
+
+  // A table will be considered modified when the last_modified_time from
+  // BigQuery has been updated.
+  TABLE_MODIFIED_TIMESTAMP = 1;
+}
+
+// The cadence at which to update data profiles when a schema is modified.
+message DiscoverySchemaModifiedCadence {
+  // The type of events to consider when deciding if the table's schema
+  // has been modified and should have the profile updated. Defaults to
+  // NEW_COLUMNS.
+  repeated BigQuerySchemaModification types = 1;
+
+  // How frequently profiles may be updated when schemas are
+  // modified. Defaults to monthly.
+  DataProfileUpdateFrequency frequency = 2;
+}
+
+// Attributes evaluated to determine if a schema has been modified. New values
+// may be added at a later time.
+enum BigQuerySchemaModification {
+  // Unused
+  SCHEMA_MODIFICATION_UNSPECIFIED = 0;
+
+  // Profiles should be regenerated when new columns are added to the table.
+  // Default.
+  SCHEMA_NEW_COLUMNS = 1;
+
+  // Profiles should be regenerated when columns are removed from the table.
+  SCHEMA_REMOVED_COLUMNS = 2;
+}
+
+// The location to begin a discovery scan. Denotes an organization ID or folder
+// ID within an organization.
+message DiscoveryStartingLocation {
+  // The location to be scanned.
+  oneof location {
+    // The ID of an organization to scan.
+    int64 organization_id = 1;
+
+    // The ID of the Folder within an organization to scan.
+    int64 folder_id = 2;
+  }
+}
+
 // Combines all of the information about a DLP job.
 message DlpJob {
   option (google.api.resource) = {
@@ -4373,12 +5018,18 @@ message DlpJob {
   // Time when the job finished.
   google.protobuf.Timestamp end_time = 8;
 
+  // Time when the job was last modified by the system.
+  google.protobuf.Timestamp last_modified = 15;
+
   // If created by a job trigger, the resource name of the trigger that
   // instantiated the job.
   string job_trigger_name = 10;
 
   // A stream of errors encountered running the job.
   repeated Error errors = 11;
+
+  // Events that should occur after the job has completed.
+  repeated ActionDetails action_details = 12;
 }
 
 // The request message for [DlpJobs.GetDlpJob][].
@@ -4386,9 +5037,7 @@ message GetDlpJobRequest {
   // Required. The name of the DlpJob resource.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "dlp.googleapis.com/DlpJob"
-    }
+    (google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" }
   ];
 }
 
@@ -4457,8 +5106,8 @@ message ListDlpJobsRequest {
   DlpJobType type = 5;
 
   // Comma separated list of fields to order by,
-  // followed by `asc` or `desc` postfix. This list is case-insensitive,
-  // default sorting order is ascending, redundant space characters are
+  // followed by `asc` or `desc` postfix. This list is case insensitive. The
+  // default sorting order is ascending. Redundant space characters are
   // insignificant.
   //
   // Example: `name asc, end_time asc, create_time desc`
@@ -4489,9 +5138,7 @@ message CancelDlpJobRequest {
   // Required. The name of the DlpJob resource to be cancelled.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "dlp.googleapis.com/DlpJob"
-    }
+    (google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" }
   ];
 }
 
@@ -4500,9 +5147,7 @@ message FinishDlpJobRequest {
   // Required. The name of the DlpJob resource to be cancelled.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "dlp.googleapis.com/DlpJob"
-    }
+    (google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" }
   ];
 }
 
@@ -4511,9 +5156,7 @@ message DeleteDlpJobRequest {
   // Required. The name of the DlpJob resource to be deleted.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "dlp.googleapis.com/DlpJob"
-    }
+    (google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" }
   ];
 }
 
@@ -4547,7 +5190,8 @@ message CreateDeidentifyTemplateRequest {
   ];
 
   // Required. The DeidentifyTemplate to create.
-  DeidentifyTemplate deidentify_template = 2 [(google.api.field_behavior) = REQUIRED];
+  DeidentifyTemplate deidentify_template = 2
+      [(google.api.field_behavior) = REQUIRED];
 
   // The template id can contain uppercase and lowercase letters,
   // numbers, and hyphens; that is, it must match the regular
@@ -4561,8 +5205,9 @@ message CreateDeidentifyTemplateRequest {
 
 // Request message for UpdateDeidentifyTemplate.
 message UpdateDeidentifyTemplateRequest {
-  // Required. Resource name of organization and deidentify template to be updated, for
-  // example `organizations/433245324/deidentifyTemplates/432452342` or
+  // Required. Resource name of organization and deidentify template to be
+  // updated, for example
+  // `organizations/433245324/deidentifyTemplates/432452342` or
   // projects/project-id/deidentifyTemplates/432452342.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
@@ -4580,9 +5225,9 @@ message UpdateDeidentifyTemplateRequest {
 
