@google-cloud/dlp 5.1.1 → 5.3.0

package/build/protos/google/privacy/dlp/v2/dlp.proto

@@ -55,7 +55,7 @@ option (google.api.resource_definition) = {
 // scheduling of data scans on Google Cloud Platform based data sets.
 //
 // To learn more about concepts and find how-to guides see
-// https://cloud.google.com/dlp/docs/.
+// https://cloud.google.com/sensitive-data-protection/docs/.
 service DlpService {
   option (google.api.default_host) = "dlp.googleapis.com";
   option (google.api.oauth_scopes) =
@@ -68,8 +68,10 @@ service DlpService {
   // system will automatically choose what detectors to run. By default this may
   // be all types, but may change over time as detectors are updated.
   //
-  // For how to guides, see https://cloud.google.com/dlp/docs/inspecting-images
-  // and https://cloud.google.com/dlp/docs/inspecting-text,
+  // For how to guides, see
+  // https://cloud.google.com/sensitive-data-protection/docs/inspecting-images
+  // and
+  // https://cloud.google.com/sensitive-data-protection/docs/inspecting-text,
   rpc InspectContent(InspectContentRequest) returns (InspectContentResponse) {
     option (google.api.http) = {
       post: "/v2/{parent=projects/*}/content:inspect"
@@ -83,8 +85,9 @@ service DlpService {
 
   // Redacts potentially sensitive info from an image.
   // This method has limits on input size, processing time, and output size.
-  // See https://cloud.google.com/dlp/docs/redacting-sensitive-data-images to
-  // learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/redacting-sensitive-data-images
+  // to learn more.
   //
   // When no InfoTypes or CustomInfoTypes are specified in this request, the
   // system will automatically choose what detectors to run. By default this may
@@ -102,8 +105,9 @@ service DlpService {
 
   // De-identifies potentially sensitive info from a ContentItem.
   // This method has limits on input size and output size.
-  // See https://cloud.google.com/dlp/docs/deidentify-sensitive-data to
-  // learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/deidentify-sensitive-data
+  // to learn more.
   //
   // When no InfoTypes or CustomInfoTypes are specified in this request, the
   // system will automatically choose what detectors to run. By default this may
@@ -122,7 +126,7 @@ service DlpService {
 
   // Re-identifies content that has been de-identified.
   // See
-  // https://cloud.google.com/dlp/docs/pseudonymization#re-identification_in_free_text_code_example
+  // https://cloud.google.com/sensitive-data-protection/docs/pseudonymization#re-identification_in_free_text_code_example
   // to learn more.
   rpc ReidentifyContent(ReidentifyContentRequest)
       returns (ReidentifyContentResponse) {
@@ -137,8 +141,9 @@ service DlpService {
   }
 
   // Returns a list of the sensitive information types that DLP API
-  // supports. See https://cloud.google.com/dlp/docs/infotypes-reference to
-  // learn more.
+  // supports. See
+  // https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference
+  // to learn more.
   rpc ListInfoTypes(ListInfoTypesRequest) returns (ListInfoTypesResponse) {
     option (google.api.http) = {
       get: "/v2/infoTypes"
@@ -149,7 +154,9 @@ service DlpService {
 
   // Creates an InspectTemplate for reusing frequently used configuration
   // for inspecting content, images, and storage.
-  // See https://cloud.google.com/dlp/docs/creating-templates to learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-templates
+  // to learn more.
   rpc CreateInspectTemplate(CreateInspectTemplateRequest)
       returns (InspectTemplate) {
     option (google.api.http) = {
@@ -172,7 +179,9 @@ service DlpService {
   }
 
   // Updates the InspectTemplate.
-  // See https://cloud.google.com/dlp/docs/creating-templates to learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-templates
+  // to learn more.
   rpc UpdateInspectTemplate(UpdateInspectTemplateRequest)
       returns (InspectTemplate) {
     option (google.api.http) = {
@@ -195,7 +204,9 @@ service DlpService {
   }
 
   // Gets an InspectTemplate.
-  // See https://cloud.google.com/dlp/docs/creating-templates to learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-templates
+  // to learn more.
   rpc GetInspectTemplate(GetInspectTemplateRequest) returns (InspectTemplate) {
     option (google.api.http) = {
       get: "/v2/{name=organizations/*/inspectTemplates/*}"
@@ -211,7 +222,9 @@ service DlpService {
   }
 
   // Lists InspectTemplates.
-  // See https://cloud.google.com/dlp/docs/creating-templates to learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-templates
+  // to learn more.
   rpc ListInspectTemplates(ListInspectTemplatesRequest)
       returns (ListInspectTemplatesResponse) {
     option (google.api.http) = {
@@ -228,7 +241,9 @@ service DlpService {
   }
 
   // Deletes an InspectTemplate.
-  // See https://cloud.google.com/dlp/docs/creating-templates to learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-templates
+  // to learn more.
   rpc DeleteInspectTemplate(DeleteInspectTemplateRequest)
       returns (google.protobuf.Empty) {
     option (google.api.http) = {
@@ -246,8 +261,9 @@ service DlpService {
 
   // Creates a DeidentifyTemplate for reusing frequently used configuration
   // for de-identifying content, images, and storage.
-  // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
-  // more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid
+  // to learn more.
   rpc CreateDeidentifyTemplate(CreateDeidentifyTemplateRequest)
       returns (DeidentifyTemplate) {
     option (google.api.http) = {
@@ -270,8 +286,9 @@ service DlpService {
   }
 
   // Updates the DeidentifyTemplate.
-  // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
-  // more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid
+  // to learn more.
   rpc UpdateDeidentifyTemplate(UpdateDeidentifyTemplateRequest)
       returns (DeidentifyTemplate) {
     option (google.api.http) = {
@@ -295,8 +312,9 @@ service DlpService {
   }
 
   // Gets a DeidentifyTemplate.
-  // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
-  // more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid
+  // to learn more.
   rpc GetDeidentifyTemplate(GetDeidentifyTemplateRequest)
       returns (DeidentifyTemplate) {
     option (google.api.http) = {
@@ -313,8 +331,9 @@ service DlpService {
   }
 
   // Lists DeidentifyTemplates.
-  // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
-  // more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid
+  // to learn more.
   rpc ListDeidentifyTemplates(ListDeidentifyTemplatesRequest)
       returns (ListDeidentifyTemplatesResponse) {
     option (google.api.http) = {
@@ -331,8 +350,9 @@ service DlpService {
   }
 
