From 802c5c5f2bf94c3facb011267d04e71942e0d09f Mon Sep 17 00:00:00 2001 From: Google APIs Date: Fri, 10 Jan 2020 09:01:09 -0800 Subject: [PATCH] Migrate DLP to proto annotations (but not GAPIC v2). Committer: @lukesneeringer PiperOrigin-RevId: 289102579 --- google/privacy/dlp/artman_dlp_v2.yaml | 3 +- google/privacy/dlp/dlp_v2.yaml | 25 -- google/privacy/dlp/v2/BUILD.bazel | 3 +- google/privacy/dlp/v2/dlp.proto | 569 ++++++++++++++++---------- 4 files changed, 356 insertions(+), 244 deletions(-) delete mode 100644 google/privacy/dlp/dlp_v2.yaml diff --git a/google/privacy/dlp/artman_dlp_v2.yaml b/google/privacy/dlp/artman_dlp_v2.yaml index 03e4a233..dbdd0338 100644 --- a/google/privacy/dlp/artman_dlp_v2.yaml +++ b/google/privacy/dlp/artman_dlp_v2.yaml @@ -6,8 +6,9 @@ common: - name: google-common-protos src_proto_paths: - v2 - service_yaml: dlp_v2.yaml + service_yaml: v2/dlp_v2.yaml gapic_yaml: v2/dlp_gapic.yaml + proto_package: google.privacy.dlp.v2 artifacts: - name: gapic_config type: GAPIC_CONFIG diff --git a/google/privacy/dlp/dlp_v2.yaml b/google/privacy/dlp/dlp_v2.yaml deleted file mode 100644 index d737692c..00000000 --- a/google/privacy/dlp/dlp_v2.yaml +++ /dev/null @@ -1,25 +0,0 @@ -type: google.api.Service -config_version: 3 -name: dlp.googleapis.com -title: Cloud Data Loss Prevention (DLP) API - -apis: -- name: google.privacy.dlp.v2.DlpService - -documentation: - summary: |- - Provides methods for detection, risk analysis, and de-identification of - privacy-sensitive fragments in text, images, and Google Cloud Platform - storage repositories. - -backend: - rules: - - selector: 'google.privacy.dlp.v2.DlpService.*' - deadline: 300.0 - -authentication: - rules: - - selector: 'google.privacy.dlp.v2.DlpService.*' - oauth: - canonical_scopes: |- - https://www.googleapis.com/auth/cloud-platform diff --git a/google/privacy/dlp/v2/BUILD.bazel b/google/privacy/dlp/v2/BUILD.bazel index fb6dee1b..a94220f8 100644 --- a/google/privacy/dlp/v2/BUILD.bazel +++ b/google/privacy/dlp/v2/BUILD.bazel @@ -79,8 +79,7 @@ java_gapic_library( java_gapic_test( name = "dlp_java_gapic_test_suite", test_classes = [ - # Configure flattening for DlpService to enable test - # "com.google.cloud.dlp.v2.DlpServiceClientTest", + "com.google.cloud.dlp.v2.DlpServiceClientTest", ], runtime_deps = [":dlp_java_gapic_test"], ) diff --git a/google/privacy/dlp/v2/dlp.proto b/google/privacy/dlp/v2/dlp.proto index ece44c6f..0dc4119b 100644 --- a/google/privacy/dlp/v2/dlp.proto +++ b/google/privacy/dlp/v2/dlp.proto @@ -18,6 +18,7 @@ syntax = "proto3"; package google.privacy.dlp.v2; import "google/api/annotations.proto"; +import "google/api/client.proto"; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; import "google/privacy/dlp/v2/storage.proto"; @@ -29,7 +30,6 @@ import "google/rpc/status.proto"; import "google/type/date.proto"; import "google/type/dayofweek.proto"; import "google/type/timeofday.proto"; -import "google/api/client.proto"; option csharp_namespace = "Google.Cloud.Dlp.V2"; option go_package = "google.golang.org/genproto/googleapis/privacy/dlp/v2;dlp"; @@ -134,6 +134,7 @@ service DlpService { get: "/v2/locations/{location_id}/infoTypes" } }; + option (google.api.method_signature) = "location_id"; } // Creates an InspectTemplate for re-using frequently used configuration @@ -156,6 +157,8 @@ service DlpService { body: "*" } }; + option (google.api.method_signature) = "parent,inspect_template"; + option (google.api.method_signature) = "parent,inspect_template,location_id"; } // Updates the InspectTemplate. @@ -177,6 +180,7 @@ service DlpService { body: "*" } }; + option (google.api.method_signature) = "name,inspect_template,update_mask"; } // Gets an InspectTemplate. @@ -194,6 +198,7 @@ service DlpService { get: "/v2/{name=projects/*/locations/*/inspectTemplates/*}" } }; + option (google.api.method_signature) = "name"; } // Lists InspectTemplates. @@ -211,6 +216,7 @@ service DlpService { get: "/v2/{parent=projects/*}/locations/{location_id}/inspectTemplates" } }; + option (google.api.method_signature) = "parent"; } // Deletes an InspectTemplate. @@ -228,6 +234,7 @@ service DlpService { delete: "/v2/{name=projects/*/locations/*/inspectTemplates/*}" } }; + option (google.api.method_signature) = "name"; } // Creates a DeidentifyTemplate for re-using frequently used configuration @@ -251,6 +258,8 @@ service DlpService { body: "*" } }; + option (google.api.method_signature) = "parent,deidentify_template"; + option (google.api.method_signature) = "parent,deidentify_template,location_id"; } // Updates the DeidentifyTemplate. @@ -273,6 +282,7 @@ service DlpService { body: "*" } }; + option (google.api.method_signature) = "name,deidentify_template,update_mask"; } // Gets a DeidentifyTemplate. @@ -291,6 +301,7 @@ service DlpService { get: "/v2/{name=projects/*/locations/*/deidentifyTemplates/*}" } }; + option (google.api.method_signature) = "name"; } // Lists DeidentifyTemplates. @@ -309,6 +320,7 @@ service DlpService { get: "/v2/{parent=projects/*}/locations/{location_id}/deidentifyTemplates" } }; + option (google.api.method_signature) = "parent"; } // Deletes a DeidentifyTemplate. @@ -327,6 +339,7 @@ service DlpService { delete: "/v2/{name=projects/*/locations/*/deidentifyTemplates/*}" } }; + option (google.api.method_signature) = "name"; } // Creates a job trigger to run DLP actions such as scanning storage for @@ -341,6 +354,8 @@ service DlpService { body: "*" } }; + option (google.api.method_signature) = "parent,job_trigger"; + option (google.api.method_signature) = "parent,job_trigger,location_id"; } // Updates a job trigger. @@ -354,6 +369,7 @@ service DlpService { body: "*" } }; + option (google.api.method_signature) = "name,job_trigger,update_mask"; } // Gets a job trigger. @@ -365,6 +381,7 @@ service DlpService { get: "/v2/{name=projects/*/locations/*/jobTriggers/*}" } }; + option (google.api.method_signature) = "name"; } // Lists job triggers. @@ -376,6 +393,7 @@ service DlpService { get: "/v2/{parent=projects/*}/locations/{location_id}/jobTriggers" } }; + option (google.api.method_signature) = "parent"; } // Deletes a job trigger. @@ -387,6 +405,7 @@ service DlpService { delete: "/v2/{name=projects/*/locations/*/jobTriggers/*}" } }; + option (google.api.method_signature) = "name"; } // Activate a job trigger. Causes the immediate execute of a trigger @@ -418,6 +437,10 @@ service DlpService { body: "*" } }; + option (google.api.method_signature) = "parent,inspect_job"; + option (google.api.method_signature) = "parent,inspect_job,location_id"; + option (google.api.method_signature) = "parent,risk_job"; + option (google.api.method_signature) = "parent,risk_job,location_id"; } // Lists DlpJobs that match the specified filter in the request. @@ -430,6 +453,7 @@ service DlpService { get: "/v2/{parent=projects/*}/locations/{location_id}/dlpJobs" } }; + option (google.api.method_signature) = "parent"; } // Gets the latest state of a long-running DlpJob. @@ -442,6 +466,7 @@ service DlpService { get: "/v2/{name=projects/*/locations/*/dlpJobs/*}" } }; + option (google.api.method_signature) = "name"; } // Deletes a long-running DlpJob. This method indicates that the client is @@ -456,6 +481,7 @@ service DlpService { delete: "/v2/{name=projects/*/locations/*/dlpJobs/*}" } }; + option (google.api.method_signature) = "name"; } // Starts asynchronous cancellation on a long-running DlpJob. The server @@ -494,6 +520,8 @@ service DlpService { body: "*" } }; + option (google.api.method_signature) = "parent,config"; + option (google.api.method_signature) = "parent,config,location_id"; } // Updates the stored infoType by creating a new version. The existing version @@ -517,6 +545,7 @@ service DlpService { body: "*" } }; + option (google.api.method_signature) = "name,config,update_mask"; } // Gets a stored infoType. @@ -535,6 +564,7 @@ service DlpService { get: "/v2/{name=projects/*/locations/*/storedInfoTypes/*}" } }; + option (google.api.method_signature) = "name"; } // Lists stored infoTypes. @@ -553,6 +583,7 @@ service DlpService { get: "/v2/{parent=projects/*}/locations/{location_id}/storedInfoTypes" } }; + option (google.api.method_signature) = "parent"; } // Deletes a stored infoType. @@ -571,6 +602,7 @@ service DlpService { delete: "/v2/{name=projects/*/locations/*/storedInfoTypes/*}" } }; + option (google.api.method_signature) = "name"; } } @@ -590,6 +622,7 @@ message ExcludeInfoTypes { // The rule that specifies conditions when findings of infoTypes specified in // `InspectionRuleSet` are removed from results. message ExclusionRule { + // Exclusion rule types. oneof type { // Dictionary which defines the rule. CustomInfoType.Dictionary dictionary = 1; @@ -605,21 +638,10 @@ message ExclusionRule { MatchingType matching_type = 4; } -// Options describing which parts of the provided content should be scanned. -enum ContentOption { - // Includes entire content of a file or a data stream. - CONTENT_UNSPECIFIED = 0; - - // Text content within the data, excluding any metadata. - CONTENT_TEXT = 1; - - // Images found in the data. - CONTENT_IMAGE = 2; -} - // A single inspection rule to be applied to infoTypes, specified in // `InspectionRuleSet`. message InspectionRule { + // Inspection rule types. oneof type { // Hotword-based detection rule. CustomInfoType.DetectionRule.HotwordRule hotword_rule = 1; @@ -643,6 +665,7 @@ message InspectionRuleSet { // When used with redactContent only info_types and min_likelihood are currently // used. message InspectConfig { + // Configuration to control the number of findings returned. message FindingLimits { // Max findings configuration per infoType, per content item or long // running DlpJob. @@ -690,6 +713,7 @@ message InspectConfig { // See https://cloud.google.com/dlp/docs/likelihood to learn more. Likelihood min_likelihood = 2; + // Configuration to control the number of findings returned. FindingLimits limits = 3; // When true, a contextual quote from the data that triggered a finding is @@ -715,21 +739,30 @@ message InspectConfig { // Container for bytes to inspect or redact. message ByteContentItem { + // The type of data being sent to in data. enum BytesType { + // Unused BYTES_TYPE_UNSPECIFIED = 0; + // Any image type. IMAGE = 6; + // jpeg IMAGE_JPEG = 1; + // bmp IMAGE_BMP = 2; + // png IMAGE_PNG = 3; + // svg IMAGE_SVG = 4; + // plain text TEXT_UTF8 = 5; + // avro AVRO = 11; } @@ -761,12 +794,16 @@ message ContentItem { // See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to // learn more. message Table { + // Values of the row. message Row { + // Individual cells. repeated Value values = 1; } + // Headers of the table. repeated FieldId headers = 1; + // Rows of the table. repeated Row rows = 2; } @@ -831,44 +868,15 @@ message Location { repeated ContentLocation content_locations = 7; } -// Type of the match which can be applied to different ways of matching, like -// Dictionary, regular expression and intersecting with findings of another -// info type. -enum MatchingType { - // Invalid. - MATCHING_TYPE_UNSPECIFIED = 0; - - // Full match. - // - // - Dictionary: join of Dictionary results matched complete finding quote - // - Regex: all regex matches fill a finding quote start to end - // - Exclude info type: completely inside affecting info types findings - MATCHING_TYPE_FULL_MATCH = 1; - - // Partial match. - // - // - Dictionary: at least one of the tokens in the finding matches - // - Regex: substring of the finding matches - // - Exclude info type: intersects with affecting info types findings - MATCHING_TYPE_PARTIAL_MATCH = 2; - - // Inverse match. - // - // - Dictionary: no tokens in the finding match the dictionary - // - Regex: finding doesn't match the regex - // - Exclude info type: no intersection with affecting info types findings - MATCHING_TYPE_INVERSE_MATCH = 3; -} - // Findings container location data. message ContentLocation { // Name of the container where the finding is located. // The top level name is the source file name or table name. Names of some // common storage containers are formatted as follows: // - // * BigQuery tables: `:.` - // * Cloud Storage files: `gs:///` - // * Datastore namespace: + // * BigQuery tables: `{project_id}:{dataset_id}.{table_id}` + // * Cloud Storage files: `gs://{bucket}/{path}` + // * Datastore namespace: {namespace} // // Nested names could be absent if the embedded object has no string // identifier (for an example an image contained within a document). @@ -1044,14 +1052,14 @@ message DeidentifyContentRequest { // The item to de-identify. Will be treated as text. ContentItem item = 4; - // Optional template to use. Any configuration directly specified in + // Template to use. Any configuration directly specified in // inspect_config will override those set in the template. Singular fields // that are set in this request will replace their corresponding fields in the // template. Repeated fields are appended. Singular sub-messages and groups // are recursively merged. string inspect_template_name = 5; - // Optional template to use. Any configuration directly specified in + // Template to use. Any configuration directly specified in // deidentify_config will override those set in the template. Singular fields // that are set in this request will replace their corresponding fields in the // template. Repeated fields are appended. Singular sub-messages and groups @@ -1100,14 +1108,14 @@ message ReidentifyContentRequest { // The item to re-identify. Will be treated as text. ContentItem item = 4; - // Optional template to use. Any configuration directly specified in + // Template to use. Any configuration directly specified in // `inspect_config` will override those set in the template. Singular fields // that are set in this request will replace their corresponding fields in the // template. Repeated fields are appended. Singular sub-messages and groups // are recursively merged. string inspect_template_name = 5; - // Optional template to use. References an instance of `DeidentifyTemplate`. + // Template to use. References an instance