diff --git a/google/privacy/dlp/artman_dlp_v2beta1.yaml b/google/privacy/dlp/artman_dlp_v2beta1.yaml deleted file mode 100644 index d8fa4b63..00000000 --- a/google/privacy/dlp/artman_dlp_v2beta1.yaml +++ /dev/null @@ -1,110 +0,0 @@ -common: - api_name: dlp - api_version: v2beta1 - organization_name: google-cloud - service_yaml: dlp.yaml - gapic_yaml: v2beta1/dlp_gapic.yaml - src_proto_paths: - - v2beta1 - proto_deps: - - name: google-common-protos -artifacts: -- name: java_gapic - type: GAPIC - language: JAVA - publish_targets: - - name: staging - type: GITHUB - location: git@github.com:googleapis/api-client-staging.git - directory_mappings: - - dest: generated/java/gapic-google-cloud-dlp-v2beta1 - - name: grpc - dest: generated/java/grpc-google-cloud-dlp-v2beta1 - - name: proto - dest: generated/java/proto-google-cloud-dlp-v2beta1 - - name: java - type: GITHUB - location: git@github.com:GoogleCloudPlatform/google-cloud-java.git - directory_mappings: - - dest: google-cloud-dlp -- name: python_gapic - type: GAPIC - language: PYTHON - publish_targets: - - name: python - type: GITHUB - location: git@github.com:GoogleCloudPlatform/google-cloud-python.git - directory_mappings: - - src: . - dest: dlp - - name: grpc - src: google/cloud/proto - dest: dlp/google/cloud/proto - - name: staging - type: GITHUB - location: git@github.com:googleapis/api-client-staging.git - directory_mappings: - - dest: generated/python/gapic-google-cloud-dlp-v2beta1 - - name: grpc - dest: generated/python/proto-google-cloud-dlp-v2beta1 -- name: php_gapic - type: GAPIC - language: PHP - publish_targets: - - name: staging - type: GITHUB - location: git@github.com:googleapis/api-client-staging.git - directory_mappings: - - dest: generated/php/google-cloud-dlp-v2beta1 -- name: ruby_gapic - type: GAPIC - language: RUBY - publish_targets: - - name: ruby - type: GITHUB - location: git@github.com:GoogleCloudPlatform/google-cloud-ruby.git - directory_mappings: - - src: lib/google/cloud/dlp/v2beta1 - dest: google-cloud-dlp/lib/google/cloud/dlp/v2beta1 - - src: test/google/cloud/privacy/dlp/v2beta1 - dest: google-cloud-dlp/test/google/cloud/dlp/v2beta1 - - name: staging - type: GITHUB - location: git@github.com:googleapis/api-client-staging.git - directory_mappings: - - dest: generated/ruby/google-cloud-dlp -- name: go_gapic - type: GAPIC - language: GO - publish_targets: - - name: staging - type: GITHUB - location: git@github.com:googleapis/api-client-staging.git - directory_mappings: - - dest: generated/go/vendor/cloud.google.com/go/google-cloud-dlp-v2beta1/vendor - - name: go - type: GITHUB - location: git@github.com:GoogleCloudPlatform/google-cloud-go.git - directory_mappings: - - dest: dlp/apiv2beta1 -- name: nodejs_gapic - type: GAPIC - language: NODEJS - package_version: - grpc_dep_lower_bound: 0.0.0 - publish_targets: - - name: staging - type: GITHUB - location: git@github.com:googleapis/api-client-staging.git - directory_mappings: - - dest: generated/nodejs/dlp - - name: nodejs - type: GITHUB - location: git@github.com:GoogleCloudPlatform/google-cloud-node.git - directory_mappings: - - src: src/v2beta1 - dest: packages/dlp/src/v2beta1 - - src: test/test.js - dest: packages/dlp/test/gapic-v2beta1.js -- name: gapic_config - type: GAPIC_CONFIG diff --git a/google/privacy/dlp/artman_dlp_v2beta2.yaml b/google/privacy/dlp/artman_dlp_v2beta2.yaml deleted file mode 100644 index 097d076c..00000000 --- a/google/privacy/dlp/artman_dlp_v2beta2.yaml +++ /dev/null @@ -1,117 +0,0 @@ -common: - api_name: dlp - api_version: v2beta2 - organization_name: google-cloud - proto_deps: - - name: google-common-protos - src_proto_paths: - - v2beta2 - service_yaml: dlp_v2beta2.yaml - gapic_yaml: v2beta2/dlp_gapic.yaml -artifacts: -- name: gapic_config - type: GAPIC_CONFIG -- name: java_gapic - type: GAPIC - language: JAVA - publish_targets: - - name: staging - type: GITHUB - location: git@github.com:googleapis/api-client-staging.git - directory_mappings: - - dest: generated/java/gapic-google-cloud-dlp-v2beta2 - - name: grpc - dest: generated/java/grpc-google-cloud-dlp-v2beta2 - - name: proto - dest: generated/java/proto-google-cloud-dlp-v2beta2 - - name: java - type: GITHUB - location: git@github.com:GoogleCloudPlatform/google-cloud-java.git - directory_mappings: - - dest: google-cloud-dlp -- name: python_gapic - type: GAPIC - language: PYTHON - publish_targets: - - name: python - type: GITHUB - location: git@github.com:GoogleCloudPlatform/google-cloud-python.git - directory_mappings: - - src: google/cloud/gapic - dest: dlp/google/cloud/gapic - - src: test/google/cloud/gapic/dlp/v2beta2 - dest: dlp/tests/gapic - - name: grpc - src: google/cloud/proto - dest: dlp/google/cloud/proto - - name: staging - type: GITHUB - location: git@github.com:googleapis/api-client-staging.git - directory_mappings: - - dest: generated/python/gapic-google-cloud-dlp-v2beta2 - - name: grpc - dest: generated/python/proto-google-cloud-dlp-v2beta2 -- name: nodejs_gapic - type: GAPIC - language: NODEJS - package_version: - grpc_dep_lower_bound: 0.0.0 - publish_targets: - - name: staging - type: GITHUB - location: git@github.com:googleapis/api-client-staging.git - directory_mappings: - - dest: generated/nodejs/dlp - - name: nodejs - type: GITHUB - location: git@github.com:GoogleCloudPlatform/google-cloud-node.git - directory_mappings: - - src: src/v2beta2 - dest: packages/dlp/src/v2beta2 - - src: test/test.js - dest: packages/dlp/test/gapic-v2beta2.js -- name: php_gapic - type: GAPIC - language: PHP - publish_targets: - - name: staging - type: GITHUB - location: git@github.com:googleapis/api-client-staging.git - directory_mappings: - - dest: generated/php/google-cloud-dlp-v2beta2 -- name: go_gapic - type: GAPIC - language: GO - publish_targets: - - name: staging - type: GITHUB - location: git@github.com:googleapis/api-client-staging.git - directory_mappings: - - dest: generated/go/vendor/cloud.google.com/go/google-cloud-dlp-v2beta2/vendor - - name: go - type: GITHUB - location: git@github.com:GoogleCloudPlatform/google-cloud-go.git - directory_mappings: - - dest: dlp/apiv2beta2 -- name: ruby_gapic - type: GAPIC - language: RUBY - package_version: - grpc_dep_lower_bound: 0.20.0 - publish_targets: - - name: ruby - type: GITHUB - location: git@github.com:GoogleCloudPlatform/google-cloud-ruby.git - directory_mappings: - - src: lib/google/cloud/dlp/v2beta2 - dest: google-cloud-dlp/lib/google/cloud/dlp/v2beta2 - - src: test/google/cloud/privacy/dlp/v2beta2 - dest: google-cloud-dlp/test/google/cloud/dlp/v2beta2 - - name: staging - type: GITHUB - location: git@github.com:googleapis/api-client-staging.git - directory_mappings: - - dest: generated/ruby/google-cloud-dlp -- name: csharp_gapic - type: GAPIC - language: CSHARP diff --git a/google/privacy/dlp/dlp.yaml b/google/privacy/dlp/dlp.yaml deleted file mode 100644 index 111e6cba..00000000 --- a/google/privacy/dlp/dlp.yaml +++ /dev/null @@ -1,90 +0,0 @@ -type: google.api.Service -config_version: 3 -name: dlp.googleapis.com -title: DLP API - -apis: -- name: google.privacy.dlp.v2beta1.DlpService - -types: -- name: google.privacy.dlp.v2beta1.InspectOperationMetadata -- name: google.privacy.dlp.v2beta1.InspectOperationResult -- name: google.privacy.dlp.v2beta1.InfoTypeStatistics -- name: google.privacy.dlp.v2beta1.RiskAnalysisOperationResult -- name: google.privacy.dlp.v2beta1.RiskAnalysisOperationMetadata - -documentation: - summary: |- - The Google Data Loss Prevention API provides methods for detection of - privacy-sensitive fragments in text, images, and Google Cloud Platform - storage repositories. - rules: - - selector: google.longrunning.Operations.CancelOperation - description: |- - Cancels an operation. Use the - [`inspect.operations.get`][/dlp/docs/reference/rest/v2beta1/inspect.operations/get] - to check whether the cancellation succeeded or the operation completed - despite cancellation. - - selector: google.longrunning.Operations.DeleteOperation - description: This method is not supported and the server returns `UNIMPLEMENTED`. - - selector: google.longrunning.Operations.ListOperations - description: Fetches the list of long running operations. - -backend: - rules: - - selector: google.longrunning.Operations.ListOperations - deadline: 300.0 - - selector: google.longrunning.Operations.GetOperation - deadline: 300.0 - - selector: google.longrunning.Operations.DeleteOperation - deadline: 300.0 - - selector: google.longrunning.Operations.CancelOperation - deadline: 300.0 - - selector: google.privacy.dlp.v2beta1.DlpService.InspectContent - deadline: 300.0 - - selector: google.privacy.dlp.v2beta1.DlpService.RedactContent - deadline: 300.0 - - selector: google.privacy.dlp.v2beta1.DlpService.DeidentifyContent - deadline: 300.0 - - selector: google.privacy.dlp.v2beta1.DlpService.CreateInspectOperation - deadline: 300.0 - - selector: google.privacy.dlp.v2beta1.DlpService.AnalyzeDataSourceRisk - deadline: 300.0 - - selector: google.privacy.dlp.v2beta1.DlpService.ListInspectFindings - deadline: 300.0 - - selector: google.privacy.dlp.v2beta1.DlpService.ListInfoTypes - deadline: 300.0 - - selector: google.privacy.dlp.v2beta1.DlpService.ListRootCategories - deadline: 300.0 - -http: - rules: - - selector: google.longrunning.Operations.ListOperations - get: '/v2beta1/{name=inspect/operations}' - additional_bindings: - - get: '/v2beta1/{name=riskAnalysis/operations}' - - - selector: google.longrunning.Operations.GetOperation - get: '/v2beta1/{name=inspect/operations/*}' - additional_bindings: - - get: '/v2beta1/{name=riskAnalysis/operations/*}' - - - selector: google.longrunning.Operations.DeleteOperation - delete: '/v2beta1/{name=inspect/operations/*}' - additional_bindings: - - delete: '/v2beta1/{name=riskAnalysis/operations/*}' - - - selector: google.longrunning.Operations.CancelOperation - post: '/v2beta1/{name=inspect/operations/*}:cancel' - body: '*' - additional_bindings: - - post: '/v2beta1/{name=riskAnalysis/operations/*}:cancel' - body: '*' - - -authentication: - rules: - - selector: '*' - oauth: - canonical_scopes: |- - https://www.googleapis.com/auth/cloud-platform diff --git a/google/privacy/dlp/dlp_v2beta2.yaml b/google/privacy/dlp/dlp_v2beta2.yaml deleted file mode 100644 index 253140dc..00000000 --- a/google/privacy/dlp/dlp_v2beta2.yaml +++ /dev/null @@ -1,75 +0,0 @@ -type: google.api.Service -config_version: 3 -name: dlp.googleapis.com -title: DLP API - -apis: -- name: google.privacy.dlp.v2beta2.DlpService - -documentation: - summary: |- - The Google Data Loss Prevention API provides methods for detection of - privacy-sensitive fragments in text, images, and Google Cloud Platform - storage repositories. - -backend: - rules: - - selector: google.privacy.dlp.v2beta2.DlpService.InspectContent - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.RedactImage - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.DeidentifyContent - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.ReidentifyContent - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.InspectDataSource - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.AnalyzeDataSourceRisk - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.ListInfoTypes - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.CreateInspectTemplate - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.UpdateInspectTemplate - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.GetInspectTemplate - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.ListInspectTemplates - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.DeleteInspectTemplate - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.CreateDeidentifyTemplate - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.UpdateDeidentifyTemplate - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.GetDeidentifyTemplate - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.ListDeidentifyTemplates - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.DeleteDeidentifyTemplate - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.CreateJobTrigger - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.UpdateJobTrigger - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.GetJobTrigger - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.ListJobTriggers - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.DeleteJobTrigger - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.ListDlpJobs - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.GetDlpJob - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.DeleteDlpJob - deadline: 300.0 - - selector: google.privacy.dlp.v2beta2.DlpService.CancelDlpJob - deadline: 300.0 - -authentication: - rules: - - selector: '*' - oauth: - canonical_scopes: |- - https://www.googleapis.com/auth/cloud-platform diff --git a/google/privacy/dlp/v2beta1/dlp.proto b/google/privacy/dlp/v2beta1/dlp.proto deleted file mode 100644 index 1b978eb6..00000000 --- a/google/privacy/dlp/v2beta1/dlp.proto +++ /dev/null @@ -1,1329 +0,0 @@ -// Copyright 2017 Google Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.privacy.dlp.v2beta1; - -import "google/api/annotations.proto"; -import "google/longrunning/operations.proto"; -import "google/privacy/dlp/v2beta1/storage.proto"; -import "google/protobuf/empty.proto"; -import "google/protobuf/timestamp.proto"; -import "google/type/date.proto"; -import "google/type/timeofday.proto"; - -option csharp_namespace = "Google.Cloud.Dlp.V2Beta1"; -option go_package = "google.golang.org/genproto/googleapis/privacy/dlp/v2beta1;dlp"; -option java_multiple_files = true; -option java_outer_classname = "DlpProto"; -option java_package = "com.google.privacy.dlp.v2beta1"; -option php_namespace = "Google\\Cloud\\Dlp\\V2beta1"; - - -// The DLP API is a service that allows clients -// to detect the presence of Personally Identifiable Information (PII) and other -// privacy-sensitive data in user-supplied, unstructured data streams, like text -// blocks or images. -// The service also includes methods for sensitive data redaction and -// scheduling of data scans on Google Cloud Platform based data sets. -service DlpService { - // Finds potentially sensitive info in a list of strings. - // This method has limits on input size, processing time, and output size. - rpc InspectContent(InspectContentRequest) returns (InspectContentResponse) { - option (google.api.http) = { post: "/v2beta1/content:inspect" body: "*" }; - } - - // Redacts potentially sensitive info from a list of strings. - // This method has limits on input size, processing time, and output size. - rpc RedactContent(RedactContentRequest) returns (RedactContentResponse) { - option (google.api.http) = { post: "/v2beta1/content:redact" body: "*" }; - } - - // De-identifies potentially sensitive info from a list of strings. - // This method has limits on input size and output size. - rpc DeidentifyContent(DeidentifyContentRequest) returns (DeidentifyContentResponse) { - option (google.api.http) = { post: "/v2beta1/content:deidentify" body: "*" }; - } - - // Schedules a job scanning content in a Google Cloud Platform data - // repository. - rpc CreateInspectOperation(CreateInspectOperationRequest) returns (google.longrunning.Operation) { - option (google.api.http) = { post: "/v2beta1/inspect/operations" body: "*" }; - } - - // Schedules a job to compute risk analysis metrics over content in a Google - // Cloud Platform repository. - rpc AnalyzeDataSourceRisk(AnalyzeDataSourceRiskRequest) returns (google.longrunning.Operation) { - option (google.api.http) = { post: "/v2beta1/dataSource:analyze" body: "*" }; - } - - // Returns list of results for given inspect operation result set id. - rpc ListInspectFindings(ListInspectFindingsRequest) returns (ListInspectFindingsResponse) { - option (google.api.http) = { get: "/v2beta1/{name=inspect/results/*}/findings" }; - } - - // Returns sensitive information types for given category. - rpc ListInfoTypes(ListInfoTypesRequest) returns (ListInfoTypesResponse) { - option (google.api.http) = { get: "/v2beta1/rootCategories/{category=*}/infoTypes" }; - } - - // Returns the list of root categories of sensitive information. - rpc ListRootCategories(ListRootCategoriesRequest) returns (ListRootCategoriesResponse) { - option (google.api.http) = { get: "/v2beta1/rootCategories" }; - } -} - -// Configuration description of the scanning process. -// When used with redactContent only info_types and min_likelihood are currently -// used. -message InspectConfig { - // Max findings configuration per info type, per content item or long running - // operation. - message InfoTypeLimit { - // Type of information the findings limit applies to. Only one limit per - // info_type should be provided. If InfoTypeLimit does not have an - // info_type, the DLP API applies the limit against all info_types that are - // found but not specified in another InfoTypeLimit. - InfoType info_type = 1; - - // Max findings limit for the given infoType. - int32 max_findings = 2; - } - - // Restricts what info_types to look for. The values must correspond to - // InfoType values returned by ListInfoTypes or found in documentation. - // Empty info_types runs all enabled detectors. - repeated InfoType info_types = 1; - - // Only returns findings equal or above this threshold. - Likelihood min_likelihood = 2; - - // Limits the number of findings per content item or long running operation. - int32 max_findings = 3; - - // When true, a contextual quote from the data that triggered a finding is - // included in the response; see Finding.quote. - bool include_quote = 4; - - // When true, excludes type information of the findings. - bool exclude_types = 6; - - // Configuration of findings limit given for specified info types. - repeated InfoTypeLimit info_type_limits = 7; - - // Custom info types provided by the user. - repeated CustomInfoType custom_info_types = 8; -} - -// Additional configuration for inspect long running operations. -message OperationConfig { - // Max number of findings per file, Datastore entity, or database row. - int64 max_item_findings = 1; -} - -// Container structure for the content to inspect. -message ContentItem { - // Type of the content, as defined in Content-Type HTTP header. - // Supported types are: all "text" types, octet streams, PNG images, - // JPEG images. - string type = 1; - - // Data of the item either in the byte array or UTF-8 string form. - oneof data_item { - // Content data to inspect or redact. - bytes data = 2; - - // String data to inspect or redact. - string value = 3; - - // Structured content for inspection. - Table table = 4; - } -} - -// Structured content to inspect. Up to 50,000 `Value`s per request allowed. -message Table { - message Row { - repeated Value values = 1; - } - - repeated FieldId headers = 1; - - repeated Row rows = 2; -} - -// All the findings for a single scanned item. -message InspectResult { - // List of findings for an item. - repeated Finding findings = 1; - - // If true, then this item might have more findings than were returned, - // and the findings returned are an arbitrary subset of all findings. - // The findings list might be truncated because the input items were too - // large, or because the server reached the maximum amount of resources - // allowed for a single API call. For best results, divide the input into - // smaller batches. - bool findings_truncated = 2; -} - -// Container structure describing a single finding within a string or image. -message Finding { - // The specific string that may be potentially sensitive info. - string quote = 1; - - // The specific type of info the string might be. - InfoType info_type = 2; - - // Estimate of how likely it is that the info_type is correct. - Likelihood likelihood = 3; - - // Location of the info found. - Location location = 4; - - // Timestamp when finding was detected. - google.protobuf.Timestamp create_time = 6; -} - -// Specifies the location of a finding within its source item. -message Location { - // Zero-based byte offsets within a content item. - Range byte_range = 1; - - // Character offsets within a content item, included when content type - // is a text. Default charset assumed to be UTF-8. - Range codepoint_range = 2; - - // Location within an image's pixels. - repeated ImageLocation image_boxes = 3; - - // Key of the finding. - RecordKey record_key = 4; - - // Field id of the field containing the finding. - FieldId field_id = 5; - - // Location within a `ContentItem.Table`. - TableLocation table_location = 6; -} - -// Location of a finding within a `ContentItem.Table`. -message TableLocation { - // The zero-based index of the row where the finding is located. - int64 row_index = 1; -} - -// Generic half-open interval [start, end) -message Range { - // Index of the first character of the range (inclusive). - int64 start = 1; - - // Index of the last character of the range (exclusive). - int64 end = 2; -} - -// Bounding box encompassing detected text within an image. -message ImageLocation { - // Top coordinate of the bounding box. (0,0) is upper left. - int32 top = 1; - - // Left coordinate of the bounding box. (0,0) is upper left. - int32 left = 2; - - // Width of the bounding box in pixels. - int32 width = 3; - - // Height of the bounding box in pixels. - int32 height = 4; -} - -// Request to search for potentially sensitive info in a list of items -// and replace it with a default or provided content. -message RedactContentRequest { - message ReplaceConfig { - // Type of information to replace. Only one ReplaceConfig per info_type - // should be provided. If ReplaceConfig does not have an info_type, the DLP - // API matches it against all info_types that are found but not specified in - // another ReplaceConfig. - InfoType info_type = 1; - - // Content replacing sensitive information of given type. Max 256 chars. - string replace_with = 2; - } - - // Configuration for determining how redaction of images should occur. - message ImageRedactionConfig { - // Type of information to redact from images. - oneof target { - // Only one per info_type should be provided per request. If not - // specified, and redact_all_text is false, the DLP API will redact all - // text that it matches against all info_types that are found, but not - // specified in another ImageRedactionConfig. - InfoType info_type = 1; - - // If true, all text found in the image, regardless whether it matches an - // info_type, is redacted. - bool redact_all_text = 2; - } - - // The color to use when redacting content from an image. If not specified, - // the default is black. - Color redaction_color = 3; - } - - // Configuration for the inspector. - InspectConfig inspect_config = 1; - - // The list of items to inspect. Up to 100 are allowed per request. - repeated ContentItem items = 2; - - // The strings to replace findings text findings with. Must specify at least - // one of these or one ImageRedactionConfig if redacting images. - repeated ReplaceConfig replace_configs = 3; - - // The configuration for specifying what content to redact from images. - repeated ImageRedactionConfig image_redaction_configs = 4; -} - -// Represents a color in the RGB color space. -message Color { - // The amount of red in the color as a value in the interval [0, 1]. - float red = 1; - - // The amount of green in the color as a value in the interval [0, 1]. - float green = 2; - - // The amount of blue in the color as a value in the interval [0, 1]. - float blue = 3; -} - -// Results of redacting a list of items. -message RedactContentResponse { - // The redacted content. - repeated ContentItem items = 1; -} - -// Request to de-identify a list of items. -message DeidentifyContentRequest { - // Configuration for the de-identification of the list of content items. - DeidentifyConfig deidentify_config = 1; - - // Configuration for the inspector. - InspectConfig inspect_config = 2; - - // The list of items to inspect. Up to 100 are allowed per request. - // All items will be treated as text/*. - repeated ContentItem items = 3; -} - -// Results of de-identifying a list of items. -message DeidentifyContentResponse { - repeated ContentItem items = 1; - - // A review of the transformations that took place for each item. - repeated DeidentificationSummary summaries = 2; -} - -// Request to search for potentially sensitive info in a list of items. -message InspectContentRequest { - // Configuration for the inspector. - InspectConfig inspect_config = 1; - - // The list of items to inspect. Items in a single request are - // considered "related" unless inspect_config.independent_inputs is true. - // Up to 100 are allowed per request. - repeated ContentItem items = 2; -} - -// Results of inspecting a list of items. -message InspectContentResponse { - // Each content_item from the request has a result in this list, in the - // same order as the request. - repeated InspectResult results = 1; -} - -// Request for scheduling a scan of a data subset from a Google Platform data -// repository. -message CreateInspectOperationRequest { - // Configuration for the inspector. - InspectConfig inspect_config = 1; - - // Specification of the data set to process. - StorageConfig storage_config = 2; - - // Optional location to store findings. - OutputStorageConfig output_config = 3; - - // Additional configuration settings for long running operations. - OperationConfig operation_config = 5; -} - -// Cloud repository for storing output. -message OutputStorageConfig { - oneof type { - // Store findings in a new table in the dataset. - BigQueryTable table = 1; - - // The path to a Google Cloud Storage location to store output. - // The bucket must already exist and - // the Google APIs service account for DLP must have write permission to - // write to the given bucket. - // Results are split over multiple csv files with each file name matching - // the pattern "[operation_id]_[count].csv", for example - // `3094877188788974909_1.csv`. The `operation_id` matches the - // identifier for the Operation, and the `count` is a counter used for - // tracking the number of files written. - // - // The CSV file(s) contain the following columns regardless of storage type - // scanned: - // - id - // - info_type - // - likelihood - // - byte size of finding - // - quote - // - timestamp - // - // For Cloud Storage the next columns are: - // - // - file_path - // - start_offset - // - // For Cloud Datastore the next columns are: - // - // - project_id - // - namespace_id - // - path - // - column_name - // - offset - // - // For BigQuery the next columns are: - // - // - row_number - // - project_id - // - dataset_id - // - table_id - CloudStoragePath storage_path = 2; - } -} - -// Statistics regarding a specific InfoType. -message InfoTypeStatistics { - // The type of finding this stat is for. - InfoType info_type = 1; - - // Number of findings for this info type. - int64 count = 2; -} - -// Metadata returned within GetOperation for an inspect request. -message InspectOperationMetadata { - // Total size in bytes that were processed. - int64 processed_bytes = 1; - - // Estimate of the number of bytes to process. - int64 total_estimated_bytes = 4; - - repeated InfoTypeStatistics info_type_stats = 2; - - // The time which this request was started. - google.protobuf.Timestamp create_time = 3; - - // The inspect config used to create the Operation. - InspectConfig request_inspect_config = 5; - - // The storage config used to create the Operation. - StorageConfig request_storage_config = 6; - - // Optional location to store findings. - OutputStorageConfig request_output_config = 7; -} - -// The operational data. -message InspectOperationResult { - // The server-assigned name, which is only unique within the same service that - // originally returns it. If you use the default HTTP mapping, the - // `name` should have the format of `inspect/results/{id}`. - string name = 1; -} - -// Request for the list of results in a given inspect operation. -message ListInspectFindingsRequest { - // Identifier of the results set returned as metadata of - // the longrunning operation created by a call to InspectDataSource. - // Should be in the format of `inspect/results/{id}`. - string name = 1; - - // Maximum number of results to return. - // If 0, the implementation selects a reasonable value. - int32 page_size = 2; - - // The value returned by the last `ListInspectFindingsResponse`; indicates - // that this is a continuation of a prior `ListInspectFindings` call, and that - // the system should return the next page of data. - string page_token = 3; - - // Restricts findings to items that match. Supports info_type and likelihood. - // - // Examples: - // - // - info_type=EMAIL_ADDRESS - // - info_type=PHONE_NUMBER,EMAIL_ADDRESS - // - likelihood=VERY_LIKELY - // - likelihood=VERY_LIKELY,LIKELY - // - info_type=EMAIL_ADDRESS,likelihood=VERY_LIKELY,LIKELY - string filter = 4; -} - -// Response to the ListInspectFindings request. -message ListInspectFindingsResponse { - // The results. - InspectResult result = 1; - - // If not empty, indicates that there may be more results that match the - // request; this value should be passed in a new `ListInspectFindingsRequest`. - string next_page_token = 2; -} - -// Description of the information type (infoType). -message InfoTypeDescription { - // Internal name of the infoType. - string name = 1; - - // Human readable form of the infoType name. - string display_name = 2; - - // List of categories this infoType belongs to. - repeated CategoryDescription categories = 3; -} - -// Request for the list of info types belonging to a given category, -// or all supported info types if no category is specified. -message ListInfoTypesRequest { - // Category name as returned by ListRootCategories. - string category = 1; - - // Optional BCP-47 language code for localized info type friendly - // names. If omitted, or if localized strings are not available, - // en-US strings will be returned. - string language_code = 2; -} - -// Response to the ListInfoTypes request. -message ListInfoTypesResponse { - // Set of sensitive info types belonging to a category. - repeated InfoTypeDescription info_types = 1; -} - -// Info Type Category description. -message CategoryDescription { - // Internal name of the category. - string name = 1; - - // Human readable form of the category name. - string display_name = 2; -} - -// Request for root categories of Info Types supported by the API. -// Example values might include "FINANCE", "HEALTH", "FAST", "DEFAULT". -message ListRootCategoriesRequest { - // Optional language code for localized friendly category names. - // If omitted or if localized strings are not available, - // en-US strings will be returned. - string language_code = 1; -} - -// Response for ListRootCategories request. -message ListRootCategoriesResponse { - // List of all into type categories supported by the API. - repeated CategoryDescription categories = 1; -} - -// Request for creating a risk analysis operation. -message AnalyzeDataSourceRiskRequest { - // Privacy metric to compute. - PrivacyMetric privacy_metric = 1; - - // Input dataset to compute metrics over. - BigQueryTable source_table = 3; -} - -// Privacy metric to compute for reidentification risk analysis. -message PrivacyMetric { - // Compute numerical stats over an individual column, including - // min, max, and quantiles. - message NumericalStatsConfig { - // Field to compute numerical stats on. Supported types are - // integer, float, date, datetime, timestamp, time. - FieldId field = 1; - } - - // Compute numerical stats over an individual column, including - // number of distinct values and value count distribution. - message CategoricalStatsConfig { - // Field to compute categorical stats on. All column types are - // supported except for arrays and structs. However, it may be more - // informative to use NumericalStats when the field type is supported, - // depending on the data. - FieldId field = 1; - } - - // k-anonymity metric, used for analysis of reidentification risk. - message KAnonymityConfig { - // Set of fields to compute k-anonymity over. When multiple fields are - // specified, they are considered a single composite key. Structs and - // repeated data types are not supported; however, nested fields are - // supported so long as they are not structs themselves or nested within - // a repeated field. - repeated FieldId quasi_ids = 1; - - // Optional message indicating that each distinct `EntityId` should not - // contribute to the k-anonymity count more than once per equivalence class. - EntityId entity_id = 2; - } - - // l-diversity metric, used for analysis of reidentification risk. - message LDiversityConfig { - // Set of quasi-identifiers indicating how equivalence classes are - // defined for the l-diversity computation. When multiple fields are - // specified, they are considered a single composite key. - repeated FieldId quasi_ids = 1; - - // Sensitive field for computing the l-value. - FieldId sensitive_attribute = 2; - } - - oneof type { - NumericalStatsConfig numerical_stats_config = 1; - - CategoricalStatsConfig categorical_stats_config = 2; - - KAnonymityConfig k_anonymity_config = 3; - - LDiversityConfig l_diversity_config = 4; - } -} - -// Metadata returned within the -// [`riskAnalysis.operations.get`](/dlp/docs/reference/rest/v2beta1/riskAnalysis.operations/get) -// for risk analysis. -message RiskAnalysisOperationMetadata { - // The time which this request was started. - google.protobuf.Timestamp create_time = 1; - - // Privacy metric to compute. - PrivacyMetric