   // Deletes a DeidentifyTemplate.
-  // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
-  // more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid
+  // to learn more.
   rpc DeleteDeidentifyTemplate(DeleteDeidentifyTemplateRequest)
       returns (google.protobuf.Empty) {
     option (google.api.http) = {
@@ -352,7 +372,9 @@ service DlpService {
 
   // Creates a job trigger to run DLP actions such as scanning storage for
   // sensitive information on a set schedule.
-  // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers
+  // to learn more.
   rpc CreateJobTrigger(CreateJobTriggerRequest) returns (JobTrigger) {
     option (google.api.http) = {
       post: "/v2/{parent=projects/*}/jobTriggers"
@@ -370,7 +392,9 @@ service DlpService {
   }
 
   // Updates a job trigger.
-  // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers
+  // to learn more.
   rpc UpdateJobTrigger(UpdateJobTriggerRequest) returns (JobTrigger) {
     option (google.api.http) = {
       patch: "/v2/{name=projects/*/jobTriggers/*}"
@@ -400,7 +424,9 @@ service DlpService {
   }
 
   // Gets a job trigger.
-  // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers
+  // to learn more.
   rpc GetJobTrigger(GetJobTriggerRequest) returns (JobTrigger) {
     option (google.api.http) = {
       get: "/v2/{name=projects/*/jobTriggers/*}"
@@ -415,7 +441,9 @@ service DlpService {
   }
 
   // Lists job triggers.
-  // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers
+  // to learn more.
   rpc ListJobTriggers(ListJobTriggersRequest)
       returns (ListJobTriggersResponse) {
     option (google.api.http) = {
@@ -431,7 +459,9 @@ service DlpService {
   }
 
   // Deletes a job trigger.
-  // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers
+  // to learn more.
   rpc DeleteJobTrigger(DeleteJobTriggerRequest)
       returns (google.protobuf.Empty) {
     option (google.api.http) = {
@@ -523,8 +553,11 @@ service DlpService {
   }
 
   // Creates a new job to inspect storage or calculate risk metrics.
-  // See https://cloud.google.com/dlp/docs/inspecting-storage and
-  // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage
+  // and
+  // https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis
+  // to learn more.
   //
   // When no InfoTypes or CustomInfoTypes are specified in inspect jobs, the
   // system will automatically choose what detectors to run. By default this may
@@ -543,8 +576,11 @@ service DlpService {
   }
 
   // Lists DlpJobs that match the specified filter in the request.
-  // See https://cloud.google.com/dlp/docs/inspecting-storage and
-  // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage
+  // and
+  // https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis
+  // to learn more.
   rpc ListDlpJobs(ListDlpJobsRequest) returns (ListDlpJobsResponse) {
     option (google.api.http) = {
       get: "/v2/{parent=projects/*}/dlpJobs"
@@ -557,8 +593,11 @@ service DlpService {
   }
 
   // Gets the latest state of a long-running DlpJob.
-  // See https://cloud.google.com/dlp/docs/inspecting-storage and
-  // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage
+  // and
+  // https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis
+  // to learn more.
   rpc GetDlpJob(GetDlpJobRequest) returns (DlpJob) {
     option (google.api.http) = {
       get: "/v2/{name=projects/*/dlpJobs/*}"
@@ -570,8 +609,11 @@ service DlpService {
   // Deletes a long-running DlpJob. This method indicates that the client is
   // no longer interested in the DlpJob result. The job will be canceled if
   // possible.
-  // See https://cloud.google.com/dlp/docs/inspecting-storage and
-  // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage
+  // and
+  // https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis
+  // to learn more.
   rpc DeleteDlpJob(DeleteDlpJobRequest) returns (google.protobuf.Empty) {
     option (google.api.http) = {
       delete: "/v2/{name=projects/*/dlpJobs/*}"
@@ -585,8 +627,11 @@ service DlpService {
   // Starts asynchronous cancellation on a long-running DlpJob. The server
   // makes a best effort to cancel the DlpJob, but success is not
   // guaranteed.
-  // See https://cloud.google.com/dlp/docs/inspecting-storage and
-  // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage
+  // and
+  // https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis
+  // to learn more.
   rpc CancelDlpJob(CancelDlpJobRequest) returns (google.protobuf.Empty) {
     option (google.api.http) = {
       post: "/v2/{name=projects/*/dlpJobs/*}:cancel"
@@ -599,8 +644,9 @@ service DlpService {
   }
 
   // Creates a pre-built stored infoType to be used for inspection.
-  // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to
-  // learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes
+  // to learn more.
   rpc CreateStoredInfoType(CreateStoredInfoTypeRequest)
       returns (StoredInfoType) {
     option (google.api.http) = {
@@ -624,8 +670,9 @@ service DlpService {
 
   // Updates the stored infoType by creating a new version. The existing version
   // will continue to be used until the new version is ready.
-  // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to
-  // learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes
+  // to learn more.
   rpc UpdateStoredInfoType(UpdateStoredInfoTypeRequest)
       returns (StoredInfoType) {
     option (google.api.http) = {
@@ -648,8 +695,9 @@ service DlpService {
   }
 
   // Gets a stored infoType.
-  // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to
-  // learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes
+  // to learn more.
   rpc GetStoredInfoType(GetStoredInfoTypeRequest) returns (StoredInfoType) {
     option (google.api.http) = {
       get: "/v2/{name=organizations/*/storedInfoTypes/*}"
@@ -665,8 +713,9 @@ service DlpService {
   }
 
   // Lists stored infoTypes.
-  // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to
-  // learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes
+  // to learn more.
   rpc ListStoredInfoTypes(ListStoredInfoTypesRequest)
       returns (ListStoredInfoTypesResponse) {
     option (google.api.http) = {
@@ -683,8 +732,9 @@ service DlpService {
   }
 
   // Deletes a stored infoType.
-  // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to
-  // learn more.
+  // See
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes
+  // to learn more.
   rpc DeleteStoredInfoType(DeleteStoredInfoTypeRequest)
       returns (google.protobuf.Empty) {
     option (google.api.http) = {
@@ -700,6 +750,78 @@ service DlpService {
     option (google.api.method_signature) = "name";
   }
 