of `DeidentifyTemplate`. // Any configuration directly specified in `reidentify_config` or // `inspect_config` will override those set in the template. Singular fields // that are set in this request will replace their corresponding fields in the @@ -1143,7 +1151,7 @@ message InspectContentRequest { // The item to inspect. ContentItem item = 3; - // Optional template to use. Any configuration directly specified in + // Template to use. Any configuration directly specified in // inspect_config will override those set in the template. Singular fields // that are set in this request will replace their corresponding fields in the // template. Repeated fields are appended. Singular sub-messages and groups @@ -1165,6 +1173,7 @@ message InspectContentResponse { message OutputStorageConfig { // Predefined schemas for storing findings. enum OutputSchema { + // Unused. OUTPUT_SCHEMA_UNSPECIFIED = 0; // Basic schema including only `info_type`, `quote`, `certainty`, and @@ -1184,6 +1193,7 @@ message OutputStorageConfig { ALL_COLUMNS = 5; } + // Output storage types. oneof type { // Store findings in an existing table or a new table in an existing // dataset. If table_id is not set a new one will be generated @@ -1225,11 +1235,13 @@ message InfoTypeStats { // The results of an inspect DataSource job. message InspectDataSourceDetails { + // Snapshot of the inspection configuration. message RequestedOptions { // If run with an InspectTemplate, a snapshot of its state at the time of // this run. InspectTemplate snapshot_inspect_template = 1; + // Inspect config. InspectJobConfig job_config = 3; } @@ -1271,12 +1283,12 @@ message InfoTypeDescription { // Request for the list of infoTypes. message ListInfoTypesRequest { - // Optional BCP-47 language code for localized infoType friendly + // BCP-47 language code for localized infoType friendly // names. If omitted, or if localized strings are not available, // en-US strings will be returned. string language_code = 1; - // Optional filter to only return infoTypes supported by certain parts of the + // filter to only return infoTypes supported by certain parts of the // API. Defaults to supported_by=INSPECT. string filter = 2; @@ -1307,8 +1319,8 @@ message RiskAnalysisJobConfig { // A column with a semantic tag attached. message QuasiId { - // Identifies the column. [required] - FieldId field = 1; + // Required. Identifies the column. + FieldId field = 1 [(google.api.field_behavior) = REQUIRED]; // Semantic tag that identifies what a column contains, to determine which // statistical model to use to estimate the reidentifiability of each @@ -1343,21 +1355,24 @@ message StatisticalTable { // A quasi-identifier column has a custom_tag, used to know which column // in the data corresponds to which column in the statistical model. message QuasiIdentifierField { + // Identifies the column. FieldId field = 1; + // A column can be tagged with a custom tag. In this case, the user must + // indicate an auxiliary table that contains statistical information on + // the possible values of this column (below). string custom_tag = 2; } - // Auxiliary table location. [required] - BigQueryTable table = 3; + // Required. Auxiliary table location. + BigQueryTable table = 3 [(google.api.field_behavior) = REQUIRED]; - // Quasi-identifier columns. [required] - repeated QuasiIdentifierField quasi_ids = 1; + // Required. Quasi-identifier columns. + repeated QuasiIdentifierField quasi_ids = 1 [(google.api.field_behavior) = REQUIRED]; - // The relative frequency column must contain a floating-point number + // Required. The relative frequency column must contain a floating-point number // between 0 and 1 (inclusive). Null values are assumed to be zero. - // [required] - FieldId relative_frequency = 2; + FieldId relative_frequency = 2 [(google.api.field_behavior) = REQUIRED]; } // Privacy metric to compute for reidentification risk analysis. @@ -1389,7 +1404,7 @@ message PrivacyMetric { // a repeated field. repeated FieldId quasi_ids = 1; - // Optional message indicating that multiple rows might be associated to a + // Message indicating that multiple rows might be associated to a // single individual. If the same entity_id is associated to multiple // quasi-identifier tuples over distinct rows, we consider the entire // collection of tuples as the composite quasi-identifier. This collection @@ -1419,11 +1434,11 @@ message PrivacyMetric { // using publicly available data (like the US Census), or using a custom // statistical model (indicated as one or several BigQuery tables), or by // extrapolating from the distribution of values in the input dataset. - // A column with a semantic tag attached. message KMapEstimationConfig { + // A column with a semantic tag attached. message TaggedField { - // Identifies the column. [required] - FieldId field = 1; + // Required. Identifies the column. + FieldId field = 1 [(google.api.field_behavior) = REQUIRED]; // Semantic tag that identifies what a column contains, to determine which // statistical model to use to estimate the reidentifiability of each @@ -1458,29 +1473,30 @@ message PrivacyMetric { // A quasi-identifier column has a custom_tag, used to know which column // in the data corresponds to which column in the statistical model. message QuasiIdField { + // Identifies the column. FieldId field = 1; + // A auxiliary field. string custom_tag = 2; } - // Auxiliary table location. [required] - BigQueryTable table = 3; + // Required. Auxiliary table location. + BigQueryTable table = 3 [(google.api.field_behavior) = REQUIRED]; - // Quasi-identifier columns. [required] - repeated QuasiIdField quasi_ids = 1; + // Required. Quasi-identifier columns. + repeated QuasiIdField quasi_ids = 1 [(google.api.field_behavior) = REQUIRED]; - // The relative frequency column must contain a floating-point number + // Required. The relative frequency column must contain a floating-point number // between 0 and 1 (inclusive). Null values are assumed to be zero. - // [required] - FieldId relative_frequency = 2; + FieldId relative_frequency = 2 [(google.api.field_behavior) = REQUIRED]; } - // Fields considered to be quasi-identifiers. No two columns can have the - // same tag. [required] - repeated TaggedField quasi_ids = 1; + // Required. Fields considered to be quasi-identifiers. No two columns can have the + // same tag. + repeated TaggedField quasi_ids = 1 [(google.api.field_behavior) = REQUIRED]; // ISO 3166-1 alpha-2 region code to use in the statistical modeling. - // Required if no column is tagged with a region-specific InfoType (like + // Set if no column is tagged with a region-specific InfoType (like // US_ZIP_5) or a region code. string region_code = 2; @@ -1495,12 +1511,12 @@ message PrivacyMetric { // Similarly to the k-map metric, we cannot compute δ-presence exactly without // knowing the attack dataset, so we use a statistical model instead. message DeltaPresenceEstimationConfig { - // Fields considered to be quasi-identifiers. No two fields can have the - // same