requested_privacy_metric = 2; - - // Input dataset to compute metrics over. - BigQueryTable requested_source_table = 3; -} - -// Result of a risk analysis -// [`Operation`](/dlp/docs/reference/rest/v2beta1/inspect.operations) -// request. -message RiskAnalysisOperationResult { - // Result of the numerical stats computation. - message NumericalStatsResult { - // Minimum value appearing in the column. - Value min_value = 1; - - // Maximum value appearing in the column. - Value max_value = 2; - - // List of 99 values that partition the set of field values into 100 equal - // sized buckets. - repeated Value quantile_values = 4; - } - - // Result of the categorical stats computation. - message CategoricalStatsResult { - // Histogram bucket of value frequencies in the column. - message CategoricalStatsHistogramBucket { - // Lower bound on the value frequency of the values in this bucket. - int64 value_frequency_lower_bound = 1; - - // Upper bound on the value frequency of the values in this bucket. - int64 value_frequency_upper_bound = 2; - - // Total number of records in this bucket. - int64 bucket_size = 3; - - // Sample of value frequencies in this bucket. The total number of - // values returned per bucket is capped at 20. - repeated ValueFrequency bucket_values = 4; - } - - // Histogram of value frequencies in the column. - repeated CategoricalStatsHistogramBucket value_frequency_histogram_buckets = 5; - } - - // Result of the k-anonymity computation. - message KAnonymityResult { - // The set of columns' values that share the same k-anonymity value. - message KAnonymityEquivalenceClass { - // Set of values defining the equivalence class. One value per - // quasi-identifier column in the original KAnonymity metric message. - // The order is always the same as the original request. - repeated Value quasi_ids_values = 1; - - // Size of the equivalence class, for example number of rows with the - // above set of values. - int64 equivalence_class_size = 2; - } - - // Histogram bucket of equivalence class sizes in the table. - message KAnonymityHistogramBucket { - // Lower bound on the size of the equivalence classes in this bucket. - int64 equivalence_class_size_lower_bound = 1; - - // Upper bound on the size of the equivalence classes in this bucket. - int64 equivalence_class_size_upper_bound = 2; - - // Total number of records in this bucket. - int64 bucket_size = 3; - - // Sample of equivalence classes in this bucket. The total number of - // classes returned per bucket is capped at 20. - repeated KAnonymityEquivalenceClass bucket_values = 4; - } - - // Histogram of k-anonymity equivalence classes. - repeated KAnonymityHistogramBucket equivalence_class_histogram_buckets = 5; - } - - // Result of the l-diversity computation. - message LDiversityResult { - // The set of columns' values that share the same l-diversity value. - message LDiversityEquivalenceClass { - // Quasi-identifier values defining the k-anonymity equivalence - // class. The order is always the same as the original request. - repeated Value quasi_ids_values = 1; - - // Size of the k-anonymity equivalence class. - int64 equivalence_class_size = 2; - - // Number of distinct sensitive values in this equivalence class. - int64 num_distinct_sensitive_values = 3; - - // Estimated frequencies of top sensitive values. - repeated ValueFrequency top_sensitive_values = 4; - } - - // Histogram bucket of sensitive value frequencies in the table. - message LDiversityHistogramBucket { - // Lower bound on the sensitive value frequencies of the equivalence - // classes in this bucket. - int64 sensitive_value_frequency_lower_bound = 1; - - // Upper bound on the sensitive value frequencies of the equivalence - // classes in this bucket. - int64 sensitive_value_frequency_upper_bound = 2; - - // Total number of records in this bucket. - int64 bucket_size = 3; - - // Sample of equivalence classes in this bucket. The total number of - // classes returned per bucket is capped at 20. - repeated LDiversityEquivalenceClass bucket_values = 4; - } - - // Histogram of l-diversity equivalence class sensitive value frequencies. - repeated LDiversityHistogramBucket sensitive_value_frequency_histogram_buckets = 5; - } - - // Values associated with this metric. - oneof result { - NumericalStatsResult numerical_stats_result = 3; - - CategoricalStatsResult categorical_stats_result = 4; - - KAnonymityResult k_anonymity_result = 5; - - LDiversityResult l_diversity_result = 6; - } -} - -// A value of a field, including its frequency. -message ValueFrequency { - // A value contained in the field in question. - Value value = 1; - - // How many times the value is contained in the field. - int64 count = 2; -} - -// Set of primitive values supported by the system. -message Value { - oneof type { - int64 integer_value = 1; - - double float_value = 2; - - string string_value = 3; - - bool boolean_value = 4; - - google.protobuf.Timestamp timestamp_value = 5; - - google.type.TimeOfDay time_value = 6; - - google.type.Date date_value = 7; - } -} - -// The configuration that controls how the data will change. -message DeidentifyConfig { - oneof transformation { - // Treat the dataset as free-form text and apply the same free text - // transformation everywhere. - InfoTypeTransformations info_type_transformations = 1; - - // Treat the dataset as structured. Transformations can be applied to - // specific locations within structured datasets, such as transforming - // a column within a table. - RecordTransformations record_transformations = 2; - } -} - -// A rule for transforming a value. -message PrimitiveTransformation { - oneof transformation { - ReplaceValueConfig replace_config = 1; - - RedactConfig redact_config = 2; - - CharacterMaskConfig character_mask_config = 3; - - CryptoReplaceFfxFpeConfig crypto_replace_ffx_fpe_config = 4; - - FixedSizeBucketingConfig fixed_size_bucketing_config = 5; - - BucketingConfig bucketing_config = 6; - - ReplaceWithInfoTypeConfig replace_with_info_type_config = 7; - - TimePartConfig time_part_config = 8; - - CryptoHashConfig crypto_hash_config = 9; - } -} - -// For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a -// portion of the value. -message TimePartConfig { - enum TimePart { - TIME_PART_UNSPECIFIED = 0; - - // [000-9999] - YEAR = 1; - - // [1-12] - MONTH = 2; - - // [1-31] - DAY_OF_MONTH = 3; - - // [1-7] - DAY_OF_WEEK = 4; - - // [1-52] - WEEK_OF_YEAR = 5; - - // [0-24] - HOUR_OF_DAY = 6; - } - - TimePart part_to_extract = 1; -} - -// Pseudonymization method that generates surrogates via cryptographic hashing. -// Uses SHA-256. -// Outputs a 32 byte digest as an uppercase hex string -// (for example, 41D1567F7F99F1DC2A5FAB886DEE5BEE). -// Currently, only string and integer values can be hashed. -message CryptoHashConfig { - // The key used by the hash function. - CryptoKey crypto_key = 1; -} - -// Replace each input value with a given `Value`. -message ReplaceValueConfig { - // Value to replace it with. - Value new_value = 1; -} - -// Replace each matching finding with the name of the info_type. -message ReplaceWithInfoTypeConfig { - -} - -// Redact a given value. For example, if used with an `InfoTypeTransformation` -// transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the -// output would be 'My phone number is '. -message RedactConfig { - -} - -// Characters to skip when doing deidentification of a value. These will be left -// alone and skipped. -message CharsToIgnore { - enum CharacterGroup { - CHARACTER_GROUP_UNSPECIFIED = 0; - - // 0-9 - NUMERIC = 1; - - // A-Z - ALPHA_UPPER_CASE = 2; - - // a-z - ALPHA_LOWER_CASE = 3; - - // US Punctuation, one of !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ - PUNCTUATION = 4; - - // Whitespace character, one of [ \t\n\x0B\f\r] - WHITESPACE = 5; - } - - oneof characters { - string characters_to_skip = 1; - - CharacterGroup common_characters_to_ignore = 2; - } -} - -// Partially mask a string by replacing a given number of characters with a -// fixed character. Masking can start from the beginning or end of the string. -// This can be used on data of any type (numbers, longs, and so on) and when -// de-identifying structured data we'll attempt to preserve the original data's -// type. (This allows you to take a long like 123 and modify it to a string like -// **3. -message CharacterMaskConfig { - // Character to mask the sensitive values—for example, "*" for an - // alphabetic string such as name, or "0" for a numeric string such as ZIP - // code or credit card number. String must have length 1. If not supplied, we - // will default to "*" for strings, 0 for digits. - string masking_character = 1; - - // Number of characters to mask. If not set, all matching chars will be - // masked. Skipped characters do not count towards this tally. - int32 number_to_mask = 2; - - // Mask characters in reverse order. For example, if `masking_character` is - // '0', number_to_mask is 14, and `reverse_order` is false, then - // 1234-5678-9012-3456 -> 00000000000000-3456 - // If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` - // is true, then 12345 -> 12*** - bool reverse_order = 3; - - // When masking a string, items in this list will be skipped when replacing. - // For example, if your string is 555-555-5555 and you ask us to skip `-` and - // mask 5 chars with * we would produce ***-*55-5555. - repeated CharsToIgnore characters_to_ignore = 4; -} - -// Buckets values based on fixed size ranges. The -// Bucketing transformation can provide all of this functionality, -// but requires more configuration. This message is provided as a convenience to -// the user for simple bucketing strategies. -// The resulting value will be a hyphenated string of -// lower_bound-upper_bound. -// This can be used on data of type: double, long. -// If the bound Value type differs from the type of data -// being transformed, we will first attempt converting the type of the data to -// be transformed to match the type of the bound before comparing. -message FixedSizeBucketingConfig { - // Lower bound value of buckets. All values less than `lower_bound` are - // grouped together into a single bucket; for example if `lower_bound` = 10, - // then all values less than 10 are replaced with the value “-10”. [Required]. - Value lower_bound = 1; - - // Upper bound value of buckets. All values greater than upper_bound are - // grouped together into a single bucket; for example if `upper_bound` = 89, - // then all values greater than 89 are replaced with the value “89+”. - // [Required]. - Value upper_bound = 2; - - // Size of each bucket (except for minimum and maximum buckets). So if - // `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the - // following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, - // 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. - double bucket_size = 3; -} - -// Generalization function that buckets values based on ranges. The ranges and -// replacement values are dynamically provided by the user for custom behavior, -// such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH -// This can be used on -// data of type: number, long, string, timestamp. -// If the