 // Request message for GetDeidentifyTemplate.
 message GetDeidentifyTemplateRequest {
-  // Required. Resource name of the organization and deidentify template to be read, for
-  // example `organizations/433245324/deidentifyTemplates/432452342` or
-  // projects/project-id/deidentifyTemplates/432452342.
+  // Required. Resource name of the organization and deidentify template to be
+  // read, for example `organizations/433245324/deidentifyTemplates/432452342`
+  // or projects/project-id/deidentifyTemplates/432452342.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -4620,17 +5265,17 @@ message ListDeidentifyTemplatesRequest {
     }
   ];
 
-  // Page token to continue retrieval. Comes from previous call
+  // Page token to continue retrieval. Comes from the previous call
   // to `ListDeidentifyTemplates`.
   string page_token = 2;
 
-  // Size of the page, can be limited by the server. If zero server returns
-  // a page of max size 100.
+  // Size of the page. This value can be limited by the server. If zero server
+  // returns a page of max size 100.
   int32 page_size = 3;
 
   // Comma separated list of fields to order by,
-  // followed by `asc` or `desc` postfix. This list is case-insensitive,
-  // default sorting order is ascending, redundant space characters are
+  // followed by `asc` or `desc` postfix. This list is case insensitive. The
+  // default sorting order is ascending. Redundant space characters are
   // insignificant.
   //
   // Example: `name asc,update_time, create_time desc`
@@ -4653,15 +5298,16 @@ message ListDeidentifyTemplatesResponse {
   // ListDeidentifyTemplatesRequest.
   repeated DeidentifyTemplate deidentify_templates = 1;
 
-  // If the next page is available then the next page token to be used
-  // in following ListDeidentifyTemplates request.
+  // If the next page is available then the next page token to be used in the
+  // following ListDeidentifyTemplates request.
   string next_page_token = 2;
 }
 
 // Request message for DeleteDeidentifyTemplate.
 message DeleteDeidentifyTemplateRequest {
-  // Required. Resource name of the organization and deidentify template to be deleted,
-  // for example `organizations/433245324/deidentifyTemplates/432452342` or
+  // Required. Resource name of the organization and deidentify template to be
+  // deleted, for example
+  // `organizations/433245324/deidentifyTemplates/432452342` or
   // projects/project-id/deidentifyTemplates/432452342.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
@@ -4830,8 +5476,8 @@ message CreateStoredInfoTypeRequest {
 
 // Request message for UpdateStoredInfoType.
 message UpdateStoredInfoTypeRequest {
-  // Required. Resource name of organization and storedInfoType to be updated, for
-  // example `organizations/433245324/storedInfoTypes/432452342` or
+  // Required. Resource name of organization and storedInfoType to be updated,
+  // for example `organizations/433245324/storedInfoTypes/432452342` or
   // projects/project-id/storedInfoTypes/432452342.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
@@ -4851,8 +5497,8 @@ message UpdateStoredInfoTypeRequest {
 
 // Request message for GetStoredInfoType.
 message GetStoredInfoTypeRequest {
-  // Required. Resource name of the organization and storedInfoType to be read, for
-  // example `organizations/433245324/storedInfoTypes/432452342` or
+  // Required. Resource name of the organization and storedInfoType to be read,
+  // for example `organizations/433245324/storedInfoTypes/432452342` or
   // projects/project-id/storedInfoTypes/432452342.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
@@ -4887,17 +5533,17 @@ message ListStoredInfoTypesRequest {
     }
   ];
 
-  // Page token to continue retrieval. Comes from previous call
+  // Page token to continue retrieval. Comes from the previous call
   // to `ListStoredInfoTypes`.
   string page_token = 2;
 
-  // Size of the page, can be limited by the server. If zero server returns
-  // a page of max size 100.
+  // Size of the page. This value can be limited by the server. If zero server
+  // returns a page of max size 100.
   int32 page_size = 3;
 
   // Comma separated list of fields to order by,
-  // followed by `asc` or `desc` postfix. This list is case-insensitive,
-  // default sorting order is ascending, redundant space characters are
+  // followed by `asc` or `desc` postfix. This list is case insensitive. The
+  // default sorting order is ascending. Redundant space characters are
   // insignificant.
   //
   // Example: `name asc, display_name, create_time desc`
@@ -4921,14 +5567,14 @@ message ListStoredInfoTypesResponse {
   repeated StoredInfoType stored_info_types = 1;
 