tag. [required] - repeated QuasiId quasi_ids = 1; + // Required. Fields considered to be quasi-identifiers. No two fields can have the + // same tag. + repeated QuasiId quasi_ids = 1 [(google.api.field_behavior) = REQUIRED]; // ISO 3166-1 alpha-2 region code to use in the statistical modeling. - // Required if no column is tagged with a region-specific InfoType (like + // Set if no column is tagged with a region-specific InfoType (like // US_ZIP_5) or a region code. string region_code = 2; @@ -1510,17 +1526,24 @@ message PrivacyMetric { repeated StatisticalTable auxiliary_tables = 3; } + // Types of analysis. oneof type { + // Numerical stats NumericalStatsConfig numerical_stats_config = 1; + // Categorical stats CategoricalStatsConfig categorical_stats_config = 2; + // K-anonymity KAnonymityConfig k_anonymity_config = 3; + // l-diversity LDiversityConfig l_diversity_config = 4; + // k-map KMapEstimationConfig k_map_estimation_config = 5; + // delta-presence DeltaPresenceEstimationConfig delta_presence_estimation_config = 6; } } @@ -1542,6 +1565,7 @@ message AnalyzeDataSourceRiskDetails { // Result of the categorical stats computation. message CategoricalStatsResult { + // Histogram of value frequencies in the column. message CategoricalStatsHistogramBucket { // Lower bound on the value frequency of the values in this bucket. int64 value_frequency_lower_bound = 1; @@ -1578,6 +1602,7 @@ message AnalyzeDataSourceRiskDetails { int64 equivalence_class_size = 2; } + // Histogram of k-anonymity equivalence classes. message KAnonymityHistogramBucket { // Lower bound on the size of the equivalence classes in this bucket. int64 equivalence_class_size_lower_bound = 1; @@ -1618,6 +1643,7 @@ message AnalyzeDataSourceRiskDetails { repeated ValueFrequency top_sensitive_values = 4; } + // Histogram of l-diversity equivalence class sensitive value frequencies. message LDiversityHistogramBucket { // Lower bound on the sensitive value frequencies of the equivalence // classes in this bucket. @@ -1756,16 +1782,22 @@ message AnalyzeDataSourceRiskDetails { // Values associated with this metric. oneof result { + // Numerical stats result NumericalStatsResult numerical_stats_result = 3; + // Categorical stats result CategoricalStatsResult categorical_stats_result = 4; + // K-anonymity result KAnonymityResult k_anonymity_result = 5; + // L-divesity result LDiversityResult l_diversity_result = 6; + // K-map result KMapEstimationResult k_map_estimation_result = 7; + // Delta-presence result DeltaPresenceEstimationResult delta_presence_estimation_result = 9; } } @@ -1786,21 +1818,30 @@ message ValueFrequency { // 123456789, the number of bytes would be counted as 9, even though an // int64 only holds up to 8 bytes of data. message Value { + // Value types oneof type { + // integer int64 integer_value = 1; + // float double float_value = 2; + // string string string_value = 3; + // boolean bool boolean_value = 4; + // timestamp google.protobuf.Timestamp timestamp_value = 5; + // time of day google.type.TimeOfDay time_value = 6; + // date google.type.Date date_value = 7; + // day of week google.type.DayOfWeek day_of_week_value = 8; } } @@ -1817,20 +1858,24 @@ message QuoteInfo { // Message for a date time object. // e.g. 2018-01-01, 5th August. message DateTime { + // Time zone of the date time object. message TimeZone { // Set only if the offset can be determined. Positive for time ahead of UTC. // E.g. For "UTC-9", this value is -540. int32 offset_minutes = 1; } - // One or more of the following must be set. All fields are optional, but - // when set must be valid date or time values. + // One or more of the following must be set. + // Must be a valid date or time value. google.type.Date date = 1; + // Day of week google.type.DayOfWeek day_of_week = 2; + // Time of day google.type.TimeOfDay time = 3; + // Time zone TimeZone time_zone = 4; } @@ -1851,26 +1896,37 @@ message DeidentifyConfig { // A rule for transforming a value. message PrimitiveTransformation { oneof transformation { + // Replace ReplaceValueConfig replace_config = 1; + // Redact RedactConfig redact_config = 2; + // Mask CharacterMaskConfig character_mask_config = 3; + // Ffx-Fpe CryptoReplaceFfxFpeConfig crypto_replace_ffx_fpe_config = 4; + // Fixed size bucketing FixedSizeBucketingConfig fixed_size_bucketing_config = 5; + // Bucketing BucketingConfig bucketing_config = 6; + // Replace with infotype ReplaceWithInfoTypeConfig replace_with_info_type_config = 7; + // Time extraction TimePartConfig time_part_config = 8; + // Crypto CryptoHashConfig crypto_hash_config = 9; + // Date Shift DateShiftConfig date_shift_config = 11; + // Deterministic Crypto CryptoDeterministicConfig crypto_deterministic_config = 12; } } @@ -1878,7 +1934,9 @@ message PrimitiveTransformation { // For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a // portion of the value. message TimePartConfig { + // Components that make up time. enum TimePart { + // Unused TIME_PART_UNSPECIFIED = 0; // [0-9999] @@ -1900,6 +1958,7 @@ message TimePartConfig { HOUR_OF_DAY = 6; } + // The part of the time to keep. TimePart part_to_extract = 1; } @@ -1926,7 +1985,7 @@ message CryptoDeterministicConfig { // This annotation will be applied to the surrogate by prefixing it with // the name of the custom info type followed by the number of // characters comprising the surrogate. The following scheme defines the - // format: (): + // format: {info type name}({surrogate character count}):{surrogate} // // For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and // the surrogate is 'abc', the full replacement value @@ -1937,7 +1996,7 @@ message CryptoDeterministicConfig { // surrogate when it occurs in free text. // // Note: For record transformations where the entire cell in a table is being - // transformed, surrogates are optional to use. Surrogates are used to denote + // transformed, surrogates are not mandatory. Surrogates are used to denote // the location of the token and are necessary for re-identification in free // form text. // @@ -1956,7 +2015,7 @@ message CryptoDeterministicConfig { // ⧝MY_TOKEN_TYPE. InfoType surrogate_info_type = 2; - // Optional. A context may be used for higher security and maintaining + // A context may be used for higher security and maintaining // referential integrity such that the same identifier in two different // contexts will be given a distinct surrogate. The context is appended to // plaintext value being encrypted. On decryption the provided context is @@ -1998,7 +2057,9 @@ message RedactConfig { // Characters to skip when doing deidentification of a value. These will be left // alone and skipped. message CharsToIgnore { + // Convenience enum for indication common characters to not transform. enum CommonCharsToIgnore { + // Unused. COMMON_CHARS_TO_IGNORE_UNSPECIFIED = 0; // 0-9 @@ -2018,8 +2079,11 @@ message CharsToIgnore { } oneof characters { + // Characters to not transform when masking. string characters_to_skip = 1; + // Common characters to not transform