kpt-grpc-demo/google/privacy/dlp/v2/dlp.proto

// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.privacy.dlp.v2;

import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/privacy/dlp/v2/storage.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/timestamp.proto";
import "google/rpc/status.proto";
import "google/type/date.proto";
import "google/type/dayofweek.proto";
import "google/type/timeofday.proto";

option csharp_namespace = "Google.Cloud.Dlp.V2";
option go_package = "google.golang.org/genproto/googleapis/privacy/dlp/v2;dlp";
option java_multiple_files = true;
option java_outer_classname = "DlpProto";
option java_package = "com.google.privacy.dlp.v2";
option php_namespace = "Google\\Cloud\\Dlp\\V2";
option ruby_package = "Google::Cloud::Dlp::V2";
option (google.api.resource_definition) = {
  type: "dlp.googleapis.com/DlpContent"
  pattern: "projects/{project}/dlpContent"
  pattern: "projects/{project}/locations/{location}/dlpContent"
};
option (google.api.resource_definition) = {
  type: "dlp.googleapis.com/OrganizationLocation"
  pattern: "organizations/{organization}/locations/{location}"
};

// The Cloud Data Loss Prevention (DLP) API is a service that allows clients
// to detect the presence of Personally Identifiable Information (PII) and other
// privacy-sensitive data in user-supplied, unstructured data streams, like text
// blocks or images.
// The service also includes methods for sensitive data redaction and
// scheduling of data scans on Google Cloud Platform based data sets.
//
// To learn more about concepts and find how-to guides see
// https://cloud.google.com/dlp/docs/.
service DlpService {
  option (google.api.default_host) = "dlp.googleapis.com";
  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";

  // Finds potentially sensitive info in content.
  // This method has limits on input size, processing time, and output size.
  //
  // When no InfoTypes or CustomInfoTypes are specified in this request, the
  // system will automatically choose what detectors to run. By default this may
  // be all types, but may change over time as detectors are updated.
  //
  // For how to guides, see https://cloud.google.com/dlp/docs/inspecting-images
  // and https://cloud.google.com/dlp/docs/inspecting-text,
  rpc InspectContent(InspectContentRequest) returns (InspectContentResponse) {
    option (google.api.http) = {
      post: "/v2/{parent=projects/*}/content:inspect"
      body: "*"
      additional_bindings {
        post: "/v2/{parent=projects/*/locations/*}/content:inspect"
        body: "*"
      }
    };
  }

  // Redacts potentially sensitive info from an image.
  // This method has limits on input size, processing time, and output size.
  // See https://cloud.google.com/dlp/docs/redacting-sensitive-data-images to
  // learn more.
  //
  // When no InfoTypes or CustomInfoTypes are specified in this request, the
  // system will automatically choose what detectors to run. By default this may
  // be all types, but may change over time as detectors are updated.
  rpc RedactImage(RedactImageRequest) returns (RedactImageResponse) {
    option (google.api.http) = {
      post: "/v2/{parent=projects/*}/image:redact"
      body: "*"
      additional_bindings {
        post: "/v2/{parent=projects/*/locations/*}/image:redact"
        body: "*"
      }
    };
  }

  // De-identifies potentially sensitive info from a ContentItem.
  // This method has limits on input size and output size.
  // See https://cloud.google.com/dlp/docs/deidentify-sensitive-data to
  // learn more.
  //
  // When no InfoTypes or CustomInfoTypes are specified in this request, the
  // system will automatically choose what detectors to run. By default this may
  // be all types, but may change over time as detectors are updated.
  rpc DeidentifyContent(DeidentifyContentRequest) returns (DeidentifyContentResponse) {
    option (google.api.http) = {
      post: "/v2/{parent=projects/*}/content:deidentify"
      body: "*"
      additional_bindings {
        post: "/v2/{parent=projects/*/locations/*}/content:deidentify"
        body: "*"
      }
    };
  }

  // Re-identifies content that has been de-identified.
  // See
  // https://cloud.google.com/dlp/docs/pseudonymization#re-identification_in_free_text_code_example
  // to learn more.
  rpc ReidentifyContent(ReidentifyContentRequest) returns (ReidentifyContentResponse) {
    option (google.api.http) = {
      post: "/v2/{parent=projects/*}/content:reidentify"
      body: "*"
      additional_bindings {
        post: "/v2/{parent=projects/*/locations/*}/content:reidentify"
        body: "*"
      }
    };
  }

  // Returns a list of the sensitive information types that DLP API
  // supports. See https://cloud.google.com/dlp/docs/infotypes-reference to
  // learn more.
  rpc ListInfoTypes(ListInfoTypesRequest) returns (ListInfoTypesResponse) {
    option (google.api.http) = {
      get: "/v2/infoTypes"
      additional_bindings {
        get: "/v2/{parent=locations/*}/infoTypes"
      }
    };
    option (google.api.method_signature) = "parent";
  }

  // Creates an InspectTemplate for reusing frequently used configuration
  // for inspecting content, images, and storage.
  // See https://cloud.google.com/dlp/docs/creating-templates to learn more.
  rpc CreateInspectTemplate(CreateInspectTemplateRequest) returns (InspectTemplate) {
    option (google.api.http) = {
      post: "/v2/{parent=organizations/*}/inspectTemplates"
      body: "*"
      additional_bindings {
        post: "/v2/{parent=organizations/*/locations/*}/inspectTemplates"
        body: "*"
      }
      additional_bindings {
        post: "/v2/{parent=projects/*}/inspectTemplates"
        body: "*"
      }
      additional_bindings {
        post: "/v2/{parent=projects/*/locations/*}/inspectTemplates"
        body: "*"
      }
    };
    option (google.api.method_signature) = "parent,inspect_template";
  }

  // Updates the InspectTemplate.
  // See https://cloud.google.com/dlp/docs/creating-templates to learn more.
  rpc UpdateInspectTemplate(UpdateInspectTemplateRequest) returns (InspectTemplate) {
    option (google.api.http) = {
      patch: "/v2/{name=organizations/*/inspectTemplates/*}"
      body: "*"
      additional_bindings {
        patch: "/v2/{name=organizations/*/locations/*/inspectTemplates/*}"
        body: "*"
      }
      additional_bindings {
        patch: "/v2/{name=projects/*/inspectTemplates/*}"
        body: "*"
      }
      additional_bindings {
        patch: "/v2/{name=projects/*/locations/*/inspectTemplates/*}"
        body: "*"
      }
    };
    option (google.api.method_signature) = "name,inspect_template,update_mask";
  }

  // Gets an InspectTemplate.
  // See https://cloud.google.com/dlp/docs/creating-templates to learn more.
  rpc GetInspectTemplate(GetInspectTemplateRequest) returns (InspectTemplate) {
    option (google.api.http) = {
      get: "/v2/{name=organizations/*/inspectTemplates/*}"
      additional_bindings {
        get: "/v2/{name=organizations/*/locations/*/inspectTemplates/*}"
      }
      additional_bindings {
        get: "/v2/{name=projects/*/inspectTemplates/*}"
      }
      additional_bindings {
        get: "/v2/{name=projects/*/locations/*/inspectTemplates/*}"
      }
    };
    option (google.api.method_signature) = "name";
  }

  // Lists InspectTemplates.
  // See https://cloud.google.com/dlp/docs/creating-templates to learn more.
  rpc ListInspectTemplates(ListInspectTemplatesRequest) returns (ListInspectTemplatesResponse) {
    option (google.api.http) = {
      get: "/v2/{parent=organizations/*}/inspectTemplates"
      additional_bindings {
        get: "/v2/{parent=organizations/*/locations/*}/inspectTemplates"
      }
      additional_bindings {
        get: "/v2/{parent=projects/*}/inspectTemplates"
      }
      additional_bindings {
        get: "/v2/{parent=projects/*/locations/*}/inspectTemplates"
      }
    };
    option (google.api.method_signature) = "parent";
  }

  // Deletes an InspectTemplate.
  // See https://cloud.google.com/dlp/docs/creating-templates to learn more.
  rpc DeleteInspectTemplate(DeleteInspectTemplateRequest) returns (google.protobuf.Empty) {
    option (google.api.http) = {
      delete: "/v2/{name=organizations/*/inspectTemplates/*}"
      additional_bindings {
        delete: "/v2/{name=organizations/*/locations/*/inspectTemplates/*}"
      }
      additional_bindings {
        delete: "/v2/{name=projects/*/inspectTemplates/*}"
      }
      additional_bindings {
        delete: "/v2/{name=projects/*/locations/*/inspectTemplates/*}"
      }
    };
    option (google.api.method_signature) = "name";
  }

  // Creates a DeidentifyTemplate for reusing frequently used configuration
  // for de-identifying content, images, and storage.
  // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
  // more.
  rpc CreateDeidentifyTemplate(CreateDeidentifyTemplateRequest) returns (DeidentifyTemplate) {
    option (google.api.http) = {
      post: "/v2/{parent=organizations/*}/deidentifyTemplates"
      body: "*"
      additional_bindings {
        post: "/v2/{parent=organizations/*/locations/*}/deidentifyTemplates"
        body: "*"
      }
      additional_bindings {
        post: "/v2/{parent=projects/*}/deidentifyTemplates"
        body: "*"
      }
      additional_bindings {
        post: "/v2/{parent=projects/*/locations/*}/deidentifyTemplates"
        body: "*"
      }
    };
    option (google.api.method_signature) = "parent,deidentify_template";
  }

  // Updates the DeidentifyTemplate.
  // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
  // more.
  rpc UpdateDeidentifyTemplate(UpdateDeidentifyTemplateRequest) returns (DeidentifyTemplate) {
    option (google.api.http) = {
      patch: "/v2/{name=organizations/*/deidentifyTemplates/*}"
      body: "*"
      additional_bindings {
        patch: "/v2/{name=organizations/*/locations/*/deidentifyTemplates/*}"
        body: "*"
      }
      additional_bindings {
        patch: "/v2/{name=projects/*/deidentifyTemplates/*}"
        body: "*"
      }
      additional_bindings {
        patch: "/v2/{name=projects/*/locations/*/deidentifyTemplates/*}"
        body: "*"
      }
    };
    option (google.api.method_signature) = "name,deidentify_template,update_mask";
  }

  // Gets a DeidentifyTemplate.
  // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
  // more.
  rpc GetDeidentifyTemplate(GetDeidentifyTemplateRequest) returns (DeidentifyTemplate) {
    option (google.api.http) = {
      get: "/v2/{name=organizations/*/deidentifyTemplates/*}"
      additional_bindings {
        get: "/v2/{name=organizations/*/locations/*/deidentifyTemplates/*}"
      }
      additional_bindings {
        get: "/v2/{name=projects/*/deidentifyTemplates/*}"
      }
      additional_bindings {
        get: "/v2/{name=projects/*/locations/*/deidentifyTemplates/*}"
      }
    };
    option (google.api.method_signature) = "name";
  }

  // Lists DeidentifyTemplates.
  // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
  // more.
  rpc ListDeidentifyTemplates(ListDeidentifyTemplatesRequest) returns (ListDeidentifyTemplatesResponse) {
    option (google.api.http) = {
      get: "/v2/{parent=organizations/*}/deidentifyTemplates"
      additional_bindings {
        get: "/v2/{parent=organizations/*/locations/*}/deidentifyTemplates"
      }
      additional_bindings {
        get: "/v2/{parent=projects/*}/deidentifyTemplates"
      }
      additional_bindings {
        get: "/v2/{parent=projects/*/locations/*}/deidentifyTemplates"
      }
    };
    option (google.api.method_signature) = "parent";
  }

  // Deletes a DeidentifyTemplate.
  // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
  // more.
  rpc DeleteDeidentifyTemplate(DeleteDeidentifyTemplateRequest) returns (google.protobuf.Empty) {
    option (google.api.http) = {
      delete: "/v2/{name=organizations/*/deidentifyTemplates/*}"
      additional_bindings {
        delete: "/v2/{name=organizations/*/locations/*/deidentifyTemplates/*}"
      }
      additional_bindings {
        delete: "/v2/{name=projects/*/deidentifyTemplates/*}"
      }
      additional_bindings {
        delete: "/v2/{name=projects/*/locations/*/deidentifyTemplates/*}"
      }
    };
    option (google.api.method_signature) = "name";
  }

  // Creates a job trigger to run DLP actions such as scanning storage for
  // sensitive information on a set schedule.
  // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
  rpc CreateJobTrigger(CreateJobTriggerRequest) returns (JobTrigger) {
    option (google.api.http) = {
      post: "/v2/{parent=projects/*}/jobTriggers"
      body: "*"
      additional_bindings {
        post: "/v2/{parent=projects/*/locations/*}/jobTriggers"
        body: "*"
      }
      additional_bindings {
        post: "/v2/{parent=organizations/*/locations/*}/jobTriggers"
        body: "*"
      }
    };
    option (google.api.method_signature) = "parent,job_trigger";
  }

  // Updates a job trigger.
  // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
  rpc UpdateJobTrigger(UpdateJobTriggerRequest) returns (JobTrigger) {
    option (google.api.http) = {
      patch: "/v2/{name=projects/*/jobTriggers/*}"
      body: "*"
      additional_bindings {
        patch: "/v2/{name=projects/*/locations/*/jobTriggers/*}"
        body: "*"
      }
      additional_bindings {
        patch: "/v2/{name=organizations/*/locations/*/jobTriggers/*}"
        body: "*"
      }
    };
    option (google.api.method_signature) = "name,job_trigger,update_mask";
  }

  // Inspect hybrid content and store findings to a trigger. The inspection
  // will be processed asynchronously. To review the findings monitor the
  // jobs within the trigger.
  rpc HybridInspectJobTrigger(HybridInspectJobTriggerRequest) returns (HybridInspectResponse) {
    option (google.api.http) = {
      post: "/v2/{name=projects/*/locations/*/jobTriggers/*}:hybridInspect"
      body: "*"
    };
    option (google.api.method_signature) = "name";
  }

  // Gets a job trigger.
  // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
  rpc GetJobTrigger(GetJobTriggerRequest) returns (JobTrigger) {
    option (google.api.http) = {
      get: "/v2/{name=projects/*/jobTriggers/*}"
      additional_bindings {
        get: "/v2/{name=projects/*/locations/*/jobTriggers/*}"
      }
      additional_bindings {
        get: "/v2/{name=organizations/*/locations/*/jobTriggers/*}"
      }
    };
    option (google.api.method_signature) = "name";
  }

  // Lists job triggers.
  // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
  rpc ListJobTriggers(ListJobTriggersRequest) returns (ListJobTriggersResponse) {
    option (google.api.http) = {
      get: "/v2/{parent=projects/*}/jobTriggers"
      additional_bindings {
        get: "/v2/{parent=projects/*/locations/*}/jobTriggers"
      }
      additional_bindings {
        get: "/v2/{parent=organizations/*/locations/*}/jobTriggers"
      }
    };
    option (google.api.method_signature) = "parent";
  }

  // Deletes a job trigger.
  // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
  rpc DeleteJobTrigger(DeleteJobTriggerRequest) returns (google.protobuf.Empty) {
    option (google.api.http) = {
      delete: "/v2/{name=projects/*/jobTriggers/*}"
      additional_bindings {
        delete: "/v2/{name=projects/*/locations/*/jobTriggers/*}"
      }
      additional_bindings {
        delete: "/v2/{name=organizations/*/locations/*/jobTriggers/*}"
      }
    };
    option (google.api.method_signature) = "name";
  }

  // Activate a job trigger. Causes the immediate execute of a trigger
  // instead of waiting on the trigger event to occur.
  rpc ActivateJobTrigger(ActivateJobTriggerRequest) returns (DlpJob) {
    option (google.api.http) = {
      post: "/v2/{name=projects/*/jobTriggers/*}:activate"
      body: "*"
      additional_bindings {
        post: "/v2/{name=projects/*/locations/*/jobTriggers/*}:activate"
        body: "*"
      }
    };
  }

  // Creates a new job to inspect storage or calculate risk metrics.
  // See https://cloud.google.com/dlp/docs/inspecting-storage and
  // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more.
  //
  // When no InfoTypes or CustomInfoTypes are specified in inspect jobs, the
  // system will automatically choose what detectors to run. By default this may
  // be all types, but may change over time as detectors are updated.
  rpc CreateDlpJob(CreateDlpJobRequest) returns (DlpJob) {
    option (google.api.http) = {
      post: "/v2/{parent=projects/*}/dlpJobs"
      body: "*"
      additional_bindings {
        post: "/v2/{parent=projects/*/locations/*}/dlpJobs"
        body: "*"
      }
    };
    option (google.api.method_signature) = "parent,inspect_job";
    option (google.api.method_signature) = "parent,risk_job";
  }

  // Lists DlpJobs that match the specified filter in the request.
  // See https://cloud.google.com/dlp/docs/inspecting-storage and
  // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more.
  rpc ListDlpJobs(ListDlpJobsRequest) returns (ListDlpJobsResponse) {
    option (google.api.http) = {
      get: "/v2/{parent=projects/*}/dlpJobs"
      additional_bindings {
        get: "/v2/{parent=projects/*/locations/*}/dlpJobs"
      }
      additional_bindings {
        get: "/v2/{parent=organizations/*/locations/*}/dlpJobs"
      }
    };
    option (google.api.method_signature) = "parent";
  }

  // Gets the latest state of a long-running DlpJob.
  // See https://cloud.google.com/dlp/docs/inspecting-storage and
  // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more.
  rpc GetDlpJob(GetDlpJobRequest) returns (DlpJob) {
    option (google.api.http) = {
      get: "/v2/{name=projects/*/dlpJobs/*}"
      additional_bindings {
        get: "/v2/{name=projects/*/locations/*/dlpJobs/*}"
      }
    };
    option (google.api.method_signature) = "name";
  }

  // Deletes a long-running DlpJob. This method indicates that the client is
  // no longer interested in the DlpJob result. The job will be canceled if
  // possible.
  // See https://cloud.google.com/dlp/docs/inspecting-storage and
  // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more.
  rpc DeleteDlpJob(DeleteDlpJobRequest) returns (google.protobuf.Empty) {
    option (google.api.http) = {
      delete: "/v2/{name=projects/*/dlpJobs/*}"
      additional_bindings {
        delete: "/v2/{name=projects/*/locations/*/dlpJobs/*}"
      }
    };
    option (google.api.method_signature) = "name";
  }

  // Starts asynchronous cancellation on a long-running DlpJob. The server
  // makes a best effort to cancel the DlpJob, but success is not
  // guaranteed.
  // See https://cloud.google.com/dlp/docs/inspecting-storage and
  // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more.
  rpc CancelDlpJob(CancelDlpJobRequest) returns (google.protobuf.Empty) {
    option (google.api.http) = {
      post: "/v2/{name=projects/*/dlpJobs/*}:cancel"
      body: "*"
      additional_bindings {
        post: "/v2/{name=projects/*/locations/*/dlpJobs/*}:cancel"
        body: "*"
      }
    };
  }

  // Creates a pre-built stored infoType to be used for inspection.
  // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to
  // learn more.
  rpc CreateStoredInfoType(CreateStoredInfoTypeRequest) returns (StoredInfoType) {
    option (google.api.http) = {
      post: "/v2/{parent=organizations/*}/storedInfoTypes"
      body: "*"
      additional_bindings {
        post: "/v2/{parent=organizations/*/locations/*}/storedInfoTypes"
        body: "*"
      }
      additional_bindings {
        post: "/v2/{parent=projects/*}/storedInfoTypes"
        body: "*"
      }
      additional_bindings {
        post: "/v2/{parent=projects/*/locations/*}/storedInfoTypes"
        body: "*"
      }
    };
    option (google.api.method_signature) = "parent,config";
  }

  // Updates the stored infoType by creating a new version. The existing version
  // will continue to be used until the new version is ready.
  // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to
  // learn more.
  rpc UpdateStoredInfoType(UpdateStoredInfoTypeRequest) returns (StoredInfoType) {
    option (google.api.http) = {
      patch: "/v2/{name=organizations/*/storedInfoTypes/*}"
      body: "*"
      additional_bindings {
        patch: "/v2/{name=organizations/*/locations/*/storedInfoTypes/*}"
        body: "*"
      }
      additional_bindings {
        patch: "/v2/{name=projects/*/storedInfoTypes/*}"
        body: "*"
      }
      additional_bindings {
        patch: "/v2/{name=projects/*/locations/*/storedInfoTypes/*}"
        body: "*"
      }
    };
    option (google.api.method_signature) = "name,config,update_mask";
  }

  // Gets a stored infoType.
  // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to
  // learn more.
  rpc GetStoredInfoType(GetStoredInfoTypeRequest) returns (StoredInfoType) {
    option (google.api.http) = {
      get: "/v2/{name=organizations/*/storedInfoTypes/*}"
      additional_bindings {
        get: "/v2/{name=organizations/*/locations/*/storedInfoTypes/*}"
      }
      additional_bindings {
        get: "/v2/{name=projects/*/storedInfoTypes/*}"
      }
      additional_bindings {
        get: "/v2/{name=projects/*/locations/*/storedInfoTypes/*}"
      }
    };
    option (google.api.method_signature) = "name";
  }

