@google-cloud/dlp 5.8.0 → 5.10.0

package/CHANGELOG.md

@@ -4,6 +4,20 @@
 
 [1]: https://www.npmjs.com/package/PACKAGE NAME?activeTab=versions
 
+## [5.10.0](https://github.com/googleapis/google-cloud-node/compare/dlp-v5.9.0...dlp-v5.10.0) (2024-08-19)
+
+
+### Features
+
+* [dlp] inspect template modified cadence discovery config for Cloud SQL ([#5623](https://github.com/googleapis/google-cloud-node/issues/5623)) ([215ae31](https://github.com/googleapis/google-cloud-node/commit/215ae318d9ed8bf2878e88381542ddef6e28014a))
+
+## [5.9.0](https://github.com/googleapis/google-cloud-node/compare/dlp-v5.8.0...dlp-v5.9.0) (2024-08-09)
+
+
+### Features
+
+* [dlp] add the TagResources API ([#5588](https://github.com/googleapis/google-cloud-node/issues/5588)) ([91df9a7](https://github.com/googleapis/google-cloud-node/commit/91df9a74e2f3573a3620f6641b51112ed6f3f394))
+
 ## [5.8.0](https://github.com/googleapis/google-cloud-node/compare/dlp-v5.7.0...dlp-v5.8.0) (2024-07-22)
 
 

package/build/protos/google/privacy/dlp/v2/dlp.proto

@@ -160,7 +160,7 @@ service DlpService {
   rpc CreateInspectTemplate(CreateInspectTemplateRequest)
       returns (InspectTemplate) {
     option (google.api.http) = {
-      post: "/v2/{parent=organizations/*}/inspectTemplates"
+      post: "/v2/{parent=projects/*/locations/*}/inspectTemplates"
       body: "*"
       additional_bindings {
         post: "/v2/{parent=organizations/*/locations/*}/inspectTemplates"
@@ -171,7 +171,7 @@ service DlpService {
         body: "*"
       }
       additional_bindings {
-        post: "/v2/{parent=projects/*/locations/*}/inspectTemplates"
+        post: "/v2/{parent=organizations/*}/inspectTemplates"
         body: "*"
       }
     };
@@ -185,7 +185,7 @@ service DlpService {
   rpc UpdateInspectTemplate(UpdateInspectTemplateRequest)
       returns (InspectTemplate) {
     option (google.api.http) = {
-      patch: "/v2/{name=organizations/*/inspectTemplates/*}"
+      patch: "/v2/{name=projects/*/locations/*/inspectTemplates/*}"
       body: "*"
       additional_bindings {
         patch: "/v2/{name=organizations/*/locations/*/inspectTemplates/*}"
@@ -196,7 +196,7 @@ service DlpService {
         body: "*"
       }
       additional_bindings {
-        patch: "/v2/{name=projects/*/locations/*/inspectTemplates/*}"
+        patch: "/v2/{name=organizations/*/inspectTemplates/*}"
         body: "*"
       }
     };
@@ -209,13 +209,13 @@ service DlpService {
   // to learn more.
   rpc GetInspectTemplate(GetInspectTemplateRequest) returns (InspectTemplate) {
     option (google.api.http) = {
-      get: "/v2/{name=organizations/*/inspectTemplates/*}"
+      get: "/v2/{name=projects/*/locations/*/inspectTemplates/*}"
       additional_bindings {
         get: "/v2/{name=organizations/*/locations/*/inspectTemplates/*}"
       }
       additional_bindings { get: "/v2/{name=projects/*/inspectTemplates/*}" }
       additional_bindings {
-        get: "/v2/{name=projects/*/locations/*/inspectTemplates/*}"
+        get: "/v2/{name=organizations/*/inspectTemplates/*}"
       }
     };
     option (google.api.method_signature) = "name";
@@ -228,13 +228,13 @@ service DlpService {
   rpc ListInspectTemplates(ListInspectTemplatesRequest)
       returns (ListInspectTemplatesResponse) {
     option (google.api.http) = {
-      get: "/v2/{parent=organizations/*}/inspectTemplates"
+      get: "/v2/{parent=projects/*/locations/*}/inspectTemplates"
       additional_bindings {
         get: "/v2/{parent=organizations/*/locations/*}/inspectTemplates"
       }
       additional_bindings { get: "/v2/{parent=projects/*}/inspectTemplates" }
       additional_bindings {
-        get: "/v2/{parent=projects/*/locations/*}/inspectTemplates"
+        get: "/v2/{parent=organizations/*}/inspectTemplates"
       }
     };
     option (google.api.method_signature) = "parent";
@@ -247,13 +247,13 @@ service DlpService {
   rpc DeleteInspectTemplate(DeleteInspectTemplateRequest)
       returns (google.protobuf.Empty) {
     option (google.api.http) = {
-      delete: "/v2/{name=organizations/*/inspectTemplates/*}"
+      delete: "/v2/{name=projects/*/locations/*/inspectTemplates/*}"
       additional_bindings {
         delete: "/v2/{name=organizations/*/locations/*/inspectTemplates/*}"
       }
       additional_bindings { delete: "/v2/{name=projects/*/inspectTemplates/*}" }
       additional_bindings {
-        delete: "/v2/{name=projects/*/locations/*/inspectTemplates/*}"
+        delete: "/v2/{name=organizations/*/inspectTemplates/*}"
       }
     };
     option (google.api.method_signature) = "name";
@@ -898,6 +898,10 @@ service DlpService {
     option (google.api.http) = {
       post: "/v2/{parent=projects/*/locations/*}/connections"
       body: "*"
+      additional_bindings {
+        post: "/v2/{parent=organizations/*/locations/*}/connections"
+        body: "*"
+      }
     };
     option (google.api.method_signature) = "parent, connection";
   }
@@ -906,15 +910,22 @@ service DlpService {
   rpc GetConnection(GetConnectionRequest) returns (Connection) {
     option (google.api.http) = {
       get: "/v2/{name=projects/*/locations/*/connections/*}"
+      additional_bindings {
+        get: "/v2/{name=organizations/*/locations/*/connections/*}"
+      }
     };
     option (google.api.method_signature) = "name";
   }
 