+  // Lists data profiles for an organization.
+  rpc ListProjectDataProfiles(ListProjectDataProfilesRequest)
+      returns (ListProjectDataProfilesResponse) {
+    option (google.api.http) = {
+      get: "/v2/{parent=organizations/*/locations/*}/projectDataProfiles"
+      additional_bindings {
+        get: "/v2/{parent=projects/*/locations/*}/projectDataProfiles"
+      }
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Lists data profiles for an organization.
+  rpc ListTableDataProfiles(ListTableDataProfilesRequest)
+      returns (ListTableDataProfilesResponse) {
+    option (google.api.http) = {
+      get: "/v2/{parent=organizations/*/locations/*}/tableDataProfiles"
+      additional_bindings {
+        get: "/v2/{parent=projects/*/locations/*}/tableDataProfiles"
+      }
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Lists data profiles for an organization.
+  rpc ListColumnDataProfiles(ListColumnDataProfilesRequest)
+      returns (ListColumnDataProfilesResponse) {
+    option (google.api.http) = {
+      get: "/v2/{parent=organizations/*/locations/*}/columnDataProfiles"
+      additional_bindings {
+        get: "/v2/{parent=projects/*/locations/*}/columnDataProfiles"
+      }
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Gets a project data profile.
+  rpc GetProjectDataProfile(GetProjectDataProfileRequest)
+      returns (ProjectDataProfile) {
+    option (google.api.http) = {
+      get: "/v2/{name=organizations/*/locations/*/projectDataProfiles/*}"
+      additional_bindings {
+        get: "/v2/{name=projects/*/locations/*/projectDataProfiles/*}"
+      }
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Gets a table data profile.
+  rpc GetTableDataProfile(GetTableDataProfileRequest)
+      returns (TableDataProfile) {
+    option (google.api.http) = {
+      get: "/v2/{name=organizations/*/locations/*/tableDataProfiles/*}"
+      additional_bindings {
+        get: "/v2/{name=projects/*/locations/*/tableDataProfiles/*}"
+      }
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Gets a column data profile.
+  rpc GetColumnDataProfile(GetColumnDataProfileRequest)
+      returns (ColumnDataProfile) {
+    option (google.api.http) = {
+      get: "/v2/{name=organizations/*/locations/*/columnDataProfiles/*}"
+      additional_bindings {
+        get: "/v2/{name=projects/*/locations/*/columnDataProfiles/*}"
+      }
+    };
+    option (google.api.method_signature) = "name";
+  }
+
   // Inspect hybrid content and store findings to a job.
   // To review the findings, inspect the job. Inspection will occur
   // asynchronously.
@@ -869,7 +991,7 @@ message InspectConfig {
 
   // Restricts what info_types to look for. The values must correspond to
   // InfoType values returned by ListInfoTypes or listed at
-  // https://cloud.google.com/dlp/docs/infotypes-reference.
+  // https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference.
   //
   // When no InfoTypes or CustomInfoTypes are specified in a request, the
   // system may automatically choose a default list of detectors to run, which
@@ -885,7 +1007,8 @@ message InspectConfig {
   //
   // In general, the highest likelihood setting yields the fewest findings in
   // results and the lowest chance of a false positive. For more information,
-  // see [Match likelihood](https://cloud.google.com/dlp/docs/likelihood).
+  // see [Match
+  // likelihood](https://cloud.google.com/sensitive-data-protection/docs/likelihood).
   Likelihood min_likelihood = 2;
 
   // Minimum likelihood per infotype. For each infotype, a user can specify a
@@ -922,7 +1045,8 @@ message InspectConfig {
   bool exclude_info_types = 5;
 
   // CustomInfoTypes provided by the user. See
-  // https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.
+  // https://cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes
+  // to learn more.
   repeated CustomInfoType custom_info_types = 6;
 
   // Deprecated and unused.
@@ -938,7 +1062,7 @@ message InspectConfig {
 message ByteContentItem {
   // The type of data being sent for inspection. To learn more, see
   // [Supported file
-  // types](https://cloud.google.com/dlp/docs/supported-file-types).
+  // types](https://cloud.google.com/sensitive-data-protection/docs/supported-file-types).
   enum BytesType {
     // Unused
     BYTES_TYPE_UNSPECIFIED = 0;
@@ -990,6 +1114,7 @@ message ByteContentItem {
   bytes data = 2;
 }
 
+// Type of content to inspect.
 message ContentItem {
   // Data of the item either in the byte array or UTF-8 string form, or table.
   oneof data_item {
@@ -997,8 +1122,8 @@ message ContentItem {
     string value = 3;
 
     // Structured content for inspection. See
-    // https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
-    // learn more.
+    // https://cloud.google.com/sensitive-data-protection/docs/inspecting-text#inspecting_a_table
+    // to learn more.
     Table table = 4;
 
     // Content data to inspect or redact. Replaces `type` and `data`.
@@ -1007,7 +1132,7 @@ message ContentItem {
 }
 
 // Structured content to inspect. Up to 50,000 `Value`s per request allowed. See
-// https://cloud.google.com/dlp/docs/inspecting-structured-text#inspecting_a_table
+// https://cloud.google.com/sensitive-data-protection/docs/inspecting-structured-text#inspecting_a_table
 // to learn more.
 message Table {
   // Values of the row.
@@ -1187,6 +1312,7 @@ message MetadataLocation {
 
 // Storage metadata label to indicate which metadata entry contains findings.
 message StorageMetadataLabel {
+  // Label name.
   string key = 1;
 }
 
@@ -1322,7 +1448,7 @@ message RedactImageRequest {
   //
   // The format of this value varies depending on whether you have [specified a
   // processing
-  // location](https://cloud.google.com/dlp/docs/specifying-location):
+  // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:<br/>
   //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
@@ -1387,7 +1513,7 @@ message DeidentifyContentRequest {
   //
   // The format of this value varies depending on whether you have [specified a
   // processing
-  // location](https://cloud.google.com/dlp/docs/specifying-location):
+  // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:<br/>
   //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
@@ -1456,7 +1582,7 @@ message ReidentifyContentRequest {
   //
   // The format of this value varies depending on whether you have [specified a
   // processing
-  // location](https://cloud.google.com/dlp/docs/specifying-location):
+  // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:<br/>
   //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
@@ -1528,7 +1654,7 @@ message InspectContentRequest {
   //
   // The format of this value varies depending on whether you have [specified a
   // processing
-  // location](https://cloud.google.com/dlp/docs/specifying-location):
+  // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:<br/>
   //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
@@ -1672,6 +1798,7 @@ message InspectDataSourceDetails {
 // The schema of data to be saved to the BigQuery table when the
 // `DataProfileAction` is enabled.
 message DataProfileBigQueryRowSchema {
+  // Data profile type.
   oneof data_profile {
     // Table data profile column
     TableDataProfile table_profile = 1;
@@ -1958,6 +2085,7 @@ message InfoTypeCategory {
     CONTEXTUAL_INFORMATION = 7;
   }
 
+  // Categories of infotypes.
   oneof category {
     // The region or country that issued the ID or document represented by the
     // infoType.
@@ -2009,7 +2137,8 @@ message ListInfoTypesResponse {
 }
 