  // Lists stored infoTypes.
  // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to
  // learn more.
  rpc ListStoredInfoTypes(ListStoredInfoTypesRequest) returns (ListStoredInfoTypesResponse) {
    option (google.api.http) = {
      get: "/v2/{parent=organizations/*}/storedInfoTypes"
      additional_bindings {
        get: "/v2/{parent=organizations/*/locations/*}/storedInfoTypes"
      }
      additional_bindings {
        get: "/v2/{parent=projects/*}/storedInfoTypes"
      }
      additional_bindings {
        get: "/v2/{parent=projects/*/locations/*}/storedInfoTypes"
      }
    };
    option (google.api.method_signature) = "parent";
  }

  // Deletes a stored infoType.
  // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to
  // learn more.
  rpc DeleteStoredInfoType(DeleteStoredInfoTypeRequest) returns (google.protobuf.Empty) {
    option (google.api.http) = {
      delete: "/v2/{name=organizations/*/storedInfoTypes/*}"
      additional_bindings {
        delete: "/v2/{name=organizations/*/locations/*/storedInfoTypes/*}"
      }
      additional_bindings {
        delete: "/v2/{name=projects/*/storedInfoTypes/*}"
      }
      additional_bindings {
        delete: "/v2/{name=projects/*/locations/*/storedInfoTypes/*}"
      }
    };
    option (google.api.method_signature) = "name";
  }

  // Inspect hybrid content and store findings to a job.
  // To review the findings, inspect the job. Inspection will occur
  // asynchronously.
  rpc HybridInspectDlpJob(HybridInspectDlpJobRequest) returns (HybridInspectResponse) {
    option (google.api.http) = {
      post: "/v2/{name=projects/*/locations/*/dlpJobs/*}:hybridInspect"
      body: "*"
    };
    option (google.api.method_signature) = "name";
  }

  // Finish a running hybrid DlpJob. Triggers the finalization steps and running
  // of any enabled actions that have not yet run.
  rpc FinishDlpJob(FinishDlpJobRequest) returns (google.protobuf.Empty) {
    option (google.api.http) = {
      post: "/v2/{name=projects/*/locations/*/dlpJobs/*}:finish"
      body: "*"
    };
  }
}

// List of excluded infoTypes.
message ExcludeInfoTypes {
  // InfoType list in ExclusionRule rule drops a finding when it overlaps or
  // contained within with a finding of an infoType from this list. For
  // example, for `InspectionRuleSet.info_types` containing "PHONE_NUMBER"` and
  // `exclusion_rule` containing `exclude_info_types.info_types` with
  // "EMAIL_ADDRESS" the phone number findings are dropped if they overlap
  // with EMAIL_ADDRESS finding.
  // That leads to "555-222-2222@example.org" to generate only a single
  // finding, namely email address.
  repeated InfoType info_types = 1;
}

// The rule to exclude findings based on a hotword. For record inspection of
// tables, column names are considered hotwords. An example of this is to
// exclude a finding if a BigQuery column matches a specific pattern.
message ExcludeByHotword {
  // Regular expression pattern defining what qualifies as a hotword.
  CustomInfoType.Regex hotword_regex = 1;

  // Range of characters within which the entire hotword must reside.
  // The total length of the window cannot exceed 1000 characters.
  // The windowBefore property in proximity should be set to 1 if the hotword
  // needs to be included in a column header.
  CustomInfoType.DetectionRule.Proximity proximity = 2;
}

// The rule that specifies conditions when findings of infoTypes specified in
// `InspectionRuleSet` are removed from results.
message ExclusionRule {
  // Exclusion rule types.
  oneof type {
    // Dictionary which defines the rule.
    CustomInfoType.Dictionary dictionary = 1;

    // Regular expression which defines the rule.
    CustomInfoType.Regex regex = 2;

    // Set of infoTypes for which findings would affect this rule.
    ExcludeInfoTypes exclude_info_types = 3;

    // Drop if the hotword rule is contained in the proximate context. For
    // tabular data, the context includes the column name.
    ExcludeByHotword exclude_by_hotword = 5;
  }

  // How the rule is applied, see MatchingType documentation for details.
  MatchingType matching_type = 4;
}

// A single inspection rule to be applied to infoTypes, specified in
// `InspectionRuleSet`.
message InspectionRule {
  // Inspection rule types.
  oneof type {
    // Hotword-based detection rule.
    CustomInfoType.DetectionRule.HotwordRule hotword_rule = 1;

    // Exclusion rule.
    ExclusionRule exclusion_rule = 2;
  }
}

// Rule set for modifying a set of infoTypes to alter behavior under certain
// circumstances, depending on the specific details of the rules within the set.
message InspectionRuleSet {
  // List of infoTypes this rule set is applied to.
  repeated InfoType info_types = 1;

  // Set of rules to be applied to infoTypes. The rules are applied in order.
  repeated InspectionRule rules = 2;
}

// Configuration description of the scanning process.
// When used with redactContent only info_types and min_likelihood are currently
// used.
message InspectConfig {
  // Configuration to control the number of findings returned for inspection.
  // This is not used for de-identification or data profiling.
  //
  // When redacting sensitive data from images, finding limits don't apply. They
  // can cause unexpected or inconsistent results, where only some data is
  // redacted. Don't include finding limits in
  // [RedactImage][google.privacy.dlp.v2.DlpService.RedactImage]
  // requests. Otherwise, Cloud DLP returns an error.
  message FindingLimits {
    // Max findings configuration per infoType, per content item or long
    // running DlpJob.
    message InfoTypeLimit {
      // Type of information the findings limit applies to. Only one limit per
      // info_type should be provided. If InfoTypeLimit does not have an
      // info_type, the DLP API applies the limit against all info_types that
      // are found but not specified in another InfoTypeLimit.
      InfoType info_type = 1;

      // Max findings limit for the given infoType.
      int32 max_findings = 2;
    }

    // Max number of findings that will be returned for each item scanned.
    // When set within `InspectJobConfig`,
    // the maximum returned is 2000 regardless if this is set higher.
    // When set within `InspectContentRequest`, this field is ignored.
    int32 max_findings_per_item = 1;

    // Max number of findings that will be returned per request/job.
    // When set within `InspectContentRequest`, the maximum returned is 2000
    // regardless if this is set higher.
    int32 max_findings_per_request = 2;

    // Configuration of findings limit given for specified infoTypes.
    repeated InfoTypeLimit max_findings_per_info_type = 3;
  }

  // Restricts what info_types to look for. The values must correspond to
  // InfoType values returned by ListInfoTypes or listed at
  // https://cloud.google.com/dlp/docs/infotypes-reference.
  //
  // When no InfoTypes or CustomInfoTypes are specified in a request, the
  // system may automatically choose what detectors to run. By default this may
  // be all types, but may change over time as detectors are updated.
  //
  // If you need precise control and predictability as to what detectors are
  // run you should specify specific InfoTypes listed in the reference,
  // otherwise a default list will be used, which may change over time.
  repeated InfoType info_types = 1;

  // Only returns findings equal or above this threshold. The default is
  // POSSIBLE.
  // See https://cloud.google.com/dlp/docs/likelihood to learn more.
  Likelihood min_likelihood = 2;

  // Configuration to control the number of findings returned.
  // This is not used for data profiling.
  //
  // When redacting sensitive data from images, finding limits don't apply. They
  // can cause unexpected or inconsistent results, where only some data is
  // redacted. Don't include finding limits in
  // [RedactImage][google.privacy.dlp.v2.DlpService.RedactImage]
  // requests. Otherwise, Cloud DLP returns an error.
  FindingLimits limits = 3;

  // When true, a contextual quote from the data that triggered a finding is
  // included in the response; see [Finding.quote][google.privacy.dlp.v2.Finding.quote].
  // This is not used for data profiling.
  bool include_quote = 4;

  // When true, excludes type information of the findings.
  // This is not used for data profiling.
  bool exclude_info_types = 5;

  // CustomInfoTypes provided by the user. See
  // https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.
  repeated CustomInfoType custom_info_types = 6;

  // Deprecated and unused.
  repeated ContentOption content_options = 8;

  // Set of rules to apply to the findings for this InspectConfig.
  // Exclusion rules, contained in the set are executed in the end, other
  // rules are executed in the order they are specified for each info type.
  repeated InspectionRuleSet rule_set = 10;
}

// Container for bytes to inspect or redact.
message ByteContentItem {
  // The type of data being sent for inspection. To learn more, see
  // [Supported file
  // types](https://cloud.google.com/dlp/docs/supported-file-types).
  enum BytesType {
    // Unused
    BYTES_TYPE_UNSPECIFIED = 0;

    // Any image type.
    IMAGE = 6;

    // jpeg
    IMAGE_JPEG = 1;

    // bmp
    IMAGE_BMP = 2;

    // png
    IMAGE_PNG = 3;

    // svg
    IMAGE_SVG = 4;

    // plain text
    TEXT_UTF8 = 5;

    // docx, docm, dotx, dotm
    WORD_DOCUMENT = 7;

    // pdf
    PDF = 8;

    // pptx, pptm, potx, potm, pot
    POWERPOINT_DOCUMENT = 9;

    // xlsx, xlsm, xltx, xltm
    EXCEL_DOCUMENT = 10;

    // avro
    AVRO = 11;

    // csv
    CSV = 12;

    // tsv
    TSV = 13;
  }

  // The type of data stored in the bytes string. Default will be TEXT_UTF8.
  BytesType type = 1;

  // Content data to inspect or redact.
  bytes data = 2;
}

message ContentItem {
  // Data of the item either in the byte array or UTF-8 string form, or table.
  oneof data_item {
    // String data to inspect or redact.
    string value = 3;

    // Structured content for inspection. See
    // https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
    // learn more.
    Table table = 4;

    // Content data to inspect or redact. Replaces `type` and `data`.
    ByteContentItem byte_item = 5;
  }
}

// Structured content to inspect. Up to 50,000 `Value`s per request allowed. See
// https://cloud.google.com/dlp/docs/inspecting-structured-text#inspecting_a_table
// to learn more.
message Table {
  // Values of the row.
  message Row {
    // Individual cells.
    repeated Value values = 1;
  }

  // Headers of the table.
  repeated FieldId headers = 1;

  // Rows of the table.
  repeated Row rows = 2;
}

// All the findings for a single scanned item.
message InspectResult {
  // List of findings for an item.
  repeated Finding findings = 1;

  // If true, then this item might have more findings than were returned,
  // and the findings returned are an arbitrary subset of all findings.
  // The findings list might be truncated because the input items were too
  // large, or because the server reached the maximum amount of resources
  // allowed for a single API call. For best results, divide the input into
  // smaller batches.
  bool findings_truncated = 2;
}

// Represents a piece of potentially sensitive content.
message Finding {
  option (google.api.resource) = {
    type: "dlp.googleapis.com/Finding"
    pattern: "projects/{project}/locations/{location}/findings/{finding}"
  };

  // Resource name in format
  // projects/{project}/locations/{location}/findings/{finding} Populated only
  // when viewing persisted findings.
  string name = 14;

  // The content that was found. Even if the content is not textual, it
  // may be converted to a textual representation here.
  // Provided if `include_quote` is true and the finding is
  // less than or equal to 4096 bytes long. If the finding exceeds 4096 bytes
  // in length, the quote may be omitted.
  string quote = 1;

  // The type of content that might have been found.
  // Provided if `excluded_types` is false.
  InfoType info_type = 2;

  // Confidence of how likely it is that the `info_type` is correct.
  Likelihood likelihood = 3;

  // Where the content was found.
  Location location = 4;

  // Timestamp when finding was detected.
  google.protobuf.Timestamp create_time = 6;

  // Contains data parsed from quotes. Only populated if include_quote was set
  // to true and a supported infoType was requested. Currently supported
  // infoTypes: DATE, DATE_OF_BIRTH and TIME.
  QuoteInfo quote_info = 7;

  // The job that stored the finding.
  string resource_name = 8 [(google.api.resource_reference) = {
                              type: "dlp.googleapis.com/DlpJob"
                            }];

  // Job trigger name, if applicable, for this finding.
  string trigger_name = 9 [(google.api.resource_reference) = {
                             type: "dlp.googleapis.com/JobTrigger"
                           }];

  // The labels associated with this `Finding`.
  //
  // Label keys must be between 1 and 63 characters long and must conform
  // to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
  //
  // Label values must be between 0 and 63 characters long and must conform
  // to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`.
  //
  // No more than 10 labels can be associated with a given finding.
  //
  // Examples:
  // * `"environment" : "production"`
  // * `"pipeline" : "etl"`
  map<string, string> labels = 10;

  // Time the job started that produced this finding.
  google.protobuf.Timestamp job_create_time = 11;

  // The job that stored the finding.
  string job_name = 13 [(google.api.resource_reference) = {
                          type: "dlp.googleapis.com/DlpJob"
                        }];

  // The unique finding id.
  string finding_id = 15;
}

// Specifies the location of the finding.
message Location {
  // Zero-based byte offsets delimiting the finding.
  // These are relative to the finding's containing element.
  // Note that when the content is not textual, this references
  // the UTF-8 encoded textual representation of the content.
  // Omitted if content is an image.
  Range byte_range = 1;

  // Unicode character offsets delimiting the finding.
  // These are relative to the finding's containing element.
  // Provided when the content is text.
  Range codepoint_range = 2;

  // List of nested objects pointing to the precise location of the finding
  // within the file or record.
  repeated ContentLocation content_locations = 7;

  // Information about the container where this finding occurred, if available.
  Container container = 8;
}

// Precise location of the finding within a document, record, image, or metadata
// container.
message ContentLocation {
  // Name of the container where the finding is located.
  // The top level name is the source file name or table name. Names of some
  // common storage containers are formatted as follows:
  //
  // * BigQuery tables:  `{project_id}:{dataset_id}.{table_id}`
  // * Cloud Storage files: `gs://{bucket}/{path}`
  // * Datastore namespace: {namespace}
  //
  // Nested names could be absent if the embedded object has no string
  // identifier (for example, an image contained within a document).
  string container_name = 1;

  // Type of the container within the file with location of the finding.
  oneof location {
    // Location within a row or record of a database table.
    RecordLocation record_location = 2;

    // Location within an image's pixels.
    ImageLocation image_location = 3;

    // Location data for document files.
    DocumentLocation document_location = 5;

    // Location within the metadata for inspected content.
    MetadataLocation metadata_location = 8;
  }

  // Finding container modification timestamp, if applicable. For Cloud Storage,
  // this field contains the last file modification timestamp. For a BigQuery
  // table, this field contains the last_modified_time property. For Datastore,
  // this field isn't populated.
  google.protobuf.Timestamp container_timestamp = 6;

  // Finding container version, if available
  // ("generation" for Cloud Storage).
  string container_version = 7;
}

// Metadata Location
message MetadataLocation {
  // Type of metadata containing the finding.
  MetadataType type = 1;

  // Label of the piece of metadata containing the finding, for example -
  // latitude, author, caption.
  oneof label {
    // Storage metadata.
    StorageMetadataLabel storage_label = 3;
  }
}

// Storage metadata label to indicate which metadata entry contains findings.
message StorageMetadataLabel {
  string key = 1;
}

// Location of a finding within a document.
message DocumentLocation {
  // Offset of the line, from the beginning of the file, where the finding
  // is located.
  int64 file_offset = 1;
}

// Location of a finding within a row or record.
message RecordLocation {
  // Key of the finding.
  RecordKey record_key = 1;

  // Field id of the field containing the finding.
  FieldId field_id = 2;

  // Location within a `ContentItem.Table`.
  TableLocation table_location = 3;
}

// Location of a finding within a table.
message TableLocation {
  // The zero-based index of the row where the finding is located. Only
  // populated for resources that have a natural ordering, not BigQuery. In
  // BigQuery, to identify the row a finding came from, populate
  // BigQueryOptions.identifying_fields with your primary key column names and
  // when you store the findings the value of those columns will be stored
  // inside of Finding.
  int64 row_index = 1;
}

// Represents a container that may contain DLP findings.
// Examples of a container include a file, table, or database record.
message Container {
  // Container type, for example BigQuery or Cloud Storage.
  string type = 1;

  // Project where the finding was found.
  // Can be different from the project that owns the finding.
  string project_id = 2;

  // A string representation of the full container name.
  // Examples:
  // - BigQuery: 'Project:DataSetId.TableId'
  // - Cloud Storage: 'gs://Bucket/folders/filename.txt'
  string full_path = 3;

  // The root of the container.
  // Examples:
  //
  // - For BigQuery table `project_id:dataset_id.table_id`, the root is
  //  `dataset_id`
  // - For Cloud Storage file `gs://bucket/folder/filename.txt`, the root
  //  is `gs://bucket`
  string root_path = 4;

  // The rest of the path after the root.
  // Examples:
  //
  // - For BigQuery table `project_id:dataset_id.table_id`, the relative path is
  //  `table_id`
  // - For Cloud Storage file `gs://bucket/folder/filename.txt`, the relative
  //  path is `folder/filename.txt`
  string relative_path = 5;

  // Findings container modification timestamp, if applicable. For Cloud
  // Storage, this field contains the last file modification timestamp. For a
  // BigQuery table, this field contains the last_modified_time property. For
  // Datastore, this field isn't populated.
  google.protobuf.Timestamp update_time = 6;

  // Findings container version, if available
  // ("generation" for Cloud Storage).
  string version = 7;
}

// Generic half-open interval [start, end)
message Range {
  // Index of the first character of the range (inclusive).
  int64 start = 1;

  // Index of the last character of the range (exclusive).
  int64 end = 2;
}

// Location of the finding within an image.
message ImageLocation {
  // Bounding boxes locating the pixels within the image containing the finding.
  repeated BoundingBox bounding_boxes = 1;
}

// Bounding box encompassing detected text within an image.
message BoundingBox {
  // Top coordinate of the bounding box. (0,0) is upper left.
  int32 top = 1;

  // Left coordinate of the bounding box. (0,0) is upper left.
  int32 left = 2;

  // Width of the bounding box in pixels.
  int32 width = 3;

  // Height of the bounding box in pixels.
  int32 height = 4;
}

// Request to search for potentially sensitive info in an image and redact it
// by covering it with a colored rectangle.
message RedactImageRequest {
  // Configuration for determining how redaction of images should occur.
  message ImageRedactionConfig {
    // Type of information to redact from images.
    oneof target {
      // Only one per info_type should be provided per request. If not
      // specified, and redact_all_text is false, the DLP API will redact all
      // text that it matches against all info_types that are found, but not
      // specified in another ImageRedactionConfig.
      InfoType info_type = 1;

      // If true, all text found in the image, regardless whether it matches an
      // info_type, is redacted. Only one should be provided.
      bool redact_all_text = 2;
    }

    // The color to use when redacting content from an image. If not specified,
    // the default is black.
    Color redaction_color = 3;
  }

  // Parent resource name.
  //
  // The format of this value varies depending on whether you have [specified a
  // processing
  // location](https://cloud.google.com/dlp/docs/specifying-location):
  //
  // + Projects scope, location specified:<br/>
  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Projects scope, no location specified (defaults to global):<br/>
  //   `projects/`<var>PROJECT_ID</var>
  //
  // The following example `parent` string specifies a parent project with the
  // identifier `example-project`, and specifies the `europe-west3` location
  // for processing data:
  //
  //     parent=projects/example-project/locations/europe-west3
  string parent = 1 [(google.api.resource_reference) = {
                       child_type: "dlp.googleapis.com/DlpContent"
                     }];

  // Deprecated. This field has no effect.
  string location_id = 8;

  // Configuration for the inspector.
  InspectConfig inspect_config = 2;

  // The configuration for specifying what content to redact from images.
  repeated ImageRedactionConfig image_redaction_configs = 5;

  // Whether the response should include findings along with the redacted
  // image.
  bool include_findings = 6;

  // The content must be PNG, JPEG, SVG or BMP.
  ByteContentItem byte_item = 7;
}

// Represents a color in the RGB color space.
message Color {
  // The amount of red in the color as a value in the interval [0, 1].
  float red = 1;

  // The amount of green in the color as a value in the interval [0, 1].
  float green = 2;

  // The amount of blue in the color as a value in the interval [0, 1].
  float blue = 3;
}

// Results of redacting an image.
message RedactImageResponse {
  // The redacted image. The type will be the same as the original image.
  bytes redacted_image = 1;

  // If an image was being inspected and the InspectConfig's include_quote was
  // set to true, then this field will include all text, if any, that was found
  // in the image.
  string extracted_text = 2;

  // The findings. Populated when include_findings in the request is true.
  InspectResult inspect_result = 3;
}

// Request to de-identify a ContentItem.
message DeidentifyContentRequest {
  // Parent resource name.
  //
  // The format of this value varies depending on whether you have [specified a
  // processing
  // location](https://cloud.google.com/dlp/docs/specifying-location):
  //
  // + Projects scope, location specified:<br/>
  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Projects scope, no location specified (defaults to global):<br/>
  //   `projects/`<var>PROJECT_ID</var>
  //
  // The following example `parent` string specifies a parent project with the
  // identifier `example-project`, and specifies the `europe-west3` location
  // for processing data:
  //
  //     parent=projects/example-project/locations/europe-west3
  string parent = 1 [(google.api.resource_reference) = {
                       child_type: "dlp.googleapis.com/DlpContent"
                     }];