-  // Lists Connections in a parent.
+  // Lists Connections in a parent. Use SearchConnections to see all connections
+  // within an organization.
   rpc ListConnections(ListConnectionsRequest)
       returns (ListConnectionsResponse) {
     option (google.api.http) = {
       get: "/v2/{parent=projects/*/locations/*}/connections"
+      additional_bindings {
+        get: "/v2/{parent=organizations/*/locations/*}/connections"
+      }
     };
     option (google.api.method_signature) = "parent";
   }
@@ -936,6 +947,9 @@ service DlpService {
       returns (google.protobuf.Empty) {
     option (google.api.http) = {
       delete: "/v2/{name=projects/*/locations/*/connections/*}"
+      additional_bindings {
+        delete: "/v2/{name=organizations/*/locations/*/connections/*}"
+      }
     };
     option (google.api.method_signature) = "name";
   }
@@ -945,6 +959,10 @@ service DlpService {
     option (google.api.http) = {
       patch: "/v2/{name=projects/*/locations/*/connections/*}"
       body: "*"
+      additional_bindings {
+        patch: "/v2/{name=organizations/*/locations/*/connections/*}"
+        body: "*"
+      }
     };
     option (google.api.method_signature) = "name";
   }
@@ -1567,9 +1585,9 @@ message RedactImageRequest {
   // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:
-  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `projects/{project_id}/locations/{location_id}`
   // + Projects scope, no location specified (defaults to global):
-  //   `projects/`<var>PROJECT_ID</var>
+  //   `projects/{project_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -1632,9 +1650,9 @@ message DeidentifyContentRequest {
   // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:
-  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `projects/{project_id}/locations/{location_id}`
   // + Projects scope, no location specified (defaults to global):
-  //   `projects/`<var>PROJECT_ID</var>
+  //   `projects/{project_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -1701,9 +1719,9 @@ message ReidentifyContentRequest {
   // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:
-  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `projects/{project_id}/locations/{location_id}`
   // + Projects scope, no location specified (defaults to global):
-  //   `projects/`<var>PROJECT_ID</var>
+  //   `projects/{project_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -1773,9 +1791,9 @@ message InspectContentRequest {
   // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:
-  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `projects/{project_id}/locations/{location_id}`
   // + Projects scope, no location specified (defaults to global):
-  //   `projects/`<var>PROJECT_ID</var>
+  //   `projects/{project_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -2258,7 +2276,7 @@ message ListInfoTypesRequest {
   //
   // The format of this value is as follows:
   //
-  //     locations/<var>LOCATION_ID</var>
+  //     `locations/{location_id}`
   string parent = 4;
 
