diff --git a/google/privacy/dlp/v2/dlp.proto b/google/privacy/dlp/v2/dlp.proto index d0ab08df..1de24b88 100644 --- a/google/privacy/dlp/v2/dlp.proto +++ b/google/privacy/dlp/v2/dlp.proto @@ -53,8 +53,7 @@ option (google.api.resource_definition) = { // https://cloud.google.com/dlp/docs/. service DlpService { option (google.api.default_host) = "dlp.googleapis.com"; - option (google.api.oauth_scopes) = - "https://www.googleapis.com/auth/cloud-platform"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; // Finds potentially sensitive info in content. // This method has limits on input size, processing time, and output size. @@ -103,8 +102,7 @@ service DlpService { // When no InfoTypes or CustomInfoTypes are specified in this request, the // system will automatically choose what detectors to run. By default this may // be all types, but may change over time as detectors are updated. - rpc DeidentifyContent(DeidentifyContentRequest) - returns (DeidentifyContentResponse) { + rpc DeidentifyContent(DeidentifyContentRequest) returns (DeidentifyContentResponse) { option (google.api.http) = { post: "/v2/{parent=projects/*}/content:deidentify" body: "*" @@ -119,8 +117,7 @@ service DlpService { // See // https://cloud.google.com/dlp/docs/pseudonymization#re-identification_in_free_text_code_example // to learn more. - rpc ReidentifyContent(ReidentifyContentRequest) - returns (ReidentifyContentResponse) { + rpc ReidentifyContent(ReidentifyContentRequest) returns (ReidentifyContentResponse) { option (google.api.http) = { post: "/v2/{parent=projects/*}/content:reidentify" body: "*" @@ -137,7 +134,9 @@ service DlpService { rpc ListInfoTypes(ListInfoTypesRequest) returns (ListInfoTypesResponse) { option (google.api.http) = { get: "/v2/infoTypes" - additional_bindings { get: "/v2/locations/{location_id}/infoTypes" } + additional_bindings { + get: "/v2/locations/{location_id}/infoTypes" + } }; option (google.api.method_signature) = "location_id"; } @@ -145,8 +144,7 @@ service DlpService { // Creates an InspectTemplate for re-using frequently used configuration // for inspecting content, images, and storage. // See https://cloud.google.com/dlp/docs/creating-templates to learn more. - rpc CreateInspectTemplate(CreateInspectTemplateRequest) - returns (InspectTemplate) { + rpc CreateInspectTemplate(CreateInspectTemplateRequest) returns (InspectTemplate) { option (google.api.http) = { post: "/v2/{parent=organizations/*}/inspectTemplates" body: "*" @@ -164,14 +162,12 @@ service DlpService { } }; option (google.api.method_signature) = "parent,inspect_template"; - option (google.api.method_signature) = - "parent,inspect_template,location_id"; + option (google.api.method_signature) = "parent,inspect_template,location_id"; } // Updates the InspectTemplate. // See https://cloud.google.com/dlp/docs/creating-templates to learn more. - rpc UpdateInspectTemplate(UpdateInspectTemplateRequest) - returns (InspectTemplate) { + rpc UpdateInspectTemplate(UpdateInspectTemplateRequest) returns (InspectTemplate) { option (google.api.http) = { patch: "/v2/{name=organizations/*/inspectTemplates/*}" body: "*" @@ -199,7 +195,9 @@ service DlpService { additional_bindings { get: "/v2/{name=organizations/*/locations/*/inspectTemplates/*}" } - additional_bindings { get: "/v2/{name=projects/*/inspectTemplates/*}" } + additional_bindings { + get: "/v2/{name=projects/*/inspectTemplates/*}" + } additional_bindings { get: "/v2/{name=projects/*/locations/*/inspectTemplates/*}" } @@ -209,14 +207,15 @@ service DlpService { // Lists InspectTemplates. // See https://cloud.google.com/dlp/docs/creating-templates to learn more. - rpc ListInspectTemplates(ListInspectTemplatesRequest) - returns (ListInspectTemplatesResponse) { + rpc ListInspectTemplates(ListInspectTemplatesRequest) returns (ListInspectTemplatesResponse) { option (google.api.http) = { get: "/v2/{parent=organizations/*}/inspectTemplates" additional_bindings { get: "/v2/{parent=organizations/*}/locations/{location_id}/inspectTemplates" } - additional_bindings { get: "/v2/{parent=projects/*}/inspectTemplates" } + additional_bindings { + get: "/v2/{parent=projects/*}/inspectTemplates" + } additional_bindings { get: "/v2/{parent=projects/*}/locations/{location_id}/inspectTemplates" } @@ -226,14 +225,15 @@ service DlpService { // Deletes an InspectTemplate. // See https://cloud.google.com/dlp/docs/creating-templates to learn more. - rpc DeleteInspectTemplate(DeleteInspectTemplateRequest) - returns (google.protobuf.Empty) { + rpc DeleteInspectTemplate(DeleteInspectTemplateRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v2/{name=organizations/*/inspectTemplates/*}" additional_bindings { delete: "/v2/{name=organizations/*/locations/*/inspectTemplates/*}" } - additional_bindings { delete: "/v2/{name=projects/*/inspectTemplates/*}" } + additional_bindings { + delete: "/v2/{name=projects/*/inspectTemplates/*}" + } additional_bindings { delete: "/v2/{name=projects/*/locations/*/inspectTemplates/*}" } @@ -245,8 +245,7 @@ service DlpService { // for de-identifying content, images, and storage. // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn // more. - rpc CreateDeidentifyTemplate(CreateDeidentifyTemplateRequest) - returns (DeidentifyTemplate) { + rpc CreateDeidentifyTemplate(CreateDeidentifyTemplateRequest) returns (DeidentifyTemplate) { option (google.api.http) = { post: "/v2/{parent=organizations/*}/deidentifyTemplates" body: "*" @@ -264,15 +263,13 @@ service DlpService { } }; option (google.api.method_signature) = "parent,deidentify_template"; - option (google.api.method_signature) = - "parent,deidentify_template,location_id"; + option (google.api.method_signature) = "parent,deidentify_template,location_id"; } // Updates the DeidentifyTemplate. // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn // more. - rpc UpdateDeidentifyTemplate(UpdateDeidentifyTemplateRequest) - returns (DeidentifyTemplate) { + rpc UpdateDeidentifyTemplate(UpdateDeidentifyTemplateRequest) returns (DeidentifyTemplate) { option (google.api.http) = { patch: "/v2/{name=organizations/*/deidentifyTemplates/*}" body: "*" @@ -289,21 +286,21 @@ service DlpService { body: "*" } }; - option (google.api.method_signature) = - "name,deidentify_template,update_mask"; + option (google.api.method_signature) = "name,deidentify_template,update_mask"; } // Gets a DeidentifyTemplate. // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn // more. - rpc GetDeidentifyTemplate(GetDeidentifyTemplateRequest) - returns (DeidentifyTemplate) { + rpc GetDeidentifyTemplate(GetDeidentifyTemplateRequest) returns (DeidentifyTemplate) { option (google.api.http) = { get: "/v2/{name=organizations/*/deidentifyTemplates/*}" additional_bindings { get: "/v2/{name=organizations/*/locations/*/deidentifyTemplates/*}" } - additional_bindings { get: "/v2/{name=projects/*/deidentifyTemplates/*}" } + additional_bindings { + get: "/v2/{name=projects/*/deidentifyTemplates/*}" + } additional_bindings { get: "/v2/{name=projects/*/locations/*/deidentifyTemplates/*}" } @@ -314,14 +311,15 @@ service DlpService { // Lists DeidentifyTemplates. // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn // more. - rpc ListDeidentifyTemplates(ListDeidentifyTemplatesRequest) - returns (ListDeidentifyTemplatesResponse) { + rpc ListDeidentifyTemplates(ListDeidentifyTemplatesRequest) returns (ListDeidentifyTemplatesResponse) { option (google.api.http) = { get: "/v2/{parent=organizations/*}/deidentifyTemplates" additional_bindings { get: "/v2/{parent=organizations/*}/locations/{location_id}/deidentifyTemplates" } - additional_bindings { get: "/v2/{parent=projects/*}/deidentifyTemplates" } + additional_bindings { + get: "/v2/{parent=projects/*}/deidentifyTemplates" + } additional_bindings { get: "/v2/{parent=projects/*}/locations/{location_id}/deidentifyTemplates" } @@ -332,8 +330,7 @@ service DlpService { // Deletes a DeidentifyTemplate. // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn // more. - rpc DeleteDeidentifyTemplate(DeleteDeidentifyTemplateRequest) - returns (google.protobuf.Empty) { + rpc DeleteDeidentifyTemplate(DeleteDeidentifyTemplateRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v2/{name=organizations/*/deidentifyTemplates/*}" additional_bindings { @@ -385,8 +382,7 @@ service DlpService { // Early access feature is in a pre-release state and might change or have // limited support. For more information, see // https://cloud.google.com/products#product-launch-stages. - rpc HybridInspectJobTrigger(HybridInspectJobTriggerRequest) - returns (HybridInspectResponse) { + rpc HybridInspectJobTrigger(HybridInspectJobTriggerRequest) returns (HybridInspectResponse) { option (google.api.http) = { post: "/v2/{name=projects/*/locations/*/jobTriggers/*}:hybridInspect" body: "*" @@ -408,8 +404,7 @@ service DlpService { // Lists job triggers. // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more. - rpc ListJobTriggers(ListJobTriggersRequest) - returns (ListJobTriggersResponse) { + rpc ListJobTriggers(ListJobTriggersRequest) returns (ListJobTriggersResponse) { option (google.api.http) = { get: "/v2/{parent=projects/*}/jobTriggers" additional_bindings { @@ -421,8 +416,7 @@ service DlpService { // Deletes a job trigger. // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more. - rpc DeleteJobTrigger(DeleteJobTriggerRequest) - returns (google.protobuf.Empty) { + rpc DeleteJobTrigger(DeleteJobTriggerRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v2/{name=projects/*/jobTriggers/*}" additional_bindings { @@ -486,7 +480,9 @@ service DlpService { rpc GetDlpJob(GetDlpJobRequest) returns (DlpJob) { option (google.api.http) = { get: "/v2/{name=projects/*/dlpJobs/*}" - additional_bindings { get: "/v2/{name=projects/*/locations/*/dlpJobs/*}" } + additional_bindings { + get: "/v2/{name=projects/*/locations/*/dlpJobs/*}" + } }; option (google.api.method_signature) = "name"; } @@ -525,8 +521,7 @@ service DlpService { // Creates a pre-built stored infoType to be used for inspection. // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to // learn more. - rpc CreateStoredInfoType(CreateStoredInfoTypeRequest) - returns (StoredInfoType) { + rpc CreateStoredInfoType(CreateStoredInfoTypeRequest) returns (StoredInfoType) { option (google.api.http) = { post: "/v2/{parent=organizations/*}/storedInfoTypes" body: "*" @@ -551,8 +546,7 @@ service DlpService { // will continue to be used until the new version is ready. // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to // learn more. - rpc UpdateStoredInfoType(UpdateStoredInfoTypeRequest) - returns (StoredInfoType) { + rpc UpdateStoredInfoType(UpdateStoredInfoTypeRequest) returns (StoredInfoType) { option (google.api.http) = { patch: "/v2/{name=organizations/*/storedInfoTypes/*}" body: "*" @@ -581,7 +575,9 @@ service DlpService { additional_bindings { get: "/v2/{name=organizations/*/locations/*/storedInfoTypes/*}" } - additional_bindings { get: "/v2/{name=projects/*/storedInfoTypes/*}" } + additional_bindings { + get: "/v2/{name=projects/*/storedInfoTypes/*}" + } additional_bindings { get: "/v2/{name=projects/*/locations/*/storedInfoTypes/*}" } @@ -592,14 +588,15 @@ service DlpService { // Lists stored infoTypes. // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to // learn more. - rpc ListStoredInfoTypes(ListStoredInfoTypesRequest) - returns (ListStoredInfoTypesResponse) { + rpc ListStoredInfoTypes(ListStoredInfoTypesRequest) returns (ListStoredInfoTypesResponse) { option (google.api.http) = { get: "/v2/{parent=organizations/*}/storedInfoTypes" additional_bindings { get: "/v2/{parent=organizations/*}/locations/{location_id}/storedInfoTypes" } - additional_bindings { get: "/v2/{parent=projects/*}/storedInfoTypes" } + additional_bindings { + get: "/v2/{parent=projects/*}/storedInfoTypes" + } additional_bindings { get: "/v2/{parent=projects/*}/locations/{location_id}/storedInfoTypes" } @@ -610,14 +607,15 @@ service DlpService { // Deletes a stored infoType. // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to // learn more. - rpc DeleteStoredInfoType(DeleteStoredInfoTypeRequest) - returns (google.protobuf.Empty) { + rpc DeleteStoredInfoType(DeleteStoredInfoTypeRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v2/{name=organizations/*/storedInfoTypes/*}" additional_bindings { delete: "/v2/{name=organizations/*/locations/*/storedInfoTypes/*}" } - additional_bindings { delete: "/v2/{name=projects/*/storedInfoTypes/*}" } + additional_bindings { + delete: "/v2/{name=projects/*/storedInfoTypes/*}" + } additional_bindings { delete: "/v2/{name=projects/*/locations/*/storedInfoTypes/*}" } @@ -631,8 +629,7 @@ service DlpService { // Early access feature is in a pre-release state and might change or have // limited support. For more information, see // https://cloud.google.com/products#product-launch-stages. - rpc HybridInspectDlpJob(HybridInspectDlpJobRequest) - returns (HybridInspectResponse) { + rpc HybridInspectDlpJob(HybridInspectDlpJobRequest) returns (HybridInspectResponse) { option (google.api.http) = { post: "/v2/{name=projects/*/locations/*/dlpJobs/*}:hybridInspect" body: "*" @@ -786,7 +783,7 @@ message InspectConfig { // Container for bytes to inspect or redact. message ByteContentItem { - // The type of data being sent to in data. + // The type of data being sent for inspection. enum BytesType { // Unused BYTES_TYPE_UNSPECIFIED = 0; @@ -809,6 +806,12 @@ message ByteContentItem { // plain text TEXT_UTF8 = 5; + // docx, docm, dotx, dotm + WORD_DOCUMENT = 7; + + // pdf + PDF = 8; + // avro AVRO = 11; } @@ -871,13 +874,13 @@ message InspectResult { // Represents a piece of potentially sensitive content. message Finding { option (google.api.resource) = { - type: "dlp.googleapis.com/InspectFinding" + type: "dlp.googleapis.com/Finding" pattern: "projects/{project}/locations/{location}/findings/{finding}" }; // Resource name in format - // projects/{project}/locations/{location}/findings/{finding} - // Populated only when viewing persisted findings. + // projects/{project}/locations/{location}/findings/{finding} Populated only + // when viewing persisted findings. string name = 14; // The content that was found. Even if the content is not textual, it @@ -906,19 +909,16 @@ message Finding { QuoteInfo quote_info = 7; // The job that stored the finding. - string resource_name = 8 - [(google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" }]; + string resource_name = 8 [(google.api.resource_reference) = { + type: "dlp.googleapis.com/DlpJob" + }]; // Job trigger name, if applicable, for this finding. - // (-- api-linter: core::0122::name-suffix=disabled - // aip.dev/not-precedent: AIP-122 discourages _name suffixes for - // resource names, but this has existed as part of the bigquery schema - // before this rule existed. --) - string trigger_name = 9 [ - (google.api.resource_reference) = { type: "dlp.googleapis.com/JobTrigger" } - ]; + string trigger_name = 9 [(google.api.resource_reference) = { + type: "dlp.googleapis.com/JobTrigger" + }]; - // The labels associated with this `InspectFinding`. + // The labels associated with this `Finding`. // // Label keys must be between 1 and 63 characters long and must conform // to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. @@ -937,12 +937,9 @@ message Finding { google.protobuf.Timestamp job_create_time = 11; // The job that stored the finding. - // (-- api-linter: core::0122::name-suffix=disabled - // aip.dev/not-precedent: AIP-122 discourages _name suffixes for - // resource names, but this has existed as part of the bigquery schema - // before this rule existed. --) - string job_name = 13 - [(google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" }]; + string job_name = 13 [(google.api.resource_reference) = { + type: "dlp.googleapis.com/DlpJob" + }]; } // Specifies the location of the finding. @@ -992,6 +989,9 @@ message ContentLocation { // Location data for document files. DocumentLocation document_location = 5; + + // Location within the metadata for inspected content. + MetadataLocation metadata_location = 8; } // Findings container modification timestamp, if applicable. @@ -1005,6 +1005,24 @@ message ContentLocation { string container_version = 7; } +// Metadata Location +message MetadataLocation { + // Type of metadata containing the finding. + MetadataType type = 1; + + // Label of the piece of metadata