  // Configuration for the de-identification of the content item.
  // Items specified here will override the template referenced by the
  // deidentify_template_name argument.
  DeidentifyConfig deidentify_config = 2;

  // Configuration for the inspector.
  // Items specified here will override the template referenced by the
  // inspect_template_name argument.
  InspectConfig inspect_config = 3;

  // The item to de-identify. Will be treated as text.
  //
  // This value must be of type
  // [Table][google.privacy.dlp.v2.Table] if your
  // [deidentify_config][google.privacy.dlp.v2.DeidentifyContentRequest.deidentify_config]
  // is a
  // [RecordTransformations][google.privacy.dlp.v2.RecordTransformations]
  // object.
  ContentItem item = 4;

  // Template to use. Any configuration directly specified in
  // inspect_config will override those set in the template. Singular fields
  // that are set in this request will replace their corresponding fields in the
  // template. Repeated fields are appended. Singular sub-messages and groups
  // are recursively merged.
  string inspect_template_name = 5;

  // Template to use. Any configuration directly specified in
  // deidentify_config will override those set in the template. Singular fields
  // that are set in this request will replace their corresponding fields in the
  // template. Repeated fields are appended. Singular sub-messages and groups
  // are recursively merged.
  string deidentify_template_name = 6;

  // Deprecated. This field has no effect.
  string location_id = 7;
}

// Results of de-identifying a ContentItem.
message DeidentifyContentResponse {
  // The de-identified item.
  ContentItem item = 1;

  // An overview of the changes that were made on the `item`.
  TransformationOverview overview = 2;
}

// Request to re-identify an item.
message ReidentifyContentRequest {
  // Required. Parent resource name.
  //
  // The format of this value varies depending on whether you have [specified a
  // processing
  // location](https://cloud.google.com/dlp/docs/specifying-location):
  //
  // + Projects scope, location specified:<br/>
  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Projects scope, no location specified (defaults to global):<br/>
  //   `projects/`<var>PROJECT_ID</var>
  //
  // The following example `parent` string specifies a parent project with the
  // identifier `example-project`, and specifies the `europe-west3` location
  // for processing data:
  //
  //     parent=projects/example-project/locations/europe-west3
  string parent = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      child_type: "dlp.googleapis.com/DlpContent"
    }
  ];

  // Configuration for the re-identification of the content item.
  // This field shares the same proto message type that is used for
  // de-identification, however its usage here is for the reversal of the
  // previous de-identification. Re-identification is performed by examining
  // the transformations used to de-identify the items and executing the
  // reverse. This requires that only reversible transformations
  // be provided here. The reversible transformations are:
  //
  //  - `CryptoDeterministicConfig`
  //  - `CryptoReplaceFfxFpeConfig`
  DeidentifyConfig reidentify_config = 2;

  // Configuration for the inspector.
  InspectConfig inspect_config = 3;

  // The item to re-identify. Will be treated as text.
  ContentItem item = 4;

  // Template to use. Any configuration directly specified in
  // `inspect_config` will override those set in the template. Singular fields
  // that are set in this request will replace their corresponding fields in the
  // template. Repeated fields are appended. Singular sub-messages and groups
  // are recursively merged.
  string inspect_template_name = 5;

  // Template to use. References an instance of `DeidentifyTemplate`.
  // Any configuration directly specified in `reidentify_config` or
  // `inspect_config` will override those set in the template. The
  // `DeidentifyTemplate` used must include only reversible transformations.
  // Singular fields that are set in this request will replace their
  // corresponding fields in the template. Repeated fields are appended.
  // Singular sub-messages and groups are recursively merged.
  string reidentify_template_name = 6;

  // Deprecated. This field has no effect.
  string location_id = 7;
}

// Results of re-identifying an item.
message ReidentifyContentResponse {
  // The re-identified item.
  ContentItem item = 1;

  // An overview of the changes that were made to the `item`.
  TransformationOverview overview = 2;
}

// Request to search for potentially sensitive info in a ContentItem.
message InspectContentRequest {
  // Parent resource name.
  //
  // The format of this value varies depending on whether you have [specified a
  // processing
  // location](https://cloud.google.com/dlp/docs/specifying-location):
  //
  // + Projects scope, location specified:<br/>
  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Projects scope, no location specified (defaults to global):<br/>
  //   `projects/`<var>PROJECT_ID</var>
  //
  // The following example `parent` string specifies a parent project with the
  // identifier `example-project`, and specifies the `europe-west3` location
  // for processing data:
  //
  //     parent=projects/example-project/locations/europe-west3
  string parent = 1 [(google.api.resource_reference) = {
                       child_type: "dlp.googleapis.com/DlpContent"
                     }];

  // Configuration for the inspector. What specified here will override
  // the template referenced by the inspect_template_name argument.
  InspectConfig inspect_config = 2;

  // The item to inspect.
  ContentItem item = 3;

  // Template to use. Any configuration directly specified in
  // inspect_config will override those set in the template. Singular fields
  // that are set in this request will replace their corresponding fields in the
  // template. Repeated fields are appended. Singular sub-messages and groups
  // are recursively merged.
  string inspect_template_name = 4;

  // Deprecated. This field has no effect.
  string location_id = 5;
}

// Results of inspecting an item.
message InspectContentResponse {
  // The findings.
  InspectResult result = 1;
}

// Cloud repository for storing output.
message OutputStorageConfig {
  // Predefined schemas for storing findings.
  // Only for use with external storage.
  enum OutputSchema {
    // Unused.
    OUTPUT_SCHEMA_UNSPECIFIED = 0;

    // Basic schema including only `info_type`, `quote`, `certainty`, and
    // `timestamp`.
    BASIC_COLUMNS = 1;

    // Schema tailored to findings from scanning Cloud Storage.
    GCS_COLUMNS = 2;

    // Schema tailored to findings from scanning Google Datastore.
    DATASTORE_COLUMNS = 3;

    // Schema tailored to findings from scanning Google BigQuery.
    BIG_QUERY_COLUMNS = 4;

    // Schema containing all columns.
    ALL_COLUMNS = 5;
  }

  // Output storage types.
  oneof type {
    // Store findings in an existing table or a new table in an existing
    // dataset. If table_id is not set a new one will be generated
    // for you with the following format:
    // dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. Pacific time zone will be used
    // for generating the date details.
    //
    // For Inspect, each column in an existing output table must have the same
    // name, type, and mode of a field in the `Finding` object.
    //
    // For Risk, an existing output table should be the output of a previous
    // Risk analysis job run on the same source table, with the same privacy
    // metric and quasi-identifiers. Risk jobs that analyze the same table but
    // compute a different privacy metric, or use different sets of
    // quasi-identifiers, cannot store their results in the same table.
    BigQueryTable table = 1;
  }

  // Schema used for writing the findings for Inspect jobs. This field is only
  // used for Inspect and must be unspecified for Risk jobs. Columns are derived
  // from the `Finding` object. If appending to an existing table, any columns
  // from the predefined schema that are missing will be added. No columns in
  // the existing table will be deleted.
  //
  // If unspecified, then all available columns will be used for a new table or
  // an (existing) table with no schema, and no changes will be made to an
  // existing table that has a schema.
  // Only for use with external storage.
  OutputSchema output_schema = 3;
}

// Statistics regarding a specific InfoType.
message InfoTypeStats {
  // The type of finding this stat is for.
  InfoType info_type = 1;

  // Number of findings for this infoType.
  int64 count = 2;
}

// The results of an inspect DataSource job.
message InspectDataSourceDetails {
  // Snapshot of the inspection configuration.
  message RequestedOptions {
    // If run with an InspectTemplate, a snapshot of its state at the time of
    // this run.
    InspectTemplate snapshot_inspect_template = 1;

    // Inspect config.
    InspectJobConfig job_config = 3;
  }

  // All result fields mentioned below are updated while the job is processing.
  message Result {
    // Total size in bytes that were processed.
    int64 processed_bytes = 1;

    // Estimate of the number of bytes to process.
    int64 total_estimated_bytes = 2;

    // Statistics of how many instances of each info type were found during
    // inspect job.
    repeated InfoTypeStats info_type_stats = 3;

    // Statistics related to the processing of hybrid inspect.
    HybridInspectStatistics hybrid_stats = 7;
  }

  // The configuration used for this job.
  RequestedOptions requested_options = 2;

  // A summary of the outcome of this inspection job.
  Result result = 3;
}

// Statistics related to processing hybrid inspect requests.
message HybridInspectStatistics {
  // The number of hybrid inspection requests processed within this job.
  int64 processed_count = 1;

  // The number of hybrid inspection requests aborted because the job ran
  // out of quota or was ended before they could be processed.
  int64 aborted_count = 2;

  // The number of hybrid requests currently being processed. Only populated
  // when called via method `getDlpJob`.
  // A burst of traffic may cause hybrid inspect requests to be enqueued.
  // Processing will take place as quickly as possible, but resource limitations
  // may impact how long a request is enqueued for.
  int64 pending_count = 3;
}

// InfoType description.
message InfoTypeDescription {
  // Internal name of the infoType.
  string name = 1;

  // Human readable form of the infoType name.
  string display_name = 2;

  // Which parts of the API supports this InfoType.
  repeated InfoTypeSupportedBy supported_by = 3;

  // Description of the infotype. Translated when language is provided in the
  // request.
  string description = 4;

  // A list of available versions for the infotype.
  repeated VersionDescription versions = 9;

  // The category of the infoType.
  repeated InfoTypeCategory categories = 10;
}

// Classification of infoTypes to organize them according to geographic
// location, industry, and data type.
message InfoTypeCategory {
  // Enum of the current locations.
  // We might add more locations in the future.
  enum LocationCategory {
    // Unused location
    LOCATION_UNSPECIFIED = 0;

    // The infoType is not issued by or tied to a specific region, but is used
    // almost everywhere.
    GLOBAL = 1;

    // The infoType is typically used in Argentina.
    ARGENTINA = 2;

    // The infoType is typically used in Australia.
    AUSTRALIA = 3;

    // The infoType is typically used in Belgium.
    BELGIUM = 4;

    // The infoType is typically used in Brazil.
    BRAZIL = 5;

    // The infoType is typically used in Canada.
    CANADA = 6;

    // The infoType is typically used in Chile.
    CHILE = 7;

    // The infoType is typically used in China.
    CHINA = 8;

    // The infoType is typically used in Colombia.
    COLOMBIA = 9;

    // The infoType is typically used in Denmark.
    DENMARK = 10;

    // The infoType is typically used in France.
    FRANCE = 11;

    // The infoType is typically used in Finland.
    FINLAND = 12;

    // The infoType is typically used in Germany.
    GERMANY = 13;

    // The infoType is typically used in Hong Kong.
    HONG_KONG = 14;

    // The infoType is typically used in India.
    INDIA = 15;

    // The infoType is typically used in Indonesia.
    INDONESIA = 16;

    // The infoType is typically used in Ireland.
    IRELAND = 17;

    // The infoType is typically used in Israel.
    ISRAEL = 18;

    // The infoType is typically used in Italy.
    ITALY = 19;

    // The infoType is typically used in Japan.
    JAPAN = 20;

    // The infoType is typically used in Korea.
    KOREA = 21;

    // The infoType is typically used in Mexico.
    MEXICO = 22;

    // The infoType is typically used in the Netherlands.
    THE_NETHERLANDS = 23;

    // The infoType is typically used in Norway.
    NORWAY = 24;

    // The infoType is typically used in Paraguay.
    PARAGUAY = 25;

    // The infoType is typically used in Peru.
    PERU = 26;

    // The infoType is typically used in Poland.
    POLAND = 27;

    // The infoType is typically used in Portugal.
    PORTUGAL = 28;

    // The infoType is typically used in Singapore.
    SINGAPORE = 29;

    // The infoType is typically used in South Africa.
    SOUTH_AFRICA = 30;

    // The infoType is typically used in Spain.
    SPAIN = 31;

    // The infoType is typically used in Sweden.
    SWEDEN = 32;

    // The infoType is typically used in Taiwan.
    TAIWAN = 33;

    // The infoType is typically used in Thailand.
    THAILAND = 34;

    // The infoType is typically used in Turkey.
    TURKEY = 35;

    // The infoType is typically used in the United Kingdom.
    UNITED_KINGDOM = 36;

    // The infoType is typically used in the United States.
    UNITED_STATES = 37;

    // The infoType is typically used in Uruguay.
    URUGUAY = 38;

    // The infoType is typically used in Venezuela.
    VENEZUELA = 39;

    // The infoType is typically used in Google internally.
    INTERNAL = 40;

    // The infoType is typically used in New Zealand.
    NEW_ZEALAND = 41;
  }

  // Enum of the current industries in the category.
  // We might add more industries in the future.
  enum IndustryCategory {
    // Unused industry
    INDUSTRY_UNSPECIFIED = 0;

    // The infoType is typically used in the finance industry.
    FINANCE = 1;

    // The infoType is typically used in the health industry.
    HEALTH = 2;

    // The infoType is typically used in the telecommunications industry.
    TELECOMMUNICATIONS = 3;
  }

  // Enum of the current types in the category.
  // We might add more types in the future.
  enum TypeCategory {
    // Unused type
    TYPE_UNSPECIFIED = 0;

    // Personally identifiable information, for example, a
    // name or phone number
    PII = 1;

    // Personally identifiable information that is especially sensitive, for
    // example, a passport number.
    SPII = 2;

    // Attributes that can partially identify someone, especially in
    // combination with other attributes, like age, height, and gender.
    DEMOGRAPHIC = 3;

    // Confidential or secret information, for example, a password.
    CREDENTIAL = 4;

    // An identification document issued by a government.
    GOVERNMENT_ID = 5;

    // A document, for example, a resume or source code.
    DOCUMENT = 6;

    // Information that is not sensitive on its own, but provides details about
    // the circumstances surrounding an entity or an event.
    CONTEXTUAL_INFORMATION = 7;
  }

  oneof category {
    // The region or country that issued the ID or document represented by the
    // infoType.
    LocationCategory location_category = 1;

    // The group of relevant businesses where this infoType is commonly used
    IndustryCategory industry_category = 2;

    // The class of identifiers where this infoType belongs
    TypeCategory type_category = 3;
  }
}

// Details about each available version for an infotype.
message VersionDescription {
  // Name of the version
  string version = 1;

  // Description of the version.
  string description = 2;
}

// Request for the list of infoTypes.
message ListInfoTypesRequest {
  // The parent resource name.
  //
  // The format of this value is as follows:
  //
  //     locations/<var>LOCATION_ID</var>
  string parent = 4;

  // BCP-47 language code for localized infoType friendly
  // names. If omitted, or if localized strings are not available,
  // en-US strings will be returned.
  string language_code = 1;

  // filter to only return infoTypes supported by certain parts of the
  // API. Defaults to supported_by=INSPECT.
  string filter = 2;

  // Deprecated. This field has no effect.
  string location_id = 3;
}

// Response to the ListInfoTypes request.
message ListInfoTypesResponse {
  // Set of sensitive infoTypes.
  repeated InfoTypeDescription info_types = 1;
}

// Configuration for a risk analysis job. See
// https://cloud.google.com/dlp/docs/concepts-risk-analysis to learn more.
message RiskAnalysisJobConfig {
  // Privacy metric to compute.
  PrivacyMetric privacy_metric = 1;

  // Input dataset to compute metrics over.
  BigQueryTable source_table = 2;

  // Actions to execute at the completion of the job. Are executed in the order
  // provided.
  repeated Action actions = 3;
}

// A column with a semantic tag attached.
message QuasiId {
  // Required. Identifies the column.
  FieldId field = 1 [(google.api.field_behavior) = REQUIRED];

  // Semantic tag that identifies what a column contains, to determine which
  // statistical model to use to estimate the reidentifiability of each
  // value. [required]
  oneof tag {
    // A column can be tagged with a InfoType to use the relevant public
    // dataset as a statistical model of population, if available. We
    // currently support US ZIP codes, region codes, ages and genders.
    // To programmatically obtain the list of supported InfoTypes, use
    // ListInfoTypes with the supported_by=RISK_ANALYSIS filter.
    InfoType info_type = 2;

    // A column can be tagged with a custom tag. In this case, the user must
    // indicate an auxiliary table that contains statistical information on
    // the possible values of this column (below).
    string custom_tag = 3;

    // If no semantic tag is indicated, we infer the statistical model from
    // the distribution of values in the input data
    google.protobuf.Empty inferred = 4;
  }
}

// An auxiliary table containing statistical information on the relative
// frequency of different quasi-identifiers values. It has one or several
// quasi-identifiers columns, and one column that indicates the relative
// frequency of each quasi-identifier tuple.
// If a tuple is present in the data but not in the auxiliary table, the
// corresponding relative frequency is assumed to be zero (and thus, the
// tuple is highly reidentifiable).
message StatisticalTable {
  // A quasi-identifier column has a custom_tag, used to know which column
  // in the data corresponds to which column in the statistical model.
  message QuasiIdentifierField {
    // Identifies the column.
    FieldId field = 1;

    // A column can be tagged with a custom tag. In this case, the user must
    // indicate an auxiliary table that contains statistical information on
    // the possible values of this column (below).
    string custom_tag = 2;
  }

  // Required. Auxiliary table location.
  BigQueryTable table = 3 [(google.api.field_behavior) = REQUIRED];

  // Required. Quasi-identifier columns.
  repeated QuasiIdentifierField quasi_ids = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. The relative frequency column must contain a floating-point number
  // between 0 and 1 (inclusive). Null values are assumed to be zero.
  FieldId relative_frequency = 2 [(google.api.field_behavior) = REQUIRED];
}

// Privacy metric to compute for reidentification risk analysis.
message PrivacyMetric {
  // Compute numerical stats over an individual column, including
  // min, max, and quantiles.
  message NumericalStatsConfig {
    // Field to compute numerical stats on. Supported types are
    // integer, float, date, datetime, timestamp, time.
    FieldId field = 1;
  }

  // Compute numerical stats over an individual column, including
  // number of distinct values and value count distribution.
  message CategoricalStatsConfig {
    // Field to compute categorical stats on. All column types are
    // supported except for arrays and structs. However, it may be more
    // informative to use NumericalStats when the field type is supported,
    // depending on the data.
    FieldId field = 1;
  }

  // k-anonymity metric, used for analysis of reidentification risk.
  message KAnonymityConfig {
    // Set of fields to compute k-anonymity over. When multiple fields are
    // specified, they are considered a single composite key. Structs and
    // repeated data types are not supported; however, nested fields are
    // supported so long as they are not structs themselves or nested within
    // a repeated field.
    repeated FieldId quasi_ids = 1;

    // Message indicating that multiple rows might be associated to a
    // single individual. If the same entity_id is associated to multiple
    // quasi-identifier tuples over distinct rows, we consider the entire
    // collection of tuples as the composite quasi-identifier. This collection
    // is a multiset: the order in which the different tuples appear in the
    // dataset is ignored, but their frequency is taken into account.
    //
    // Important note: a maximum of 1000 rows can be associated to a single
    // entity ID. If more rows are associated with the same entity ID, some
    // might be ignored.
    EntityId entity_id = 2;
  }

  // l-diversity metric, used for analysis of reidentification risk.
  message LDiversityConfig {
    // Set of quasi-identifiers indicating how equivalence classes are
    // defined for the l-diversity computation. When multiple fields are
    // specified, they are considered a single composite key.
    repeated FieldId quasi_ids = 1;

    // Sensitive field for computing the l-value.
    FieldId sensitive_attribute = 2;
  }

  // Reidentifiability metric. This corresponds to a risk model similar to what
  // is called "journalist risk" in the literature, except the attack dataset is
  // statistically modeled instead of being perfectly known. This can be done
  // using publicly available data (like the US Census), or using a custom
  // statistical model (indicated as one or several BigQuery tables), or by
  // extrapolating from the distribution of values in the input dataset.
  message KMapEstimationConfig {
    // A column with a semantic tag attached.
    message TaggedField {
      // Required. Identifies the column.
      FieldId field = 1 [(google.api.field_behavior) = REQUIRED];

      // Semantic tag that identifies what a column contains, to determine which
      // statistical model to use to estimate the reidentifiability of each
      // value. [required]
      oneof tag {
        // A column can be tagged with a InfoType to use the relevant public
        // dataset as a statistical model of population, if available. We
        // currently support US ZIP codes, region codes, ages and genders.
        // To programmatically obtain the list of supported InfoTypes, use
        // ListInfoTypes with the supported_by=RISK_ANALYSIS filter.
        InfoType info_type = 2;

        // A column can be tagged with a custom tag. In this case, the user must
        // indicate an auxiliary table that contains statistical information on
        // the possible values of this column (below).
        string custom_tag = 3;

        // If no semantic tag is indicated, we infer the statistical model from
        // the distribution of values in the input data
        google.protobuf.Empty inferred = 4;
      }
    }

    // An auxiliary table contains statistical information on the relative
    // frequency of different quasi-identifiers values. It has one or several
    // quasi-identifiers columns, and one column that indicates the relative
    // frequency of each quasi-identifier tuple.
    // If a tuple is present in the data but not in the auxiliary table, the
    // corresponding relative frequency is assumed to be zero (and thus, the
    // tuple is highly reidentifiable).
    message AuxiliaryTable {
      // A quasi-identifier column has a custom_tag, used to know which column
      // in the data corresponds to which column in the statistical model.
      message QuasiIdField {
        // Identifies the column.
        FieldId field = 1;