 // Configuration for a risk analysis job. See
-// https://cloud.google.com/dlp/docs/concepts-risk-analysis to learn more.
+// https://cloud.google.com/sensitive-data-protection/docs/concepts-risk-analysis
+// to learn more.
 message RiskAnalysisJobConfig {
   // Privacy metric to compute.
   PrivacyMetric privacy_metric = 1;
@@ -2600,6 +2729,7 @@ message DateTime {
 
 // The configuration that controls how the data will change.
 message DeidentifyConfig {
+  // Type of transformation
   oneof transformation {
     // Treat the dataset as free-form text and apply the same free text
     // transformation everywhere.
@@ -2636,6 +2766,7 @@ message ImageTransformations {
     // Apply to all text.
     message AllText {}
 
+    // Part of the image to transform.
     oneof target {
       // Apply transformation to the selected info_types.
       SelectedInfoTypes selected_info_types = 4;
@@ -2655,6 +2786,7 @@ message ImageTransformations {
     Color redaction_color = 3;
   }
 
+  // List of transforms to make.
   repeated ImageTransformation transforms = 2;
 }
 
@@ -2688,6 +2820,7 @@ message TransformationErrorHandling {
 
 // A rule for transforming a value.
 message PrimitiveTransformation {
+  // Type of transformation.
   oneof transformation {
     // Replace with a specified value.
     ReplaceValueConfig replace_config = 1;
@@ -2764,7 +2897,8 @@ message TimePartConfig {
 // Outputs a base64 encoded representation of the hashed output
 // (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
 // Currently, only string and integer values can be hashed.
-// See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
+// See https://cloud.google.com/sensitive-data-protection/docs/pseudonymization
+// to learn more.
 message CryptoHashConfig {
   // The key used by the hash function.
   CryptoKey crypto_key = 1;
@@ -2842,10 +2976,11 @@ message ReplaceValueConfig {
 
 // Replace each input value with a value randomly selected from the dictionary.
 message ReplaceDictionaryConfig {
+  // Type of dictionary.
   oneof type {
     // A list of words to select from for random replacement. The
-    // [limits](https://cloud.google.com/dlp/limits) page contains details about
-    // the size limits of dictionaries.
+    // [limits](https://cloud.google.com/sensitive-data-protection/limits) page
+    // contains details about the size limits of dictionaries.
     CustomInfoType.Dictionary.WordList word_list = 1;
   }
 }
@@ -2882,6 +3017,7 @@ message CharsToIgnore {
     WHITESPACE = 5;
   }
 
+  // Type of characters to skip.
   oneof characters {
     // Characters to not transform when masking.
     string characters_to_skip = 1;
@@ -2953,7 +3089,9 @@ message CharacterMaskConfig {
 // being transformed, we will first attempt converting the type of the data to
 // be transformed to match the type of the bound before comparing.
 //
-// See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+// See
+// https://cloud.google.com/sensitive-data-protection/docs/concepts-bucketing to
+// learn more.
 message FixedSizeBucketingConfig {
   // Required. Lower bound value of buckets. All values less than `lower_bound`
   // are grouped together into a single bucket; for example if `lower_bound` =
@@ -2980,7 +3118,9 @@ message FixedSizeBucketingConfig {
 // If the bound `Value` type differs from the type of data being transformed, we
 // will first attempt converting the type of the data to be transformed to match
 // the type of the bound before comparing.
-// See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+// See
+// https://cloud.google.com/sensitive-data-protection/docs/concepts-bucketing to
+// learn more.
 message BucketingConfig {
   // Bucket is represented as a range, along with replacement values.
   message Bucket {
@@ -3006,8 +3146,9 @@ message BucketingConfig {
 // encoded as ASCII. For a given crypto key and context, the same identifier
 // will be replaced with the same surrogate. Identifiers must be at least two
 // characters long. In the case that the identifier is the empty string, it will
-// be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
-// more.
+// be skipped. See
+// https://cloud.google.com/sensitive-data-protection/docs/pseudonymization to
+// learn more.
 //
 // Note: We recommend using  CryptoDeterministicConfig for all use cases which
 // do not require preserving the input alphabet space and size, plus warrant
@@ -3091,7 +3232,7 @@ message CryptoReplaceFfxFpeConfig {
   //
   // This annotation identifies the surrogate when inspecting content using the
   // custom infoType
-  // [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+  // [`SurrogateType`](https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/InspectConfig#surrogatetype).
   // This facilitates reversal of the surrogate when it occurs in free text.
   //
   // In order for inspection to work properly, the name of this infoType must
@@ -3153,7 +3294,7 @@ message UnwrappedCryptoKey {
 // dlp.kms.encrypt
 //
 // For more information, see [Creating a wrapped key]
-// (https://cloud.google.com/dlp/docs/create-wrapped-key).
+// (https://cloud.google.com/sensitive-data-protection/docs/create-wrapped-key).
 //
 // Note: When you use Cloud KMS for cryptographic operations,
 // [charges apply](https://cloud.google.com/kms/pricing).
@@ -3166,7 +3307,8 @@ message KmsWrappedCryptoKey {
 }
 
 // Shifts dates by random number of days, with option to be consistent for the
-// same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
+// same context. See
+// https://cloud.google.com/sensitive-data-protection/docs/concepts-date-shifting
 // to learn more.
 message DateShiftConfig {
   // Required. Range of shift in days. Actual shift will be selected at random
@@ -3459,6 +3601,7 @@ message TransformationDetails {
 
 // Specifies the location of a transformation.
 message TransformationLocation {
+  // Location type.
   oneof location_type {
     // For infotype transformations, link to the corresponding findings ID so
     // that location information does not need to be duplicated. Each findings
@@ -3476,6 +3619,7 @@ message TransformationLocation {
   TransformationContainerType container_type = 3;
 }
 
+// The field in a record to transform.
 message RecordTransformation {
   // For record transformations, provide a field.
   FieldId field_id = 1;
@@ -3487,6 +3631,7 @@ message RecordTransformation {
   string container_version = 3;
 }
 
+// The outcome of a transformation.
 message TransformationResultStatus {
   // Transformation result status type, this will be either SUCCESS, or it will
   // be the reason for why the transformation was not completely successful.
@@ -3500,6 +3645,7 @@ message TransformationResultStatus {
 // storing of transformation was successful, otherwise, reason for not
 // transforming.
 enum TransformationResultStatusType {
+  // Unused.
   STATE_TYPE_UNSPECIFIED = 0;
 
   // This will be set when a finding could not be transformed (i.e. outside user
@@ -3522,12 +3668,16 @@ enum TransformationResultStatusType {
 