containing the finding, for example - + // latitude, author, caption. + oneof label { + // Storage metadata. + StorageMetadataLabel storage_label = 3; + } +} + +// Storage metadata label to indicate which metadata entry contains findings. +message StorageMetadataLabel { + string key = 1; +} + // Location of a finding within a document. message DocumentLocation { // Offset of the line, from the beginning of the file, where the finding @@ -1026,7 +1044,12 @@ message RecordLocation { // Location of a finding within a table. message TableLocation { - // The zero-based index of the row where the finding is located. + // The zero-based index of the row where the finding is located. Only + // populated for resources that have a natural ordering, not BigQuery. In + // BigQuery, to identify the row a finding came from, populate + // BigQueryOptions.identifying_fields with your primary key column names and + // when you store the findings the value of those columns will be stored + // inside of Finding. int64 row_index = 1; } @@ -1128,11 +1151,12 @@ message RedactImageRequest { // The parent resource name, for example projects/my-project-id. string parent = 1 [(google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Project" - }]; + type: "cloudresourcemanager.googleapis.com/Project" + }]; // The geographic location to process the request. Reserved for future // extensions. + // Location is restricted to 'global', 'us', 'asia', and 'europe'. string location_id = 8; // Configuration for the inspector. @@ -1179,8 +1203,8 @@ message RedactImageResponse { message DeidentifyContentRequest { // The parent resource name, for example projects/my-project-id. string parent = 1 [(google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Project" - }]; + type: "cloudresourcemanager.googleapis.com/Project" + }]; // Configuration for the de-identification of the content item. // Items specified here will override the template referenced by the @@ -1284,8 +1308,8 @@ message ReidentifyContentResponse { message InspectContentRequest { // The parent resource name, for example projects/my-project-id. string parent = 1 [(google.api.resource_reference) = { - type: "cloudresourcemanager.googleapis.com/Project" - }]; + type: "cloudresourcemanager.googleapis.com/Project" + }]; // Configuration for the inspector. What specified here will override // the template referenced by the inspect_template_name argument. @@ -1303,6 +1327,8 @@ message InspectContentRequest { // The geographic location to process content inspection. Reserved for future // extensions. + // When inspecting images location is restricted to 'global', 'us', 'asia', + // and 'europe'. string location_id = 5; } @@ -1416,7 +1442,7 @@ message InspectDataSourceDetails { Result result = 3; } -// Statistics related to processing hybrid inspect requests.s +// Statistics related to processing hybrid inspect requests. message HybridInspectStatistics { // The number of hybrid inspection requests processed within this job. int64 processed_count = 1; @@ -1536,11 +1562,10 @@ message StatisticalTable { BigQueryTable table = 3 [(google.api.field_behavior) = REQUIRED]; // Required. Quasi-identifier columns. - repeated QuasiIdentifierField quasi_ids = 1 - [(google.api.field_behavior) = REQUIRED]; + repeated QuasiIdentifierField quasi_ids = 1 [(google.api.field_behavior) = REQUIRED]; - // Required. The relative frequency column must contain a floating-point - // number between 0 and 1 (inclusive). Null values are assumed to be zero. + // Required. The relative frequency column must contain a floating-point number + // between 0 and 1 (inclusive). Null values are assumed to be zero. FieldId relative_frequency = 2 [(google.api.field_behavior) = REQUIRED]; } @@ -1653,16 +1678,15 @@ message PrivacyMetric { BigQueryTable table = 3 [(google.api.field_behavior) = REQUIRED]; // Required. Quasi-identifier columns. - repeated QuasiIdField quasi_ids = 1 - [(google.api.field_behavior) = REQUIRED]; + repeated QuasiIdField quasi_ids = 1 [(google.api.field_behavior) = REQUIRED]; - // Required. The relative frequency column must contain a floating-point - // number between 0 and 1 (inclusive). Null values are assumed to be zero. + // Required. The relative frequency column must contain a floating-point number + // between 0 and 1 (inclusive). Null values are assumed to be zero. FieldId relative_frequency = 2 [(google.api.field_behavior) = REQUIRED]; } - // Required. Fields considered to be quasi-identifiers. No two columns can - // have the same tag. + // Required. Fields considered to be quasi-identifiers. No two columns can have the + // same tag. repeated TaggedField quasi_ids = 1 [(google.api.field_behavior) = REQUIRED]; // ISO 3166-1 alpha-2 region code to use in the statistical modeling. @@ -1681,8 +1705,8 @@ message PrivacyMetric { // Similarly to the k-map metric, we cannot compute δ-presence exactly without // knowing the attack dataset, so we use a statistical model instead. message DeltaPresenceEstimationConfig { - // Required. Fields considered to be quasi-identifiers. No two fields can - // have the same tag. + // Required. Fields considered to be quasi-identifiers. No two fields can have the + // same tag. repeated QuasiId quasi_ids = 1 [(google.api.field_behavior) = REQUIRED]; // ISO 3166-1 alpha-2 region code to use in the statistical modeling. @@ -1755,8 +1779,7 @@ message AnalyzeDataSourceRiskDetails { } // Histogram of value