bound `Value` type differs from the type of data being transformed, we -// will first attempt converting the type of the data to be transformed to match -// the type of the bound before comparing. -message BucketingConfig { - // Buckets represented as ranges, along with replacement values. Ranges must - // be non-overlapping. - message Bucket { - // Lower bound of the range, inclusive. Type should be the same as max if - // used. - Value min = 1; - - // Upper bound of the range, exclusive; type must match min. - Value max = 2; - - // Replacement value for this bucket. If not provided - // the default behavior will be to hyphenate the min-max range. - Value replacement_value = 3; - } - - repeated Bucket buckets = 1; -} - -// Replaces an identifier with a surrogate using FPE with the FFX -// mode of operation. -// The identifier must be representable by the US-ASCII character set. -// For a given crypto key and context, the same identifier will be -// replaced with the same surrogate. -// Identifiers must be at least two characters long. -// In the case that the identifier is the empty string, it will be skipped. -message CryptoReplaceFfxFpeConfig { - // These are commonly used subsets of the alphabet that the FFX mode - // natively supports. In the algorithm, the alphabet is selected using - // the "radix". Therefore each corresponds to particular radix. - enum FfxCommonNativeAlphabet { - FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0; - - // [0-9] (radix of 10) - NUMERIC = 1; - - // [0-9A-F] (radix of 16) - HEXADECIMAL = 2; - - // [0-9A-Z] (radix of 36) - UPPER_CASE_ALPHA_NUMERIC = 3; - - // [0-9A-Za-z] (radix of 62) - ALPHA_NUMERIC = 4; - } - - // The key used by the encryption algorithm. [required] - CryptoKey crypto_key = 1; - - // A context may be used for higher security since the same - // identifier in two different contexts likely will be given a distinct - // surrogate. The principle is that the likeliness is inversely related - // to the ratio of the number of distinct identifiers per context over the - // number of possible surrogates: As long as this ratio is small, the - // likehood is large. - // - // If the context is not set, a default tweak will be used. - // If the context is set but: - // - // 1. there is no record present when transforming a given value or - // 1. the field is not present when transforming a given value, - // - // a default tweak will be used. - // - // Note that case (1) is expected when an `InfoTypeTransformation` is - // applied to both structured and non-structured `ContentItem`s. - // Currently, the referenced field may be of value type integer or string. - // - // The tweak is constructed as a sequence of bytes in big endian byte order - // such that: - // - // - a 64 bit integer is encoded followed by a single byte of value 1 - // - a string is encoded in UTF-8 format followed by a single byte of value 2 - // - // This is also known as the 'tweak', as in tweakable encryption. - FieldId context = 2; - - oneof alphabet { - FfxCommonNativeAlphabet common_alphabet = 4; - - // This is supported by mapping these to the alphanumeric characters - // that the FFX mode natively supports. This happens before/after - // encryption/decryption. - // Each character listed must appear only once. - // Number of characters must be in the range [2, 62]. - // This must be encoded as ASCII. - // The order of characters does not matter. - string custom_alphabet = 5; - - // The native way to select the alphabet. Must be in the range [2, 62]. - int32 radix = 6; - } -} - -// This is a data encryption key (DEK) (as opposed to -// a key encryption key (KEK) stored by KMS). -// When using KMS to wrap/unwrap DEKs, be sure to set an appropriate -// IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot -// unwrap the data crypto key. -message CryptoKey { - oneof source { - TransientCryptoKey transient = 1; - - UnwrappedCryptoKey unwrapped = 2; - - KmsWrappedCryptoKey kms_wrapped = 3; - } -} - -// Use this to have a random data crypto key generated. -// It will be discarded after the operation/request finishes. -message TransientCryptoKey { - // Name of the key. [required] - // This is an arbitrary string used to differentiate different keys. - // A unique key is generated per name: two separate `TransientCryptoKey` - // protos share the same generated key if their names are the same. - // When the data crypto key is generated, this name is not used in any way - // (repeating the api call will result in a different key being generated). - string name = 1; -} - -// Using raw keys is prone to security risks due to accidentally -// leaking the key. Choose another type of key if possible. -message UnwrappedCryptoKey { - // The AES 128/192/256 bit key. [required] - bytes key = 1; -} - -// Include to use an existing data crypto key wrapped by KMS. -// Authorization requires the following IAM permissions when sending a request -// to perform a crypto transformation using a kms-wrapped crypto key: -// dlp.kms.encrypt -message KmsWrappedCryptoKey { - // The wrapped data crypto key. [required] - bytes wrapped_key = 1; - - // The resource name of the KMS CryptoKey to use for unwrapping. [required] - string crypto_key_name = 2; -} - -// A type of transformation that will scan unstructured text and -// apply various `PrimitiveTransformation`s to each finding, where the -// transformation is applied to only values that were identified as a specific -// info_type. -message InfoTypeTransformations { - // A transformation to apply to text that is identified as a specific - // info_type. - message InfoTypeTransformation { - // Info types to apply the transformation to. Empty list will match all - // available info types for this transformation. - repeated InfoType info_types = 1; - - // Primitive transformation to apply to the info type. [required] - PrimitiveTransformation primitive_transformation = 2; - } - - // Transformation for each info type. Cannot specify more than one - // for a given info type. [required] - repeated InfoTypeTransformation transformations = 1; -} - -// The transformation to apply to the field. -message FieldTransformation { - // Input field(s) to apply the transformation to. [required] - repeated FieldId fields = 1; - - // Only apply the transformation if the condition evaluates to true for the - // given `RecordCondition`. The conditions are allowed to reference fields - // that are not used in the actual transformation. [optional] - // - // Example Use Cases: - // - // - Apply a different bucket transformation to an age column if the zip code - // column for the same record is within a specific range. - // - Redact a field if the date of birth field is greater than 85. - RecordCondition condition = 3; - - // Transformation to apply. [required] - oneof transformation { - // Apply the transformation to the entire field. - PrimitiveTransformation primitive_transformation = 4; - - // Treat the contents of the field as free text, and selectively - // transform content that matches an `InfoType`. - InfoTypeTransformations info_type_transformations = 5; - } -} - -// A type of transformation that is applied over structured data such as a -// table. -message RecordTransformations { - // Transform the record by applying various field transformations. - repeated FieldTransformation field_transformations = 1; - - // Configuration defining which records get suppressed entirely. Records that - // match any suppression rule are omitted from the output [optional]. - repeated RecordSuppression record_suppressions = 2; -} - -// Configuration to suppress records whose suppression conditions evaluate to -// true. -message RecordSuppression { - RecordCondition condition = 1; -} - -// A condition for determining whether a transformation should be applied to -// a field. -message RecordCondition { - // The field type of `value` and `field` do not need to match to be - // considered equal, but not all comparisons are possible. - // - // A `value` of type: - // - // - `string` can be compared against all other types - // - `boolean` can only be compared against other booleans - // - `integer` can be compared against doubles or a string if the string value - // can be parsed as an integer. - // - `double` can be compared against integers or a string if the string can - // be parsed as a double. - // - `Timestamp` can be compared against strings in RFC 3339 date string - // format. - // - `TimeOfDay` can be compared against timestamps and strings in the format - // of 'HH:mm:ss'. - // - // If we fail to compare do to type mismatch, a warning will be given and - // the condition will evaluate to false. - message Condition { - // Field within the record this condition is evaluated against. [required] - FieldId field = 1; - - // Operator used to compare the field or info type to the value. [required] - RelationalOperator operator = 3; - - // Value to compare against. [Required, except for `EXISTS` tests.] - Value value = 4; - } - - message Conditions { - repeated Condition conditions = 1; - } - - // A collection of expressions - message Expressions { - enum LogicalOperator { - LOGICAL_OPERATOR_UNSPECIFIED = 0; - - AND = 1; - } - - // The operator to apply to the result of conditions. Default and currently - // only supported value is `AND`. - LogicalOperator logical_operator = 1; - - oneof type { - Conditions conditions = 3; - } - } - - Expressions expressions = 3; -} - -// High level summary of deidentification. -message DeidentificationSummary { - // Total size in bytes that were transformed in some way. - int64 transformed_bytes = 2; - - // Transformations applied to the dataset. - repeated TransformationSummary transformation_summaries = 3; -} - -// Summary of a single tranformation. -message TransformationSummary { - // A collection that informs the user the number of times a particular - // `TransformationResultCode` and error details occurred. - message SummaryResult { - int64 count = 1; - - TransformationResultCode code = 2; - - // A place for warnings or errors to show up if a transformation didn't - // work as expected. - string details = 3; - } - - // Possible outcomes of transformations. - enum TransformationResultCode { - TRANSFORMATION_RESULT_CODE_UNSPECIFIED = 0; - - SUCCESS = 1; - - ERROR = 2; - } - - // Set if the transformation was limited to a specific info_type. - InfoType info_type = 1; - - // Set if the transformation was limited to a specific FieldId. - FieldId field = 2; - - // The specific transformation these stats apply to. - PrimitiveTransformation transformation = 3; - - // The field transformation that was applied. This list will contain - // multiple only in the case of errors. - repeated FieldTransformation field_transformations = 5; - - // The specific suppression option these stats apply to. - RecordSuppression record_suppress = 6; - - repeated SummaryResult results = 4; -} - -// Categorization of results based on how likely they are to represent a match, -// based on the number of elements they contain which imply a match. -enum Likelihood { - // Default value; information with all likelihoods is included. - LIKELIHOOD_UNSPECIFIED = 0; - - // Few matching