DLPInspectTemplate


Property Value
Google Cloud Service Name Cloud DLP
Google Cloud Service Documentation /dlp/docs/
Google Cloud REST Resource Name projects.inspectTemplates
Google Cloud REST Resource Documentation /dlp/docs/reference/rest/v2/projects.inspectTemplates
Config Connector Resource Short Names gcpdlpinspecttemplate
gcpdlpinspecttemplates
dlpinspecttemplate
Config Connector Service Name dlp.googleapis.com
Config Connector Resource Fully Qualified Name dlpinspecttemplates.dlp.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No
Config Connector Default Average Reconcile Interval In Seconds 600

Custom Resource Definition Properties

Spec

Schema

description: string
displayName: string
inspectConfig:
  contentOptions:
  - string
  customInfoTypes:
  - dictionary:
      cloudStoragePath:
        path: string
      wordList:
        words:
        - string
    exclusionType: string
    infoType:
      name: string
    likelihood: string
    regex:
      groupIndexes:
      - integer
      pattern: string
    storedType:
      createTime: string
      nameRef:
        external: string
        name: string
        namespace: string
    surrogateType: {}
  excludeInfoTypes: boolean
  includeQuote: boolean
  infoTypes:
  - name: string
  limits:
    maxFindingsPerInfoType:
    - infoType:
        name: string
      maxFindings: integer
    maxFindingsPerItem: integer
    maxFindingsPerRequest: integer
  minLikelihood: string
  ruleSet:
  - infoTypes:
    - name: string
    rules:
    - exclusionRule:
        dictionary:
          cloudStoragePath:
            path: string
          wordList:
            words:
            - string
        excludeInfoTypes:
          infoTypes:
          - name: string
        matchingType: string
        regex:
          groupIndexes:
          - integer
          pattern: string
      hotwordRule:
        hotwordRegex:
          groupIndexes:
          - integer
          pattern: string
        likelihoodAdjustment:
          fixedLikelihood: string
          relativeLikelihood: integer
        proximity:
          windowAfter: integer
          windowBefore: integer
location: string
organizationRef:
  external: string
  name: string
  namespace: string
projectRef:
  external: string
  name: string
  namespace: string
resourceID: string
Fields

description

Optional

string

Short description (max 256 chars).

displayName

Optional

string

Display name (max 256 chars).

inspectConfig

Optional

object

The core content of the template. Configuration of the scanning process.

inspectConfig.contentOptions

Optional

list (string)

List of options defining data content to scan. If empty, text, images, and other content will be included.

inspectConfig.contentOptions[]

Optional

string

inspectConfig.customInfoTypes

Optional

list (object)

CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.

inspectConfig.customInfoTypes[]

Optional

object

inspectConfig.customInfoTypes[].dictionary

Optional

object

A list of phrases to detect as a CustomInfoType.

inspectConfig.customInfoTypes[].dictionary.cloudStoragePath

Optional

object

Newline-delimited file of words in Cloud Storage. Only a single file is accepted.

inspectConfig.customInfoTypes[].dictionary.cloudStoragePath.path

Optional

string

A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt

inspectConfig.customInfoTypes[].dictionary.wordList

Optional

object

List of words or phrases to search for.

inspectConfig.customInfoTypes[].dictionary.wordList.words

Optional

list (string)

Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]

inspectConfig.customInfoTypes[].dictionary.wordList.words[]

Optional

string

inspectConfig.customInfoTypes[].exclusionType

Optional

string

If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE

inspectConfig.customInfoTypes[].infoType

Optional

object

CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing infoTypes and that infoType is specified in `InspectContent.info_types` field. Specifying the latter adds findings to the one detected by the system. If built-in info type is not specified in `InspectContent.info_types` list then the name is treated as a custom info type.

inspectConfig.customInfoTypes[].infoType.name

Optional

string

Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

inspectConfig.customInfoTypes[].likelihood

Optional

string

Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria specified by the rule. Defaults to `VERY_LIKELY` if not specified. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY

inspectConfig.customInfoTypes[].regex

Optional

object

Regular expression based CustomInfoType.

inspectConfig.customInfoTypes[].regex.groupIndexes

Optional

list (integer)

The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.

inspectConfig.customInfoTypes[].regex.groupIndexes[]

Optional

integer

inspectConfig.customInfoTypes[].regex.pattern

Optional

string

Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.

inspectConfig.customInfoTypes[].storedType

Optional

object

Load an existing `StoredInfoType` resource for use in `InspectDataSource`. Not currently supported in `InspectContent`.