frequencies in the column. - repeated CategoricalStatsHistogramBucket value_frequency_histogram_buckets = - 5; + repeated CategoricalStatsHistogramBucket value_frequency_histogram_buckets = 5; } // Result of the k-anonymity computation. @@ -1836,8 +1859,7 @@ message AnalyzeDataSourceRiskDetails { } // Histogram of l-diversity equivalence class sensitive value frequencies. - repeated LDiversityHistogramBucket - sensitive_value_frequency_histogram_buckets = 5; + repeated LDiversityHistogramBucket sensitive_value_frequency_histogram_buckets = 5; } // Result of the reidentifiability analysis. Note that these results are an @@ -1943,8 +1965,7 @@ message AnalyzeDataSourceRiskDetails { // {min_probability: 0.3, max_probability: 0.4, frequency: 99} // mean that there are no record with an estimated probability in [0.1, 0.2) // nor larger or equal to 0.4. - repeated DeltaPresenceEstimationHistogramBucket - delta_presence_estimation_histogram = 1; + repeated DeltaPresenceEstimationHistogramBucket delta_presence_estimation_histogram = 1; } // Privacy metric to compute. @@ -2080,13 +2101,17 @@ message DeidentifyConfig { // `TransformationOverviews`. message TransformationErrorHandling { // Throw an error and fail the request when a transformation error occurs. - message ThrowError {} + message ThrowError { + + } // Skips the data without modifying it if the requested transformation would // cause an error. For example, if a `DateShift` transformation were applied // an an IP address, this mode would leave the IP address unchanged in the // response. - message LeaveUntransformed {} + message LeaveUntransformed { + + } // How transformation errors should be handled. oneof mode { @@ -2248,12 +2273,16 @@ message ReplaceValueConfig { } // Replace each matching finding with the name of the info_type. -message ReplaceWithInfoTypeConfig {} +message ReplaceWithInfoTypeConfig { + +} // Redact a given value. For example, if used with an `InfoTypeTransformation` // transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the // output would be 'My phone number is '. -message RedactConfig {} +message RedactConfig { + +} // Characters to skip when doing deidentification of a value. These will be left // alone and skipped. @@ -2337,18 +2366,18 @@ message CharacterMaskConfig { // // See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. message FixedSizeBucketingConfig { - // Required. Lower bound value of buckets. All values less than `lower_bound` - // are grouped together into a single bucket; for example if `lower_bound` = - // 10, then all values less than 10 are replaced with the value “-10”. + // Required. Lower bound value of buckets. All values less than `lower_bound` are + // grouped together into a single bucket; for example if `lower_bound` = 10, + // then all values less than 10 are replaced with the value “-10”. Value lower_bound = 1 [(google.api.field_behavior) = REQUIRED]; - // Required. Upper bound value of buckets. All values greater than upper_bound - // are grouped together into a single bucket; for example if `upper_bound` = - // 89, then all values greater than 89 are replaced with the value “89+”. + // Required. Upper bound value of buckets. All values greater than upper_bound are + // grouped together into a single bucket; for example if `upper_bound` = 89, + // then all values greater than 89 are replaced with the value “89+”. Value upper_bound = 2 [(google.api.field_behavior) = REQUIRED]; - // Required. Size of each bucket (except for minimum and maximum buckets). So - // if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the + // Required. Size of each bucket (except for minimum and maximum buckets). So if + // `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the // following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, // 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. double bucket_size = 3 [(google.api.field_behavior) = REQUIRED]; @@ -2542,15 +2571,14 @@ message KmsWrappedCryptoKey { // same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting // to learn more. message DateShiftConfig { - // Required. Range of shift in days. Actual shift will be selected at random - // within this range (inclusive ends). Negative means shift to earlier in - // time. Must not be more than 365250 days (1000 years) each direction. + // Required. Range of shift in days. Actual shift will be selected at random within this + // range (inclusive ends). Negative means shift to earlier in time. Must not + // be more than 365250 days (1000 years) each direction. // // For example, 3 means shift date to at most 3 days into the future. int32 upper_bound_days = 1 [(google.api.field_behavior) = REQUIRED]; - // Required. For example, -5 means shift date to at most 5 days back in the - // past. + // Required. For example, -5 means shift date to at most 5 days back in the past. int32 lower_bound_days = 2 [(google.api.field_behavior) = REQUIRED]; // Points to the field that contains the context, for example, an entity id. @@ -2582,14 +2610,12 @@ message InfoTypeTransformations { repeated InfoType info_types = 1; // Required. Primitive transformation to apply to the infoType. - PrimitiveTransformation primitive_transformation = 2 - [(google.api.field_behavior) = REQUIRED]; + PrimitiveTransformation primitive_transformation = 2 [(google.api.field_behavior) = REQUIRED]; } // Required. Transformation for each infoType. Cannot specify more than one // for a