        // A auxiliary field.
        string custom_tag = 2;
      }

      // Required. Auxiliary table location.
      BigQueryTable table = 3 [(google.api.field_behavior) = REQUIRED];

      // Required. Quasi-identifier columns.
      repeated QuasiIdField quasi_ids = 1 [(google.api.field_behavior) = REQUIRED];

      // Required. The relative frequency column must contain a floating-point number
      // between 0 and 1 (inclusive). Null values are assumed to be zero.
      FieldId relative_frequency = 2 [(google.api.field_behavior) = REQUIRED];
    }

    // Required. Fields considered to be quasi-identifiers. No two columns can have the
    // same tag.
    repeated TaggedField quasi_ids = 1 [(google.api.field_behavior) = REQUIRED];

    // ISO 3166-1 alpha-2 region code to use in the statistical modeling.
    // Set if no column is tagged with a region-specific InfoType (like
    // US_ZIP_5) or a region code.
    string region_code = 2;

    // Several auxiliary tables can be used in the analysis. Each custom_tag
    // used to tag a quasi-identifiers column must appear in exactly one column
    // of one auxiliary table.
    repeated AuxiliaryTable auxiliary_tables = 3;
  }

  // δ-presence metric, used to estimate how likely it is for an attacker to
  // figure out that one given individual appears in a de-identified dataset.
  // Similarly to the k-map metric, we cannot compute δ-presence exactly without
  // knowing the attack dataset, so we use a statistical model instead.
  message DeltaPresenceEstimationConfig {
    // Required. Fields considered to be quasi-identifiers. No two fields can have the
    // same tag.
    repeated QuasiId quasi_ids = 1 [(google.api.field_behavior) = REQUIRED];

    // ISO 3166-1 alpha-2 region code to use in the statistical modeling.
    // Set if no column is tagged with a region-specific InfoType (like
    // US_ZIP_5) or a region code.
    string region_code = 2;

    // Several auxiliary tables can be used in the analysis. Each custom_tag
    // used to tag a quasi-identifiers field must appear in exactly one
    // field of one auxiliary table.
    repeated StatisticalTable auxiliary_tables = 3;
  }

  // Types of analysis.
  oneof type {
    // Numerical stats
    NumericalStatsConfig numerical_stats_config = 1;

    // Categorical stats
    CategoricalStatsConfig categorical_stats_config = 2;

    // K-anonymity
    KAnonymityConfig k_anonymity_config = 3;

    // l-diversity
    LDiversityConfig l_diversity_config = 4;

    // k-map
    KMapEstimationConfig k_map_estimation_config = 5;

    // delta-presence
    DeltaPresenceEstimationConfig delta_presence_estimation_config = 6;
  }
}

// Result of a risk analysis operation request.
message AnalyzeDataSourceRiskDetails {
  // Result of the numerical stats computation.
  message NumericalStatsResult {
    // Minimum value appearing in the column.
    Value min_value = 1;

    // Maximum value appearing in the column.
    Value max_value = 2;

    // List of 99 values that partition the set of field values into 100 equal
    // sized buckets.
    repeated Value quantile_values = 4;
  }

  // Result of the categorical stats computation.
  message CategoricalStatsResult {
    // Histogram of value frequencies in the column.
    message CategoricalStatsHistogramBucket {
      // Lower bound on the value frequency of the values in this bucket.
      int64 value_frequency_lower_bound = 1;

      // Upper bound on the value frequency of the values in this bucket.
      int64 value_frequency_upper_bound = 2;

      // Total number of values in this bucket.
      int64 bucket_size = 3;

      // Sample of value frequencies in this bucket. The total number of
      // values returned per bucket is capped at 20.
      repeated ValueFrequency bucket_values = 4;

      // Total number of distinct values in this bucket.
      int64 bucket_value_count = 5;
    }

    // Histogram of value frequencies in the column.
    repeated CategoricalStatsHistogramBucket value_frequency_histogram_buckets = 5;
  }

  // Result of the k-anonymity computation.
  message KAnonymityResult {
    // The set of columns' values that share the same ldiversity value
    message KAnonymityEquivalenceClass {
      // Set of values defining the equivalence class. One value per
      // quasi-identifier column in the original KAnonymity metric message.
      // The order is always the same as the original request.
      repeated Value quasi_ids_values = 1;

      // Size of the equivalence class, for example number of rows with the
      // above set of values.
      int64 equivalence_class_size = 2;
    }

    // Histogram of k-anonymity equivalence classes.
    message KAnonymityHistogramBucket {
      // Lower bound on the size of the equivalence classes in this bucket.
      int64 equivalence_class_size_lower_bound = 1;

      // Upper bound on the size of the equivalence classes in this bucket.
      int64 equivalence_class_size_upper_bound = 2;

      // Total number of equivalence classes in this bucket.
      int64 bucket_size = 3;

      // Sample of equivalence classes in this bucket. The total number of
      // classes returned per bucket is capped at 20.
      repeated KAnonymityEquivalenceClass bucket_values = 4;

      // Total number of distinct equivalence classes in this bucket.
      int64 bucket_value_count = 5;
    }

    // Histogram of k-anonymity equivalence classes.
    repeated KAnonymityHistogramBucket equivalence_class_histogram_buckets = 5;
  }

  // Result of the l-diversity computation.
  message LDiversityResult {
    // The set of columns' values that share the same ldiversity value.
    message LDiversityEquivalenceClass {
      // Quasi-identifier values defining the k-anonymity equivalence
      // class. The order is always the same as the original request.
      repeated Value quasi_ids_values = 1;

      // Size of the k-anonymity equivalence class.
      int64 equivalence_class_size = 2;

      // Number of distinct sensitive values in this equivalence class.
      int64 num_distinct_sensitive_values = 3;

      // Estimated frequencies of top sensitive values.
      repeated ValueFrequency top_sensitive_values = 4;
    }

    // Histogram of l-diversity equivalence class sensitive value frequencies.
    message LDiversityHistogramBucket {
      // Lower bound on the sensitive value frequencies of the equivalence
      // classes in this bucket.
      int64 sensitive_value_frequency_lower_bound = 1;

      // Upper bound on the sensitive value frequencies of the equivalence
      // classes in this bucket.
      int64 sensitive_value_frequency_upper_bound = 2;

      // Total number of equivalence classes in this bucket.
      int64 bucket_size = 3;

      // Sample of equivalence classes in this bucket. The total number of
      // classes returned per bucket is capped at 20.
      repeated LDiversityEquivalenceClass bucket_values = 4;

      // Total number of distinct equivalence classes in this bucket.
      int64 bucket_value_count = 5;
    }

    // Histogram of l-diversity equivalence class sensitive value frequencies.
    repeated LDiversityHistogramBucket sensitive_value_frequency_histogram_buckets = 5;
  }

  // Result of the reidentifiability analysis. Note that these results are an
  // estimation, not exact values.
  message KMapEstimationResult {
    // A tuple of values for the quasi-identifier columns.
    message KMapEstimationQuasiIdValues {
      // The quasi-identifier values.
      repeated Value quasi_ids_values = 1;

      // The estimated anonymity for these quasi-identifier values.
      int64 estimated_anonymity = 2;
    }

    // A KMapEstimationHistogramBucket message with the following values:
    //   min_anonymity: 3
    //   max_anonymity: 5
    //   frequency: 42
    // means that there are 42 records whose quasi-identifier values correspond
    // to 3, 4 or 5 people in the overlying population. An important particular
    // case is when min_anonymity = max_anonymity = 1: the frequency field then
    // corresponds to the number of uniquely identifiable records.
    message KMapEstimationHistogramBucket {
      // Always positive.
      int64 min_anonymity = 1;

      // Always greater than or equal to min_anonymity.
      int64 max_anonymity = 2;

      // Number of records within these anonymity bounds.
      int64 bucket_size = 5;

      // Sample of quasi-identifier tuple values in this bucket. The total
      // number of classes returned per bucket is capped at 20.
      repeated KMapEstimationQuasiIdValues bucket_values = 6;

      // Total number of distinct quasi-identifier tuple values in this bucket.
      int64 bucket_value_count = 7;
    }

    // The intervals [min_anonymity, max_anonymity] do not overlap. If a value
    // doesn't correspond to any such interval, the associated frequency is
    // zero. For example, the following records:
    //   {min_anonymity: 1, max_anonymity: 1, frequency: 17}
    //   {min_anonymity: 2, max_anonymity: 3, frequency: 42}
    //   {min_anonymity: 5, max_anonymity: 10, frequency: 99}
    // mean that there are no record with an estimated anonymity of 4, 5, or
    // larger than 10.
    repeated KMapEstimationHistogramBucket k_map_estimation_histogram = 1;
  }

  // Result of the δ-presence computation. Note that these results are an
  // estimation, not exact values.
  message DeltaPresenceEstimationResult {
    // A tuple of values for the quasi-identifier columns.
    message DeltaPresenceEstimationQuasiIdValues {
      // The quasi-identifier values.
      repeated Value quasi_ids_values = 1;

      // The estimated probability that a given individual sharing these
      // quasi-identifier values is in the dataset. This value, typically
      // called δ, is the ratio between the number of records in the dataset
      // with these quasi-identifier values, and the total number of individuals
      // (inside *and* outside the dataset) with these quasi-identifier values.
      // For example, if there are 15 individuals in the dataset who share the
      // same quasi-identifier values, and an estimated 100 people in the entire
      // population with these values, then δ is 0.15.
      double estimated_probability = 2;
    }

    // A DeltaPresenceEstimationHistogramBucket message with the following
    // values:
    //   min_probability: 0.1
    //   max_probability: 0.2
    //   frequency: 42
    // means that there are 42 records for which δ is in [0.1, 0.2). An
    // important particular case is when min_probability = max_probability = 1:
    // then, every individual who shares this quasi-identifier combination is in
    // the dataset.
    message DeltaPresenceEstimationHistogramBucket {
      // Between 0 and 1.
      double min_probability = 1;

      // Always greater than or equal to min_probability.
      double max_probability = 2;

      // Number of records within these probability bounds.
      int64 bucket_size = 5;

      // Sample of quasi-identifier tuple values in this bucket. The total
      // number of classes returned per bucket is capped at 20.
      repeated DeltaPresenceEstimationQuasiIdValues bucket_values = 6;

      // Total number of distinct quasi-identifier tuple values in this bucket.
      int64 bucket_value_count = 7;
    }

    // The intervals [min_probability, max_probability) do not overlap. If a
    // value doesn't correspond to any such interval, the associated frequency
    // is zero. For example, the following records:
    //   {min_probability: 0, max_probability: 0.1, frequency: 17}
    //   {min_probability: 0.2, max_probability: 0.3, frequency: 42}
    //   {min_probability: 0.3, max_probability: 0.4, frequency: 99}
    // mean that there are no record with an estimated probability in [0.1, 0.2)
    // nor larger or equal to 0.4.
    repeated DeltaPresenceEstimationHistogramBucket delta_presence_estimation_histogram = 1;
  }

  // Risk analysis options.
  message RequestedRiskAnalysisOptions {
    // The job config for the risk job.
    RiskAnalysisJobConfig job_config = 1;
  }

  // Privacy metric to compute.
  PrivacyMetric requested_privacy_metric = 1;

  // Input dataset to compute metrics over.
  BigQueryTable requested_source_table = 2;

  // Values associated with this metric.
  oneof result {
    // Numerical stats result
    NumericalStatsResult numerical_stats_result = 3;

    // Categorical stats result
    CategoricalStatsResult categorical_stats_result = 4;

    // K-anonymity result
    KAnonymityResult k_anonymity_result = 5;

    // L-divesity result
    LDiversityResult l_diversity_result = 6;

    // K-map result
    KMapEstimationResult k_map_estimation_result = 7;

    // Delta-presence result
    DeltaPresenceEstimationResult delta_presence_estimation_result = 9;
  }

  // The configuration used for this job.
  RequestedRiskAnalysisOptions requested_options = 10;
}

// A value of a field, including its frequency.
message ValueFrequency {
  // A value contained in the field in question.
  Value value = 1;

  // How many times the value is contained in the field.
  int64 count = 2;
}

// Set of primitive values supported by the system.
// Note that for the purposes of inspection or transformation, the number
// of bytes considered to comprise a 'Value' is based on its representation
// as a UTF-8 encoded string. For example, if 'integer_value' is set to
// 123456789, the number of bytes would be counted as 9, even though an
// int64 only holds up to 8 bytes of data.
message Value {
  // Value types
  oneof type {
    // integer
    int64 integer_value = 1;

    // float
    double float_value = 2;

    // string
    string string_value = 3;

    // boolean
    bool boolean_value = 4;

    // timestamp
    google.protobuf.Timestamp timestamp_value = 5;

    // time of day
    google.type.TimeOfDay time_value = 6;

    // date
    google.type.Date date_value = 7;

    // day of week
    google.type.DayOfWeek day_of_week_value = 8;
  }
}

// Message for infoType-dependent details parsed from quote.
message QuoteInfo {
  // Object representation of the quote.
  oneof parsed_quote {
    // The date time indicated by the quote.
    DateTime date_time = 2;
  }
}

// Message for a date time object.
// e.g. 2018-01-01, 5th August.
message DateTime {
  // Time zone of the date time object.
  message TimeZone {
    // Set only if the offset can be determined. Positive for time ahead of UTC.
    // E.g. For "UTC-9", this value is -540.
    int32 offset_minutes = 1;
  }

  // One or more of the following must be set.
  // Must be a valid date or time value.
  google.type.Date date = 1;

  // Day of week
  google.type.DayOfWeek day_of_week = 2;

  // Time of day
  google.type.TimeOfDay time = 3;

  // Time zone
  TimeZone time_zone = 4;
}

// The configuration that controls how the data will change.
message DeidentifyConfig {
  oneof transformation {
    // Treat the dataset as free-form text and apply the same free text
    // transformation everywhere.
    InfoTypeTransformations info_type_transformations = 1;

    // Treat the dataset as structured. Transformations can be applied to
    // specific locations within structured datasets, such as transforming
    // a column within a table.
    RecordTransformations record_transformations = 2;

    // Treat the dataset as an image and redact.
    ImageTransformations image_transformations = 4;
  }

  // Mode for handling transformation errors. If left unspecified, the default
  // mode is `TransformationErrorHandling.ThrowError`.
  TransformationErrorHandling transformation_error_handling = 3;
}

// A type of transformation that is applied over images.
message ImageTransformations {
  // Configuration for determining how redaction of images should occur.
  message ImageTransformation {
    // Apply transformation to the selected info_types.
    message SelectedInfoTypes {
      // Required. InfoTypes to apply the transformation to. Required. Provided InfoType
      // must be unique within the ImageTransformations message.
      repeated InfoType info_types = 5 [(google.api.field_behavior) = REQUIRED];
    }

    // Apply transformation to all findings.
    message AllInfoTypes {

    }

    // Apply to all text.
    message AllText {

    }

    oneof target {
      // Apply transformation to the selected info_types.
      SelectedInfoTypes selected_info_types = 4;

      // Apply transformation to all findings not specified in other
      // ImageTransformation's selected_info_types. Only one instance is allowed
      // within the ImageTransformations message.
      AllInfoTypes all_info_types = 5;

      // Apply transformation to all text that doesn't match an infoType. Only
      // one instance is allowed within the ImageTransformations message.
      AllText all_text = 6;
    }

    // The color to use when redacting content from an image. If not
    // specified, the default is black.
    Color redaction_color = 3;
  }

  repeated ImageTransformation transforms = 2;
}

// How to handle transformation errors during de-identification. A
// transformation error occurs when the requested transformation is incompatible
// with the data. For example, trying to de-identify an IP address using a
// `DateShift` transformation would result in a transformation error, since date
// info cannot be extracted from an IP address.
// Information about any incompatible transformations, and how they were
// handled, is returned in the response as part of the
// `TransformationOverviews`.
message TransformationErrorHandling {
  // Throw an error and fail the request when a transformation error occurs.
  message ThrowError {

  }

  // Skips the data without modifying it if the requested transformation would
  // cause an error. For example, if a `DateShift` transformation were applied
  // an an IP address, this mode would leave the IP address unchanged in the
  // response.
  message LeaveUntransformed {

  }

  // How transformation errors should be handled.
  oneof mode {
    // Throw an error
    ThrowError throw_error = 1;

    // Ignore errors
    LeaveUntransformed leave_untransformed = 2;
  }
}

// A rule for transforming a value.
message PrimitiveTransformation {
  oneof transformation {
    // Replace with a specified value.
    ReplaceValueConfig replace_config = 1;

    // Redact
    RedactConfig redact_config = 2;

    // Mask
    CharacterMaskConfig character_mask_config = 3;

    // Ffx-Fpe
    CryptoReplaceFfxFpeConfig crypto_replace_ffx_fpe_config = 4;

    // Fixed size bucketing
    FixedSizeBucketingConfig fixed_size_bucketing_config = 5;

    // Bucketing
    BucketingConfig bucketing_config = 6;

    // Replace with infotype
    ReplaceWithInfoTypeConfig replace_with_info_type_config = 7;

    // Time extraction
    TimePartConfig time_part_config = 8;

    // Crypto
    CryptoHashConfig crypto_hash_config = 9;

    // Date Shift
    DateShiftConfig date_shift_config = 11;

    // Deterministic Crypto
    CryptoDeterministicConfig crypto_deterministic_config = 12;

    // Replace with a value randomly drawn (with replacement) from a dictionary.
    ReplaceDictionaryConfig replace_dictionary_config = 13;
  }
}

// For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a
// portion of the value.
message TimePartConfig {
  // Components that make up time.
  enum TimePart {
    // Unused
    TIME_PART_UNSPECIFIED = 0;

    // [0-9999]
    YEAR = 1;

    // [1-12]
    MONTH = 2;

    // [1-31]
    DAY_OF_MONTH = 3;

    // [1-7]
    DAY_OF_WEEK = 4;

    // [1-53]
    WEEK_OF_YEAR = 5;

    // [0-23]
    HOUR_OF_DAY = 6;
  }

  // The part of the time to keep.
  TimePart part_to_extract = 1;
}

// Pseudonymization method that generates surrogates via cryptographic hashing.
// Uses SHA-256.
// The key size must be either 32 or 64 bytes.
// Outputs a base64 encoded representation of the hashed output
// (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
// Currently, only string and integer values can be hashed.
// See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
message CryptoHashConfig {
  // The key used by the hash function.
  CryptoKey crypto_key = 1;
}

// Pseudonymization method that generates deterministic encryption for the given
// input. Outputs a base64 encoded representation of the encrypted output.
// Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
message CryptoDeterministicConfig {
  // The key used by the encryption function. For deterministic encryption
  // using AES-SIV, the provided key is internally expanded to 64 bytes prior to
  // use.
  CryptoKey crypto_key = 1;

  // The custom info type to annotate the surrogate with.
  // This annotation will be applied to the surrogate by prefixing it with
  // the name of the custom info type followed by the number of
  // characters comprising the surrogate. The following scheme defines the
  // format: {info type name}({surrogate character count}):{surrogate}
  //
  // For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
  // the surrogate is 'abc', the full replacement value
  // will be: 'MY_TOKEN_INFO_TYPE(3):abc'
  //
  // This annotation identifies the surrogate when inspecting content using the
  // custom info type 'Surrogate'. This facilitates reversal of the
  // surrogate when it occurs in free text.
  //
  // Note: For record transformations where the entire cell in a table is being
  // transformed, surrogates are not mandatory. Surrogates are used to denote
  // the location of the token and are necessary for re-identification in free
  // form text.
  //
  // In order for inspection to work properly, the name of this info type must
  // not occur naturally anywhere in your data; otherwise, inspection may either
  //
  // - reverse a surrogate that does not correspond to an actual identifier
  // - be unable to parse the surrogate and result in an error
  //
  // Therefore, choose your custom info type name carefully after considering
  // what your data looks like. One way to select a name that has a high chance
  // of yielding reliable detection is to include one or more unicode characters
  // that are highly improbable to exist in your data.
  // For example, assuming your data is entered from a regular ASCII keyboard,
  // the symbol with the hex code point 29DD might be used like so:
  // ⧝MY_TOKEN_TYPE.
  InfoType surrogate_info_type = 2;

  // A context may be used for higher security and maintaining
  // referential integrity such that the same identifier in two different
  // contexts will be given a distinct surrogate. The context is appended to
  // plaintext value being encrypted. On decryption the provided context is
  // validated against the value used during encryption. If a context was
  // provided during encryption, same context must be provided during decryption
  // as well.
  //
  // If the context is not set, plaintext would be used as is for encryption.
  // If the context is set but:
  //
  // 1. there is no record present when transforming a given value or
  // 2. the field is not present when transforming a given value,
  //
  // plaintext would be used as is for encryption.
  //
  // Note that case (1) is expected when an `InfoTypeTransformation` is
  // applied to both structured and unstructured `ContentItem`s.
  FieldId context = 3;
}

// Replace each input value with a given `Value`.
message ReplaceValueConfig {
  // Value to replace it with.
  Value new_value = 1;
}