   // If the next page is available then the next page token to be used
-  // in following ListStoredInfoTypes request.
+  // in the following ListStoredInfoTypes request.
   string next_page_token = 2;
 }
 
 // Request message for DeleteStoredInfoType.
 message DeleteStoredInfoTypeRequest {
-  // Required. Resource name of the organization and storedInfoType to be deleted, for
-  // example `organizations/433245324/storedInfoTypes/432452342` or
+  // Required. Resource name of the organization and storedInfoType to be
+  // deleted, for example `organizations/433245324/storedInfoTypes/432452342` or
   // projects/project-id/storedInfoTypes/432452342.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
@@ -4940,13 +5586,11 @@ message DeleteStoredInfoTypeRequest {
 
 // Request to search for potentially sensitive info in a custom location.
 message HybridInspectJobTriggerRequest {
-  // Required. Resource name of the trigger to execute a hybrid inspect on, for example
-  // `projects/dlp-test-project/jobTriggers/53234423`.
+  // Required. Resource name of the trigger to execute a hybrid inspect on, for
+  // example `projects/dlp-test-project/jobTriggers/53234423`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "dlp.googleapis.com/JobTrigger"
-    }
+    (google.api.resource_reference) = { type: "dlp.googleapis.com/JobTrigger" }
   ];
 
   // The item to inspect.
@@ -4955,13 +5599,11 @@ message HybridInspectJobTriggerRequest {
 
 // Request to search for potentially sensitive info in a custom location.
 message HybridInspectDlpJobRequest {
-  // Required. Resource name of the job to execute a hybrid inspect on, for example
-  // `projects/dlp-test-project/dlpJob/53234423`.
+  // Required. Resource name of the job to execute a hybrid inspect on, for
+  // example `projects/dlp-test-project/dlpJob/53234423`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "dlp.googleapis.com/DlpJob"
-    }
+    (google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" }
   ];
 
   // The item to inspect.
@@ -5021,9 +5663,7 @@ message HybridFindingDetails {
 }
 
 // Quota exceeded errors will be thrown once quota has been met.
-message HybridInspectResponse {
-
-}
+message HybridInspectResponse {}
 
 // Operators available for comparing the value of fields.
 enum RelationalOperator {
@@ -5221,7 +5861,7 @@ message TableDataProfile {
   // The resource name to the project data profile for this table.
   string project_data_profile = 2;
 
-  // The GCP project ID that owns the BigQuery dataset.
+  // The Google Cloud project ID that owns the BigQuery dataset.
   string dataset_project_id = 24;
 
   // The BigQuery location where the dataset's data is stored.
@@ -5297,7 +5937,8 @@ message TableDataProfile {
 }
 
 message ProfileStatus {
-  // Profiling status code and optional message
+  // Profiling status code and optional message. The `status.code` value is 0
+  // (default value) for OK.
   google.rpc.Status status = 1;
 