elements. - VERY_UNLIKELY = 1; - - UNLIKELY = 2; - - // Some matching elements. - POSSIBLE = 3; - - LIKELY = 4; - - // Many matching elements. - VERY_LIKELY = 5; -} - -// Operators available for comparing the value of fields. -enum RelationalOperator { - RELATIONAL_OPERATOR_UNSPECIFIED = 0; - - // Equal. - EQUAL_TO = 1; - - // Not equal to. - NOT_EQUAL_TO = 2; - - // Greater than. - GREATER_THAN = 3; - - // Less than. - LESS_THAN = 4; - - // Greater than or equals. - GREATER_THAN_OR_EQUALS = 5; - - // Less than or equals. - LESS_THAN_OR_EQUALS = 6; - - // Exists - EXISTS = 7; -} diff --git a/google/privacy/dlp/v2beta1/dlp_gapic.yaml b/google/privacy/dlp/v2beta1/dlp_gapic.yaml deleted file mode 100644 index cf0f3730..00000000 --- a/google/privacy/dlp/v2beta1/dlp_gapic.yaml +++ /dev/null @@ -1,191 +0,0 @@ -type: com.google.api.codegen.ConfigProto -config_schema_version: 1.0.0 -language_settings: - java: - package_name: com.google.cloud.dlp.v2beta1 - python: - package_name: google.cloud.dlp_v2beta1.gapic - go: - package_name: cloud.google.com/go/dlp/apiv2beta1 - csharp: - package_name: Google.Cloud.Dlp.V2Beta1 - ruby: - package_name: Google::Cloud::Dlp::V2beta1 - release_level: BETA - php: - package_name: Google\Cloud\Dlp\V2beta1 - nodejs: - package_name: dlp.v2beta1 - domain_layer_location: google-cloud -license_header: - copyright_file: copyright-google.txt - license_file: license-header-apache-2.0.txt -interfaces: -- name: google.privacy.dlp.v2beta1.DlpService - smoke_test: - method: InspectContent - init_fields: - - inspect_config.min_likelihood=POSSIBLE - - items[0].type="text/plain" - - items[0].value="my phone number is 215-512-1212" - collections: - - name_pattern: inspect/results/{result} - entity_name: result - retry_codes_def: - - name: idempotent - retry_codes: - - UNAVAILABLE - - DEADLINE_EXCEEDED - - name: non_idempotent - retry_codes: [] - retry_params_def: - - name: default - initial_retry_delay_millis: 100 - retry_delay_multiplier: 1.3 - max_retry_delay_millis: 60000 - initial_rpc_timeout_millis: 20000 - rpc_timeout_multiplier: 1 - max_rpc_timeout_millis: 20000 - total_timeout_millis: 600000 - methods: - - name: InspectContent - flattening: - groups: - - parameters: - - inspect_config - - items - required_fields: - - inspect_config - - items - request_object_method: true - retry_codes_name: non_idempotent - retry_params_name: default - timeout_millis: 60000 - sample_code_init_fields: - - inspect_config.info_types[0].name="EMAIL_ADDRESS" - - items[0].type="text/plain" - - items[0].value="My email is example@example.com." - - name: RedactContent - required_fields: - - inspect_config - - items - request_object_method: true - retry_codes_name: non_idempotent - retry_params_name: default - timeout_millis: 60000 - sample_code_init_fields: - - inspect_config.info_types[0].name="EMAIL_ADDRESS" - - items[0].type="text/plain" - - items[0].value="My email is example@example.com." - - replace_configs[0].info_type.name="EMAIL_ADDRESS" - - replace_configs[0].replace_with="REDACTED" - - name: DeidentifyContent - flattening: - groups: - - parameters: - - deidentify_config - - inspect_config - - items - required_fields: - - deidentify_config - - inspect_config - - items - request_object_method: true - retry_codes_name: idempotent - retry_params_name: default - timeout_millis: 60000 - - name: AnalyzeDataSourceRisk - flattening: - groups: - - parameters: - - privacy_metric - - source_table - required_fields: - - privacy_metric - - source_table - request_object_method: true - retry_codes_name: idempotent - retry_params_name: default - timeout_millis: 60000 - long_running: - return_type: google.privacy.dlp.v2beta1.RiskAnalysisOperationResult - metadata_type: google.privacy.dlp.v2beta1.RiskAnalysisOperationMetadata - initial_poll_delay_millis: 20000 - poll_delay_multiplier: 1.5 - max_poll_delay_millis: 45000 - total_poll_timeout_millis: 86400000 - - name: CreateInspectOperation - flattening: - groups: - - parameters: - - inspect_config - - storage_config - - output_config - long_running: - return_type: google.privacy.dlp.v2beta1.InspectOperationResult - metadata_type: google.privacy.dlp.v2beta1.InspectOperationMetadata - initial_poll_delay_millis: 20000 - poll_delay_multiplier: 1.5 - max_poll_delay_millis: 45000 - total_poll_timeout_millis: 86400000 - required_fields: - - inspect_config - - storage_config - - output_config - request_object_method: true - retry_codes_name: non_idempotent - retry_params_name: default - timeout_millis: 60000 - sample_code_init_fields: - - inspect_config.info_types[0].name="EMAIL_ADDRESS" - - storage_config.cloud_storage_options.file_set.url="gs://example_bucket/example_file.png" - - name: ListInspectFindings - flattening: - groups: - - parameters: - - name - required_fields: - - name - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - name: result - timeout_millis: 60000 - - name: ListInfoTypes - flattening: - groups: - - parameters: - - category - - language_code - required_fields: - - category - - language_code - request_object_method: true - retry_codes_name: idempotent - retry_params_name: default - timeout_millis: 60000 - sample_code_init_fields: - - category="PII" - - language_code="en" - - name: ListRootCategories - flattening: - groups: - - parameters: - - language_code - required_fields: - - language_code - request_object_method: false - retry_codes_name: idempotent - retry_params_name: default - timeout_millis: 60000 - sample_code_init_fields: - - language_code="en" -resource_name_generation: -- message_name: InspectOperationResult - field_entity_map: - name: result -- message_name: ListInspectFindingsRequest - field_entity_map: - name: result diff --git a/google/privacy/dlp/v2beta1/storage.proto b/google/privacy/dlp/v2beta1/storage.proto deleted file mode 100644 index d44724c4..00000000 --- a/google/privacy/dlp/v2beta1/storage.proto +++ /dev/null @@ -1,276 +0,0 @@ -// Copyright 2017 Google Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.privacy.dlp.v2beta1; - -import "google/api/annotations.proto"; -import "google/protobuf/timestamp.proto"; - -option csharp_namespace = "Google.Cloud.Dlp.V2Beta1"; -option go_package = "google.golang.org/genproto/googleapis/privacy/dlp/v2beta1;dlp"; -option java_multiple_files = true; -option java_outer_classname = "DlpStorage"; -option java_package = "com.google.privacy.dlp.v2beta1"; -option php_namespace = "Google\\Cloud\\Dlp\\V2beta1"; - - -// Type of information detected by the API. -message InfoType { - // Name of the information type. - string name = 1; -} - -// Custom information type provided by the user. Used to find domain-specific -// sensitive information configurable to the data in question. -message CustomInfoType { - // Custom information type based on a dictionary of words or phrases. This can - // be used to match sensitive information specific to the data, such as a list - // of employee IDs or job titles. - // - // Dictionary words are case-insensitive and all characters other than letters - // and digits in the unicode [Basic Multilingual - // Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane) - // will be replaced with whitespace when scanning for matches, so the - // dictionary phrase "Sam Johnson" will match all three phrases "sam johnson", - // "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters - // surrounding any match must be of a different type than the adjacent - // characters within the word, so letters must be next to non-letters and - // digits next to non-digits. For example, the dictionary word "jen" will - // match the first three letters of the text "jen123" but will return no - // matches for "jennifer". - // - // Dictionary words containing a large number of characters that are not - // letters or digits may result in unexpected findings because such characters - // are treated as whitespace. - message Dictionary { - // Message defining a list of words or phrases to search for in the data. - message WordList { - // Words or phrases defining the dictionary. The dictionary must contain - // at least one phrase and every phrase must contain at least 2 characters - // that are letters or digits. [required] - repeated string words = 1; - } - - oneof source { - // List of words or phrases to search for. - WordList word_list = 1; - } - } - - // Info type configuration. All custom info types must have configurations - // that do not conflict with built-in info types or other custom info types. - InfoType info_type = 1; - - oneof type { - // Dictionary-based custom info type. - Dictionary dictionary = 2; - } -} - -// General identifier of a data field in a storage service. -message FieldId { - // Name describing the field. - string column_name = 1; -} - -// Datastore partition ID. -// A partition ID identifies a grouping of entities. The grouping is always -// by project and namespace, however the namespace ID may be empty. -// -// A partition ID contains several dimensions: -// project ID and namespace ID. -message PartitionId { - // The ID of the project to which the entities belong. - string project_id = 2; - - // If not empty, the ID of the namespace to which the entities belong. - string namespace_id = 4; -} - -// A representation of a Datastore kind. -message KindExpression { - // The name of the kind. - string name = 1; -} - -// A reference to a property relative to the Datastore kind expressions. -message PropertyReference { - // The name of the property. - // If name includes "."s, it may be interpreted as a property name path. - string name = 2; -} - -// A representation of a Datastore property in a projection. -message Projection { - // The property to project. - PropertyReference property = 1; -} - -// Options defining a data set within Google Cloud Datastore. -message DatastoreOptions { - // A partition ID identifies a grouping of entities. The grouping is always - // by project and namespace, however the namespace ID may be empty. - PartitionId partition_id = 1; - - // The kind to process. - KindExpression kind = 2; - - // Properties to scan. If none are specified, all properties will be scanned - // by default. - repeated Projection projection = 3; -} - -// Options defining a file or a set of files (path ending with *) within -// a Google Cloud Storage bucket. -message CloudStorageOptions { - // Set of files to scan. - message FileSet { - // The url, in the format `gs:///`. Trailing wildcard in the - // path is allowed. - string url = 1; - } - - FileSet file_set = 1; -} - -// A location in Cloud Storage. -message CloudStoragePath { - // The url, in the format of `gs://bucket/`. - string path = 1; -} - -// Options defining BigQuery table and row identifiers. -message BigQueryOptions { - // Complete BigQuery table reference. - BigQueryTable table_reference = 1; - - // References to fields uniquely identifying rows within the table. - // Nested fields in the format, like `person.birthdate.year`, are allowed. - repeated FieldId identifying_fields = 2; -} - -// Shared message indicating Cloud storage type. -message StorageConfig { - oneof type { - // Google Cloud Datastore options specification. - DatastoreOptions datastore_options = 2; - - // Google Cloud Storage options specification. - CloudStorageOptions cloud_storage_options = 3; - - // BigQuery options specification. - BigQueryOptions big_query_options = 4; - } -} - -// Record key for a finding in a Cloud Storage file. -message CloudStorageKey { - // Path to the file. - string file_path = 1; - - // Byte offset of the referenced data in the file. - int64 start_offset = 2; -} - -// Record key for a finding in Cloud Datastore. -message DatastoreKey { - // Datastore entity key. - Key entity_key = 1; -} - -// A unique identifier for a Datastore entity. -// If a key's partition ID or any of its path kinds or names are -// reserved/read-only, the key is reserved/read-only. -// A reserved/read-only key is forbidden in certain documented contexts. -message Key { - // A (kind, ID/name) pair used to construct a key path. - // - // If either name or ID is set, the element is complete. - // If neither is set, the element is incomplete. - message PathElement { - // The kind of the entity. - // A kind matching regex `__.