inspectConfig.customInfoTypes[].storedType.createTime

Optional

string

Timestamp indicating when the version of the `StoredInfoType` used for inspection was created. Output-only field, populated by the system.

inspectConfig.customInfoTypes[].storedType.nameRef

Optional

object

inspectConfig.customInfoTypes[].storedType.nameRef.external

Optional

string

Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`).

inspectConfig.customInfoTypes[].storedType.nameRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

inspectConfig.customInfoTypes[].storedType.nameRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

inspectConfig.customInfoTypes[].surrogateType

Optional

object

Message for detecting output from deidentification transformations that support reversing.

inspectConfig.excludeInfoTypes

Optional

boolean

When true, excludes type information of the findings.

inspectConfig.includeQuote

Optional

boolean

When true, a contextual quote from the data that triggered a finding is included in the response; see Finding.quote.

inspectConfig.infoTypes

Optional

list (object)

Restricts what info_types to look for. The values must correspond to InfoType values returned by ListInfoTypes or listed at https://cloud.google.com/dlp/docs/infotypes-reference. When no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated. If you need precise control and predictability as to what detectors are run you should specify specific InfoTypes listed in the reference, otherwise a default list will be used, which may change over time.

inspectConfig.infoTypes[]

Optional

object

inspectConfig.infoTypes[].name

Optional

string

Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

inspectConfig.limits

Optional

object

Configuration to control the number of findings returned.

inspectConfig.limits.maxFindingsPerInfoType

Optional

list (object)

Configuration of findings limit given for specified infoTypes.

inspectConfig.limits.maxFindingsPerInfoType[]

Optional

object

inspectConfig.limits.maxFindingsPerInfoType[].infoType

Optional

object

Type of information the findings limit applies to. Only one limit per info_type should be provided. If InfoTypeLimit does not have an info_type, the DLP API applies the limit against all info_types that are found but not specified in another InfoTypeLimit.

inspectConfig.limits.maxFindingsPerInfoType[].infoType.name

Optional

string

Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

inspectConfig.limits.maxFindingsPerInfoType[].maxFindings

Optional

integer

Max findings limit for the given infoType.

inspectConfig.limits.maxFindingsPerItem

Optional

integer

Max number of findings that will be returned for each item scanned. When set within `InspectJobConfig`, the maximum returned is 2000 regardless if this is set higher. When set within `InspectContentRequest`, this field is ignored.

inspectConfig.limits.maxFindingsPerRequest

Optional

integer

Max number of findings that will be returned per request/job. When set within `InspectContentRequest`, the maximum returned is 2000 regardless if this is set higher.

inspectConfig.minLikelihood

Optional

string

Only returns findings equal or above this threshold. The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY

inspectConfig.ruleSet

Optional

list (object)

Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, other rules are executed in the order they are specified for each info type.

inspectConfig.ruleSet[]

Optional

object

inspectConfig.ruleSet[].infoTypes

Optional

list (object)

List of infoTypes this rule set is applied to.

inspectConfig.ruleSet[].infoTypes[]

Optional

object

inspectConfig.ruleSet[].infoTypes[].name

Optional

string

Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

inspectConfig.ruleSet[].rules

Optional

list (object)

Set of rules to be applied to infoTypes. The rules are applied in order.

inspectConfig.ruleSet[].rules[]

Optional

object

inspectConfig.ruleSet[].rules[].exclusionRule

Optional

object

Exclusion rule.

inspectConfig.ruleSet[].rules[].exclusionRule.dictionary

Optional

object

Dictionary which defines the rule.

inspectConfig.ruleSet[].rules[].exclusionRule.dictionary.cloudStoragePath

Optional

object

Newline-delimited file of words in Cloud Storage. Only a single file is accepted.

inspectConfig.ruleSet[].rules[].exclusionRule.dictionary.cloudStoragePath.path

Optional

string

A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt

inspectConfig.ruleSet[].rules[].exclusionRule.dictionary.wordList

Optional

object

List of words or phrases to search for.

inspectConfig.ruleSet[].rules[].exclusionRule.dictionary.wordList.words

Optional

list (string)

Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]

inspectConfig.ruleSet[].rules[].exclusionRule.dictionary.wordList.words[]

Optional

string

inspectConfig.ruleSet[].rules[].exclusionRule.excludeInfoTypes

Optional

object

Set of infoTypes for which findings would affect this rule.

inspectConfig.ruleSet[].rules[].exclusionRule.excludeInfoTypes.infoTypes

Optional

list (object)