// Replace each input value with a value randomly selected from the dictionary.
message ReplaceDictionaryConfig {
  oneof type {
    // A list of words to select from for random replacement. The
    // [limits](https://cloud.google.com/dlp/limits) page contains details about
    // the size limits of dictionaries.
    CustomInfoType.Dictionary.WordList word_list = 1;
  }
}

// Replace each matching finding with the name of the info_type.
message ReplaceWithInfoTypeConfig {

}

// Redact a given value. For example, if used with an `InfoTypeTransformation`
// transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
// output would be 'My phone number is '.
message RedactConfig {

}

// Characters to skip when doing deidentification of a value. These will be left
// alone and skipped.
message CharsToIgnore {
  // Convenience enum for indicating common characters to not transform.
  enum CommonCharsToIgnore {
    // Unused.
    COMMON_CHARS_TO_IGNORE_UNSPECIFIED = 0;

    // 0-9
    NUMERIC = 1;

    // A-Z
    ALPHA_UPPER_CASE = 2;

    // a-z
    ALPHA_LOWER_CASE = 3;

    // US Punctuation, one of !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
    PUNCTUATION = 4;

    // Whitespace character, one of [ \t\n\x0B\f\r]
    WHITESPACE = 5;
  }

  oneof characters {
    // Characters to not transform when masking.
    string characters_to_skip = 1;

    // Common characters to not transform when masking. Useful to avoid removing
    // punctuation.
    CommonCharsToIgnore common_characters_to_ignore = 2;
  }
}

// Partially mask a string by replacing a given number of characters with a
// fixed character. Masking can start from the beginning or end of the string.
// This can be used on data of any type (numbers, longs, and so on) and when
// de-identifying structured data we'll attempt to preserve the original data's
// type. (This allows you to take a long like 123 and modify it to a string like
// **3.
message CharacterMaskConfig {
  // Character to use to mask the sensitive values&mdash;for example, `*` for an
  // alphabetic string such as a name, or `0` for a numeric string such as ZIP
  // code or credit card number. This string must have a length of 1. If not
  // supplied, this value defaults to `*` for strings, and `0` for digits.
  string masking_character = 1;

  // Number of characters to mask. If not set, all matching chars will be
  // masked. Skipped characters do not count towards this tally.
  //
  // If `number_to_mask` is negative, this denotes inverse masking. Cloud DLP
  // masks all but a number of characters.
  // For example, suppose you have the following values:
  //
  // - `masking_character` is `*`
  // - `number_to_mask` is `-4`
  // - `reverse_order` is `false`
  // - `CharsToIgnore` includes `-`
  // - Input string is `1234-5678-9012-3456`
  //
  // The resulting de-identified string is
  // `****-****-****-3456`. Cloud DLP masks all but the last four characters.
  // If `reverse_order` is `true`, all but the first four characters are masked
  // as `1234-****-****-****`.
  int32 number_to_mask = 2;

  // Mask characters in reverse order. For example, if `masking_character` is
  // `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
  // input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
  // If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
  // is `true`, then the string `12345` is masked as `12***`.
  bool reverse_order = 3;

  // When masking a string, items in this list will be skipped when replacing
  // characters. For example, if the input string is `555-555-5555` and you
  // instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
  // returns `***-**5-5555`.
  repeated CharsToIgnore characters_to_ignore = 4;
}

// Buckets values based on fixed size ranges. The
// Bucketing transformation can provide all of this functionality,
// but requires more configuration. This message is provided as a convenience to
// the user for simple bucketing strategies.
//
// The transformed value will be a hyphenated string of
// {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound
// = 20, all values that are within this bucket will be replaced with "10-20".
//
// This can be used on data of type: double, long.
//
// If the bound Value type differs from the type of data
// being transformed, we will first attempt converting the type of the data to
// be transformed to match the type of the bound before comparing.
//
// See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
message FixedSizeBucketingConfig {
  // Required. Lower bound value of buckets. All values less than `lower_bound` are
  // grouped together into a single bucket; for example if `lower_bound` = 10,
  // then all values less than 10 are replaced with the value "-10".
  Value lower_bound = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. Upper bound value of buckets. All values greater than upper_bound are
  // grouped together into a single bucket; for example if `upper_bound` = 89,
  // then all values greater than 89 are replaced with the value "89+".
  Value upper_bound = 2 [(google.api.field_behavior) = REQUIRED];

  // Required. Size of each bucket (except for minimum and maximum buckets). So if
  // `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
  // following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
  // 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
  double bucket_size = 3 [(google.api.field_behavior) = REQUIRED];
}

// Generalization function that buckets values based on ranges. The ranges and
// replacement values are dynamically provided by the user for custom behavior,
// such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH
// This can be used on
// data of type: number, long, string, timestamp.
// If the bound `Value` type differs from the type of data being transformed, we
// will first attempt converting the type of the data to be transformed to match
// the type of the bound before comparing.
// See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
message BucketingConfig {
  // Bucket is represented as a range, along with replacement values.
  message Bucket {
    // Lower bound of the range, inclusive. Type should be the same as max if
    // used.
    Value min = 1;

    // Upper bound of the range, exclusive; type must match min.
    Value max = 2;

    // Required. Replacement value for this bucket.
    Value replacement_value = 3 [(google.api.field_behavior) = REQUIRED];
  }

  // Set of buckets. Ranges must be non-overlapping.
  repeated Bucket buckets = 1;
}

// Replaces an identifier with a surrogate using Format Preserving Encryption
// (FPE) with the FFX mode of operation; however when used in the
// `ReidentifyContent` API method, it serves the opposite function by reversing
// the surrogate back into the original identifier. The identifier must be
// encoded as ASCII. For a given crypto key and context, the same identifier
// will be replaced with the same surrogate. Identifiers must be at least two
// characters long. In the case that the identifier is the empty string, it will
// be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
// more.
//
// Note: We recommend using  CryptoDeterministicConfig for all use cases which
// do not require preserving the input alphabet space and size, plus warrant
// referential integrity.
message CryptoReplaceFfxFpeConfig {
  // These are commonly used subsets of the alphabet that the FFX mode
  // natively supports. In the algorithm, the alphabet is selected using
  // the "radix". Therefore each corresponds to a particular radix.
  enum FfxCommonNativeAlphabet {
    // Unused.
    FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0;

    // `[0-9]` (radix of 10)
    NUMERIC = 1;

    // `[0-9A-F]` (radix of 16)
    HEXADECIMAL = 2;

    // `[0-9A-Z]` (radix of 36)
    UPPER_CASE_ALPHA_NUMERIC = 3;

    // `[0-9A-Za-z]` (radix of 62)
    ALPHA_NUMERIC = 4;
  }

  // Required. The key used by the encryption algorithm.
  CryptoKey crypto_key = 1 [(google.api.field_behavior) = REQUIRED];

  // The 'tweak', a context may be used for higher security since the same
  // identifier in two different contexts won't be given the same surrogate. If
  // the context is not set, a default tweak will be used.
  //
  // If the context is set but:
  //
  // 1. there is no record present when transforming a given value or
  // 1. the field is not present when transforming a given value,
  //
  // a default tweak will be used.
  //
  // Note that case (1) is expected when an `InfoTypeTransformation` is
  // applied to both structured and unstructured `ContentItem`s.
  // Currently, the referenced field may be of value type integer or string.
  //
  // The tweak is constructed as a sequence of bytes in big endian byte order
  // such that:
  //
  // - a 64 bit integer is encoded followed by a single byte of value 1
  // - a string is encoded in UTF-8 format followed by a single byte of value 2
  FieldId context = 2;

  // Choose an alphabet which the data being transformed will be made up of.
  oneof alphabet {
    // Common alphabets.
    FfxCommonNativeAlphabet common_alphabet = 4;

    // This is supported by mapping these to the alphanumeric characters
    // that the FFX mode natively supports. This happens before/after
    // encryption/decryption.
    // Each character listed must appear only once.
    // Number of characters must be in the range [2, 95].
    // This must be encoded as ASCII.
    // The order of characters does not matter.
    // The full list of allowed characters is:
    // <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
    // ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
    string custom_alphabet = 5;

    // The native way to select the alphabet. Must be in the range [2, 95].
    int32 radix = 6;
  }

  // The custom infoType to annotate the surrogate with.
  // This annotation will be applied to the surrogate by prefixing it with
  // the name of the custom infoType followed by the number of
  // characters comprising the surrogate. The following scheme defines the
  // format: info_type_name(surrogate_character_count):surrogate
  //
  // For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
  // the surrogate is 'abc', the full replacement value
  // will be: 'MY_TOKEN_INFO_TYPE(3):abc'
  //
  // This annotation identifies the surrogate when inspecting content using the
  // custom infoType
  // [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
  // This facilitates reversal of the surrogate when it occurs in free text.
  //
  // In order for inspection to work properly, the name of this infoType must
  // not occur naturally anywhere in your data; otherwise, inspection may
  // find a surrogate that does not correspond to an actual identifier.
  // Therefore, choose your custom infoType name carefully after considering
  // what your data looks like. One way to select a name that has a high chance
  // of yielding reliable detection is to include one or more unicode characters
  // that are highly improbable to exist in your data.
  // For example, assuming your data is entered from a regular ASCII keyboard,
  // the symbol with the hex code point 29DD might be used like so:
  // ⧝MY_TOKEN_TYPE
  InfoType surrogate_info_type = 8;
}

// This is a data encryption key (DEK) (as opposed to
// a key encryption key (KEK) stored by Cloud Key Management Service
// (Cloud KMS).
// When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate
// IAM policy on the KEK to ensure an attacker cannot
// unwrap the DEK.
message CryptoKey {
  // Sources of crypto keys.
  oneof source {
    // Transient crypto key
    TransientCryptoKey transient = 1;

    // Unwrapped crypto key
    UnwrappedCryptoKey unwrapped = 2;

    // Key wrapped using Cloud KMS
    KmsWrappedCryptoKey kms_wrapped = 3;
  }
}

// Use this to have a random data crypto key generated.
// It will be discarded after the request finishes.
message TransientCryptoKey {
  // Required. Name of the key.
  // This is an arbitrary string used to differentiate different keys.
  // A unique key is generated per name: two separate `TransientCryptoKey`
  // protos share the same generated key if their names are the same.
  // When the data crypto key is generated, this name is not used in any way
  // (repeating the api call will result in a different key being generated).
  string name = 1 [(google.api.field_behavior) = REQUIRED];
}

// Using raw keys is prone to security risks due to accidentally
// leaking the key. Choose another type of key if possible.
message UnwrappedCryptoKey {
  // Required. A 128/192/256 bit key.
  bytes key = 1 [(google.api.field_behavior) = REQUIRED];
}

// Include to use an existing data crypto key wrapped by KMS.
// The wrapped key must be a 128-, 192-, or 256-bit key.
// Authorization requires the following IAM permissions when sending a request
// to perform a crypto transformation using a KMS-wrapped crypto key:
// dlp.kms.encrypt
//
// For more information, see [Creating a wrapped key]
// (https://cloud.google.com/dlp/docs/create-wrapped-key).
//
// Note: When you use Cloud KMS for cryptographic operations,
// [charges apply](https://cloud.google.com/kms/pricing).
message KmsWrappedCryptoKey {
  // Required. The wrapped data crypto key.
  bytes wrapped_key = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. The resource name of the KMS CryptoKey to use for unwrapping.
  string crypto_key_name = 2 [(google.api.field_behavior) = REQUIRED];
}

// Shifts dates by random number of days, with option to be consistent for the
// same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
// to learn more.
message DateShiftConfig {
  // Required. Range of shift in days. Actual shift will be selected at random within this
  // range (inclusive ends). Negative means shift to earlier in time. Must not
  // be more than 365250 days (1000 years) each direction.
  //
  // For example, 3 means shift date to at most 3 days into the future.
  int32 upper_bound_days = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. For example, -5 means shift date to at most 5 days back in the past.
  int32 lower_bound_days = 2 [(google.api.field_behavior) = REQUIRED];

  // Points to the field that contains the context, for example, an entity id.
  // If set, must also set cryptoKey. If set, shift will be consistent for the
  // given context.
  FieldId context = 3;

  // Method for calculating shift that takes context into consideration. If
  // set, must also set context. Can only be applied to table items.
  oneof method {
    // Causes the shift to be computed based on this key and the context. This
    // results in the same shift for the same context and crypto_key. If
    // set, must also set context. Can only be applied to table items.
    CryptoKey crypto_key = 4;
  }
}

// A type of transformation that will scan unstructured text and
// apply various `PrimitiveTransformation`s to each finding, where the
// transformation is applied to only values that were identified as a specific
// info_type.
message InfoTypeTransformations {
  // A transformation to apply to text that is identified as a specific
  // info_type.
  message InfoTypeTransformation {
    // InfoTypes to apply the transformation to. An empty list will cause
    // this transformation to apply to all findings that correspond to
    // infoTypes that were requested in `InspectConfig`.
    repeated InfoType info_types = 1;

    // Required. Primitive transformation to apply to the infoType.
    PrimitiveTransformation primitive_transformation = 2 [(google.api.field_behavior) = REQUIRED];
  }

  // Required. Transformation for each infoType. Cannot specify more than one
  // for a given infoType.
  repeated InfoTypeTransformation transformations = 1 [(google.api.field_behavior) = REQUIRED];
}

// The transformation to apply to the field.
message FieldTransformation {
  // Required. Input field(s) to apply the transformation to.
  // When you have columns that reference their position within a list,
  // omit the index from the FieldId. FieldId name matching ignores the index.
  // For example, instead of "contact.nums[0].type", use "contact.nums.type".
  repeated FieldId fields = 1 [(google.api.field_behavior) = REQUIRED];

  // Only apply the transformation if the condition evaluates to true for the
  // given `RecordCondition`. The conditions are allowed to reference fields
  // that are not used in the actual transformation.
  //
  // Example Use Cases:
  //
  // - Apply a different bucket transformation to an age column if the zip code
  // column for the same record is within a specific range.
  // - Redact a field if the date of birth field is greater than 85.
  RecordCondition condition = 3;

  // Transformation to apply. [required]
  oneof transformation {
    // Apply the transformation to the entire field.
    PrimitiveTransformation primitive_transformation = 4;

    // Treat the contents of the field as free text, and selectively
    // transform content that matches an `InfoType`.
    InfoTypeTransformations info_type_transformations = 5;
  }
}

// A type of transformation that is applied over structured data such as a
// table.
message RecordTransformations {
  // Transform the record by applying various field transformations.
  repeated FieldTransformation field_transformations = 1;

  // Configuration defining which records get suppressed entirely. Records that
  // match any suppression rule are omitted from the output.
  repeated RecordSuppression record_suppressions = 2;
}

// Configuration to suppress records whose suppression conditions evaluate to
// true.
message RecordSuppression {
  // A condition that when it evaluates to true will result in the record being
  // evaluated to be suppressed from the transformed content.
  RecordCondition condition = 1;
}

// A condition for determining whether a transformation should be applied to
// a field.
message RecordCondition {
  // The field type of `value` and `field` do not need to match to be
  // considered equal, but not all comparisons are possible.
  // EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
  // but all other comparisons are invalid with incompatible types.
  // A `value` of type:
  //
  // - `string` can be compared against all other types
  // - `boolean` can only be compared against other booleans
  // - `integer` can be compared against doubles or a string if the string value
  // can be parsed as an integer.
  // - `double` can be compared against integers or a string if the string can
  // be parsed as a double.
  // - `Timestamp` can be compared against strings in RFC 3339 date string
  // format.
  // - `TimeOfDay` can be compared against timestamps and strings in the format
  // of 'HH:mm:ss'.
  //
  // If we fail to compare do to type mismatch, a warning will be given and
  // the condition will evaluate to false.
  message Condition {
    // Required. Field within the record this condition is evaluated against.
    FieldId field = 1 [(google.api.field_behavior) = REQUIRED];

    // Required. Operator used to compare the field or infoType to the value.
    RelationalOperator operator = 3 [(google.api.field_behavior) = REQUIRED];

    // Value to compare against. [Mandatory, except for `EXISTS` tests.]
    Value value = 4;
  }

  // A collection of conditions.
  message Conditions {
    // A collection of conditions.
    repeated Condition conditions = 1;
  }

  // An expression, consisting of an operator and conditions.
  message Expressions {
    // Logical operators for conditional checks.
    enum LogicalOperator {
      // Unused
      LOGICAL_OPERATOR_UNSPECIFIED = 0;

      // Conditional AND
      AND = 1;
    }

    // The operator to apply to the result of conditions. Default and currently
    // only supported value is `AND`.
    LogicalOperator logical_operator = 1;

    // Expression types.
    oneof type {
      // Conditions to apply to the expression.
      Conditions conditions = 3;
    }
  }

  // An expression.
  Expressions expressions = 3;
}

// Overview of the modifications that occurred.
message TransformationOverview {
  // Total size in bytes that were transformed in some way.
  int64 transformed_bytes = 2;

  // Transformations applied to the dataset.
  repeated TransformationSummary transformation_summaries = 3;
}

// Summary of a single transformation.
// Only one of 'transformation', 'field_transformation', or 'record_suppress'
// will be set.
message TransformationSummary {
  // Possible outcomes of transformations.
  enum TransformationResultCode {
    // Unused
    TRANSFORMATION_RESULT_CODE_UNSPECIFIED = 0;

    // Transformation completed without an error.
    SUCCESS = 1;

    // Transformation had an error.
    ERROR = 2;
  }

  // A collection that informs the user the number of times a particular
  // `TransformationResultCode` and error details occurred.
  message SummaryResult {
    // Number of transformations counted by this result.
    int64 count = 1;

    // Outcome of the transformation.
    TransformationResultCode code = 2;

    // A place for warnings or errors to show up if a transformation didn't
    // work as expected.
    string details = 3;
  }

  // Set if the transformation was limited to a specific InfoType.
  InfoType info_type = 1;

  // Set if the transformation was limited to a specific FieldId.
  FieldId field = 2;

  // The specific transformation these stats apply to.
  PrimitiveTransformation transformation = 3;

  // The field transformation that was applied.
  // If multiple field transformations are requested for a single field,
  // this list will contain all of them; otherwise, only one is supplied.
  repeated FieldTransformation field_transformations = 5;

  // The specific suppression option these stats apply to.
  RecordSuppression record_suppress = 6;

  // Collection of all transformations that took place or had an error.
  repeated SummaryResult results = 4;

  // Total size in bytes that were transformed in some way.
  int64 transformed_bytes = 7;
}

// A flattened description of a `PrimitiveTransformation` or
// `RecordSuppression`.
message TransformationDescription {
  // The transformation type.
  TransformationType type = 1;

  // A description of the transformation. This is empty for a
  // RECORD_SUPPRESSION, or is the output of calling toString() on the
  // `PrimitiveTransformation` protocol buffer message for any other type of
  // transformation.
  string description = 2;

  // A human-readable string representation of the `RecordCondition`
  // corresponding to this transformation. Set if a `RecordCondition` was used
  // to determine whether or not to apply this transformation.
  //
  // Examples:
  //     * (age_field > 85)
  //     * (age_field <= 18)
  //     * (zip_field exists)
  //     * (zip_field == 01234) && (city_field != "Springville")
  //     * (zip_field == 01234) && (age_field <= 18) && (city_field exists)
  string condition = 3;

  // Set if the transformation was limited to a specific `InfoType`.
  InfoType info_type = 4;
}

// Details about a single transformation. This object contains a description of
// the transformation, information about whether the transformation was
// successfully applied, and the precise location where the transformation
// occurred. These details are stored in a user-specified BigQuery table.
message TransformationDetails {
  // The name of the job that completed the transformation.
  string resource_name = 1;

  // The top level name of the container where the transformation is located
  // (this will be the source file name or table name).
  string container_name = 2;

  // Description of transformation. This would only contain more than one
  // element if there were multiple matching transformations and which one to
  // apply was ambiguous. Not set for states that contain no transformation,
  // currently only state that contains no transformation is
  // TransformationResultStateType.METADATA_UNRETRIEVABLE.
  repeated TransformationDescription transformation = 3;

  // Status of the transformation, if transformation was not successful, this
  // will specify what caused it to fail, otherwise it will show that the
  // transformation was successful.
  TransformationResultStatus status_details = 4;

  // The number of bytes that were transformed. If transformation was
  // unsuccessful or did not take place because there was no content to
  // transform, this will be zero.
  int64 transformed_bytes = 5;

  // The precise location of the transformed content in the original container.
  TransformationLocation transformation_location = 6;
}

// Specifies the location of a transformation.
message TransformationLocation {
  oneof location_type {
    // For infotype transformations, link to the corresponding findings ID so
    // that location information does not need to be duplicated. Each findings
    // ID correlates to an entry in the findings output table, this table only
    // gets created when users specify to save findings (add the save findings
    // action to the request).
    string finding_id = 1;

    // For record transformations, provide a field and container information.
    RecordTransformation record_transformation = 2;
  }

  // Information about the functionality of the container where this finding
  // occurred, if available.
  TransformationContainerType container_type = 3;
}

message RecordTransformation {
  // For record transformations, provide a field.
  FieldId field_id = 1;

  // Findings container modification timestamp, if applicable.
  google.protobuf.Timestamp container_timestamp = 2;