   // Time when the profile generation status was updated
@@ -5333,6 +5974,191 @@ message OtherInfoTypeSummary {
   // Approximate percentage of non-null rows that contained data detected by
   // this infotype.
   int32 estimated_prevalence = 2;
+
+  // Whether this infoType was excluded from sensitivity and risk analysis due
+  // to factors such as low prevalence (subject to change).
+  bool excluded_from_analysis = 3;
+}
+
+// Bucketized nullness percentage levels. A higher level means a higher
+// percentage of the column is null.
+enum NullPercentageLevel {
+  // Unused.
+  NULL_PERCENTAGE_LEVEL_UNSPECIFIED = 0;
+
+  // Very few null entries.
+  NULL_PERCENTAGE_VERY_LOW = 1;
+
+  // Some null entries.
+  NULL_PERCENTAGE_LOW = 2;
+
+  NULL_PERCENTAGE_MEDIUM = 3;
+
+  // A lot of null entries.
+  NULL_PERCENTAGE_HIGH = 4;
+}
+
+// Bucketized uniqueness score levels. A higher uniqueness score is a strong
+// signal that the column may contain a unique identifier like user id. A low
+// value indicates that the column contains few unique values like booleans or
+// other classifiers.
+enum UniquenessScoreLevel {
+  // Some columns do not have estimated uniqueness. Possible reasons include
+  // having too few values.
+  UNIQUENESS_SCORE_LEVEL_UNSPECIFIED = 0;
+
+  // Low uniqueness, possibly a boolean, enum or similiarly typed column.
+  UNIQUENESS_SCORE_LOW = 1;
+
+  // Medium uniqueness.
+  UNIQUENESS_SCORE_MEDIUM = 2;
+
+  // High uniqueness, possibly a column of free text or unique identifiers.
+  UNIQUENESS_SCORE_HIGH = 3;
+}
+
+// The profile for a scanned column within a table.
+message ColumnDataProfile {
+  // Possible states of a profile. New items may be added.
+  enum State {
+    // Unused.
+    STATE_UNSPECIFIED = 0;
+
+    // The profile is currently running. Once a profile has finished it will
+    // transition to DONE.
+    RUNNING = 1;
+
+    // The profile is no longer generating.
+    // If profile_status.status.code is 0, the profile succeeded, otherwise, it
+    // failed.
+    DONE = 2;
+  }
+
+  // Data types of the data in a column. Types may be added over time.
+  enum ColumnDataType {
+    // Invalid type.
+    COLUMN_DATA_TYPE_UNSPECIFIED = 0;
+
+    // Encoded as a string in decimal format.
+    TYPE_INT64 = 1;
+
+    // Encoded as a boolean "false" or "true".
+    TYPE_BOOL = 2;
+
+    // Encoded as a number, or string "NaN", "Infinity" or "-Infinity".
+    TYPE_FLOAT64 = 3;
+
+    // Encoded as a string value.
+    TYPE_STRING = 4;
+
+    // Encoded as a base64 string per RFC 4648, section 4.
+    TYPE_BYTES = 5;
+
+    // Encoded as an RFC 3339 timestamp with mandatory "Z" time zone string:
+    // 1985-04-12T23:20:50.52Z
+    TYPE_TIMESTAMP = 6;
+
+    // Encoded as RFC 3339 full-date format string: 1985-04-12
+    TYPE_DATE = 7;
+
+    // Encoded as RFC 3339 partial-time format string: 23:20:50.52
+    TYPE_TIME = 8;
+
+    // Encoded as RFC 3339 full-date "T" partial-time: 1985-04-12T23:20:50.52
+    TYPE_DATETIME = 9;
+
+    // Encoded as WKT
+    TYPE_GEOGRAPHY = 10;
+
+    // Encoded as a decimal string.
+    TYPE_NUMERIC = 11;
+
+    // Container of ordered fields, each with a type and field name.
+    TYPE_RECORD = 12;
+
+    // Decimal type.
+    TYPE_BIGNUMERIC = 13;
+
+    // Json type.
+    TYPE_JSON = 14;
+  }
+
+  // The possible policy states for a column.
+  enum ColumnPolicyState {
+    // No policy tags.
+    COLUMN_POLICY_STATE_UNSPECIFIED = 0;
+
+    // Column has policy tag applied.
+    COLUMN_POLICY_TAGGED = 1;
+  }
+
+  // The name of the profile.
+  string name = 1;
+
+  // Success or error status from the most recent profile generation attempt.
+  // May be empty if the profile is still being generated.
+  ProfileStatus profile_status = 17;
+
+  // State of a profile.
+  State state = 18;
+
+  // The last time the profile was generated.
+  google.protobuf.Timestamp profile_last_generated = 3;
+
+  // The resource name of the table data profile.
+  string table_data_profile = 4;
+
+  // The resource name of the table this column is within.
+  string table_full_resource = 5;
+
+  // The Google Cloud project ID that owns the BigQuery dataset.
+  string dataset_project_id = 19;
+
+  // The BigQuery location where the dataset's data is stored.
+  // See https://cloud.google.com/bigquery/docs/locations for supported
+  // locations.
+  string dataset_location = 20;
+
+  // The BigQuery dataset ID.
+  string dataset_id = 21;
+
+  // The BigQuery table ID.
+  string table_id = 22;
+
+  // The name of the column.
+  string column = 6;
+
+  // The sensitivity of this column.
+  SensitivityScore sensitivity_score = 7;
+
+  // The data risk level for this column.
+  DataRiskLevel data_risk_level = 8;
+
+  // If it's been determined this column can be identified as a single type,
+  // this will be set. Otherwise the column either has unidentifiable content
+  // or mixed types.
+  InfoTypeSummary column_info_type = 9;
+
+  // Other types found within this column. List will be unordered.
+  repeated OtherInfoTypeSummary other_matches = 10;
+
+  // Approximate percentage of entries being null in the column.
+  NullPercentageLevel estimated_null_percentage = 23;
+
+  // Approximate uniqueness of the column.
+  UniquenessScoreLevel estimated_uniqueness_score = 24;
+
+  // The likelihood that this column contains free-form text.
+  // A value close to 1 may indicate the column is likely to contain
+  // free-form or natural language text.
+  // Range in 0-1.
+  double free_text_score = 13;
+
+  // The data type of a given column.
+  ColumnDataType column_type = 14;
+
+  // Indicates if a policy tag has been applied to the column.
+  ColumnPolicyState policy_state = 15;
 }
 
 // A condition for determining whether a Pub/Sub should be triggered.