when masking. Useful to avoid removing + // punctuation. CommonCharsToIgnore common_characters_to_ignore = 2; } } @@ -2061,7 +2125,7 @@ message CharacterMaskConfig { // the user for simple bucketing strategies. // // The transformed value will be a hyphenated string of -// -, i.e if lower_bound = 10 and upper_bound = 20 +// {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 // all values that are within this bucket will be replaced with "10-20". // // This can be used on data of type: double, long. @@ -2072,22 +2136,21 @@ message CharacterMaskConfig { // // See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. message FixedSizeBucketingConfig { - // Lower bound value of buckets. All values less than `lower_bound` are + // Required. Lower bound value of buckets. All values less than `lower_bound` are // grouped together into a single bucket; for example if `lower_bound` = 10, - // then all values less than 10 are replaced with the value “-10”. [Required]. - Value lower_bound = 1; + // then all values less than 10 are replaced with the value “-10”. + Value lower_bound = 1 [(google.api.field_behavior) = REQUIRED]; - // Upper bound value of buckets. All values greater than upper_bound are + // Required. Upper bound value of buckets. All values greater than upper_bound are // grouped together into a single bucket; for example if `upper_bound` = 89, // then all values greater than 89 are replaced with the value “89+”. - // [Required]. - Value upper_bound = 2; + Value upper_bound = 2 [(google.api.field_behavior) = REQUIRED]; - // Size of each bucket (except for minimum and maximum buckets). So if + // Required. Size of each bucket (except for minimum and maximum buckets). So if // `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the // following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, - // 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. - double bucket_size = 3; + // 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. + double bucket_size = 3 [(google.api.field_behavior) = REQUIRED]; } // Generalization function that buckets values based on ranges. The ranges and @@ -2136,6 +2199,7 @@ message CryptoReplaceFfxFpeConfig { // natively supports. In the algorithm, the alphabet is selected using // the "radix". Therefore each corresponds to particular radix. enum FfxCommonNativeAlphabet { + // Unused. FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0; // [0-9] (radix of 10) @@ -2151,8 +2215,8 @@ message CryptoReplaceFfxFpeConfig { ALPHA_NUMERIC = 4; } - // The key used by the encryption algorithm. [required] - CryptoKey crypto_key = 1; + // Required. The key used by the encryption algorithm. + CryptoKey crypto_key = 1 [(google.api.field_behavior) = REQUIRED]; // The 'tweak', a context may be used for higher security since the same // identifier in two different contexts won't be given the same surrogate. If @@ -2176,7 +2240,9 @@ message CryptoReplaceFfxFpeConfig { // - a string is encoded in UTF-8 format followed by a single byte of value 2 FieldId context = 2; + // Choose an alphabet which the data being transformed will be made up of. oneof alphabet { + // Common alphabets. FfxCommonNativeAlphabet common_alphabet = 4; // This is supported by mapping these to the alphanumeric characters @@ -2226,11 +2292,15 @@ message CryptoReplaceFfxFpeConfig { // IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot // unwrap the data crypto key. message CryptoKey { + // Sources of crypto keys. oneof source { + // Transient crypto key TransientCryptoKey transient = 1; + // Unwrapped crypto key UnwrappedCryptoKey unwrapped = 2; + // Kms wrapped key KmsWrappedCryptoKey kms_wrapped = 3; } } @@ -2238,31 +2308,20 @@ message CryptoKey { // Use this to have a random data crypto key generated. // It will be discarded after the request finishes. message TransientCryptoKey { - // Name of the key. [required] + // Required. Name of the key. // This is an arbitrary string used to differentiate different keys. // A unique key is generated per name: two separate `TransientCryptoKey` // protos share the same generated key if their names are the same. // When the data crypto key is generated, this name is not used in any way // (repeating the api call will result in a different key being generated). - string name = 1; + string name = 1 [(google.api.field_behavior) = REQUIRED]; } // Using raw keys is prone to security risks due to accidentally // leaking the key. Choose another type of key if possible. message UnwrappedCryptoKey { - // A 128/192/256 bit key. [required] - bytes key = 1; -} - -// Parts of the APIs which use certain infoTypes. -enum InfoTypeSupportedBy { - ENUM_TYPE_UNSPECIFIED = 0; - - // Supported by the inspect operations. - INSPECT = 1; - - // Supported by the risk analysis operations. - RISK_ANALYSIS = 2; + // Required. A 128/192/256 bit key. + bytes key = 1 [(google.api.field_behavior) = REQUIRED]; } // Include to use an existing data crypto key wrapped by KMS. @@ -2271,28 +2330,26 @@ enum InfoTypeSupportedBy { // to perform a crypto transformation using a kms-wrapped crypto key: // dlp.kms.encrypt message KmsWrappedCryptoKey { - // The wrapped data crypto key. [required] - bytes wrapped_key = 1; + // Required. The wrapped data crypto key. + bytes wrapped_key = 1 [(google.api.field_behavior) = REQUIRED]; - // The resource name of the KMS CryptoKey to use for unwrapping. [required] - string crypto_key_name = 2; + // Required. The resource name of the KMS CryptoKey to use for unwrapping. + string crypto_key_name = 2 [(google.api.field_behavior) = REQUIRED]; } // Shifts dates by random number of days, with option to be consistent for the // same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting // to learn more. message DateShiftConfig { - // Range of shift in days. Actual shift will be selected at random within this + // Required. Range of shift in days. Actual shift will be selected at random within this // range (inclusive ends). Negative means shift to earlier in time. Must not // be more than 365250 days (1000 years) each direction. // // For example, 3 means shift date to at most 3 days into the future. - // [Required] - int32 upper_bound_days = 1; + int32 upper_bound_days = 1 [(google.api.field_behavior) = REQUIRED]; - // For example, -5 means shift date to at most 5 days back in the past. - // [Required] - int32 lower_bound_days = 2; + // Required. For example, -5 means shift date to at most 5 days back in the past. + int32 lower_bound_days = 2 [(google.api.field_behavior) = REQUIRED]; // Points to the field that contains the context, for example, an entity id. // If set, must also set cryptoKey. If set, shift will be consistent for the @@ -2322,23 +2379,23 @@ message InfoTypeTransformations { // infoTypes that were requested in `InspectConfig`. repeated InfoType info_types = 1; - // Primitive transformation to apply to the infoType. [required] - PrimitiveTransformation primitive_transformation = 2; + // Required. Primitive transformation to apply to the