 // Describes functionality of a given container in its original format.
 enum TransformationContainerType {
+  // Unused.
   TRANSFORM_UNKNOWN_CONTAINER = 0;
 
+  // Body of a file.
   TRANSFORM_BODY = 1;
 
+  // Metadata for a file.
   TRANSFORM_METADATA = 2;
 
+  // A table.
   TRANSFORM_TABLE = 3;
 }
 
@@ -3597,6 +3747,7 @@ message TransformationDetailsStorageConfig {
 
 // Schedule for inspect job triggers.
 message Schedule {
+  // Type of schedule.
   oneof option {
     // With this option a job is started on a regular periodic basis. For
     // example: every day (86400 seconds).
@@ -3616,8 +3767,9 @@ message Manual {}
 
 // The inspectTemplate contains a configuration (set of types of sensitive data
 // to be detected) to be used anywhere you otherwise would normally specify
-// InspectConfig. See https://cloud.google.com/dlp/docs/concepts-templates
-// to learn more.
+// InspectConfig. See
+// https://cloud.google.com/sensitive-data-protection/docs/concepts-templates to
+// learn more.
 message InspectTemplate {
   option (google.api.resource) = {
     type: "dlp.googleapis.com/InspectTemplate"
@@ -3653,7 +3805,9 @@ message InspectTemplate {
 }
 
 // DeidentifyTemplates contains instructions on how to de-identify content.
-// See https://cloud.google.com/dlp/docs/concepts-templates to learn more.
+// See
+// https://cloud.google.com/sensitive-data-protection/docs/concepts-templates to
+// learn more.
 message DeidentifyTemplate {
   option (google.api.resource) = {
     type: "dlp.googleapis.com/DeidentifyTemplate"
@@ -3700,7 +3854,9 @@ message Error {
 }
 
 // Contains a configuration to make dlp api calls on a repeating basis.
-// See https://cloud.google.com/dlp/docs/concepts-job-triggers to learn more.
+// See
+// https://cloud.google.com/sensitive-data-protection/docs/concepts-job-triggers
+// to learn more.
 message JobTrigger {
   option (google.api.resource) = {
     type: "dlp.googleapis.com/JobTrigger"
@@ -3710,6 +3866,7 @@ message JobTrigger {
 
   // What event needs to occur for a new job to be started.
   message Trigger {
+    // What event needs to occur for a new job to be started.
     oneof trigger {
       // Create a job on a repeating basis based on the elapse of time.
       Schedule schedule = 1;
@@ -3782,7 +3939,8 @@ message JobTrigger {
 }
 
 // A task to execute on the completion of a job.
-// See https://cloud.google.com/dlp/docs/concepts-actions to learn more.
+// See https://cloud.google.com/sensitive-data-protection/docs/concepts-actions
+// to learn more.
 message Action {
   // If set, the detailed findings will be persisted to the specified
   // OutputStorageConfig. Only a single instance of this action can be
@@ -3796,7 +3954,7 @@ message Action {
   // Publish a message into a given Pub/Sub topic when DlpJob has completed. The
   // message contains a single field, `DlpJobName`, which is equal to the
   // finished job's
-  // [`DlpJob.name`](https://cloud.google.com/dlp/docs/reference/rest/v2/projects.dlpJobs#DlpJob).
+  // [`DlpJob.name`](https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/projects.dlpJobs#DlpJob).
   // Compatible with: Inspect, Risk
   message PublishToPubSub {
     // Cloud Pub/Sub topic to send notifications to. The topic must have given
@@ -3865,6 +4023,7 @@ message Action {
     TransformationDetailsStorageConfig transformation_details_storage_config =
         3;
 
+    // Where to store the output.
     oneof output {
       // Required. User settable Cloud Storage bucket and folders to store
       // de-identified files. This field must be set for cloud storage
@@ -3897,6 +4056,7 @@ message Action {
   // as 'Custom' under the Stackdriver label 'info_type'.
   message PublishToStackdriver {}
 
+  // Extra events to execute after the job has finished.
   oneof action {
     // Save resulting findings in a provided location.
     SaveFindings save_findings = 1;
@@ -3958,7 +4118,7 @@ message CreateInspectTemplateRequest {
   //
   // The format of this value varies depending on the scope of the request
   // (project or organization) and whether you have [specified a processing
-  // location](https://cloud.google.com/dlp/docs/specifying-location):
+  // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:<br/>
   //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
@@ -4032,7 +4192,7 @@ message ListInspectTemplatesRequest {
   //
   // The format of this value varies depending on the scope of the request
   // (project or organization) and whether you have [specified a processing
-  // location](https://cloud.google.com/dlp/docs/specifying-location):
+  // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:<br/>
   //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
@@ -4111,7 +4271,7 @@ message CreateJobTriggerRequest {
   //
   // The format of this value varies depending on whether you have [specified a
   // processing
-  // location](https://cloud.google.com/dlp/docs/specifying-location):
+  // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:<br/>
   //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
@@ -4310,7 +4470,7 @@ message CreateDlpJobRequest {
   //
   // The format of this value varies depending on whether you have [specified a
   // processing
-  // location](https://cloud.google.com/dlp/docs/specifying-location):
+  // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:<br/>
   //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
@@ -4355,7 +4515,7 @@ message ListJobTriggersRequest {
   //
   // The format of this value varies depending on whether you have [specified a
   // processing
-  // location](https://cloud.google.com/dlp/docs/specifying-location):
+  // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:<br/>
   //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
@@ -4538,6 +4698,7 @@ message DataProfileAction {
     ERROR_CHANGED = 4;
   }
 
+  // Type of action to execute when a profile is generated.
   oneof action {
     // Export data profiles into a provided location.
     Export export_data = 1;
@@ -4553,7 +4714,7 @@ message DataProfileAction {
 //
 // The generated data profiles are retained according to the
 // [data retention policy]
-// (https://cloud.google.com/dlp/docs/data-profiles#retention).
+// (https://cloud.google.com/sensitive-data-protection/docs/data-profiles#retention).
 message DataProfileJobConfig {
   // The data to scan.
   DataProfileLocation location = 1;
@@ -4578,7 +4739,7 @@ message DataProfileJobConfig {
   // scanned.
   //
   // For more information, see
-  // https://cloud.google.com/dlp/docs/data-profiles#data-residency.
+  // https://cloud.google.com/sensitive-data-protection/docs/data-profiles#data-residency.
   repeated string inspect_templates = 7;
 