   // BCP-47 language code for localized infoType friendly
@@ -3357,8 +3375,7 @@ message CryptoReplaceFfxFpeConfig {
     // This must be encoded as ASCII.
     // The order of characters does not matter.
     // The full list of allowed characters is:
-    // <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
-    // ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
+    // ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/``
     string custom_alphabet = 5;
 
     // The native way to select the alphabet. Must be in the range [2, 95].
@@ -4281,13 +4298,13 @@ message CreateInspectTemplateRequest {
   // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:
-  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `projects/{project_id}/locations/{location_id}`
   // + Projects scope, no location specified (defaults to global):
-  //   `projects/`<var>PROJECT_ID</var>
+  //   `projects/{project_id}`
   // + Organizations scope, location specified:
-  //   `organizations/`<var>ORG_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `organizations/{org_id}/locations/{location_id}`
   // + Organizations scope, no location specified (defaults to global):
-  //   `organizations/`<var>ORG_ID</var>
+  //   `organizations/{org_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -4355,13 +4372,13 @@ message ListInspectTemplatesRequest {
   // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:
-  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `projects/{project_id}/locations/{location_id}`
   // + Projects scope, no location specified (defaults to global):
-  //   `projects/`<var>PROJECT_ID</var>
+  //   `projects/{project_id}`
   // + Organizations scope, location specified:
-  //   `organizations/`<var>ORG_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `organizations/{org_id}/locations/{location_id}`
   // + Organizations scope, no location specified (defaults to global):
-  //   `organizations/`<var>ORG_ID</var>
+  //   `organizations/{org_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -4434,9 +4451,9 @@ message CreateJobTriggerRequest {
   // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:
-  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `projects/{project_id}/locations/{location_id}`
   // + Projects scope, no location specified (defaults to global):
-  //   `projects/`<var>PROJECT_ID</var>
+  //   `projects/{project_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -4507,9 +4524,9 @@ message CreateDiscoveryConfigRequest {
   // (project or organization):
   //
   // + Projects scope:
-  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `projects/{project_id}/locations/{location_id}`
   // + Organizations scope:
-  //   `organizations/`<var>ORG_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `organizations/{org_id}/locations/{location_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -4568,7 +4585,7 @@ message ListDiscoveryConfigsRequest {
   // Required. Parent resource name.
   //
   // The format of this value is as follows:
-  // `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  // `projects/{project_id}/locations/{location_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -4638,9 +4655,9 @@ message CreateDlpJobRequest {
   // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:
-  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `projects/{project_id}/locations/{location_id}`
   // + Projects scope, no location specified (defaults to global):
-  //   `projects/`<var>PROJECT_ID</var>
+  //   `projects/{project_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -4683,9 +4700,9 @@ message ListJobTriggersRequest {
   // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:
-  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `projects/{project_id}/locations/{location_id}`
   // + Projects scope, no location specified (defaults to global):
-  //   `projects/`<var>PROJECT_ID</var>
+  //   `projects/{project_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -4794,6 +4811,18 @@ message InspectJobConfig {
   repeated Action actions = 4;
 }
 