given infoType. - repeated InfoTypeTransformation transformations = 1 - [(google.api.field_behavior) = REQUIRED]; + repeated InfoTypeTransformation transformations = 1 [(google.api.field_behavior) = REQUIRED]; } // The transformation to apply to the field. @@ -2783,7 +2809,9 @@ message Schedule { // Job trigger option for hybrid jobs. Jobs must be manually created // and finished. -message Manual {} +message Manual { + +} // The inspectTemplate contains a configuration (set of types of sensitive data // to be detected) to be used anywhere you otherwise would normally specify @@ -2812,12 +2840,10 @@ message InspectTemplate { string description = 3; // Output only. The creation timestamp of an inspectTemplate. - google.protobuf.Timestamp create_time = 4 - [(google.api.field_behavior) = OUTPUT_ONLY]; + google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. The last update timestamp of an inspectTemplate. - google.protobuf.Timestamp update_time = 5 - [(google.api.field_behavior) = OUTPUT_ONLY]; + google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; // The core content of the template. Configuration of the scanning process. InspectConfig inspect_config = 6; @@ -2848,12 +2874,10 @@ message DeidentifyTemplate { string description = 3; // Output only. The creation timestamp of an inspectTemplate. - google.protobuf.Timestamp create_time = 4 - [(google.api.field_behavior) = OUTPUT_ONLY]; + google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. The last update timestamp of an inspectTemplate. - google.protobuf.Timestamp update_time = 5 - [(google.api.field_behavior) = OUTPUT_ONLY]; + google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; // ///////////// // The core content of the template // /////////////// DeidentifyConfig deidentify_config = 6; @@ -2932,23 +2956,20 @@ message JobTrigger { // a single Schedule trigger and must have at least one object. repeated Trigger triggers = 5; - // Output only. A stream of errors encountered when the trigger was activated. - // Repeated errors may result in the JobTrigger automatically being paused. + // Output only. A stream of errors encountered when the trigger was activated. Repeated + // errors may result in the JobTrigger automatically being paused. // Will return the last 100 errors. Whenever the JobTrigger is modified // this list will be cleared. repeated Error errors = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. The creation timestamp of a triggeredJob. - google.protobuf.Timestamp create_time = 7 - [(google.api.field_behavior) = OUTPUT_ONLY]; + google.protobuf.Timestamp create_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. The last update timestamp of a triggeredJob. - google.protobuf.Timestamp update_time = 8 - [(google.api.field_behavior) = OUTPUT_ONLY]; + google.protobuf.Timestamp update_time = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. The timestamp of the last time this trigger executed. - google.protobuf.Timestamp last_run_time = 9 - [(google.api.field_behavior) = OUTPUT_ONLY]; + google.protobuf.Timestamp last_run_time = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; // Required. A status for this trigger. Status status = 10 [(google.api.field_behavior) = REQUIRED]; @@ -2989,7 +3010,9 @@ message Action { // service-specific policy, see https://cloud.google.com/terms/service-terms // Only a single instance of this action can be specified. // Compatible with: Inspect - message PublishSummaryToCscc {} + message PublishSummaryToCscc { + + } // Publish findings of a DlpJob to Cloud Data Catalog. Labels summarizing the // results of the DlpJob will be applied to the entry for the resource scanned @@ -3001,17 +3024,23 @@ message Action { // Only a single instance of this action can be specified and only allowed if // all resources being scanned are BigQuery tables. // Compatible with: Inspect - message PublishFindingsToCloudDataCatalog {} + message PublishFindingsToCloudDataCatalog { + + } // Enable email notification to project owners and editors on jobs's // completion/failure. - message JobNotificationEmails {} + message JobNotificationEmails { + + } // Enable Stackdriver metric dlp.googleapis.com/finding_count. This // will publish a metric to stack driver on each infotype requested and // how many findings were found for it. CustomDetectors will be bucketed // as 'Custom' under the Stackdriver label 'info_type'. - message PublishToStackdriver {} + message PublishToStackdriver { + + } oneof action { // Save resulting findings in a provided location. @@ -3024,8 +3053,7 @@ message Action { PublishSummaryToCscc publish_summary_to_cscc = 3; // Publish findings to Cloud Datahub. - PublishFindingsToCloudDataCatalog publish_findings_to_cloud_data_catalog = - 5; + PublishFindingsToCloudDataCatalog publish_findings_to_cloud_data_catalog = 5; // Enable email notification for project owners and editors on job's // completion/failure. @@ -3063,8 +3091,8 @@ message CreateInspectTemplateRequest { // Request message for UpdateInspectTemplate. message UpdateInspectTemplateRequest { - // Required. Resource name of organization and inspectTemplate to be updated, - // for example `organizations/433245324/inspectTemplates/432452342` or + // Required. Resource name of organization and inspectTemplate to be updated, for + // example `organizations/433245324/inspectTemplates/432452342` or // projects/project-id/inspectTemplates/432452342. string name = 1 [ (google.api.field_behavior) = REQUIRED, @@ -3082,8 +3110,8 @@ message UpdateInspectTemplateRequest { // Request message for GetInspectTemplate. message GetInspectTemplateRequest { - // Required. Resource name of the organization and inspectTemplate to be read, - // for example `organizations/433245324/inspectTemplates/432452342` or + // Required. Resource name of the organization and inspectTemplate to be read, for + // example `organizations/433245324/inspectTemplates/432452342` or // projects/project-id/inspectTemplates/432452342. string name = 1 [ (google.api.field_behavior) = REQUIRED, @@ -3144,9 +3172,9 @@ message ListInspectTemplatesResponse { // Request message for DeleteInspectTemplate. message DeleteInspectTemplateRequest { - // Required. Resource name of the organization and inspectTemplate to be - // deleted, for example `organizations/433245324/inspectTemplates/432452342` - // or projects/project-id/inspectTemplates/432452342. + // Required. Resource name of the organization and inspectTemplate to be deleted, for + // example `organizations/433245324/inspectTemplates/432452342` or + // projects/project-id/inspectTemplates/432452342. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -3185,7 +3213,9 @@ message ActivateJobTriggerRequest { // `projects/dlp-test-project/jobTriggers/53234423`. string name = 1 [ (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { type: "dlp.googleapis.com/JobTrigger" } + (google.api.resource_reference) = { + type: "dlp.googleapis.com/JobTrigger" + } ]; } @@ -3195,7 +3225,9 @@ message UpdateJobTriggerRequest { // `projects/dlp-test-project/jobTriggers/53234423`. string name = 1 [ (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { type: "dlp.googleapis.com/JobTrigger" } + (google.api.resource_reference) = { + type: "dlp.googleapis.com/JobTrigger" + } ]; // New JobTrigger value. @@ -3211,7 +3243,9 @@ message GetJobTriggerRequest { // `projects/dlp-test-project/jobTriggers/53234423`. string name = 1 [ (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { type: "dlp.googleapis.com/JobTrigger" } + (google.api.resource_reference) = { + type: "dlp.googleapis.com/JobTrigger" + } ]; } @@ -3329,7 +3363,9 @@ message DeleteJobTriggerRequest { // `projects/dlp-test-project/jobTriggers/53234423`. string name = 1 [ (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { type: "dlp.googleapis.com/JobTrigger" } + (google.api.resource_reference) = { + type: "dlp.googleapis.com/JobTrigger" + } ]; } @@ -3425,7 +3461,9 @@ message GetDlpJobRequest { // Required. The name of the DlpJob resource. string name = 1 [ (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" } + (google.api.resource_reference) = { + type: "dlp.googleapis.com/DlpJob" + } ]; } @@ -3512,7 +3550,9 @@ message CancelDlpJobRequest { // Required. The name of the DlpJob resource to be cancelled. string name = 1 [ (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" } + (google.api.resource_reference) = { + type: "dlp.googleapis.com/DlpJob" + } ]; } @@ -3521,7 +3561,9 @@ message FinishDlpJobRequest { // Required. The name of the DlpJob resource to be cancelled. string name = 1 [ (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" } + (google.api.resource_reference) = { + type: "dlp.googleapis.com/DlpJob" + } ]; } @@ -3530,7 +3572,9 @@ message DeleteDlpJobRequest { // Required. The name of the DlpJob resource to be deleted. string name = 1 [ (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" } + (google.api.resource_reference) = { + type: "dlp.googleapis.com/DlpJob" + } ]; } @@ -3546,8 +3590,7 @@ message CreateDeidentifyTemplateRequest { ]; // Required. The DeidentifyTemplate to create. - DeidentifyTemplate deidentify_template = 2 - [(google.api.field_behavior) = REQUIRED]; + DeidentifyTemplate deidentify_template = 2 [(google.api.field_behavior) = REQUIRED]; // The template id can contain uppercase and lowercase letters, // numbers, and hyphens; that is, it must match the regular @@ -3562,9 +3605,8 @@ message CreateDeidentifyTemplateRequest { // Request message for UpdateDeidentifyTemplate. message UpdateDeidentifyTemplateRequest { - // Required. Resource name of organization and deidentify template to be - // updated, for example - // `organizations/433245324/deidentifyTemplates/432452342` or + // Required. Resource name of organization and deidentify template to be updated, for + // example `organizations/433245324/deidentifyTemplates/432452342` or // projects/project-id/deidentifyTemplates/432452342. string name = 1 [ (google.api.field_behavior) = REQUIRED, @@ -3582,9 +3624,9 @@ message UpdateDeidentifyTemplateRequest { // Request message for GetDeidentifyTemplate. message GetDeidentifyTemplateRequest { - // Required. Resource name of the organization and deidentify template to be - // read, for example `organizations/433245324/deidentifyTemplates/432452342` - // or projects/project-id/deidentifyTemplates/432452342. + // Required. Resource name of the organization and deidentify template to be read, for + // example `organizations/433245324/deidentifyTemplates/432452342` or + // projects/project-id/deidentifyTemplates/432452342. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -3645,9 +3687,8 @@ message ListDeidentifyTemplatesResponse { // Request message for DeleteDeidentifyTemplate. message DeleteDeidentifyTemplateRequest { - // Required. Resource name of the organization and deidentify template to be - // deleted, for example - // `organizations/433245324/deidentifyTemplates/432452342` or + // Required. Resource name of the organization and deidentify template to be deleted, + // for example `organizations/433245324/deidentifyTemplates/432452342` or // projects/project-id/deidentifyTemplates/432452342. string name = 1 [ (google.api.field_behavior) = REQUIRED, @@ -3799,8 +3840,8 @@ message CreateStoredInfoTypeRequest { // Request message for UpdateStoredInfoType. message UpdateStoredInfoTypeRequest { - // Required. Resource name of organization and storedInfoType to be updated, - // for example `organizations/433245324/storedInfoTypes/432452342` or + // Required. Resource name of organization and storedInfoType to be updated, for + // example `organizations/433245324/storedInfoTypes/432452342` or // projects/project-id/storedInfoTypes/432452342. string name = 1 [ (google.api.field_behavior) = REQUIRED, @@ -3820,8 +3861,8 @@ message UpdateStoredInfoTypeRequest { // Request message for GetStoredInfoType. message GetStoredInfoTypeRequest { - // Required. Resource name of the organization and storedInfoType to be read, - // for example `organizations/433245324/storedInfoTypes/432452342` or + // Required. Resource name of the organization and storedInfoType to be read, for + // example `organizations/433245324/storedInfoTypes/432452342` or // projects/project-id/storedInfoTypes/432452342. string name = 1 [ (google.api.field_behavior) = REQUIRED, @@ -3883,8 +3924,8 @@ message ListStoredInfoTypesResponse { // Request message for DeleteStoredInfoType. message DeleteStoredInfoTypeRequest { - // Required. Resource name of the organization and storedInfoType to be - // deleted, for example `organizations/433245324/storedInfoTypes/432452342` or + // Required. Resource name of the organization and storedInfoType to be deleted, for + // example `organizations/433245324/storedInfoTypes/432452342` or // projects/project-id/storedInfoTypes/432452342. string name = 1 [ (google.api.field_behavior) = REQUIRED, @@ -3896,11 +3937,13 @@ message DeleteStoredInfoTypeRequest { // Request to search for potentially sensitive info in a custom location. message HybridInspectJobTriggerRequest { - // Required. Resource name of the trigger to execute a hybrid inspect on, for - // example `projects/dlp-test-project/jobTriggers/53234423`. + // Required. Resource name of the trigger to execute a hybrid inspect on, for example + // `projects/dlp-test-project/jobTriggers/53234423`. string name = 1 [ (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { type: "dlp.googleapis.com/JobTrigger" } + (google.api.resource_reference) = { + type: "dlp.googleapis.com/JobTrigger" + } ]; // The item to inspect. @@ -3909,11 +3952,13 @@ message HybridInspectJobTriggerRequest { // Request to search for potentially sensitive info in a custom location. message HybridInspectDlpJobRequest { - // Required. Resource name of the job to execute a hybrid inspect on, for - // example `projects/dlp-test-project/dlpJob/53234423`. + // Required. Resource name of the job to execute a hybrid inspect on, for example + // `projects/dlp-test-project/dlpJob/53234423`. string name = 1 [ (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" } + (google.api.resource_reference) = { + type: "dlp.googleapis.com/DlpJob" + } ]; // The item to inspect. @@ -3973,7 +4018,9 @@ message HybridFindingDetails { } // Quota exceeded errors will be thrown once quota has been met. -message HybridInspectResponse {} +message HybridInspectResponse { + +} // Operators available for comparing the value of fields. enum RelationalOperator { @@ -4043,6 +4090,15 @@ enum ContentOption { CONTENT_IMAGE = 2; } +// Type of metadata containing the finding. +enum MetadataType { + // Unused + METADATATYPE_UNSPECIFIED = 0; + + // General file metadata provided by GCS. + STORAGE_METADATA = 2; +} + // Parts of the APIs which use certain infoTypes. enum InfoTypeSupportedBy { // Unused. diff --git a/google/privacy/dlp/v2/storage.proto b/google/privacy/dlp/v2/storage.proto index f0348501..9408d6de 100644 --- a/google/privacy/dlp/v2/storage.proto +++ b/google/privacy/dlp/v2/storage.proto @@ -134,7 +134,9 @@ message CustomInfoType { // output. This should be used in conjunction with a field on the // transformation such as `surrogate_info_type`. This CustomInfoType does // not support the use of `detection_rules`. - message SurrogateType {} + message SurrogateType { + + } // Deprecated; use `InspectionRuleSet` instead. Rule for modifying a // `CustomInfoType` to alter behavior under certain circumstances, depending @@ -391,6 +393,9 @@ message CloudStorageOptions { // If empty, all files are scanned and available data format processors // are applied. In addition, the binary content of the selected files // is always scanned as well. + // Images are scanned only as binary if the specified region + // does not support image inspection and no file_types were specified. + // Image inspection is restricted to 'global', 'us', 'asia', and 'europe'. repeated FileType file_types = 5; SampleMethod sample_method = 6; @@ -534,8 +539,17 @@ enum FileType { // Included file extensions: // bmp, gif, jpg, jpeg, jpe, png. // bytes_limit_per_file has no effect on image files. + // Image inspection is restricted to 'global', 'us', 'asia', and 'europe'. IMAGE = 3; + // Included file extensions: + // docx, dotx, docm, dotm + WORD = 5; + + // Included file extensions: + // pdf + PDF = 6; + // Included file extensions: // avro AVRO = 7;