   // Actions to execute at the completion of the job.
@@ -4685,7 +4846,7 @@ message DataProfileLocation {
 //
 // The generated data profiles are retained according to the
 // [data retention policy]
-// (https://cloud.google.com/dlp/docs/data-profiles#retention).
+// (https://cloud.google.com/sensitive-data-protection/docs/data-profiles#retention).
 message DiscoveryConfig {
   option (google.api.resource) = {
     type: "dlp.googleapis.com/DiscoveryConfig"
@@ -4742,7 +4903,7 @@ message DiscoveryConfig {
   // scanned.
   //
   // For more information, see
-  // https://cloud.google.com/dlp/docs/data-profiles#data-residency.
+  // https://cloud.google.com/sensitive-data-protection/docs/data-profiles#data-residency.
   repeated string inspect_templates = 3;
 
   // Actions to execute at the completion of scanning.
@@ -5001,6 +5162,7 @@ message DlpJob {
   // State of a job.
   JobState state = 3;
 
+  // Job details.
   oneof details {
     // Results from analyzing risk of a data source.
     AnalyzeDataSourceRiskDetails risk_details = 4;
@@ -5047,7 +5209,7 @@ message ListDlpJobsRequest {
   //
   // The format of this value varies depending on whether you have [specified a
   // processing
-  // location](https://cloud.google.com/dlp/docs/specifying-location):
+  // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:<br/>
   //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
@@ -5144,7 +5306,7 @@ message CancelDlpJobRequest {
 
 // The request message for finishing a DLP hybrid job.
 message FinishDlpJobRequest {
-  // Required. The name of the DlpJob resource to be cancelled.
+  // Required. The name of the DlpJob resource to be finished.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" }
@@ -5166,7 +5328,7 @@ message CreateDeidentifyTemplateRequest {
   //
   // The format of this value varies depending on the scope of the request
   // (project or organization) and whether you have [specified a processing
-  // location](https://cloud.google.com/dlp/docs/specifying-location):
+  // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:<br/>
   //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
@@ -5242,7 +5404,7 @@ message ListDeidentifyTemplatesRequest {
   //
   // The format of this value varies depending on the scope of the request
   // (project or organization) and whether you have [specified a processing
-  // location](https://cloud.google.com/dlp/docs/specifying-location):
+  // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:<br/>
   //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
@@ -5319,8 +5481,8 @@ message DeleteDeidentifyTemplateRequest {
 
 // Configuration for a custom dictionary created from a data source of any size
 // up to the maximum size defined in the
-// [limits](https://cloud.google.com/dlp/limits) page. The artifacts of
-// dictionary creation are stored in the specified Cloud Storage
+// [limits](https://cloud.google.com/sensitive-data-protection/limits) page. The
+// artifacts of dictionary creation are stored in the specified Cloud Storage
 // location. Consider using `CustomInfoType.Dictionary` for smaller dictionaries
 // that satisfy the size requirements.
 message LargeCustomDictionaryConfig {
@@ -5330,6 +5492,7 @@ message LargeCustomDictionaryConfig {
   // longer be used.
   CloudStoragePath output_path = 1;
 
+  // Source of the dictionary.
   oneof source {
     // Set of files containing newline-delimited lists of dictionary phrases.
     CloudStorageFileSet cloud_storage_file_set = 2;
@@ -5347,7 +5510,7 @@ message LargeCustomDictionaryStats {
 
 // Configuration for stored infoTypes. All fields and subfield are provided
 // by the user. For more information, see
-// https://cloud.google.com/dlp/docs/creating-custom-infotypes.
+// https://cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes.
 message StoredInfoTypeConfig {
   // Display name of the StoredInfoType (max 256 characters).
   string display_name = 1;
@@ -5438,7 +5601,7 @@ message CreateStoredInfoTypeRequest {
   //
   // The format of this value varies depending on the scope of the request
   // (project or organization) and whether you have [specified a processing
-  // location](https://cloud.google.com/dlp/docs/specifying-location):
+  // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:<br/>
   //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
@@ -5514,7 +5677,7 @@ message ListStoredInfoTypesRequest {
   //
   // The format of this value varies depending on the scope of the request
   // (project or organization) and whether you have [specified a processing
-  // location](https://cloud.google.com/dlp/docs/specifying-location):
+  // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:<br/>
   //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
@@ -5787,6 +5950,237 @@ enum StoredInfoTypeState {
   INVALID = 4;
 }
 