+// Whether a profile being created is the first generation or an update.
+enum ProfileGeneration {
+  // Unused.
+  PROFILE_GENERATION_UNSPECIFIED = 0;
+
+  // The profile is the first profile for the resource.
+  PROFILE_GENERATION_NEW = 1;
+
+  // The profile is an update to a previous profile.
+  PROFILE_GENERATION_UPDATE = 2;
+}
+
 // A task to execute when a data profile has been generated.
 message DataProfileAction {
   // If set, the detailed data profiles will be persisted to the location
@@ -4868,6 +4897,60 @@ message DataProfileAction {
     ERROR_CHANGED = 4;
   }
 
+  // If set, attaches the [tags]
+  // (https://cloud.google.com/resource-manager/docs/tags/tags-overview)
+  // provided to profiled resources. Tags support [access
+  // control](https://cloud.google.com/iam/docs/tags-access-control). You can
+  // conditionally grant or deny access to a resource based on whether the
+  // resource has a specific tag.
+  message TagResources {
+    // The tag to attach to profiles matching the condition. At most one
+    // `TagCondition` can be specified per sensitivity level.
+    message TagCondition {
+      // The tag value to attach to resources.
+      TagValue tag = 1;
+
+      // The type of condition on which attaching the tag will be predicated.
+      oneof type {
+        // Conditions attaching the tag to a resource on its profile having this
+        // sensitivity score.
+        SensitivityScore sensitivity_score = 2;
+      }
+    }
+
+    // A value of a tag.
+    message TagValue {
+      // The format of the tag value.
+      oneof format {
+        // The namespaced name for the tag value to attach to resources. Must be
+        // in the format `{parent_id}/{tag_key_short_name}/{short_name}`, for
+        // example, "123456/environment/prod".
+        string namespaced_value = 1;
+      }
+    }
+
+    // The tags to associate with different conditions.
+    repeated TagCondition tag_conditions = 1;
+
+    // The profile generations for which the tag should be attached to
+    // resources. If you attach a tag to only new profiles, then if the
+    // sensitivity score of a profile subsequently changes, its tag doesn't
+    // change. By default, this field includes only new profiles. To include
+    // both new and updated profiles for tagging, this field should explicitly
+    // include both `PROFILE_GENERATION_NEW` and `PROFILE_GENERATION_UPDATE`.
+    repeated ProfileGeneration profile_generations_to_tag = 2;
+
+    // Whether applying a tag to a resource should lower the risk of the profile
+    // for that resource. For example, in conjunction with an [IAM deny
+    // policy](https://cloud.google.com/iam/docs/deny-overview), you can deny
+    // all principals a permission if a tag value is present, mitigating the
+    // risk of the resource. This also lowers the data risk of resources at the
+    // lower levels of the resource hierarchy. For example, reducing the data
+    // risk of a table data profile also reduces the data risk of the
+    // constituent column data profiles.
+    bool lower_data_risk_to_low = 3;
+  }
+
   // Type of action to execute when a profile is generated.
   oneof action {
     // Export data profiles into a provided location.
@@ -4875,6 +4958,9 @@ message DataProfileAction {
 
     // Publish a message into the Pub/Sub topic.
     PubSubNotification pub_sub_notification = 2;
+
+    // Tags the profiled resources with the specified tag values.
+    TagResources tag_resources = 8;
   }
 }
 
@@ -5246,6 +5332,10 @@ message DiscoveryGenerationCadence {
   // defined by the `InspectTemplate` change.
   // If not set, changing the template will not cause a data profile to update.
   DiscoveryInspectTemplateModifiedCadence inspect_template_modified_cadence = 3;
+
+  // Frequency at which profiles should be updated, regardless of whether the
+  // underlying resource has changed. Defaults to never.
+  DataProfileUpdateFrequency refresh_frequency = 4;
 }
 