  // Container version, if available ("generation" for Cloud Storage).
  string container_version = 3;
}

message TransformationResultStatus {
  // Transformation result status type, this will be either SUCCESS, or it will
  // be the reason for why the transformation was not completely successful.
  TransformationResultStatusType result_status_type = 1;

  // Detailed error codes and messages
  google.rpc.Status details = 2;
}

// Enum of possible outcomes of transformations. SUCCESS if transformation and
// storing of transformation was successful, otherwise, reason for not
// transforming.
enum TransformationResultStatusType {
  STATE_TYPE_UNSPECIFIED = 0;

  // This will be set when a finding could not be transformed (i.e. outside user
  // set bucket range).
  INVALID_TRANSFORM = 1;

  // This will be set when a BigQuery transformation was successful but could
  // not be stored back in BigQuery because the transformed row exceeds
  // BigQuery's max row size.
  BIGQUERY_MAX_ROW_SIZE_EXCEEDED = 2;

  // This will be set when there is a finding in the custom metadata of a file,
  // but at the write time of the transformed file, this key / value pair is
  // unretrievable.
  METADATA_UNRETRIEVABLE = 3;

  // This will be set when the transformation and storing of it is successful.
  SUCCESS = 4;
}

// Describes functionality of a given container in its original format.
enum TransformationContainerType {
  TRANSFORM_UNKNOWN_CONTAINER = 0;

  TRANSFORM_BODY = 1;

  TRANSFORM_METADATA = 2;

  TRANSFORM_TABLE = 3;
}

// An enum of rules that can be used to transform a value. Can be a
// record suppression, or one of the transformation rules specified under
// `PrimitiveTransformation`.
enum TransformationType {
  // Unused
  TRANSFORMATION_TYPE_UNSPECIFIED = 0;

  // Record suppression
  RECORD_SUPPRESSION = 1;

  // Replace value
  REPLACE_VALUE = 2;

  // Replace value using a dictionary.
  REPLACE_DICTIONARY = 15;

  // Redact
  REDACT = 3;

  // Character mask
  CHARACTER_MASK = 4;

  // FFX-FPE
  CRYPTO_REPLACE_FFX_FPE = 5;

  // Fixed size bucketing
  FIXED_SIZE_BUCKETING = 6;

  // Bucketing
  BUCKETING = 7;

  // Replace with info type
  REPLACE_WITH_INFO_TYPE = 8;

  // Time part
  TIME_PART = 9;

  // Crypto hash
  CRYPTO_HASH = 10;

  // Date shift
  DATE_SHIFT = 12;

  // Deterministic crypto
  CRYPTO_DETERMINISTIC_CONFIG = 13;

  // Redact image
  REDACT_IMAGE = 14;
}

// Config for storing transformation details.
message TransformationDetailsStorageConfig {
  // Location to store the transformation summary.
  oneof type {
    // The BigQuery table in which to store the output. This may be an existing
    // table or in a new table in an existing dataset.
    // If table_id is not set a new one will be generated for you with the
    // following format:
    // dlp_googleapis_transformation_details_yyyy_mm_dd_[dlp_job_id]. Pacific
    // time zone will be used for generating the date details.
    BigQueryTable table = 1;
  }
}

// Schedule for inspect job triggers.
message Schedule {
  oneof option {
    // With this option a job is started on a regular periodic basis. For
    // example: every day (86400 seconds).
    //
    // A scheduled start time will be skipped if the previous
    // execution has not ended when its scheduled time occurs.
    //
    // This value must be set to a time duration greater than or equal
    // to 1 day and can be no longer than 60 days.
    google.protobuf.Duration recurrence_period_duration = 1;
  }
}

// Job trigger option for hybrid jobs. Jobs must be manually created
// and finished.
message Manual {

}

// The inspectTemplate contains a configuration (set of types of sensitive data
// to be detected) to be used anywhere you otherwise would normally specify
// InspectConfig. See https://cloud.google.com/dlp/docs/concepts-templates
// to learn more.
message InspectTemplate {
  option (google.api.resource) = {
    type: "dlp.googleapis.com/InspectTemplate"
    pattern: "organizations/{organization}/inspectTemplates/{inspect_template}"
    pattern: "projects/{project}/inspectTemplates/{inspect_template}"
    pattern: "organizations/{organization}/locations/{location}/inspectTemplates/{inspect_template}"
    pattern: "projects/{project}/locations/{location}/inspectTemplates/{inspect_template}"
  };

  // Output only. The template name.
  //
  // The template will have one of the following formats:
  // `projects/PROJECT_ID/inspectTemplates/TEMPLATE_ID` OR
  // `organizations/ORGANIZATION_ID/inspectTemplates/TEMPLATE_ID`;
  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Display name (max 256 chars).
  string display_name = 2;

  // Short description (max 256 chars).
  string description = 3;

  // Output only. The creation timestamp of an inspectTemplate.
  google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The last update timestamp of an inspectTemplate.
  google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY];

  // The core content of the template. Configuration of the scanning process.
  InspectConfig inspect_config = 6;
}

// DeidentifyTemplates contains instructions on how to de-identify content.
// See https://cloud.google.com/dlp/docs/concepts-templates to learn more.
message DeidentifyTemplate {
  option (google.api.resource) = {
    type: "dlp.googleapis.com/DeidentifyTemplate"
    pattern: "organizations/{organization}/deidentifyTemplates/{deidentify_template}"
    pattern: "projects/{project}/deidentifyTemplates/{deidentify_template}"
    pattern: "organizations/{organization}/locations/{location}/deidentifyTemplates/{deidentify_template}"
    pattern: "projects/{project}/locations/{location}/deidentifyTemplates/{deidentify_template}"
  };

  // Output only. The template name.
  //
  // The template will have one of the following formats:
  // `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR
  // `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Display name (max 256 chars).
  string display_name = 2;

  // Short description (max 256 chars).
  string description = 3;

  // Output only. The creation timestamp of an inspectTemplate.
  google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The last update timestamp of an inspectTemplate.
  google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY];

  // The core content of the template.
  DeidentifyConfig deidentify_config = 6;
}

// Details information about an error encountered during job execution or
// the results of an unsuccessful activation of the JobTrigger.
message Error {
  // Detailed error codes and messages.
  google.rpc.Status details = 1;

  // The times the error occurred.
  repeated google.protobuf.Timestamp timestamps = 2;
}

// Contains a configuration to make dlp api calls on a repeating basis.
// See https://cloud.google.com/dlp/docs/concepts-job-triggers to learn more.
message JobTrigger {
  option (google.api.resource) = {
    type: "dlp.googleapis.com/JobTrigger"
    pattern: "projects/{project}/jobTriggers/{job_trigger}"
    pattern: "projects/{project}/locations/{location}/jobTriggers/{job_trigger}"
  };

  // What event needs to occur for a new job to be started.
  message Trigger {
    oneof trigger {
      // Create a job on a repeating basis based on the elapse of time.
      Schedule schedule = 1;

      // For use with hybrid jobs. Jobs must be manually created and finished.
      Manual manual = 2;
    }
  }

  // Whether the trigger is currently active. If PAUSED or CANCELLED, no jobs
  // will be created with this configuration. The service may automatically
  // pause triggers experiencing frequent errors. To restart a job, set the
  // status to HEALTHY after correcting user errors.
  enum Status {
    // Unused.
    STATUS_UNSPECIFIED = 0;

    // Trigger is healthy.
    HEALTHY = 1;

    // Trigger is temporarily paused.
    PAUSED = 2;

    // Trigger is cancelled and can not be resumed.
    CANCELLED = 3;
  }

  // Unique resource name for the triggeredJob, assigned by the service when the
  // triggeredJob is created, for example
  // `projects/dlp-test-project/jobTriggers/53234423`.
  string name = 1;

  // Display name (max 100 chars)
  string display_name = 2;

  // User provided description (max 256 chars)
  string description = 3;

  // The configuration details for the specific type of job to run.
  oneof job {
    // For inspect jobs, a snapshot of the configuration.
    InspectJobConfig inspect_job = 4;
  }

  // A list of triggers which will be OR'ed together. Only one in the list
  // needs to trigger for a job to be started. The list may contain only
  // a single Schedule trigger and must have at least one object.
  repeated Trigger triggers = 5;

  // Output only. A stream of errors encountered when the trigger was activated. Repeated
  // errors may result in the JobTrigger automatically being paused.
  // Will return the last 100 errors. Whenever the JobTrigger is modified
  // this list will be cleared.
  repeated Error errors = 6 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The creation timestamp of a triggeredJob.
  google.protobuf.Timestamp create_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The last update timestamp of a triggeredJob.
  google.protobuf.Timestamp update_time = 8 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The timestamp of the last time this trigger executed.
  google.protobuf.Timestamp last_run_time = 9 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Required. A status for this trigger.
  Status status = 10 [(google.api.field_behavior) = REQUIRED];
}

// A task to execute on the completion of a job.
// See https://cloud.google.com/dlp/docs/concepts-actions to learn more.
message Action {
  // If set, the detailed findings will be persisted to the specified
  // OutputStorageConfig. Only a single instance of this action can be
  // specified.
  // Compatible with: Inspect, Risk
  message SaveFindings {
    // Location to store findings outside of DLP.
    OutputStorageConfig output_config = 1;
  }

  // Publish a message into a given Pub/Sub topic when DlpJob has completed. The
  // message contains a single field, `DlpJobName`, which is equal to the
  // finished job's
  // [`DlpJob.name`](https://cloud.google.com/dlp/docs/reference/rest/v2/projects.dlpJobs#DlpJob).
  // Compatible with: Inspect, Risk
  message PublishToPubSub {
    // Cloud Pub/Sub topic to send notifications to. The topic must have given
    // publishing access rights to the DLP API service account executing
    // the long running DlpJob sending the notifications.
    // Format is projects/{project}/topics/{topic}.
    string topic = 1;
  }

  // Publish the result summary of a DlpJob to the Cloud Security
  // Command Center (CSCC Alpha).
  // This action is only available for projects which are parts of
  // an organization and whitelisted for the alpha Cloud Security Command
  // Center.
  // The action will publish the count of finding instances and their info
  // types. The summary of findings will be persisted in CSCC and are governed
  // by CSCC service-specific policy, see
  // https://cloud.google.com/terms/service-terms Only a single instance of this
  // action can be specified. Compatible with: Inspect
  message PublishSummaryToCscc {

  }

  // Publish findings of a DlpJob to Data Catalog. In Data Catalog, tag
  // templates are applied to the resource that Cloud DLP scanned. Data
  // Catalog tag templates are stored in the same project and region where the
  // BigQuery table exists. For Cloud DLP to create and apply the tag template,
  // the Cloud DLP service agent must have the
  // `roles/datacatalog.tagTemplateOwner` permission on the project. The tag
  // template contains fields summarizing the results of the DlpJob. Any field
  // values previously written by another DlpJob are deleted. [InfoType naming
  // patterns][google.privacy.dlp.v2.InfoType] are strictly enforced when using
  // this feature.
  //
  // Findings are persisted in Data Catalog storage and are governed by
  // service-specific policies for Data Catalog. For more information, see
  // [Service Specific Terms](https://cloud.google.com/terms/service-terms).
  //
  // Only a single instance of this action can be specified. This action is
  // allowed only if all resources being scanned are BigQuery tables.
  // Compatible with: Inspect
  message PublishFindingsToCloudDataCatalog {

  }

  // Create a de-identified copy of the requested table or files.
  //
  // A TransformationDetail will be created for each transformation.
  //
  // If any rows in BigQuery are skipped during de-identification
  // (transformation errors or row size exceeds BigQuery insert API limits) they
  // are placed in the failure output table. If the original row exceeds
  // the BigQuery insert API limit it will be truncated when written to the
  // failure output table. The failure output table can be set in the
  // action.deidentify.output.big_query_output.deidentified_failure_output_table
  // field, if no table is set, a table will be automatically created in the
  // same project and dataset as the original table.
  //
  // Compatible with: Inspect
  message Deidentify {
    // User specified deidentify templates and configs for structured,
    // unstructured, and image files.
    TransformationConfig transformation_config = 7;

    // Config for storing transformation details. This is separate from the
    // de-identified content, and contains metadata about the successful
    // transformations and/or failures that occurred while de-identifying. This
    // needs to be set in order for users to access information about the status
    // of each transformation (see
    // [TransformationDetails][google.privacy.dlp.v2.TransformationDetails]
    // message for more information about what is noted).
    TransformationDetailsStorageConfig transformation_details_storage_config = 3;

    oneof output {
      // Required. User settable Cloud Storage bucket and folders to store de-identified
      // files. This field must be set for cloud storage deidentification. The
      // output Cloud Storage bucket must be different from the input bucket.
      // De-identified files will overwrite files in the output path.
      //
      // Form of: gs://bucket/folder/ or gs://bucket
      string cloud_storage_output = 9 [(google.api.field_behavior) = REQUIRED];
    }

    // List of user-specified file type groups to transform. If specified, only
    // the files with these filetypes will be transformed. If empty, all
    // supported files will be transformed. Supported types may be automatically
    // added over time. If a file type is set in this field that isn't supported
    // by the Deidentify action then the job will fail and will not be
    // successfully created/started. Currently the only filetypes supported are:
    // IMAGES, TEXT_FILES, CSV, TSV.
    repeated FileType file_types_to_transform = 8;
  }

  // Sends an email when the job completes. The email goes to IAM project owners
  // and technical [Essential
  // Contacts](https://cloud.google.com/resource-manager/docs/managing-notification-contacts).
  message JobNotificationEmails {

  }

  // Enable Stackdriver metric dlp.googleapis.com/finding_count. This
  // will publish a metric to stack driver on each infotype requested and
  // how many findings were found for it. CustomDetectors will be bucketed
  // as 'Custom' under the Stackdriver label 'info_type'.
  message PublishToStackdriver {

  }

  oneof action {
    // Save resulting findings in a provided location.
    SaveFindings save_findings = 1;

    // Publish a notification to a Pub/Sub topic.
    PublishToPubSub pub_sub = 2;

    // Publish summary to Cloud Security Command Center (Alpha).
    PublishSummaryToCscc publish_summary_to_cscc = 3;

    // Publish findings to Cloud Datahub.
    PublishFindingsToCloudDataCatalog publish_findings_to_cloud_data_catalog = 5;

    // Create a de-identified copy of the input data.
    Deidentify deidentify = 7;

    // Sends an email when the job completes. The email goes to IAM project
    // owners and technical [Essential
    // Contacts](https://cloud.google.com/resource-manager/docs/managing-notification-contacts).
    JobNotificationEmails job_notification_emails = 8;

    // Enable Stackdriver metric dlp.googleapis.com/finding_count.
    PublishToStackdriver publish_to_stackdriver = 9;
  }
}

// User specified templates and configs for how to deidentify structured,
// unstructures, and image files. User must provide either a unstructured
// deidentify template or at least one redact image config.
message TransformationConfig {
  // De-identify template.
  // If this template is specified, it will serve as the default de-identify
  // template. This template cannot contain `record_transformations` since it
  // can be used for unstructured content such as free-form text files. If this
  // template is not set, a default `ReplaceWithInfoTypeConfig` will be used to
  // de-identify unstructured content.
  string deidentify_template = 1;

  // Structured de-identify template.
  // If this template is specified, it will serve as the de-identify template
  // for structured content such as delimited files and tables. If this template
  // is not set but the `deidentify_template` is set, then `deidentify_template`
  // will also apply to the structured content. If neither template is set, a
  // default `ReplaceWithInfoTypeConfig` will be used to de-identify structured
  // content.
  string structured_deidentify_template = 2;

  // Image redact template.
  // If this template is specified, it will serve as the de-identify template
  // for images. If this template is not set, all findings in the image will be
  // redacted with a black box.
  string image_redact_template = 4;
}

// Request message for CreateInspectTemplate.
message CreateInspectTemplateRequest {
  // Required. Parent resource name.
  //
  // The format of this value varies depending on the scope of the request
  // (project or organization) and whether you have [specified a processing
  // location](https://cloud.google.com/dlp/docs/specifying-location):
  //
  // + Projects scope, location specified:<br/>
  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Projects scope, no location specified (defaults to global):<br/>
  //   `projects/`<var>PROJECT_ID</var>
  // + Organizations scope, location specified:<br/>
  //   `organizations/`<var>ORG_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Organizations scope, no location specified (defaults to global):<br/>
  //   `organizations/`<var>ORG_ID</var>
  //
  // The following example `parent` string specifies a parent project with the
  // identifier `example-project`, and specifies the `europe-west3` location
  // for processing data:
  //
  //     parent=projects/example-project/locations/europe-west3
  string parent = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      child_type: "dlp.googleapis.com/InspectTemplate"
    }
  ];

  // Required. The InspectTemplate to create.
  InspectTemplate inspect_template = 2 [(google.api.field_behavior) = REQUIRED];

  // The template id can contain uppercase and lowercase letters,
  // numbers, and hyphens; that is, it must match the regular
  // expression: `[a-zA-Z\d-_]+`. The maximum length is 100
  // characters. Can be empty to allow the system to generate one.
  string template_id = 3;

  // Deprecated. This field has no effect.
  string location_id = 4;
}

// Request message for UpdateInspectTemplate.
message UpdateInspectTemplateRequest {
  // Required. Resource name of organization and inspectTemplate to be updated, for
  // example `organizations/433245324/inspectTemplates/432452342` or
  // projects/project-id/inspectTemplates/432452342.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/InspectTemplate"
    }
  ];

  // New InspectTemplate value.
  InspectTemplate inspect_template = 2;

  // Mask to control which fields get updated.
  google.protobuf.FieldMask update_mask = 3;
}

// Request message for GetInspectTemplate.
message GetInspectTemplateRequest {
  // Required. Resource name of the organization and inspectTemplate to be read, for
  // example `organizations/433245324/inspectTemplates/432452342` or
  // projects/project-id/inspectTemplates/432452342.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/InspectTemplate"
    }
  ];
}

// Request message for ListInspectTemplates.
message ListInspectTemplatesRequest {
  // Required. Parent resource name.
  //
  // The format of this value varies depending on the scope of the request
  // (project or organization) and whether you have [specified a processing
  // location](https://cloud.google.com/dlp/docs/specifying-location):
  //
  // + Projects scope, location specified:<br/>
  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Projects scope, no location specified (defaults to global):<br/>
  //   `projects/`<var>PROJECT_ID</var>
  // + Organizations scope, location specified:<br/>
  //   `organizations/`<var>ORG_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Organizations scope, no location specified (defaults to global):<br/>
  //   `organizations/`<var>ORG_ID</var>
  //
  // The following example `parent` string specifies a parent project with the
  // identifier `example-project`, and specifies the `europe-west3` location
  // for processing data:
  //
  //     parent=projects/example-project/locations/europe-west3
  string parent = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      child_type: "dlp.googleapis.com/InspectTemplate"
    }
  ];

  // Page token to continue retrieval. Comes from previous call
  // to `ListInspectTemplates`.
  string page_token = 2;

  // Size of the page, can be limited by the server. If zero server returns
  // a page of max size 100.
  int32 page_size = 3;

  // Comma separated list of fields to order by,
  // followed by `asc` or `desc` postfix. This list is case-insensitive,
  // default sorting order is ascending, redundant space characters are
  // insignificant.
  //
  // Example: `name asc,update_time, create_time desc`
  //
  // Supported fields are:
  //
  // - `create_time`: corresponds to the time the template was created.
  // - `update_time`: corresponds to the time the template was last updated.
  // - `name`: corresponds to the template's name.
  // - `display_name`: corresponds to the template's display name.
  string order_by = 4;

  // Deprecated. This field has no effect.
  string location_id = 5;
}

// Response message for ListInspectTemplates.
message ListInspectTemplatesResponse {
  // List of inspectTemplates, up to page_size in ListInspectTemplatesRequest.
  repeated InspectTemplate inspect_templates = 1;

  // If the next page is available then the next page token to be used
  // in following ListInspectTemplates request.
  string next_page_token = 2;
}

// Request message for DeleteInspectTemplate.
message DeleteInspectTemplateRequest {
  // Required. Resource name of the organization and inspectTemplate to be deleted, for
  // example `organizations/433245324/inspectTemplates/432452342` or
  // projects/project-id/inspectTemplates/432452342.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/InspectTemplate"
    }
  ];
}

// Request message for CreateJobTrigger.
message CreateJobTriggerRequest {
  // Required. Parent resource name.
  //
  // The format of this value varies depending on whether you have [specified a
  // processing
  // location](https://cloud.google.com/dlp/docs/specifying-location):
  //
  // + Projects scope, location specified:<br/>
  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Projects scope, no location specified (defaults to global):<br/>
  //   `projects/`<var>PROJECT_ID</var>
  //
  // The following example `parent` string specifies a parent project with the
  // identifier `example-project`, and specifies the `europe-west3` location
  // for processing data:
  //
  //     parent=projects/example-project/locations/europe-west3
  string parent = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      child_type: "dlp.googleapis.com/JobTrigger"
    }
  ];

  // Required. The JobTrigger to create.
  JobTrigger job_trigger = 2 [(google.api.field_behavior) = REQUIRED];

  // The trigger id can contain uppercase and lowercase letters,
  // numbers, and hyphens; that is, it must match the regular
  // expression: `[a-zA-Z\d-_]+`. The maximum length is 100
  // characters. Can be empty to allow the system to generate one.
  string trigger_id = 3;