+// Request to list the profiles generated for a given organization or project.
+message ListProjectDataProfilesRequest {
+  // Required. organizations/{org_id}/locations/{loc_id}
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "dlp.googleapis.com/ProjectDataProfile"
+    }
+  ];
+
+  // Page token to continue retrieval.
+  string page_token = 2;
+
+  // Size of the page. This value can be limited by the server. If zero, server
+  // returns a page of max size 100.
+  int32 page_size = 3;
+
+  // Comma separated list of fields to order by, followed by `asc` or `desc`
+  // postfix. This list is case insensitive. The default sorting order is
+  // ascending. Redundant space characters are insignificant. Only one order
+  // field at a time is allowed.
+  //
+  // Examples:
+  // * `project_id`
+  // * `sensitivity_level desc`
+  //
+  // Supported fields are:
+  //
+  // - `project_id`: GCP project ID
+  // - `sensitivity_level`: How sensitive the data in a project is, at most.
+  // - `data_risk_level`: How much risk is associated with this data.
+  // - `profile_last_generated`: When the profile was last updated in epoch
+  // seconds.
+  string order_by = 4;
+
+  // Allows filtering.
+  //
+  // Supported syntax:
+  //
+  // * Filter expressions are made up of one or more restrictions.
+  // * Restrictions can be combined by `AND` or `OR` logical operators. A
+  // sequence of restrictions implicitly uses `AND`.
+  // * A restriction has the form of `{field} {operator} {value}`.
+  // * Supported fields/values:
+  //     - `sensitivity_level` - HIGH|MODERATE|LOW
+  //     - `data_risk_level` - HIGH|MODERATE|LOW
+  //     - `status_code` - an RPC status code as defined in
+  //     https://github.com/googleapis/googleapis/blob/master/google/rpc/code.proto
+  // * The operator must be `=` or `!=`.
+  //
+  // Examples:
+  //
+  // * `project_id = 12345 AND status_code = 1`
+  // * `project_id = 12345 AND sensitivity_level = HIGH`
+  //
+  // The length of this field should be no more than 500 characters.
+  string filter = 5;
+}
+
+// List of profiles generated for a given organization or project.
+message ListProjectDataProfilesResponse {
+  // List of data profiles.
+  repeated ProjectDataProfile project_data_profiles = 1;
+
+  // The next page token.
+  string next_page_token = 2;
+}
+
+// Request to list the profiles generated for a given organization or project.
+message ListTableDataProfilesRequest {
+  // Required. Resource name of the organization or project, for
+  // example `organizations/433245324/locations/europe` or
+  // `projects/project-id/locations/asia`.
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "dlp.googleapis.com/TableDataProfile"
+    }
+  ];
+
+  // Page token to continue retrieval.
+  string page_token = 2;
+
+  // Size of the page. This value can be limited by the server. If zero, server
+  // returns a page of max size 100.
+  int32 page_size = 3;
+
+  // Comma separated list of fields to order by, followed by `asc` or `desc`
+  // postfix. This list is case insensitive. The default sorting order is
+  // ascending. Redundant space characters are insignificant. Only one order
+  // field at a time is allowed.
+  //
+  // Examples:
+  // * `project_id asc`
+  // * `table_id`
+  // * `sensitivity_level desc`
+  //
+  // Supported fields are:
+  //
+  // - `project_id`: The GCP project ID.
+  // - `dataset_id`: The ID of a BigQuery dataset.
+  // - `table_id`: The ID of a BigQuery table.
+  // - `sensitivity_level`: How sensitive the data in a table is, at most.
+  // - `data_risk_level`: How much risk is associated with this data.
+  // - `profile_last_generated`: When the profile was last updated in epoch
+  // seconds.
+  // - `last_modified`: The last time the resource was modified.
+  // - `resource_visibility`: Visibility restriction for this resource.
+  // - `row_count`: Number of rows in this resource.
+  string order_by = 4;
+
+  // Allows filtering.
+  //
+  // Supported syntax:
+  //
+  // * Filter expressions are made up of one or more restrictions.
+  // * Restrictions can be combined by `AND` or `OR` logical operators. A
+  // sequence of restrictions implicitly uses `AND`.
+  // * A restriction has the form of `{field} {operator} {value}`.
+  // * Supported fields/values:
+  //     - `project_id` - The GCP project ID.
+  //     - `dataset_id` - The BigQuery dataset ID.
+  //     - `table_id` - The ID of the BigQuery table.
+  //     - `sensitivity_level` - HIGH|MODERATE|LOW
+  //     - `data_risk_level` - HIGH|MODERATE|LOW
+  //     - `resource_visibility`: PUBLIC|RESTRICTED
+  //     - `status_code` - an RPC status code as defined in
+  //     https://github.com/googleapis/googleapis/blob/master/google/rpc/code.proto
+  // * The operator must be `=` or `!=`.
+  //
+  // Examples:
+  //
+  // * `project_id = 12345 AND status_code = 1`
+  // * `project_id = 12345 AND sensitivity_level = HIGH`
+  // * `project_id = 12345 AND resource_visibility = PUBLIC`
+  //
+  // The length of this field should be no more than 500 characters.
+  string filter = 5;
+}
+
+// List of profiles generated for a given organization or project.
+message ListTableDataProfilesResponse {
+  // List of data profiles.
+  repeated TableDataProfile table_data_profiles = 1;
+
+  // The next page token.
+  string next_page_token = 2;
+}
+
+// Request to list the profiles generated for a given organization or project.
+message ListColumnDataProfilesRequest {
+  // Required. Resource name of the organization or project, for
+  // example `organizations/433245324/locations/europe` or
+  // `projects/project-id/locations/asia`.
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "dlp.googleapis.com/ColumnDataProfile"
+    }
+  ];
+
+  // Page token to continue retrieval.
+  string page_token = 2;
+
+  // Size of the page. This value can be limited by the server. If zero, server
+  // returns a page of max size 100.
+  int32 page_size = 3;
+
+  // Comma separated list of fields to order by, followed by `asc` or `desc`
+  // postfix. This list is case insensitive. The default sorting order is
+  // ascending. Redundant space characters are insignificant. Only one order
+  // field at a time is allowed.
+  //
+  // Examples:
+  // * `project_id asc`
+  // * `table_id`
+  // * `sensitivity_level desc`
+  //
+  // Supported fields are:
+  //
+  // - `project_id`: The Google Cloud project ID.
+  // - `dataset_id`: The ID of a BigQuery dataset.
+  // - `table_id`: The ID of a BigQuery table.
+  // - `sensitivity_level`: How sensitive the data in a column is, at most.
+  // - `data_risk_level`: How much risk is associated with this data.
+  // - `profile_last_generated`: When the profile was last updated in epoch
+  // seconds.
+  string order_by = 4;
+
+  // Allows filtering.
+  //
+  // Supported syntax:
+  //
+  // * Filter expressions are made up of one or more restrictions.
+  // * Restrictions can be combined by `AND` or `OR` logical operators. A
+  // sequence of restrictions implicitly uses `AND`.
+  // * A restriction has the form of `{field} {operator} {value}`.
+  // * Supported fields/values:
+  //     - `table_data_profile_name` - The name of the related table data
+  //     profile.
+  //     - `project_id` - The Google Cloud project ID. (REQUIRED)
+  //     - `dataset_id` - The BigQuery dataset ID. (REQUIRED)
+  //     - `table_id` - The BigQuery table ID. (REQUIRED)
+  //     - `field_id` - The ID of the BigQuery field.
+  //     - `info_type` - The infotype detected in the resource.
+  //     - `sensitivity_level` - HIGH|MEDIUM|LOW
+  //     - `data_risk_level`: How much risk is associated with this data.
+  //     - `status_code` - an RPC status code as defined in
+  //     https://github.com/googleapis/googleapis/blob/master/google/rpc/code.proto
+  // * The operator must be `=` for project_id, dataset_id, and table_id. Other
+  //   filters also support `!=`.
+  //
+  // Examples:
+  //
+  // * project_id = 12345 AND status_code = 1
+  // * project_id = 12345 AND sensitivity_level = HIGH
+  // * project_id = 12345 AND info_type = STREET_ADDRESS
+  //
+  // The length of this field should be no more than 500 characters.
+  string filter = 5;
+}
+
+// List of profiles generated for a given organization or project.
+message ListColumnDataProfilesResponse {
+  // List of data profiles.
+  repeated ColumnDataProfile column_data_profiles = 1;
+
+  // The next page token.
+  string next_page_token = 2;
+}
+
 // Score is a summary of all elements in the data profile.
 // A higher number means more risk.
 message DataRiskLevel {
@@ -5815,8 +6209,35 @@ message DataRiskLevel {
   DataRiskLevelScore score = 1;
 }
 