*__` is reserved/read-only. - // A kind must not contain more than 1500 bytes when UTF-8 encoded. - // Cannot be `""`. - string kind = 1; - - // The type of ID. - oneof id_type { - // The auto-allocated ID of the entity. - // Never equal to zero. Values less than zero are discouraged and may not - // be supported in the future. - int64 id = 2; - - // The name of the entity. - // A name matching regex `__.*__` is reserved/read-only. - // A name must not be more than 1500 bytes when UTF-8 encoded. - // Cannot be `""`. - string name = 3; - } - } - - // Entities are partitioned into subsets, currently identified by a project - // ID and namespace ID. - // Queries are scoped to a single partition. - PartitionId partition_id = 1; - - // The entity path. - // An entity path consists of one or more elements composed of a kind and a - // string or numerical identifier, which identify entities. The first - // element identifies a _root entity_, the second element identifies - // a _child_ of the root entity, the third element identifies a child of the - // second entity, and so forth. The entities identified by all prefixes of - // the path are called the element's _ancestors_. - // - // A path can never be empty, and a path can have at most 100 elements. - repeated PathElement path = 2; -} - -// Message for a unique key indicating a record that contains a finding. -message RecordKey { - oneof type { - CloudStorageKey cloud_storage_key = 1; - - DatastoreKey datastore_key = 2; - } -} - -// Message defining the location of a BigQuery table. A table is uniquely -// identified by its project_id, dataset_id, and table_name. Within a query -// a table is often referenced with a string in the format of: -// `:.` or -// `..`. -message BigQueryTable { - // The Google Cloud Platform project ID of the project containing the table. - // If omitted, project ID is inferred from the API call. - string project_id = 1; - - // Dataset ID of the table. - string dataset_id = 2; - - // Name of the table. - string table_id = 3; -} - -// An entity in a dataset is a field or set of fields that correspond to a -// single person. For example, in medical records the `EntityId` might be -// a patient identifier, or for financial records it might be an account -// identifier. This message is used when generalizations or analysis must be -// consistent across multiple rows pertaining to the same entity. -message EntityId { - // Composite key indicating which field contains the entity identifier. - FieldId field = 1; -} diff --git a/google/privacy/dlp/v2beta2/dlp.proto b/google/privacy/dlp/v2beta2/dlp.proto deleted file mode 100644 index ecb7dba4..00000000 --- a/google/privacy/dlp/v2beta2/dlp.proto +++ /dev/null @@ -1,2309 +0,0 @@ -// Copyright 2018 Google Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.privacy.dlp.v2beta2; - -import "google/api/annotations.proto"; -import "google/privacy/dlp/v2beta2/storage.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/empty.proto"; -import "google/protobuf/field_mask.proto"; -import "google/protobuf/timestamp.proto"; -import "google/rpc/status.proto"; -import "google/type/date.proto"; -import "google/type/dayofweek.proto"; -import "google/type/timeofday.proto"; - -option csharp_namespace = "Google.Cloud.Dlp.V2Beta2"; -option go_package = "google.golang.org/genproto/googleapis/privacy/dlp/v2beta2;dlp"; -option java_multiple_files = true; -option java_outer_classname = "DlpProto"; -option java_package = "com.google.privacy.dlp.v2beta2"; -option php_namespace = "Google\\Cloud\\Dlp\\V2beta2"; - - -// The DLP API is a service that allows clients -// to detect the presence of Personally Identifiable Information (PII) and other -// privacy-sensitive data in user-supplied, unstructured data streams, like text -// blocks or images. -// The service also includes methods for sensitive data redaction and -// scheduling of data scans on Google Cloud Platform based data sets. -service DlpService { - // Finds potentially sensitive info in content. - // This method has limits on input size, processing time, and output size. - // [How-to guide for text](/dlp/docs/inspecting-text), [How-to guide for - // images](/dlp/docs/inspecting-images) - rpc InspectContent(InspectContentRequest) returns (InspectContentResponse) { - option (google.api.http) = { post: "/v2beta2/{parent=projects/*}/content:inspect" body: "*" }; - } - - // Redacts potentially sensitive info from an image. - // This method has limits on input size, processing time, and output size. - // [How-to guide](/dlp/docs/redacting-sensitive-data-images) - rpc RedactImage(RedactImageRequest) returns (RedactImageResponse) { - option (google.api.http) = { post: "/v2beta2/{parent=projects/*}/image:redact" body: "*" }; - } - - // De-identifies potentially sensitive info from a ContentItem. - // This method has limits on input size and output size. - // [How-to guide](/dlp/docs/deidentify-sensitive-data) - rpc DeidentifyContent(DeidentifyContentRequest) returns (DeidentifyContentResponse) { - option (google.api.http) = { post: "/v2beta2/{parent=projects/*}/content:deidentify" body: "*" }; - } - - // Re-identify content that has been de-identified. - rpc ReidentifyContent(ReidentifyContentRequest) returns (ReidentifyContentResponse) { - option (google.api.http) = { post: "/v2beta2/{parent=projects/*}/content:reidentify" body: "*" }; - } - - // Schedules a job scanning content in a Google Cloud Platform data - // repository. [How-to guide](/dlp/docs/inspecting-storage) - rpc InspectDataSource(InspectDataSourceRequest) returns (DlpJob) { - option (google.api.http) = { post: "/v2beta2/{parent=projects/*}/dataSource:inspect" body: "*" }; - } - - // Schedules a job to compute risk analysis metrics over content in a Google - // Cloud Platform repository. [How-to guide](/dlp/docs/compute-risk-analysis) - rpc AnalyzeDataSourceRisk(AnalyzeDataSourceRiskRequest) returns (DlpJob) { - option (google.api.http) = { post: "/v2beta2/{parent=projects/*}/dataSource:analyze" body: "*" }; - } - - // Returns sensitive information types DLP supports. - rpc ListInfoTypes(ListInfoTypesRequest) returns (ListInfoTypesResponse) { - option (google.api.http) = { get: "/v2beta2/infoTypes" }; - } - - // Creates an inspect template for re-using frequently used configuration - // for inspecting content, images, and storage. - rpc CreateInspectTemplate(CreateInspectTemplateRequest) - returns (InspectTemplate) { - option (google.api.http) = { - post: "/v2beta2/{parent=organizations/*}/inspectTemplates" - body: "*" - additional_bindings { - post: "/v2beta2/{parent=projects/*}/inspectTemplates" - body: "*" - } - }; - } - - // Updates the inspect template. - rpc UpdateInspectTemplate(UpdateInspectTemplateRequest) - returns (InspectTemplate) { - option (google.api.http) = { - patch: "/v2beta2/{name=organizations/*/inspectTemplates/*}" - body: "*" - additional_bindings: - { patch: "/v2beta2/{name=projects/*/inspectTemplates/*}" body: "*" } - }; - } - - // Gets an inspect template. - rpc GetInspectTemplate(GetInspectTemplateRequest) returns (InspectTemplate) { - option (google.api.http) = { - get: "/v2beta2/{name=organizations/*/inspectTemplates/*}" - additional_bindings { - get: "/v2beta2/{name=projects/*/inspectTemplates/*}" - } - }; - } - - // Lists inspect templates. - rpc ListInspectTemplates(ListInspectTemplatesRequest) - returns (ListInspectTemplatesResponse) { - option (google.api.http) = { - get: "/v2beta2/{parent=organizations/*}/inspectTemplates" - additional_bindings { - get: "/v2beta2/{parent=projects/*}/inspectTemplates" - } - }; - } - - // Deletes inspect templates. - rpc DeleteInspectTemplate(DeleteInspectTemplateRequest) - returns (google.protobuf.Empty) { - option (google.api.http) = { - delete: "/v2beta2/{name=organizations/*/inspectTemplates/*}" - additional_bindings { - delete: "/v2beta2/{name=projects/*/inspectTemplates/*}" - } - }; - } - - // Creates an Deidentify template for re-using frequently used configuration - // for Deidentifying content, images, and storage. - rpc CreateDeidentifyTemplate(CreateDeidentifyTemplateRequest) - returns (DeidentifyTemplate) { - option (google.api.http) = { - post: "/v2beta2/{parent=organizations/*}/deidentifyTemplates" - body: "*" - additional_bindings { - post: "/v2beta2/{parent=projects/*}/deidentifyTemplates" - body: "*" - } - }; - } - - // Updates the inspect template. - rpc UpdateDeidentifyTemplate(UpdateDeidentifyTemplateRequest) - returns (DeidentifyTemplate) { - option (google.api.http) = { - patch: "/v2beta2/{name=organizations/*/deidentifyTemplates/*}" - body: "*" - additional_bindings: { - patch: "/v2beta2/{name=projects/*/deidentifyTemplates/*}" - body: "*" - } - }; - } - - // Gets an inspect template. - rpc GetDeidentifyTemplate(GetDeidentifyTemplateRequest) - returns (DeidentifyTemplate) { - option (google.api.http) = { - get: "/v2beta2/{name=organizations/*/deidentifyTemplates/*}" - additional_bindings { - get: "/v2beta2/{name=projects/*/deidentifyTemplates/*}" - } - }; - } - - // Lists inspect templates. - rpc ListDeidentifyTemplates(ListDeidentifyTemplatesRequest) - returns (ListDeidentifyTemplatesResponse) { - option (google.api.http) = { - get: "/v2beta2/{parent=organizations/*}/deidentifyTemplates" - additional_bindings { - get: "/v2beta2/{parent=projects/*}/deidentifyTemplates" - } - }; - } - - // Deletes inspect templates. - rpc DeleteDeidentifyTemplate(DeleteDeidentifyTemplateRequest) - returns (google.protobuf.Empty) { - option (google.api.http) = { - delete: "/v2beta2/{name=organizations/*/deidentifyTemplates/*}" - additional_bindings { - delete: "/v2beta2/{name=projects/*/deidentifyTemplates/*}" - } - }; - } - - // Creates a job to run DLP actions such as scanning storage for sensitive - // information on a set schedule. - rpc CreateJobTrigger(CreateJobTriggerRequest) returns (JobTrigger) { - option (google.api.http) = { post: "/v2beta2/{parent=projects/*}/jobTriggers" body: "*" }; - } - - // Updates a job trigger. - rpc UpdateJobTrigger(UpdateJobTriggerRequest) returns (JobTrigger) { - option (google.api.http) = { patch: "/v2beta2/{name=projects/*/jobTriggers/*}" body: "*" }; - } - - // Gets a job trigger. - rpc