infoType. + PrimitiveTransformation primitive_transformation = 2 [(google.api.field_behavior) = REQUIRED]; } - // Transformation for each infoType. Cannot specify more than one - // for a given infoType. [required] - repeated InfoTypeTransformation transformations = 1; + // Required. Transformation for each infoType. Cannot specify more than one + // for a given infoType. + repeated InfoTypeTransformation transformations = 1 [(google.api.field_behavior) = REQUIRED]; } // The transformation to apply to the field. message FieldTransformation { - // Input field(s) to apply the transformation to. [required] - repeated FieldId fields = 1; + // Required. Input field(s) to apply the transformation to. + repeated FieldId fields = 1 [(google.api.field_behavior) = REQUIRED]; // Only apply the transformation if the condition evaluates to true for the // given `RecordCondition`. The conditions are allowed to reference fields - // that are not used in the actual transformation. [optional] + // that are not used in the actual transformation. // // Example Use Cases: // @@ -2365,7 +2422,7 @@ message RecordTransformations { repeated FieldTransformation field_transformations = 1; // Configuration defining which records get suppressed entirely. Records that - // match any suppression rule are omitted from the output [optional]. + // match any suppression rule are omitted from the output. repeated RecordSuppression record_suppressions = 2; } @@ -2400,26 +2457,30 @@ message RecordCondition { // If we fail to compare do to type mismatch, a warning will be given and // the condition will evaluate to false. message Condition { - // Field within the record this condition is evaluated against. [required] - FieldId field = 1; + // Required. Field within the record this condition is evaluated against. + FieldId field = 1 [(google.api.field_behavior) = REQUIRED]; - // Operator used to compare the field or infoType to the value. [required] - RelationalOperator operator = 3; + // Required. Operator used to compare the field or infoType to the value. + RelationalOperator operator = 3 [(google.api.field_behavior) = REQUIRED]; - // Value to compare against. [Required, except for `EXISTS` tests.] + // Value to compare against. [Mandatory, except for `EXISTS` tests.] Value value = 4; } // A collection of conditions. message Conditions { + // A collection of conditions. repeated Condition conditions = 1; } // An expression, consisting or an operator and conditions. message Expressions { + // Logical operators for conditional checks. enum LogicalOperator { + // Unused LOGICAL_OPERATOR_UNSPECIFIED = 0; + // Conditional AND AND = 1; } @@ -2427,7 +2488,9 @@ message RecordCondition { // only supported value is `AND`. LogicalOperator logical_operator = 1; + // Expression types. oneof type { + // Conditions to apply to the expression. Conditions conditions = 3; } } @@ -2452,8 +2515,10 @@ message TransformationSummary { // A collection that informs the user the number of times a particular // `TransformationResultCode` and error details occurred. message SummaryResult { + // Number of transformations counted by this result. int64 count = 1; + // Outcome of the transformation. TransformationResultCode code = 2; // A place for warnings or errors to show up if a transformation didn't @@ -2463,10 +2528,13 @@ message TransformationSummary { // Possible outcomes of transformations. enum TransformationResultCode { + // Unused TRANSFORMATION_RESULT_CODE_UNSPECIFIED = 0; + // Transformation completed without an error. SUCCESS = 1; + // Transformation had an error. ERROR = 2; } @@ -2487,6 +2555,7 @@ message TransformationSummary { // The specific suppression option these stats apply to. RecordSuppression record_suppress = 6; + // Collection of all transformations that took place or had an error. repeated SummaryResult results = 4; // Total size in bytes that were transformed in some way. @@ -2519,12 +2588,12 @@ message InspectTemplate { pattern: "projects/{project}/inspectTemplates/{inspect_template}" }; - // The template name. Output only. + // Output only. The template name. // // The template will have one of the following formats: // `projects/PROJECT_ID/inspectTemplates/TEMPLATE_ID` OR - // `organizations/ORGANIZATION_ID/inspectTemplates/TEMPLATE_ID` - string name = 1; + // `organizations/ORGANIZATION_ID/inspectTemplates/TEMPLATE_ID`; + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; // Display name (max 256 chars). string display_name = 2; @@ -2532,11 +2601,11 @@ message InspectTemplate { // Short description (max 256 chars). string description = 3; - // The creation timestamp of an inspectTemplate, output only field. - google.protobuf.Timestamp create_time = 4; + // Output only. The creation timestamp of an inspectTemplate. + google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; - // The last update timestamp of an inspectTemplate, output only field. - google.protobuf.Timestamp update_time = 5; + // Output only. The last update timestamp of an inspectTemplate. + google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; // The core content of the template. Configuration of the scanning process. InspectConfig inspect_config = 6; @@ -2551,12 +2620,12 @@ message DeidentifyTemplate { pattern: "projects/{project}/deidentifyTemplates/{deidentify_template}" }; - // The template name. Output only. + // Output only. The template name. // // The template will have one of the following formats: // `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR // `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` - string name = 1; + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; // Display name (max 256 chars). string display_name = 2; @@ -2564,11 +2633,11 @@ message DeidentifyTemplate { // Short description (max 256 chars). string description = 3; - // The creation timestamp of an inspectTemplate, output only field. - google.protobuf.Timestamp create_time = 4; + // Output only. The creation timestamp of an inspectTemplate. + google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; - // The last update timestamp of an inspectTemplate, output only field. - google.protobuf.Timestamp update_time = 5; + // Output only. The last update timestamp of an inspectTemplate. + google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; // ///////////// // The core content of the template // /////////////// DeidentifyConfig deidentify_config = 6; @@ -2576,8 +2645,8 @@ message DeidentifyTemplate { // Details information about an error encountered during job execution or // the results of an unsuccessful activation of the JobTrigger. -// Output only field. message Error { + // Detailed error codes and messages. google.rpc.Status details = 1; // The times the error occurred. @@ -2605,6 +2674,7 @@ message JobTrigger { // pause triggers experiencing frequent errors. To restart a job, set the // status to HEALTHY after correcting user errors. enum Status { + // Unused. STATUS_UNSPECIFIED = 0; // Trigger is healthy. @@ -2630,6 +2700,7 @@ message JobTrigger { // The