-// How broadly a resource has been shared. New items may be added over time.
-// A higher number means more restricted.
+// An aggregated profile for this project, based on the resources profiled
+// within it.
+message ProjectDataProfile {
+  option (google.api.resource) = {
+    type: "dlp.googleapis.com/ProjectDataProfile"
+    pattern: "organizations/{organization}/locations/{location}/projectDataProfiles/{project_data_profile}"
+    pattern: "projects/{project}/locations/{location}/projectDataProfiles/{project_data_profile}"
+  };
+  // The resource name of the profile.
+  string name = 1;
+
+  // Project ID that was profiled.
+  string project_id = 2;
+
+  // The last time the profile was generated.
+  google.protobuf.Timestamp profile_last_generated = 3;
+
+  // The sensitivity score of this project.
+  SensitivityScore sensitivity_score = 4;
+
+  // The data risk level of this project.
+  DataRiskLevel data_risk_level = 5;
+
+  // Success or error status of the last attempt to profile the project.
+  ProfileStatus profile_status = 7;
+}
+
+// How broadly the data in the resource has been shared. New items may be added
+// over time. A higher number means more restricted.
 enum ResourceVisibility {
   // Unused.
   RESOURCE_VISIBILITY_UNSPECIFIED = 0;
@@ -5834,12 +6255,30 @@ message DataProfileConfigSnapshot {
   // is a copy of the inspect_template specified in `DataProfileJobConfig`.
   InspectConfig inspect_config = 2;
 
+  // A copy of the configuration used to generate this profile. This is
+  // deprecated, and the DiscoveryConfig field is preferred moving forward.
+  // DataProfileJobConfig will still be written here for Discovery in BigQuery
+  // for backwards compatibility, but will not be updated with new fields, while
+  // DiscoveryConfig will.
+  DataProfileJobConfig data_profile_job = 3 [deprecated = true];
+
   // A copy of the configuration used to generate this profile.
-  DataProfileJobConfig data_profile_job = 3;
+  DiscoveryConfig discovery_config = 4;
+
+  // Name of the inspection template used to generate this profile
+  string inspect_template_name = 5;
+
+  // Timestamp when the template was modified
+  google.protobuf.Timestamp inspect_template_modified_time = 6;
 }
 
 // The profile for a scanned table.
 message TableDataProfile {
+  option (google.api.resource) = {
+    type: "dlp.googleapis.com/TableDataProfile"
+    pattern: "organizations/{organization}/locations/{location}/tableDataProfiles/{table_data_profile}"
+    pattern: "projects/{project}/locations/{location}/tableDataProfiles/{table_data_profile}"
+  };
   // Possible states of a profile. New items may be added.
   enum State {
     // Unused.
@@ -5858,24 +6297,27 @@ message TableDataProfile {
   // The name of the profile.
   string name = 1;
 
+  // The resource type that was profiled.
+  DataSourceType data_source_type = 36;
+
   // The resource name to the project data profile for this table.
   string project_data_profile = 2;
 
-  // The Google Cloud project ID that owns the BigQuery dataset.
+  // The Google Cloud project ID that owns the resource.
   string dataset_project_id = 24;
 
-  // The BigQuery location where the dataset's data is stored.
+  // If supported, the location where the dataset's data is stored.
   // See https://cloud.google.com/bigquery/docs/locations for supported
   // locations.
   string dataset_location = 29;
 
-  // The BigQuery dataset ID.
+  // If the resource is BigQuery, the  dataset ID.
   string dataset_id = 25;
 
-  // The BigQuery table ID.
+  // If the resource is BigQuery, the BigQuery table ID.
   string table_id = 26;
 
-  // The resource name of the table.
+  // The resource name of the resource profiled.
   // https://cloud.google.com/apis/design/resource_names#full_resource_name
   string full_resource = 3;
 
@@ -5936,6 +6378,7 @@ message TableDataProfile {
   google.protobuf.Timestamp create_time = 23;
 }
 
+// Success or errors for the profile generation.
 message ProfileStatus {
   // Profiling status code and optional message. The `status.code` value is 0
   // (default value) for OK.
@@ -5992,6 +6435,7 @@ enum NullPercentageLevel {
   // Some null entries.
   NULL_PERCENTAGE_LOW = 2;
 
+  // A few null entries.
   NULL_PERCENTAGE_MEDIUM = 3;
 
   // A lot of null entries.
@@ -6019,6 +6463,11 @@ enum UniquenessScoreLevel {
 
 // The profile for a scanned column within a table.
 message ColumnDataProfile {
+  option (google.api.resource) = {
+    type: "dlp.googleapis.com/ColumnDataProfile"
+    pattern: "organizations/{organization}/locations/{location}/columnDataProfiles/{column_data_profile}"
+    pattern: "projects/{project}/locations/{location}/columnDataProfiles/{column_data_profile}"
+  };
   // Possible states of a profile. New items may be added.
   enum State {
     // Unused.
@@ -6108,10 +6557,10 @@ message ColumnDataProfile {
   // The resource name of the table data profile.
   string table_data_profile = 4;
 
-  // The resource name of the table this column is within.
+  // The resource name of the resource this column is within.
   string table_full_resource = 5;
 
-  // The Google Cloud project ID that owns the BigQuery dataset.
+  // The Google Cloud project ID that owns the profiled resource.
   string dataset_project_id = 19;
 
   // The BigQuery location where the dataset's data is stored.
@@ -6161,6 +6610,42 @@ message ColumnDataProfile {
   ColumnPolicyState policy_state = 15;
 }
 
+// Request to get a project data profile.
+message GetProjectDataProfileRequest {
+  // Required. Resource name, for example
+  // `organizations/12345/locations/us/projectDataProfiles/53234423`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "dlp.googleapis.com/ProjectDataProfile"
+    }
+  ];
+}
+
+// Request to get a table data profile.
+message GetTableDataProfileRequest {
+  // Required. Resource name, for example
+  // `organizations/12345/locations/us/tableDataProfiles/53234423`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "dlp.googleapis.com/TableDataProfile"
+    }
+  ];
+}
+
+// Request to get a column data profile.
+message GetColumnDataProfileRequest {
+  // Required. Resource name, for example
+  // `organizations/12345/locations/us/columnDataProfiles/53234423`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "dlp.googleapis.com/ColumnDataProfile"
+    }
+  ];
+}
+
 // A condition for determining whether a Pub/Sub should be triggered.
 message DataProfilePubSubCondition {
   // Various score levels for resources.
@@ -6224,3 +6709,10 @@ message DataProfilePubSubMessage {
   // The event that caused the Pub/Sub message to be sent.
   DataProfileAction.EventType event = 2;
 }
+
+// Message used to identify the type of resource being profiled.
+message DataSourceType {
+  // Output only. An identifying string to the type of resource being profiled.
+  // Current values: google/bigquery/table, google/project
+  string data_source = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
+}