 // The cadence at which to update data profiles when a table is modified.
@@ -5491,6 +5581,11 @@ message DiscoveryCloudSqlGenerationCadence {
   // frequency regardless of whether the underlying tables have changed.
   // Defaults to never.
   DataProfileUpdateFrequency refresh_frequency = 2;
+
+  // Governs when to update data profiles when the inspection rules
+  // defined by the `InspectTemplate` change.
+  // If not set, changing the template will not cause a data profile to update.
+  DiscoveryInspectTemplateModifiedCadence inspect_template_modified_cadence = 3;
 }
 
 // Discovery target for credentials and secrets in cloud resource metadata.
@@ -5734,7 +5829,7 @@ message DiscoveryStartingLocation {
     // The ID of an organization to scan.
     int64 organization_id = 1;
 
-    // The ID of the folder within an organization to scan.
+    // The ID of the folder within an organization to be scanned.
     int64 folder_id = 2;
   }
 }
@@ -5837,9 +5932,9 @@ message ListDlpJobsRequest {
   // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:
-  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `projects/{project_id}/locations/{location_id}`
   // + Projects scope, no location specified (defaults to global):
-  //   `projects/`<var>PROJECT_ID</var>
+  //   `projects/{project_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -5956,13 +6051,13 @@ message CreateDeidentifyTemplateRequest {
   // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:
-  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `projects/{project_id}/locations/{location_id}`
   // + Projects scope, no location specified (defaults to global):
-  //   `projects/`<var>PROJECT_ID</var>
+  //   `projects/{project_id}`
   // + Organizations scope, location specified:
-  //   `organizations/`<var>ORG_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `organizations/{org_id}/locations/{location_id}`
   // + Organizations scope, no location specified (defaults to global):
-  //   `organizations/`<var>ORG_ID</var>
+  //   `organizations/{org_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -6032,13 +6127,13 @@ message ListDeidentifyTemplatesRequest {
   // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:
-  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `projects/{project_id}/locations/{location_id}`
   // + Projects scope, no location specified (defaults to global):
-  //   `projects/`<var>PROJECT_ID</var>
+  //   `projects/{project_id}`
   // + Organizations scope, location specified:
-  //   `organizations/`<var>ORG_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `organizations/{org_id}/locations/{location_id}`
   // + Organizations scope, no location specified (defaults to global):
-  //   `organizations/`<var>ORG_ID</var>
+  //   `organizations/{org_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -6229,13 +6324,13 @@ message CreateStoredInfoTypeRequest {
   // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:
-  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `projects/{project_id}/locations/{location_id}`
   // + Projects scope, no location specified (defaults to global):
-  //   `projects/`<var>PROJECT_ID</var>
+  //   `projects/{project_id}`
   // + Organizations scope, location specified:
-  //   `organizations/`<var>ORG_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `organizations/{org_id}/locations/{location_id}`
   // + Organizations scope, no location specified (defaults to global):
-  //   `organizations/`<var>ORG_ID</var>
+  //   `organizations/{org_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -6305,9 +6400,9 @@ message ListStoredInfoTypesRequest {
   // location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location):
   //
   // + Projects scope, location specified:
-  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
+  //   `projects/{project_id}/locations/{location_id}`
   // + Projects scope, no location specified (defaults to global):
-  //   `projects/`<var>PROJECT_ID</var>
+  //   `projects/{project_id}`
   //
   // The following example `parent` string specifies a parent project with the
   // identifier `example-project`, and specifies the `europe-west3` location
@@ -7412,10 +7507,12 @@ message FileClusterSummary {
   repeated Error errors = 6;
 
   // A sample of file types scanned in this cluster. Empty if no files were
-  // scanned.
+  // scanned. File extensions can be derived from the file name or the file
+  // content.
   repeated FileExtensionInfo file_extensions_scanned = 7;
 
   // A sample of file types seen in this cluster. Empty if no files were seen.
+  // File extensions can be derived from the file name or the file content.
   repeated FileExtensionInfo file_extensions_seen = 8;
 