InfoType list in ExclusionRule rule drops a finding when it overlaps or contained within with a finding of an infoType from this list. For example, for `InspectionRuleSet.info_types` containing "PHONE_NUMBER"` and `exclusion_rule` containing `exclude_info_types.info_types` with "EMAIL_ADDRESS" the phone number findings are dropped if they overlap with EMAIL_ADDRESS finding. That leads to "555-222-2222@example.org" to generate only a single finding, namely email address.

inspectConfig.ruleSet[].rules[].exclusionRule.excludeInfoTypes.infoTypes[]

Optional

object

inspectConfig.ruleSet[].rules[].exclusionRule.excludeInfoTypes.infoTypes[].name

Optional

string

Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

inspectConfig.ruleSet[].rules[].exclusionRule.matchingType

Optional

string

How the rule is applied, see MatchingType documentation for details. Possible values: MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH

inspectConfig.ruleSet[].rules[].exclusionRule.regex

Optional

object

Regular expression which defines the rule.

inspectConfig.ruleSet[].rules[].exclusionRule.regex.groupIndexes

Optional

list (integer)

The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.

inspectConfig.ruleSet[].rules[].exclusionRule.regex.groupIndexes[]

Optional

integer

inspectConfig.ruleSet[].rules[].exclusionRule.regex.pattern

Optional

string

Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.

inspectConfig.ruleSet[].rules[].hotwordRule

Optional

object

inspectConfig.ruleSet[].rules[].hotwordRule.hotwordRegex

Optional

object

Regular expression pattern defining what qualifies as a hotword.

inspectConfig.ruleSet[].rules[].hotwordRule.hotwordRegex.groupIndexes

Optional

list (integer)

The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.

inspectConfig.ruleSet[].rules[].hotwordRule.hotwordRegex.groupIndexes[]

Optional

integer

inspectConfig.ruleSet[].rules[].hotwordRule.hotwordRegex.pattern

Optional

string

Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.

inspectConfig.ruleSet[].rules[].hotwordRule.likelihoodAdjustment

Optional

object

Likelihood adjustment to apply to all matching findings.

inspectConfig.ruleSet[].rules[].hotwordRule.likelihoodAdjustment.fixedLikelihood

Optional

string

Set the likelihood of a finding to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY

inspectConfig.ruleSet[].rules[].hotwordRule.likelihoodAdjustment.relativeLikelihood

Optional

integer

Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be `POSSIBLE` without the detection rule and `relative_likelihood` is 1, then it is upgraded to `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. Likelihood may never drop below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is `VERY_LIKELY` will result in a final likelihood of `LIKELY`.

inspectConfig.ruleSet[].rules[].hotwordRule.proximity

Optional

object

Proximity of the finding within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be used to match substrings of the finding itself. For example, the certainty of a phone number regex "(d{3}) d{3}-d{4}" could be adjusted upwards if the area code is known to be the local area code of a company office using the hotword regex "(xxx)", where "xxx" is the area code in question.

inspectConfig.ruleSet[].rules[].hotwordRule.proximity.windowAfter

Optional

integer

Number of characters after the finding to consider.

inspectConfig.ruleSet[].rules[].hotwordRule.proximity.windowBefore

Optional

integer

Number of characters before the finding to consider.

location

Optional

string

Immutable. The location of the resource

organizationRef

Optional

object

Immutable. The Organization that this resource belongs to. Only one of [organizationRef, projectRef] may be specified.

organizationRef.external

Optional

string

Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).

organizationRef.name

Optional

string

[WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

organizationRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

projectRef

Optional

object

Immutable. The Project that this resource belongs to. Only one of [organizationRef, projectRef] may be specified.

projectRef.external

Optional

string

Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).

projectRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

projectRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceID

Optional

string

Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.

Status

Schema

conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
createTime: string
locationId: string
observedGeneration: integer
updateTime: string
Fields
conditions

list (object)

Conditions represent the latest available observation of the resource's current state.

conditions[]

object

conditions[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions[].message

string

Human-readable message indicating details about last transition.

conditions[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions[].type

string

Type is the type of the condition.

createTime

string

Output only. The creation timestamp of an inspectTemplate.

locationId

string

Output only. The geographic location where this resource is stored.

observedGeneration

integer

ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.

updateTime

string

Output only. The last update timestamp of an inspectTemplate.