  // Deprecated. This field has no effect.
  string location_id = 4;
}

// Request message for ActivateJobTrigger.
message ActivateJobTriggerRequest {
  // Required. Resource name of the trigger to activate, for example
  // `projects/dlp-test-project/jobTriggers/53234423`.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/JobTrigger"
    }
  ];
}

// Request message for UpdateJobTrigger.
message UpdateJobTriggerRequest {
  // Required. Resource name of the project and the triggeredJob, for example
  // `projects/dlp-test-project/jobTriggers/53234423`.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/JobTrigger"
    }
  ];

  // New JobTrigger value.
  JobTrigger job_trigger = 2;

  // Mask to control which fields get updated.
  google.protobuf.FieldMask update_mask = 3;
}

// Request message for GetJobTrigger.
message GetJobTriggerRequest {
  // Required. Resource name of the project and the triggeredJob, for example
  // `projects/dlp-test-project/jobTriggers/53234423`.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/JobTrigger"
    }
  ];
}

// Request message for CreateDlpJobRequest. Used to initiate long running
// jobs such as calculating risk metrics or inspecting Google Cloud
// Storage.
message CreateDlpJobRequest {
  // Required. Parent resource name.
  //
  // The format of this value varies depending on whether you have [specified a
  // processing
  // location](https://cloud.google.com/dlp/docs/specifying-location):
  //
  // + Projects scope, location specified:<br/>
  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Projects scope, no location specified (defaults to global):<br/>
  //   `projects/`<var>PROJECT_ID</var>
  //
  // The following example `parent` string specifies a parent project with the
  // identifier `example-project`, and specifies the `europe-west3` location
  // for processing data:
  //
  //     parent=projects/example-project/locations/europe-west3
  string parent = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      child_type: "dlp.googleapis.com/DlpJob"
    }
  ];

  // The configuration details for the specific type of job to run.
  oneof job {
    // An inspection job scans a storage repository for InfoTypes.
    InspectJobConfig inspect_job = 2;

    // A risk analysis job calculates re-identification risk metrics for a
    // BigQuery table.
    RiskAnalysisJobConfig risk_job = 3;
  }

  // The job id can contain uppercase and lowercase letters,
  // numbers, and hyphens; that is, it must match the regular
  // expression: `[a-zA-Z\d-_]+`. The maximum length is 100
  // characters. Can be empty to allow the system to generate one.
  string job_id = 4;

  // Deprecated. This field has no effect.
  string location_id = 5;
}

// Request message for ListJobTriggers.
message ListJobTriggersRequest {
  // Required. Parent resource name.
  //
  // The format of this value varies depending on whether you have [specified a
  // processing
  // location](https://cloud.google.com/dlp/docs/specifying-location):
  //
  // + Projects scope, location specified:<br/>
  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Projects scope, no location specified (defaults to global):<br/>
  //   `projects/`<var>PROJECT_ID</var>
  //
  // The following example `parent` string specifies a parent project with the
  // identifier `example-project`, and specifies the `europe-west3` location
  // for processing data:
  //
  //     parent=projects/example-project/locations/europe-west3
  string parent = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      child_type: "dlp.googleapis.com/JobTrigger"
    }
  ];

  // Page token to continue retrieval. Comes from previous call
  // to ListJobTriggers. `order_by` field must not
  // change for subsequent calls.
  string page_token = 2;

  // Size of the page, can be limited by a server.
  int32 page_size = 3;

  // Comma separated list of triggeredJob fields to order by,
  // followed by `asc` or `desc` postfix. This list is case-insensitive,
  // default sorting order is ascending, redundant space characters are
  // insignificant.
  //
  // Example: `name asc,update_time, create_time desc`
  //
  // Supported fields are:
  //
  // - `create_time`: corresponds to the time the JobTrigger was created.
  // - `update_time`: corresponds to the time the JobTrigger was last updated.
  // - `last_run_time`: corresponds to the last time the JobTrigger ran.
  // - `name`: corresponds to the JobTrigger's name.
  // - `display_name`: corresponds to the JobTrigger's display name.
  // - `status`: corresponds to JobTrigger's status.
  string order_by = 4;

  // Allows filtering.
  //
  // Supported syntax:
  //
  // * Filter expressions are made up of one or more restrictions.
  // * Restrictions can be combined by `AND` or `OR` logical operators. A
  // sequence of restrictions implicitly uses `AND`.
  // * A restriction has the form of `{field} {operator} {value}`.
  // * Supported fields/values for inspect triggers:
  //     - `status` - HEALTHY|PAUSED|CANCELLED
  //     - `inspected_storage` - DATASTORE|CLOUD_STORAGE|BIGQUERY
  //     - 'last_run_time` - RFC 3339 formatted timestamp, surrounded by
  //     quotation marks. Nanoseconds are ignored.
  //     - 'error_count' - Number of errors that have occurred while running.
  // * The operator must be `=` or `!=` for status and inspected_storage.
  //
  // Examples:
  //
  // * inspected_storage = cloud_storage AND status = HEALTHY
  // * inspected_storage = cloud_storage OR inspected_storage = bigquery
  // * inspected_storage = cloud_storage AND (state = PAUSED OR state = HEALTHY)
  // * last_run_time > \"2017-12-12T00:00:00+00:00\"
  //
  // The length of this field should be no more than 500 characters.
  string filter = 5;

  // The type of jobs. Will use `DlpJobType.INSPECT` if not set.
  DlpJobType type = 6;

  // Deprecated. This field has no effect.
  string location_id = 7;
}

// Response message for ListJobTriggers.
message ListJobTriggersResponse {
  // List of triggeredJobs, up to page_size in ListJobTriggersRequest.
  repeated JobTrigger job_triggers = 1;

  // If the next page is available then the next page token to be used
  // in following ListJobTriggers request.
  string next_page_token = 2;
}

// Request message for DeleteJobTrigger.
message DeleteJobTriggerRequest {
  // Required. Resource name of the project and the triggeredJob, for example
  // `projects/dlp-test-project/jobTriggers/53234423`.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/JobTrigger"
    }
  ];
}

// Controls what and how to inspect for findings.
message InspectJobConfig {
  // The data to scan.
  StorageConfig storage_config = 1;

  // How and what to scan for.
  InspectConfig inspect_config = 2;

  // If provided, will be used as the default for all values in InspectConfig.
  // `inspect_config` will be merged into the values persisted as part of the
  // template.
  string inspect_template_name = 3;

  // Actions to execute at the completion of the job.
  repeated Action actions = 4;
}

// A task to execute when a data profile has been generated.
message DataProfileAction {
  // If set, the detailed data profiles will be persisted to the location
  // of your choice whenever updated.
  message Export {
    // Store all table and column profiles in an existing table or a new table
    // in an existing dataset. Each re-generation will result in a new row in
    // BigQuery.
    BigQueryTable profile_table = 1;
  }

  // Send a Pub/Sub message into the given Pub/Sub topic to connect other
  // systems to data profile generation. The message payload data will
  // be the byte serialization of `DataProfilePubSubMessage`.
  message PubSubNotification {
    // The levels of detail that can be included in the Pub/Sub message.
    enum DetailLevel {
      // Unused.
      DETAIL_LEVEL_UNSPECIFIED = 0;

      // The full table data profile.
      TABLE_PROFILE = 1;

      // The resource name of the table.
      RESOURCE_NAME = 2;
    }

    // Cloud Pub/Sub topic to send notifications to.
    // Format is projects/{project}/topics/{topic}.
    string topic = 1;

    // The type of event that triggers a Pub/Sub. At most one
    // `PubSubNotification` per EventType is permitted.
    EventType event = 2;

    // Conditions (e.g., data risk or sensitivity level) for triggering a
    // Pub/Sub.
    DataProfilePubSubCondition pubsub_condition = 3;

    // How much data to include in the Pub/Sub message. If the user wishes to
    // limit the size of the message, they can use resource_name and fetch the
    // profile fields they wish to. Per table profile (not per column).
    DetailLevel detail_of_message = 4;
  }

  // Types of event that can trigger an action.
  enum EventType {
    // Unused.
    EVENT_TYPE_UNSPECIFIED = 0;

    // New profile (not a re-profile).
    NEW_PROFILE = 1;

    // Changed one of the following profile metrics:
    // * Table data risk score
    // * Table sensitivity score
    // * Table resource visibility
    // * Table encryption type
    // * Table predicted infoTypes
    // * Table other infoTypes
    CHANGED_PROFILE = 2;

    // Table data risk score or sensitivity score increased.
    SCORE_INCREASED = 3;

    // A user (non-internal) error occurred.
    ERROR_CHANGED = 4;
  }

  oneof action {
    // Export data profiles into a provided location.
    Export export_data = 1;

    // Publish a message into the Pub/Sub topic.
    PubSubNotification pub_sub_notification = 2;
  }
}

// Configuration for setting up a job to scan resources for profile generation.
// Only one data profile configuration may exist per organization, folder,
// or project.
//
// The generated data profiles are retained according to the
// [data retention policy]
// (https://cloud.google.com/dlp/docs/data-profiles#retention).
message DataProfileJobConfig {
  // The data to scan.
  DataProfileLocation location = 1;

  // The project that will run the scan. The DLP service
  // account that exists within this project must have access to all resources
  // that are profiled, and the Cloud DLP API must be enabled.
  string project_id = 5;

  // Detection logic for profile generation.
  //
  // Not all template features are used by profiles. FindingLimits,
  // include_quote and exclude_info_types have no impact on
  // data profiling.
  //
  // Multiple templates may be provided if there is data in multiple regions.
  // At most one template must be specified per-region (including "global").
  // Each region is scanned using the applicable template. If no region-specific
  // template is specified, but a "global" template is specified, it will be
  // copied to that region and used instead. If no global or region-specific
  // template is provided for a region with data, that region's data will not be
  // scanned.
  //
  // For more information, see
  // https://cloud.google.com/dlp/docs/data-profiles#data_residency.
  repeated string inspect_templates = 7;

  // Actions to execute at the completion of the job.
  repeated DataProfileAction data_profile_actions = 6;
}

// The data that will be profiled.
message DataProfileLocation {
  // The location to be scanned.
  oneof location {
    // The ID of an organization to scan.
    int64 organization_id = 1;

    // The ID of the Folder within an organization to scan.
    int64 folder_id = 2;
  }
}

// Combines all of the information about a DLP job.
message DlpJob {
  option (google.api.resource) = {
    type: "dlp.googleapis.com/DlpJob"
    pattern: "projects/{project}/dlpJobs/{dlp_job}"
    pattern: "projects/{project}/locations/{location}/dlpJobs/{dlp_job}"
  };

  // Possible states of a job. New items may be added.
  enum JobState {
    // Unused.
    JOB_STATE_UNSPECIFIED = 0;

    // The job has not yet started.
    PENDING = 1;

    // The job is currently running. Once a job has finished it will transition
    // to FAILED or DONE.
    RUNNING = 2;

    // The job is no longer running.
    DONE = 3;

    // The job was canceled before it could be completed.
    CANCELED = 4;

    // The job had an error and did not complete.
    FAILED = 5;

    // The job is currently accepting findings via hybridInspect.
    // A hybrid job in ACTIVE state may continue to have findings added to it
    // through the calling of hybridInspect. After the job has finished no more
    // calls to hybridInspect may be made. ACTIVE jobs can transition to DONE.
    ACTIVE = 6;
  }

  // The server-assigned name.
  string name = 1;

  // The type of job.
  DlpJobType type = 2;

  // State of a job.
  JobState state = 3;

  oneof details {
    // Results from analyzing risk of a data source.
    AnalyzeDataSourceRiskDetails risk_details = 4;

    // Results from inspecting a data source.
    InspectDataSourceDetails inspect_details = 5;
  }

  // Time when the job was created.
  google.protobuf.Timestamp create_time = 6;

  // Time when the job started.
  google.protobuf.Timestamp start_time = 7;

  // Time when the job finished.
  google.protobuf.Timestamp end_time = 8;

  // If created by a job trigger, the resource name of the trigger that
  // instantiated the job.
  string job_trigger_name = 10;

  // A stream of errors encountered running the job.
  repeated Error errors = 11;
}

// The request message for [DlpJobs.GetDlpJob][].
message GetDlpJobRequest {
  // Required. The name of the DlpJob resource.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/DlpJob"
    }
  ];
}

// The request message for listing DLP jobs.
message ListDlpJobsRequest {
  // Required. Parent resource name.
  //
  // The format of this value varies depending on whether you have [specified a
  // processing
  // location](https://cloud.google.com/dlp/docs/specifying-location):
  //
  // + Projects scope, location specified:<br/>
  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Projects scope, no location specified (defaults to global):<br/>
  //   `projects/`<var>PROJECT_ID</var>
  //
  // The following example `parent` string specifies a parent project with the
  // identifier `example-project`, and specifies the `europe-west3` location
  // for processing data:
  //
  //     parent=projects/example-project/locations/europe-west3
  string parent = 4 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      child_type: "dlp.googleapis.com/DlpJob"
    }
  ];

  // Allows filtering.
  //
  // Supported syntax:
  //
  // * Filter expressions are made up of one or more restrictions.
  // * Restrictions can be combined by `AND` or `OR` logical operators. A
  // sequence of restrictions implicitly uses `AND`.
  // * A restriction has the form of `{field} {operator} {value}`.
  // * Supported fields/values for inspect jobs:
  //     - `state` - PENDING|RUNNING|CANCELED|FINISHED|FAILED
  //     - `inspected_storage` - DATASTORE|CLOUD_STORAGE|BIGQUERY
  //     - `trigger_name` - The name of the trigger that created the job.
  //     - 'end_time` - Corresponds to the time the job finished.
  //     - 'start_time` - Corresponds to the time the job finished.
  // * Supported fields for risk analysis jobs:
  //     - `state` - RUNNING|CANCELED|FINISHED|FAILED
  //     - 'end_time` - Corresponds to the time the job finished.
  //     - 'start_time` - Corresponds to the time the job finished.
  // * The operator must be `=` or `!=`.
  //
  // Examples:
  //
  // * inspected_storage = cloud_storage AND state = done
  // * inspected_storage = cloud_storage OR inspected_storage = bigquery
  // * inspected_storage = cloud_storage AND (state = done OR state = canceled)
  // * end_time > \"2017-12-12T00:00:00+00:00\"
  //
  // The length of this field should be no more than 500 characters.
  string filter = 1;

  // The standard list page size.
  int32 page_size = 2;

  // The standard list page token.
  string page_token = 3;

  // The type of job. Defaults to `DlpJobType.INSPECT`
  DlpJobType type = 5;

  // Comma separated list of fields to order by,
  // followed by `asc` or `desc` postfix. This list is case-insensitive,
  // default sorting order is ascending, redundant space characters are
  // insignificant.
  //
  // Example: `name asc, end_time asc, create_time desc`
  //
  // Supported fields are:
  //
  // - `create_time`: corresponds to the time the job was created.
  // - `end_time`: corresponds to the time the job ended.
  // - `name`: corresponds to the job's name.
  // - `state`: corresponds to `state`
  string order_by = 6;

  // Deprecated. This field has no effect.
  string location_id = 7;
}

// The response message for listing DLP jobs.
message ListDlpJobsResponse {
  // A list of DlpJobs that matches the specified filter in the request.
  repeated DlpJob jobs = 1;

  // The standard List next-page token.
  string next_page_token = 2;
}

// The request message for canceling a DLP job.
message CancelDlpJobRequest {
  // Required. The name of the DlpJob resource to be cancelled.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/DlpJob"
    }
  ];
}

// The request message for finishing a DLP hybrid job.
message FinishDlpJobRequest {
  // Required. The name of the DlpJob resource to be cancelled.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/DlpJob"
    }
  ];
}

// The request message for deleting a DLP job.
message DeleteDlpJobRequest {
  // Required. The name of the DlpJob resource to be deleted.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/DlpJob"
    }
  ];
}

// Request message for CreateDeidentifyTemplate.
message CreateDeidentifyTemplateRequest {
  // Required. Parent resource name.
  //
  // The format of this value varies depending on the scope of the request
  // (project or organization) and whether you have [specified a processing
  // location](https://cloud.google.com/dlp/docs/specifying-location):
  //
  // + Projects scope, location specified:<br/>
  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Projects scope, no location specified (defaults to global):<br/>
  //   `projects/`<var>PROJECT_ID</var>
  // + Organizations scope, location specified:<br/>
  //   `organizations/`<var>ORG_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Organizations scope, no location specified (defaults to global):<br/>
  //   `organizations/`<var>ORG_ID</var>
  //
  // The following example `parent` string specifies a parent project with the
  // identifier `example-project`, and specifies the `europe-west3` location
  // for processing data:
  //
  //     parent=projects/example-project/locations/europe-west3
  string parent = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      child_type: "dlp.googleapis.com/DeidentifyTemplate"
    }
  ];

  // Required. The DeidentifyTemplate to create.
  DeidentifyTemplate deidentify_template = 2 [(google.api.field_behavior) = REQUIRED];

  // The template id can contain uppercase and lowercase letters,
  // numbers, and hyphens; that is, it must match the regular
  // expression: `[a-zA-Z\d-_]+`. The maximum length is 100
  // characters. Can be empty to allow the system to generate one.
  string template_id = 3;

  // Deprecated. This field has no effect.
  string location_id = 4;
}

// Request message for UpdateDeidentifyTemplate.
message UpdateDeidentifyTemplateRequest {
  // Required. Resource name of organization and deidentify template to be updated, for
  // example `organizations/433245324/deidentifyTemplates/432452342` or
  // projects/project-id/deidentifyTemplates/432452342.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/DeidentifyTemplate"
    }
  ];

  // New DeidentifyTemplate value.
  DeidentifyTemplate deidentify_template = 2;

  // Mask to control which fields get updated.
  google.protobuf.FieldMask update_mask = 3;
}

// Request message for GetDeidentifyTemplate.
message GetDeidentifyTemplateRequest {
  // Required. Resource name of the organization and deidentify template to be read, for
  // example `organizations/433245324/deidentifyTemplates/432452342` or
  // projects/project-id/deidentifyTemplates/432452342.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/DeidentifyTemplate"
    }
  ];
}

// Request message for ListDeidentifyTemplates.
message ListDeidentifyTemplatesRequest {
  // Required. Parent resource name.
  //
  // The format of this value varies depending on the scope of the request
  // (project or organization) and whether you have [specified a processing
  // location](https://cloud.google.com/dlp/docs/specifying-location):
  //
  // + Projects scope, location specified:<br/>
  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Projects scope, no location specified (defaults to global):<br/>
  //   `projects/`<var>PROJECT_ID</var>
  // + Organizations scope, location specified:<br/>
  //   `organizations/`<var>ORG_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Organizations scope, no location specified (defaults to global):<br/>
  //   `organizations/`<var>ORG_ID</var>
  //
  // The following example `parent` string specifies a parent project with the
  // identifier `example-project`, and specifies the `europe-west3` location
  // for processing data:
  //
  //     parent=projects/example-project/locations/europe-west3
  string parent = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      child_type: "dlp.googleapis.com/DeidentifyTemplate"
    }
  ];

  // Page token to continue retrieval. Comes from previous call
  // to `ListDeidentifyTemplates`.
  string page_token = 2;

  // Size of the page, can be limited by the server. If zero server returns
  // a page of max size 100.
  int32 page_size = 3;

  // Comma separated list of fields to order by,
  // followed by `asc` or `desc` postfix. This list is case-insensitive,
  // default sorting order is ascending, redundant space characters are
  // insignificant.
  //
  // Example: `name asc,update_time, create_time desc`
  //
  // Supported fields are:
  //
  // - `create_time`: corresponds to the time the template was created.
  // - `update_time`: corresponds to the time the template was last updated.
  // - `name`: corresponds to the template's name.
  // - `display_name`: corresponds to the template's display name.
  string order_by = 4;

  // Deprecated. This field has no effect.
  string location_id = 5;
}

// Response message for ListDeidentifyTemplates.
message ListDeidentifyTemplatesResponse {
  // List of deidentify templates, up to page_size in
  // ListDeidentifyTemplatesRequest.
  repeated DeidentifyTemplate deidentify_templates = 1;

  // If the next page is available then the next page token to be used
  // in following ListDeidentifyTemplates request.
  string next_page_token = 2;
}

// Request message for DeleteDeidentifyTemplate.
message DeleteDeidentifyTemplateRequest {
  // Required. Resource name of the organization and deidentify template to be deleted,
  // for example `organizations/433245324/deidentifyTemplates/432452342` or
  // projects/project-id/deidentifyTemplates/432452342.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/DeidentifyTemplate"
    }
  ];
}

// Configuration for a custom dictionary created from a data source of any size
// up to the maximum size defined in the
// [limits](https://cloud.google.com/dlp/limits) page. The artifacts of
// dictionary creation are stored in the specified Cloud Storage
// location. Consider using `CustomInfoType.Dictionary` for smaller dictionaries
// that satisfy the size requirements.
message LargeCustomDictionaryConfig {
  // Location to store dictionary artifacts in Cloud Storage. These files
  // will only be accessible by project owners and the DLP API. If any of these
  // artifacts are modified, the dictionary is considered invalid and can no
  // longer be used.
  CloudStoragePath output_path = 1;

  oneof source {
    // Set of files containing newline-delimited lists of dictionary phrases.
    CloudStorageFileSet cloud_storage_file_set = 2;