   // True if no files exist in this cluster. If the bucket had more files than
@@ -7503,6 +7600,10 @@ message ListFileStoreDataProfilesRequest {
   // * Supported fields/values:
   //     - `project_id` - The Google Cloud project ID.
   //     - `file_store_path` - The path like "gs://bucket".
+  //     - `data_source_type` - The profile's data source type, like
+  //     "google/storage/bucket".
+  //     - `data_storage_location` - The location where the file store's data is
+  //     stored, like "us-central1".
   //     - `sensitivity_level` - HIGH|MODERATE|LOW
   //     - `data_risk_level` - HIGH|MODERATE|LOW
   //     - `resource_visibility`: PUBLIC|RESTRICTED
@@ -7637,8 +7738,15 @@ message DataProfilePubSubMessage {
 
 // Request message for CreateConnection.
 message CreateConnectionRequest {
-  // Required. Parent resource name in the format:
-  // `projects/{project}/locations/{location}`.
+  // Required. Parent resource name.
+  //
+  // The format of this value varies depending on the scope of the request
+  // (project or organization):
+  //
+  // + Projects scope:
+  //   `projects/{project_id}/locations/{location_id}`
+  // + Organizations scope:
+  //   `organizations/{org_id}/locations/{location_id}`
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -7662,8 +7770,9 @@ message GetConnectionRequest {
 
 // Request message for ListConnections.
 message ListConnectionsRequest {
-  // Required. Parent name, for example:
-  // `projects/project-id/locations/global`.
+  // Required. Resource name of the organization or project, for
+  // example, `organizations/433245324/locations/europe` or
+  // `projects/project-id/locations/asia`.
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -7684,8 +7793,9 @@ message ListConnectionsRequest {
 
 // Request message for SearchConnections.
 message SearchConnectionsRequest {
-  // Required. Parent name, typically an organization, without location.
-  // For example: `organizations/12345678`.
+  // Required. Resource name of the organization or project with a wildcard
+  // location, for example, `organizations/433245324/locations/-` or
+  // `projects/project-id/locations/-`.
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -7759,6 +7869,7 @@ message Connection {
   option (google.api.resource) = {
     type: "dlp.googleapis.com/Connection"
     pattern: "projects/{project}/locations/{location}/connections/{connection}"
+    pattern: "organizations/{organization}/locations/{location}/connections/{connection}"
   };
 
   // Output only. Name of the connection:
@@ -7891,7 +8002,7 @@ message DataSourceType {
 // Message used to identify file cluster type being profiled.
 message FileClusterType {
   // Cluster type. Each cluster corresponds to a set of file types.
-  // Over time new types may be added.
+  // Over time, new types may be added and files may move between clusters.
   enum Cluster {
     // Unused.
     CLUSTER_UNSPECIFIED = 0;

package/build/protos/google/privacy/dlp/v2/storage.proto

@@ -653,7 +653,7 @@ message StorageConfig {
     // Specification of the field containing the timestamp of scanned items.
     // Used for data sources like Datastore and BigQuery.
     //
-    // <b>For BigQuery</b>
+    // **For BigQuery**
     //
     // If this value is not specified and the table was modified between the
     // given start and end times, the entire table will be scanned. If this
@@ -668,13 +668,11 @@ message StorageConfig {
     // you can use any of the following pseudo-columns as your timestamp field.
     // When used with Cloud DLP, these pseudo-column names are case sensitive.
     //
-    // <ul>
-    // <li><code>_PARTITIONTIME</code></li>
-    // <li><code>_PARTITIONDATE</code></li>
-    // <li><code>_PARTITION_LOAD_TIME</code></li>
-    // </ul>
+    // - `_PARTITIONTIME`
+    // - `_PARTITIONDATE`
+    // - `_PARTITION_LOAD_TIME`
     //
-    // <b>For Datastore</b>
+    // **For Datastore**
     //
     // If this value is specified, then entities are filtered based on the given
     // start and end times. If an entity does not contain the provided timestamp