Sample YAML(s)

Custom Inspect Template

# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: dlp.cnrm.cloud.google.com/v1beta1
kind: DLPInspectTemplate
metadata:
  name: dlpinspecttemplate-sample-custominspecttemplate
spec:
  projectRef:
    # Replace "${PROJECT_ID?}" with your project ID
    external: "projects/${PROJECT_ID?}"
  location: "us-west2"
  displayName: "sample-template"
  description: "A sample dlp inspect template"
  inspectConfig:
    infoTypes:
    - name: "AGE"
    minLikelihood: "POSSIBLE"
    limits:
      maxFindingsPerItem: 7
      maxFindingsPerRequest: 7
      maxFindingsPerInfoType:
      - infoType:
          name: "AGE"
        maxFindings: 7
    includeQuote: false
    excludeInfoTypes: false
    customInfoTypes:
    - infoType:
        name: "PHONE_NUMBER"
      likelihood: "POSSIBLE"
      dictionary:
        wordList:
          words:
          - "911"
    - infoType:
        name: "AGE"
      dictionary:
        cloudStoragePath:
          # Replace "${DLP_TEST_BUCKET?}" with your storage bucket name
          path: "gs://${DLP_TEST_BUCKET?}/dictionary-1"
    - infoType:
        name: "HOME_ADDRESS"
      storedType:
        nameRef:
          name: "dlpinspecttemplate-dep-custominspecttemplate"
    - infoType:
        name: "SALARY"
      exclusionType: "EXCLUSION_TYPE_EXCLUDE"
      regex:
        pattern: "(\\$)(\\d*)"
        groupIndexes:
        - 1
        - 2
    - infoType:
        name: "HEIGHT"
      regex:
        pattern: "\\d'\\d{2}\""
      surrogateType: {}
    contentOptions:
    - "CONTENT_TEXT"
    ruleSet:
    - infoTypes:
      - name: "AGE"
      rules:
      - exclusionRule:
          matchingType: "MATCHING_TYPE_FULL_MATCH"
          dictionary:
            wordList:
              words:
              - "911"
      - exclusionRule:
          matchingType: "MATCHING_TYPE_FULL_MATCH"
          dictionary:
            cloudStoragePath:
              # Replace "${DLP_TEST_BUCKET?}" with your storage bucket name
              path: "gs://${DLP_TEST_BUCKET?}/dictionary-1"
      - exclusionRule:
          matchingType: "MATCHING_TYPE_FULL_MATCH"
          regex:
            pattern: "([12])(\\d{1,2})"
            groupIndexes:
            - 1
            - 2
      - exclusionRule:
          matchingType: "MATCHING_TYPE_FULL_MATCH"
          excludeInfoTypes:
            infoTypes:
            - name: "PHONE_NUMBER"
    - infoTypes:
      - name: "PHONE_NUMBER"
      rules:
      - hotwordRule:
          hotwordRegex:
            pattern: "\\(([0-9]{3})\\) ?[0-9]{3}-[0-9]{4}"
            groupIndexes:
            - 0
            - 1
          proximity:
            windowBefore: 2
            windowAfter: 3
          likelihoodAdjustment:
            fixedLikelihood: "LIKELY"
      - hotwordRule:
          hotwordRegex:
            pattern: "\\+?[0-9]*"
          proximity:
            windowBefore: 2
            windowAfter: 3
          likelihoodAdjustment:
            relativeLikelihood: 1
---
apiVersion: dlp.cnrm.cloud.google.com/v1beta1
kind: DLPStoredInfoType
metadata:
  name: dlpinspecttemplate-dep-custominspecttemplate
spec:
  projectRef:
    # Replace "${PROJECT_ID?}" with your project ID
    external: "projects/${PROJECT_ID?}"
  location: "us-west2"
  displayName: "sample-type"
  description: "A sample regex-based stored info type"
  regex:
    pattern: "([a-z]*)(.+)"
    groupIndexes:
    - 0
    - 1

Inspection Inspect Template

# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: dlp.cnrm.cloud.google.com/v1beta1
kind: DLPInspectTemplate
metadata:
  name: dlpinspecttemplate-sample-inspectioninspecttemplate
spec:
  projectRef:
    # Replace "${PROJECT_ID?}" with your project ID
    external: "projects/${PROJECT_ID?}"
  location: "global"
  inspectConfig:
    infoTypes:
    - name: "AGE"
    ruleSet:
    - infoTypes:
      - name: "AGE"
      rules:
      - hotwordRule:
          hotwordRegex:
            pattern: "([12])(\\d{1,2})"
            groupIndexes:
            - 1
            - 2
          proximity:
            windowBefore: 2
            windowAfter: 3
          likelihoodAdjustment:
            fixedLikelihood: "LIKELY"
      - hotwordRule:
          hotwordRegex:
            pattern: ".*"
          proximity:
            windowBefore: 2
            windowAfter: 3
          likelihoodAdjustment:
            relativeLikelihood: 1