configuration details for the specific type of job to run. oneof job { + // For inspect jobs, a snapshot of the configuration. InspectJobConfig inspect_job = 4; } @@ -2638,23 +2709,23 @@ message JobTrigger { // a single Schedule trigger and must have at least one object. repeated Trigger triggers = 5; - // A stream of errors encountered when the trigger was activated. Repeated + // Output only. A stream of errors encountered when the trigger was activated. Repeated // errors may result in the JobTrigger automatically being paused. // Will return the last 100 errors. Whenever the JobTrigger is modified - // this list will be cleared. Output only field. - repeated Error errors = 6; + // this list will be cleared. + repeated Error errors = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; - // The creation timestamp of a triggeredJob, output only field. - google.protobuf.Timestamp create_time = 7; + // Output only. The creation timestamp of a triggeredJob. + google.protobuf.Timestamp create_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; - // The last update timestamp of a triggeredJob, output only field. - google.protobuf.Timestamp update_time = 8; + // Output only. The last update timestamp of a triggeredJob. + google.protobuf.Timestamp update_time = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; - // The timestamp of the last time this trigger executed, output only field. - google.protobuf.Timestamp last_run_time = 9; + // Output only. The timestamp of the last time this trigger executed. + google.protobuf.Timestamp last_run_time = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; - // A status for this trigger. [required] - Status status = 10; + // Required. A status for this trigger. + Status status = 10 [(google.api.field_behavior) = REQUIRED]; } // A task to execute on the completion of a job. @@ -2665,6 +2736,7 @@ message Action { // specified. // Compatible with: Inspect, Risk message SaveFindings { + // Location to store findings outside of DLP. OutputStorageConfig output_config = 1; } @@ -2736,7 +2808,7 @@ message Action { // Publish findings to Cloud Datahub. PublishFindingsToCloudDataCatalog publish_findings_to_cloud_data_catalog = 5; - // Enable email notification to project owners and editors on job's + // Enable email notification for project owners and editors on job's // completion/failure. JobNotificationEmails job_notification_emails = 8; @@ -2756,8 +2828,8 @@ message CreateInspectTemplateRequest { } ]; - // The InspectTemplate to create. - InspectTemplate inspect_template = 2; + // Required. The InspectTemplate to create. + InspectTemplate inspect_template = 2 [(google.api.field_behavior) = REQUIRED]; // The template id can contain uppercase and lowercase letters, // numbers, and hyphens; that is, it must match the regular @@ -2813,15 +2885,15 @@ message ListInspectTemplatesRequest { } ]; - // Optional page token to continue retrieval. Comes from previous call + // Page token to continue retrieval. Comes from previous call // to `ListInspectTemplates`. string page_token = 2; - // Optional size of the page, can be limited by server. If zero server returns + // Size of the page, can be limited by server. If zero server returns // a page of max size 100. int32 page_size = 3; - // Optional comma separated list of fields to order by, + // Comma separated list of fields to order by, // followed by `asc` or `desc` postfix. This list is case-insensitive, // default sorting order is ascending, redundant space characters are // insignificant. @@ -2874,8 +2946,8 @@ message CreateJobTriggerRequest { } ]; - // The JobTrigger to create. - JobTrigger job_trigger = 2; + // Required. The JobTrigger to create. + JobTrigger job_trigger = 2 [(google.api.field_behavior) = REQUIRED]; // The trigger id can contain uppercase and lowercase letters, // numbers, and hyphens; that is, it must match the regular @@ -2944,8 +3016,10 @@ message CreateDlpJobRequest { // The configuration details for the specific type of job to run. oneof job { + // Set to control what and how to inspect. InspectJobConfig inspect_job = 2; + // Set to choose what metric to calculate. RiskAnalysisJobConfig risk_job = 3; } @@ -2970,15 +3044,15 @@ message ListJobTriggersRequest { } ]; - // Optional page token to continue retrieval. Comes from previous call + // Page token to continue retrieval. Comes from previous call // to ListJobTriggers. `order_by` field must not // change for subsequent calls. string page_token = 2; - // Optional size of the page, can be limited by a server. + // Size of the page, can be limited by a server. int32 page_size = 3; - // Optional comma separated list of triggeredJob fields to order by, + // Comma separated list of triggeredJob fields to order by, // followed by `asc` or `desc` postfix. This list is case-insensitive, // default sorting order is ascending, redundant space characters are // insignificant. @@ -2995,14 +3069,14 @@ message ListJobTriggersRequest { // - `status`: corresponds to JobTrigger's status. string order_by = 4; - // Optional. Allows filtering. + // Allows filtering. // // Supported syntax: // // * Filter expressions are made up of one or more restrictions. // * Restrictions can be combined by `AND` or `OR` logical operators. A // sequence of restrictions implicitly uses `AND`. - // * A restriction has the form of ` `. + // * A restriction has the form of `{field} {operator} {value}`. // * Supported fields/values for inspect jobs: // - `status` - HEALTHY|PAUSED|CANCELLED // - `inspected_storage` - DATASTORE|CLOUD_STORAGE|BIGQUERY @@ -3048,6 +3122,7 @@ message DeleteJobTriggerRequest { ]; } +// Controls what and how to inspect for findings. message InspectJobConfig { // The data to scan. StorageConfig storage_config = 1; @@ -3071,7 +3146,9 @@ message DlpJob { pattern: "projects/{project}/dlpJobs/{dlp_job}" }; + // Possible states of a job. enum JobState { + // Unused. JOB_STATE_UNSPECIFIED = 0; // The job has not yet started. @@ -3145,14 +3222,14 @@ message ListDlpJobsRequest { } ]; - // Optional. Allows filtering. + // Allows filtering. // // Supported syntax: // // * Filter expressions are made up of one or more restrictions. // * Restrictions can be combined by `AND` or `OR` logical operators. A // sequence of restrictions implicitly uses `AND`. - // * A restriction has the form of ` `. + // * A restriction has the form of `{field} {operator} {value}`. // * Supported fields/values for inspect jobs: // - `state` - PENDING|RUNNING|CANCELED|FINISHED|FAILED // - `inspected_storage` - DATASTORE|CLOUD_STORAGE|BIGQUERY @@ -3184,7 +3261,7 @@ message ListDlpJobsRequest { // The type of job. Defaults to `DlpJobType.INSPECT` DlpJobType type = 5; - // Optional comma separated list of fields to order by, + // Comma separated list of fields to order by, // followed by `asc` or `desc` postfix. This list is case-insensitive, // default sorting order is ascending, redundant space characters are // insignificant. @@ -3204,32 +3281,6 @@ message ListDlpJobsRequest { string location_id = 