    // Field in a BigQuery table where each cell represents a dictionary phrase.
    BigQueryField big_query_field = 3;
  }
}

// Summary statistics of a custom dictionary.
message LargeCustomDictionaryStats {
  // Approximate number of distinct phrases in the dictionary.
  int64 approx_num_phrases = 1;
}

// Configuration for stored infoTypes. All fields and subfield are provided
// by the user. For more information, see
// https://cloud.google.com/dlp/docs/creating-custom-infotypes.
message StoredInfoTypeConfig {
  // Display name of the StoredInfoType (max 256 characters).
  string display_name = 1;

  // Description of the StoredInfoType (max 256 characters).
  string description = 2;

  // Stored infotype types.
  oneof type {
    // StoredInfoType where findings are defined by a dictionary of phrases.
    LargeCustomDictionaryConfig large_custom_dictionary = 3;

    // Store dictionary-based CustomInfoType.
    CustomInfoType.Dictionary dictionary = 4;

    // Store regular expression-based StoredInfoType.
    CustomInfoType.Regex regex = 5;
  }
}

// Statistics for a StoredInfoType.
message StoredInfoTypeStats {
  // Stat types
  oneof type {
    // StoredInfoType where findings are defined by a dictionary of phrases.
    LargeCustomDictionaryStats large_custom_dictionary = 1;
  }
}

// Version of a StoredInfoType, including the configuration used to build it,
// create timestamp, and current state.
message StoredInfoTypeVersion {
  // StoredInfoType configuration.
  StoredInfoTypeConfig config = 1;

  // Create timestamp of the version. Read-only, determined by the system
  // when the version is created.
  google.protobuf.Timestamp create_time = 2;

  // Stored info type version state. Read-only, updated by the system
  // during dictionary creation.
  StoredInfoTypeState state = 3;

  // Errors that occurred when creating this storedInfoType version, or
  // anomalies detected in the storedInfoType data that render it unusable. Only
  // the five most recent errors will be displayed, with the most recent error
  // appearing first.
  //
  // For example, some of the data for stored custom dictionaries is put in
  // the user's Cloud Storage bucket, and if this data is modified or
  // deleted by the user or another system, the dictionary becomes invalid.
  //
  // If any errors occur, fix the problem indicated by the error message and
  // use the UpdateStoredInfoType API method to create another version of the
  // storedInfoType to continue using it, reusing the same `config` if it was
  // not the source of the error.
  repeated Error errors = 4;

  // Statistics about this storedInfoType version.
  StoredInfoTypeStats stats = 5;
}

// StoredInfoType resource message that contains information about the current
// version and any pending updates.
message StoredInfoType {
  option (google.api.resource) = {
    type: "dlp.googleapis.com/StoredInfoType"
    pattern: "organizations/{organization}/storedInfoTypes/{stored_info_type}"
    pattern: "projects/{project}/storedInfoTypes/{stored_info_type}"
    pattern: "organizations/{organization}/locations/{location}/storedInfoTypes/{stored_info_type}"
    pattern: "projects/{project}/locations/{location}/storedInfoTypes/{stored_info_type}"
  };

  // Resource name.
  string name = 1;

  // Current version of the stored info type.
  StoredInfoTypeVersion current_version = 2;

  // Pending versions of the stored info type. Empty if no versions are
  // pending.
  repeated StoredInfoTypeVersion pending_versions = 3;
}

// Request message for CreateStoredInfoType.
message CreateStoredInfoTypeRequest {
  // Required. Parent resource name.
  //
  // The format of this value varies depending on the scope of the request
  // (project or organization) and whether you have [specified a processing
  // location](https://cloud.google.com/dlp/docs/specifying-location):
  //
  // + Projects scope, location specified:<br/>
  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Projects scope, no location specified (defaults to global):<br/>
  //   `projects/`<var>PROJECT_ID</var>
  // + Organizations scope, location specified:<br/>
  //   `organizations/`<var>ORG_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Organizations scope, no location specified (defaults to global):<br/>
  //   `organizations/`<var>ORG_ID</var>
  //
  // The following example `parent` string specifies a parent project with the
  // identifier `example-project`, and specifies the `europe-west3` location
  // for processing data:
  //
  //     parent=projects/example-project/locations/europe-west3
  string parent = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      child_type: "dlp.googleapis.com/StoredInfoType"
    }
  ];

  // Required. Configuration of the storedInfoType to create.
  StoredInfoTypeConfig config = 2 [(google.api.field_behavior) = REQUIRED];

  // The storedInfoType ID can contain uppercase and lowercase letters,
  // numbers, and hyphens; that is, it must match the regular
  // expression: `[a-zA-Z\d-_]+`. The maximum length is 100
  // characters. Can be empty to allow the system to generate one.
  string stored_info_type_id = 3;

  // Deprecated. This field has no effect.
  string location_id = 4;
}

// Request message for UpdateStoredInfoType.
message UpdateStoredInfoTypeRequest {
  // Required. Resource name of organization and storedInfoType to be updated, for
  // example `organizations/433245324/storedInfoTypes/432452342` or
  // projects/project-id/storedInfoTypes/432452342.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/StoredInfoType"
    }
  ];

  // Updated configuration for the storedInfoType. If not provided, a new
  // version of the storedInfoType will be created with the existing
  // configuration.
  StoredInfoTypeConfig config = 2;

  // Mask to control which fields get updated.
  google.protobuf.FieldMask update_mask = 3;
}

// Request message for GetStoredInfoType.
message GetStoredInfoTypeRequest {
  // Required. Resource name of the organization and storedInfoType to be read, for
  // example `organizations/433245324/storedInfoTypes/432452342` or
  // projects/project-id/storedInfoTypes/432452342.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/StoredInfoType"
    }
  ];
}

// Request message for ListStoredInfoTypes.
message ListStoredInfoTypesRequest {
  // Required. Parent resource name.
  //
  // The format of this value varies depending on the scope of the request
  // (project or organization) and whether you have [specified a processing
  // location](https://cloud.google.com/dlp/docs/specifying-location):
  //
  // + Projects scope, location specified:<br/>
  //   `projects/`<var>PROJECT_ID</var>`/locations/`<var>LOCATION_ID</var>
  // + Projects scope, no location specified (defaults to global):<br/>
  //   `projects/`<var>PROJECT_ID</var>
  //
  // The following example `parent` string specifies a parent project with the
  // identifier `example-project`, and specifies the `europe-west3` location
  // for processing data:
  //
  //     parent=projects/example-project/locations/europe-west3
  string parent = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      child_type: "dlp.googleapis.com/StoredInfoType"
    }
  ];

  // Page token to continue retrieval. Comes from previous call
  // to `ListStoredInfoTypes`.
  string page_token = 2;

  // Size of the page, can be limited by the server. If zero server returns
  // a page of max size 100.
  int32 page_size = 3;

  // Comma separated list of fields to order by,
  // followed by `asc` or `desc` postfix. This list is case-insensitive,
  // default sorting order is ascending, redundant space characters are
  // insignificant.
  //
  // Example: `name asc, display_name, create_time desc`
  //
  // Supported fields are:
  //
  // - `create_time`: corresponds to the time the most recent version of the
  // resource was created.
  // - `state`: corresponds to the state of the resource.
  // - `name`: corresponds to resource name.
  // - `display_name`: corresponds to info type's display name.
  string order_by = 4;

  // Deprecated. This field has no effect.
  string location_id = 5;
}

// Response message for ListStoredInfoTypes.
message ListStoredInfoTypesResponse {
  // List of storedInfoTypes, up to page_size in ListStoredInfoTypesRequest.
  repeated StoredInfoType stored_info_types = 1;

  // If the next page is available then the next page token to be used
  // in following ListStoredInfoTypes request.
  string next_page_token = 2;
}

// Request message for DeleteStoredInfoType.
message DeleteStoredInfoTypeRequest {
  // Required. Resource name of the organization and storedInfoType to be deleted, for
  // example `organizations/433245324/storedInfoTypes/432452342` or
  // projects/project-id/storedInfoTypes/432452342.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/StoredInfoType"
    }
  ];
}

// Request to search for potentially sensitive info in a custom location.
message HybridInspectJobTriggerRequest {
  // Required. Resource name of the trigger to execute a hybrid inspect on, for example
  // `projects/dlp-test-project/jobTriggers/53234423`.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/JobTrigger"
    }
  ];

  // The item to inspect.
  HybridContentItem hybrid_item = 3;
}

// Request to search for potentially sensitive info in a custom location.
message HybridInspectDlpJobRequest {
  // Required. Resource name of the job to execute a hybrid inspect on, for example
  // `projects/dlp-test-project/dlpJob/53234423`.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "dlp.googleapis.com/DlpJob"
    }
  ];

  // The item to inspect.
  HybridContentItem hybrid_item = 3;
}

// An individual hybrid item to inspect. Will be stored temporarily during
// processing.
message HybridContentItem {
  // The item to inspect.
  ContentItem item = 1;

  // Supplementary information that will be added to each finding.
  HybridFindingDetails finding_details = 2;
}

// Populate to associate additional data with each finding.
message HybridFindingDetails {
  // Details about the container where the content being inspected is from.
  Container container_details = 1;

  // Offset in bytes of the line, from the beginning of the file, where the
  // finding  is located. Populate if the item being scanned is only part of a
  // bigger item, such as a shard of a file and you want to track the absolute
  // position of the finding.
  int64 file_offset = 2;

  // Offset of the row for tables. Populate if the row(s) being scanned are
  // part of a bigger dataset and you want to keep track of their absolute
  // position.
  int64 row_offset = 3;

  // If the container is a table, additional information to make findings
  // meaningful such as the columns that are primary keys. If not known ahead
  // of time, can also be set within each inspect hybrid call and the two
  // will be merged. Note that identifying_fields will only be stored to
  // BigQuery, and only if the BigQuery action has been included.
  TableOptions table_options = 4;

  // Labels to represent user provided metadata about the data being inspected.
  // If configured by the job, some key values may be required.
  // The labels associated with `Finding`'s produced by hybrid
  // inspection.
  //
  // Label keys must be between 1 and 63 characters long and must conform
  // to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
  //
  // Label values must be between 0 and 63 characters long and must conform
  // to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`.
  //
  // No more than 10 labels can be associated with a given finding.
  //
  // Examples:
  // * `"environment" : "production"`
  // * `"pipeline" : "etl"`
  map<string, string> labels = 5;
}

// Quota exceeded errors will be thrown once quota has been met.
message HybridInspectResponse {

}

// Operators available for comparing the value of fields.
enum RelationalOperator {
  // Unused
  RELATIONAL_OPERATOR_UNSPECIFIED = 0;

  // Equal. Attempts to match even with incompatible types.
  EQUAL_TO = 1;

  // Not equal to. Attempts to match even with incompatible types.
  NOT_EQUAL_TO = 2;

  // Greater than.
  GREATER_THAN = 3;

  // Less than.
  LESS_THAN = 4;

  // Greater than or equals.
  GREATER_THAN_OR_EQUALS = 5;

  // Less than or equals.
  LESS_THAN_OR_EQUALS = 6;

  // Exists
  EXISTS = 7;
}

// Type of the match which can be applied to different ways of matching, like
// Dictionary, regular expression and intersecting with findings of another
// info type.
enum MatchingType {
  // Invalid.
  MATCHING_TYPE_UNSPECIFIED = 0;

  // Full match.
  //
  // - Dictionary: join of Dictionary results matched complete finding quote
  // - Regex: all regex matches fill a finding quote start to end
  // - Exclude info type: completely inside affecting info types findings
  MATCHING_TYPE_FULL_MATCH = 1;

  // Partial match.
  //
  // - Dictionary: at least one of the tokens in the finding matches
  // - Regex: substring of the finding matches
  // - Exclude info type: intersects with affecting info types findings
  MATCHING_TYPE_PARTIAL_MATCH = 2;

  // Inverse match.
  //
  // - Dictionary: no tokens in the finding match the dictionary
  // - Regex: finding doesn't match the regex
  // - Exclude info type: no intersection with affecting info types findings
  MATCHING_TYPE_INVERSE_MATCH = 3;
}

// Deprecated and unused.
enum ContentOption {
  // Includes entire content of a file or a data stream.
  CONTENT_UNSPECIFIED = 0;

  // Text content within the data, excluding any metadata.
  CONTENT_TEXT = 1;

  // Images found in the data.
  CONTENT_IMAGE = 2;
}

// Type of metadata containing the finding.
enum MetadataType {
  // Unused
  METADATATYPE_UNSPECIFIED = 0;

  // General file metadata provided by Cloud Storage.
  STORAGE_METADATA = 2;
}

// Parts of the APIs which use certain infoTypes.
enum InfoTypeSupportedBy {
  // Unused.
  ENUM_TYPE_UNSPECIFIED = 0;

  // Supported by the inspect operations.
  INSPECT = 1;

  // Supported by the risk analysis operations.
  RISK_ANALYSIS = 2;
}

// An enum to represent the various types of DLP jobs.
enum DlpJobType {
  // Defaults to INSPECT_JOB.
  DLP_JOB_TYPE_UNSPECIFIED = 0;

  // The job inspected Google Cloud for sensitive data.
  INSPECT_JOB = 1;

  // The job executed a Risk Analysis computation.
  RISK_ANALYSIS_JOB = 2;
}

// State of a StoredInfoType version.
enum StoredInfoTypeState {
  // Unused
  STORED_INFO_TYPE_STATE_UNSPECIFIED = 0;

  // StoredInfoType version is being created.
  PENDING = 1;

  // StoredInfoType version is ready for use.
  READY = 2;

  // StoredInfoType creation failed. All relevant error messages are returned in
  // the `StoredInfoTypeVersion` message.
  FAILED = 3;

  // StoredInfoType is no longer valid because artifacts stored in
  // user-controlled storage were modified. To fix an invalid StoredInfoType,
  // use the `UpdateStoredInfoType` method to create a new version.
  INVALID = 4;
}

// Score is a summary of all elements in the data profile.
// A higher number means more risk.
message DataRiskLevel {
  // Various score levels for resources.
  enum DataRiskLevelScore {
    // Unused.
    RISK_SCORE_UNSPECIFIED = 0;

    // Low risk - Lower indication of sensitive data that appears to have
    // additional access restrictions in place or no indication of sensitive
    // data found.
    RISK_LOW = 10;

    // Medium risk - Sensitive data may be present but additional access or fine
    // grain access restrictions appear to be present.  Consider limiting
    // access even further or transform data to mask.
    RISK_MODERATE = 20;

    // High risk – SPII may be present. Access controls may include public
    // ACLs. Exfiltration of data may lead to user data loss. Re-identification
    // of users may be possible. Consider limiting usage and or removing SPII.
    RISK_HIGH = 30;
  }

  // The score applied to the resource.
  DataRiskLevelScore score = 1;
}

// How broadly a resource has been shared. New items may be added over time.
// A higher number means more restricted.
enum ResourceVisibility {
  // Unused.
  RESOURCE_VISIBILITY_UNSPECIFIED = 0;

  // Visible to any user.
  RESOURCE_VISIBILITY_PUBLIC = 10;

  // Visible only to specific users.
  RESOURCE_VISIBILITY_RESTRICTED = 20;
}

// Snapshot of the configurations used to generate the profile.
message DataProfileConfigSnapshot {
  // A copy of the inspection config used to generate this profile. This
  // is a copy of the inspect_template specified in `DataProfileJobConfig`.
  InspectConfig inspect_config = 2;

  // A copy of the configuration used to generate this profile.
  DataProfileJobConfig data_profile_job = 3;
}

// The profile for a scanned table.
message TableDataProfile {
  // Possible states of a profile. New items may be added.
  enum State {
    // Unused.
    STATE_UNSPECIFIED = 0;

    // The profile is currently running. Once a profile has finished it will
    // transition to DONE.
    RUNNING = 1;

    // The profile is no longer generating.
    // If profile_status.status.code is 0, the profile succeeded, otherwise, it
    // failed.
    DONE = 2;
  }

  // The name of the profile.
  string name = 1;

  // The resource name to the project data profile for this table.
  string project_data_profile = 2;

  // The GCP project ID that owns the BigQuery dataset.
  string dataset_project_id = 24;

  // The BigQuery location where the dataset's data is stored.
  // See https://cloud.google.com/bigquery/docs/locations for supported
  // locations.
  string dataset_location = 29;

  // The BigQuery dataset ID.
  string dataset_id = 25;

  // The BigQuery table ID.
  string table_id = 26;

  // The resource name of the table.
  // https://cloud.google.com/apis/design/resource_names#full_resource_name
  string full_resource = 3;

  // Success or error status from the most recent profile generation attempt.
  // May be empty if the profile is still being generated.
  ProfileStatus profile_status = 21;

  // State of a profile.
  State state = 22;

  // The sensitivity score of this table.
  SensitivityScore sensitivity_score = 5;

  // The data risk level of this table.
  DataRiskLevel data_risk_level = 6;

  // The infoTypes predicted from this table's data.
  repeated InfoTypeSummary predicted_info_types = 27;

  // Other infoTypes found in this table's data.
  repeated OtherInfoTypeSummary other_info_types = 28;

  // The snapshot of the configurations used to generate the profile.
  DataProfileConfigSnapshot config_snapshot = 7;

  // The time when this table was last modified
  google.protobuf.Timestamp last_modified_time = 8;

  // Optional. The time when this table expires.
  google.protobuf.Timestamp expiration_time = 9;

  // The number of columns profiled in the table.
  int64 scanned_column_count = 10;

  // The number of columns skipped in the table because of an error.
  int64 failed_column_count = 11;

  // The size of the table when the profile was generated.
  int64 table_size_bytes = 12;

  // Number of rows in the table when the profile was generated.
  // This will not be populated for BigLake tables.
  int64 row_count = 13;

  // How the table is encrypted.
  EncryptionStatus encryption_status = 14;

  // How broadly a resource has been shared.
  ResourceVisibility resource_visibility = 15;

  // The last time the profile was generated.
  google.protobuf.Timestamp profile_last_generated = 16;

  // The labels applied to the resource at the time the profile was generated.
  map<string, string> resource_labels = 17;

  // The time at which the table was created.
  google.protobuf.Timestamp create_time = 23;
}

message ProfileStatus {
  // Profiling status code and optional message
  google.rpc.Status status = 1;

  // Time when the profile generation status was updated
  google.protobuf.Timestamp timestamp = 3;
}

// How a resource is encrypted.
enum EncryptionStatus {
  // Unused.
  ENCRYPTION_STATUS_UNSPECIFIED = 0;

  // Google manages server-side encryption keys on your behalf.
  ENCRYPTION_GOOGLE_MANAGED = 1;

  // Customer provides the key.
  ENCRYPTION_CUSTOMER_MANAGED = 2;
}

// The infoType details for this column.
message InfoTypeSummary {
  // The infoType.
  InfoType info_type = 1;

  // Not populated for predicted infotypes.
  int32 estimated_prevalence = 2 [deprecated = true];
}

// Infotype details for other infoTypes found within a column.
message OtherInfoTypeSummary {
  // The other infoType.
  InfoType info_type = 1;

  // Approximate percentage of non-null rows that contained data detected by
  // this infotype.
  int32 estimated_prevalence = 2;
}

// A condition for determining whether a Pub/Sub should be triggered.
message DataProfilePubSubCondition {
  // Various score levels for resources.
  enum ProfileScoreBucket {
    // Unused.
    PROFILE_SCORE_BUCKET_UNSPECIFIED = 0;

    // High risk/sensitivity detected.
    HIGH = 1;

    // Medium or high risk/sensitivity detected.
    MEDIUM_OR_HIGH = 2;
  }

  // A condition consisting of a value.
  message PubSubCondition {
    // The value for the condition to trigger.
    oneof value {
      // The minimum data risk score that triggers the condition.
      ProfileScoreBucket minimum_risk_score = 1;

      // The minimum sensitivity level that triggers the condition.
      ProfileScoreBucket minimum_sensitivity_score = 2;
    }
  }

  // An expression, consisting of an operator and conditions.
  message PubSubExpressions {
    // Logical operators for conditional checks.
    enum PubSubLogicalOperator {
      // Unused.
      LOGICAL_OPERATOR_UNSPECIFIED = 0;

      // Conditional OR.
      OR = 1;

      // Conditional AND.
      AND = 2;
    }

    // The operator to apply to the collection of conditions.
    PubSubLogicalOperator logical_operator = 1;

    // Conditions to apply to the expression.
    repeated PubSubCondition conditions = 2;
  }

  // An expression.
  PubSubExpressions expressions = 1;
}

// Pub/Sub topic message for a DataProfileAction.PubSubNotification event.
// To receive a message of protocol buffer schema type, convert the message data
// to an object of this proto class.
message DataProfilePubSubMessage {
  // If `DetailLevel` is `TABLE_PROFILE` this will be fully populated.
  // Otherwise, if `DetailLevel` is `RESOURCE_NAME`, then only `name` and
  // `full_resource` will be populated.
  TableDataProfile profile = 1;

  // The event that caused the Pub/Sub message to be sent.
  DataProfileAction.EventType event = 2;
}