7; } -// Operators available for comparing the value of fields. -enum RelationalOperator { - RELATIONAL_OPERATOR_UNSPECIFIED = 0; - - // Equal. Attempts to match even with incompatible types. - EQUAL_TO = 1; - - // Not equal to. Attempts to match even with incompatible types. - NOT_EQUAL_TO = 2; - - // Greater than. - GREATER_THAN = 3; - - // Less than. - LESS_THAN = 4; - - // Greater than or equals. - GREATER_THAN_OR_EQUALS = 5; - - // Less than or equals. - LESS_THAN_OR_EQUALS = 6; - - // Exists - EXISTS = 7; -} - // The response message for listing DLP jobs. message ListDlpJobsResponse { // A list of DlpJobs that matches the specified filter in the request. @@ -3272,8 +3323,8 @@ message CreateDeidentifyTemplateRequest { } ]; - // The DeidentifyTemplate to create. - DeidentifyTemplate deidentify_template = 2; + // Required. The DeidentifyTemplate to create. + DeidentifyTemplate deidentify_template = 2 [(google.api.field_behavior) = REQUIRED]; // The template id can contain uppercase and lowercase letters, // numbers, and hyphens; that is, it must match the regular @@ -3329,15 +3380,15 @@ message ListDeidentifyTemplatesRequest { } ]; - // Optional page token to continue retrieval. Comes from previous call + // Page token to continue retrieval. Comes from previous call // to `ListDeidentifyTemplates`. string page_token = 2; - // Optional size of the page, can be limited by server. If zero server returns + // Size of the page, can be limited by server. If zero server returns // a page of max size 100. int32 page_size = 3; - // Optional comma separated list of fields to order by, + // Comma separated list of fields to order by, // followed by `asc` or `desc` postfix. This list is case-insensitive, // default sorting order is ascending, redundant space characters are // insignificant. @@ -3419,6 +3470,7 @@ message StoredInfoTypeConfig { // Description of the StoredInfoType (max 256 characters). string description = 2; + // Stored infotype types. oneof type { // StoredInfoType where findings are defined by a dictionary of phrases. LargeCustomDictionaryConfig large_custom_dictionary = 3; @@ -3427,6 +3479,7 @@ message StoredInfoTypeConfig { // Statistics for a StoredInfoType. message StoredInfoTypeStats { + // Stat types oneof type { // StoredInfoType where findings are defined by a dictionary of phrases. LargeCustomDictionaryStats large_custom_dictionary = 1; @@ -3451,10 +3504,12 @@ message StoredInfoTypeVersion { // anomalies detected in the storedInfoType data that render it unusable. Only // the five most recent errors will be displayed, with the most recent error // appearing first. - //

For example, some of the data for stored custom dictionaries is put in + // + // For example, some of the data for stored custom dictionaries is put in // the user's Google Cloud Storage bucket, and if this data is modified or // deleted by the user or another system, the dictionary becomes invalid. - //

If any errors occur, fix the problem indicated by the error message and + // + // If any errors occur, fix the problem indicated by the error message and // use the UpdateStoredInfoType API method to create another version of the // storedInfoType to continue using it, reusing the same `config` if it was // not the source of the error. @@ -3495,8 +3550,8 @@ message CreateStoredInfoTypeRequest { } ]; - // Configuration of the storedInfoType to create. - StoredInfoTypeConfig config = 2; + // Required. Configuration of the storedInfoType to create. + StoredInfoTypeConfig config = 2 [(google.api.field_behavior) = REQUIRED]; // The storedInfoType ID can contain uppercase and lowercase letters, // numbers, and hyphens; that is, it must match the regular @@ -3554,15 +3609,15 @@ message ListStoredInfoTypesRequest { } ]; - // Optional page token to continue retrieval. Comes from previous call + // Page token to continue retrieval. Comes from previous call // to `ListStoredInfoTypes`. string page_token = 2; - // Optional size of the page, can be limited by server. If zero server returns + // Size of the page, can be limited by server. If zero server returns // a page of max size 100. int32 page_size = 3; - // Optional comma separated list of fields to order by, + // Comma separated list of fields to order by, // followed by `asc` or `desc` postfix. This list is case-insensitive, // default sorting order is ascending, redundant space characters are // insignificant. @@ -3606,8 +3661,89 @@ message DeleteStoredInfoTypeRequest { ]; } -// An enum to represent the various type of DLP jobs. +// Operators available for comparing the value of fields. +enum RelationalOperator { + // Unused + RELATIONAL_OPERATOR_UNSPECIFIED = 0; + + // Equal. Attempts to match even with incompatible types. + EQUAL_TO = 1; + + // Not equal to. Attempts to match even with incompatible types. + NOT_EQUAL_TO = 2; + + // Greater than. + GREATER_THAN = 3; + + // Less than. + LESS_THAN = 4; + + // Greater than or equals. + GREATER_THAN_OR_EQUALS = 5; + + // Less than or equals. + LESS_THAN_OR_EQUALS = 6; + + // Exists + EXISTS = 7; +} + +// Type of the match which can be applied to different ways of matching, like +// Dictionary, regular expression and intersecting with findings of another +// info type. +enum MatchingType { + // Invalid. + MATCHING_TYPE_UNSPECIFIED = 0; + + // Full match. + // + // - Dictionary: join of Dictionary results matched complete finding quote + // - Regex: all regex matches fill a finding quote start to end + // - Exclude info type: completely inside affecting info types findings + MATCHING_TYPE_FULL_MATCH = 1; + + // Partial match. + // + // - Dictionary: at least one of the tokens in the finding matches + // - Regex: substring of the finding matches + // - Exclude info type: intersects with affecting info types findings + MATCHING_TYPE_PARTIAL_MATCH = 2; + + // Inverse match. + // + // - Dictionary: no tokens in the finding match the dictionary + // - Regex: finding doesn't match the regex + // - Exclude info type: no intersection with affecting info types findings + MATCHING_TYPE_INVERSE_MATCH = 3; +} + +// Options describing which parts of the provided content should be scanned. +enum ContentOption { + // Includes entire content of a file or a data stream. + CONTENT_UNSPECIFIED = 0; + + // Text content within the data, excluding any metadata. + CONTENT_TEXT = 1; + + // Images found in the data. + CONTENT_IMAGE = 2; +} + +// Parts of the APIs which use certain infoTypes. +enum InfoTypeSupportedBy { + // Unused. + ENUM_TYPE_UNSPECIFIED = 0; + + // Supported by the inspect operations. + INSPECT = 1; + + // Supported by the risk analysis operations. + RISK_ANALYSIS = 2; +} + +// An enum to represent the various types of DLP jobs. enum DlpJobType { + // Unused DLP_JOB_TYPE_UNSPECIFIED = 0; // The job inspected Google Cloud for sensitive data. @@ -3619,6 +3755,7 @@ enum DlpJobType { // State of a StoredInfoType version. enum StoredInfoTypeState { + // Unused STORED_INFO_TYPE_STATE_UNSPECIFIED = 0; // StoredInfoType version is being created.