GetJobTrigger(GetJobTriggerRequest) returns (JobTrigger) { - option (google.api.http) = { get: "/v2beta2/{name=projects/*/jobTriggers/*}" }; - } - - // Lists job triggers. - rpc ListJobTriggers(ListJobTriggersRequest) returns (ListJobTriggersResponse) { - option (google.api.http) = { get: "/v2beta2/{parent=projects/*}/jobTriggers" }; - } - - // Deletes a job trigger. - rpc DeleteJobTrigger(DeleteJobTriggerRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { delete: "/v2beta2/{name=projects/*/jobTriggers/*}" }; - } - - // Lists DlpJobs that match the specified filter in the request. - rpc ListDlpJobs(ListDlpJobsRequest) returns (ListDlpJobsResponse) { - option (google.api.http) = { get: "/v2beta2/{parent=projects/*}/dlpJobs" }; - } - - // Gets the latest state of a long-running DlpJob. - rpc GetDlpJob(GetDlpJobRequest) returns (DlpJob) { - option (google.api.http) = { get: "/v2beta2/{name=projects/*/dlpJobs/*}" }; - } - - // Deletes a long-running DlpJob. This method indicates that the client is - // no longer interested in the DlpJob result. The job will be cancelled if - // possible. - rpc DeleteDlpJob(DeleteDlpJobRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { delete: "/v2beta2/{name=projects/*/dlpJobs/*}" }; - } - - // Starts asynchronous cancellation on a long-running DlpJob. The server - // makes a best effort to cancel the DlpJob, but success is not - // guaranteed. - rpc CancelDlpJob(CancelDlpJobRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { post: "/v2beta2/{name=projects/*/dlpJobs/*}:cancel" body: "*" }; - } -} - -// Configuration description of the scanning process. -// When used with redactContent only info_types and min_likelihood are currently -// used. -message InspectConfig { - message FindingLimits { - // Max findings configuration per infoType, per content item or long - // running DlpJob. - message InfoTypeLimit { - // Type of information the findings limit applies to. Only one limit per - // info_type should be provided. If InfoTypeLimit does not have an - // info_type, the DLP API applies the limit against all info_types that - // are found but not specified in another InfoTypeLimit. - InfoType info_type = 1; - - // Max findings limit for the given infoType. - int32 max_findings = 2; - } - - // Max number of findings that will be returned for each item scanned. - int32 max_findings_per_item = 1; - - // Max total number of findings that will be returned per request/job. - int32 max_findings_per_request = 2; - - // Configuration of findings limit given for specified infoTypes. - repeated InfoTypeLimit max_findings_per_info_type = 3; - } - - // Restricts what info_types to look for. The values must correspond to - // InfoType values returned by ListInfoTypes or found in documentation. - // Empty info_types runs all enabled detectors. - repeated InfoType info_types = 1; - - // Only returns findings equal or above this threshold. The default is - // POSSIBLE. - Likelihood min_likelihood = 2; - - FindingLimits limits = 3; - - // When true, a contextual quote from the data that triggered a finding is - // included in the response; see Finding.quote. - bool include_quote = 4; - - // When true, excludes type information of the findings. - bool exclude_info_types = 5; - - // Custom infoTypes provided by the user. - repeated CustomInfoType custom_info_types = 6; -} - -// Container structure for the content to inspect. -message ContentItem { - // Type of the content, as defined in Content-Type HTTP header. - // Supported types are: all "text" types, octet streams, PNG images, - // JPEG images. - string type = 1; - - // Data of the item either in the byte array or UTF-8 string form. - oneof data_item { - // Content data to inspect or redact. - bytes data = 2; - - // String data to inspect or redact. - string value = 3; - - // Structured content for inspection. - Table table = 4; - } -} - -// Structured content to inspect. Up to 50,000 `Value`s per request allowed. -message Table { - message Row { - repeated Value values = 1; - } - - repeated FieldId headers = 1; - - repeated Row rows = 2; -} - -// All the findings for a single scanned item. -message InspectResult { - // List of findings for an item. - repeated Finding findings = 1; - - // If true, then this item might have more findings than were returned, - // and the findings returned are an arbitrary subset of all findings. - // The findings list might be truncated because the input items were too - // large, or because the server reached the maximum amount of resources - // allowed for a single API call. For best results, divide the input into - // smaller batches. - bool findings_truncated = 2; -} - -// Represents a piece of potentially sensitive content. -message Finding { - // The content that was found. Even if the content is not textual, it - // may be converted to a textual representation here. - // Provided if requested by the `InspectConfig` and the finding is - // less than or equal to 4096 bytes long. If the finding exceeds 4096 bytes - // in length, the quote may be omitted. - string quote = 1; - - // The type of content that might have been found. - // Provided if requested by the `InspectConfig`. - InfoType info_type = 2; - - // Estimate of how likely it is that the `info_type` is correct. - Likelihood likelihood = 3; - - // Where the content was found. - Location location = 4; - - // Timestamp when finding was detected. - google.protobuf.Timestamp create_time = 6; - - // InfoType-dependent details parsed from quote. - QuoteInfo quote_info = 7; -} - -// Specifies the location of the finding. -message Location { - // Zero-based byte offsets delimiting the finding. - // These are relative to the finding's containing element. - // Note that when the content is not textual, this references - // the UTF-8 encoded textual representation of the content. - // Omitted if content is an image. - Range byte_range = 1; - - // Unicode character offsets delimiting the finding. - // These are relative to the finding's containing element. - // Provided when the content is text. - Range codepoint_range = 2; - - // The area within the image that contained the finding. - // Provided when the content is an image. - repeated ImageLocation image_boxes = 3; - - // The pointer to the record in storage that contained the field the - // finding was found in. - // Provided when the finding's containing element is a property - // of a storage object. - RecordKey record_key = 4; - - // The pointer to the property or cell that contained the finding. - // Provided when the finding's containing element is a cell in a table - // or a property of storage object. - FieldId field_id = 5; - - // The pointer to the row of the table that contained the finding. - // Provided when the finding's containing element is a cell of a table. - TableLocation table_location = 6; -} - -// Location of a finding within a table. -message TableLocation { - // The zero-based index of the row where the finding is located. - int64 row_index = 1; -} - -// Generic half-open interval [start, end) -message Range { - // Index of the first character of the range (inclusive). - int64 start = 1; - - // Index of the last character of the range (exclusive). - int64 end = 2; -} - -// Bounding box encompassing detected text within an image. -message ImageLocation { - // Top coordinate of the bounding box. (0,0) is upper left. - int32 top = 1; - - // Left coordinate of the bounding box. (0,0) is upper left. - int32 left = 2; - - // Width of the bounding box in pixels. - int32 width = 3; - - // Height of the bounding box in pixels. - int32 height = 4; -} - -// Request to search for potentially sensitive info in a list of items -// and replace it with a default or provided content. -message RedactImageRequest { - // Configuration for determining how redaction of images should occur. - message ImageRedactionConfig { - // Type of information to redact from images. - oneof target { - // Only one per info_type should be provided per request. If not - // specified, and redact_all_text is false, the DLP API will redact all - // text that it matches against all info_types that are found, but not - // specified in another ImageRedactionConfig. - InfoType info_type = 1; - - // If true, all text found in the image, regardless whether it matches an - // info_type, is redacted. - bool redact_all_text = 2; - } - - // The color to use when redacting content from an image. If not specified, - // the default is black. - Color redaction_color = 3; - } - - // The parent resource name, for example projects/my-project-id. - string parent = 1; - - // Configuration for the inspector. - InspectConfig inspect_config = 2; - - // Type of the content, as defined in Content-Type HTTP header. - // Supported types are: PNG, JPEG, SVG, & BMP. - string image_type = 3; - - // The bytes of the image to redact. - bytes image_data = 4; - - // The configuration for specifying what content to redact from images. - repeated ImageRedactionConfig image_redaction_configs = 5; -} - -// Represents a color in the RGB color space. -message Color { - // The amount of red in the color as a value in the interval [0, 1]. - float red = 1; - - // The amount of green in the color as a value in the interval [0, 1]. - float green = 2; - - // The amount of blue in the color as a value in the interval [0, 1]. - float blue = 3; -} - -// Results of redacting an image. -message RedactImageResponse { - // The redacted image. The type will be the same as the original image. - bytes redacted_image = 1; - - // If an image was being inspected and the InspectConfig's include_quote was - // set to true, then this field will include all text, if any, that was found - // in the image. - string extracted_text = 2; -} - -// Request to de-identify a list of items. -message DeidentifyContentRequest { - // The parent resource name, for example projects/my-project-id. - string parent = 1; - - // Configuration for the de-identification of the content item. - // Items specified here will override the template referenced by the - // deidentify_template_name argument. - DeidentifyConfig deidentify_config = 2; - - // Configuration for the inspector. - // Items specified here will override the template referenced by the - // inspect_template_name argument. - InspectConfig inspect_config = 3; - - // The item to de-identify. Will be treated as text. - ContentItem item = 4; - - // Optional template to use. Any configuration directly specified in - // inspect_config will override those set in the template. Singular fields - // that are set in this request will replace their corresponding fields in the - // template. Repeated fields are appended. Singular sub-messages and groups - // are recursively merged. - string inspect_template_name = 5; - - // Optional template to use. Any configuration directly specified in - // deidentify_config will override those set in the template. Singular fields - // that are set in this request will replace their corresponding fields in the - // template. Repeated fields are appended. Singular sub-messages and groups - // are recursively merged. - string deidentify_template_name = 6; -} - -// Results of de-identifying a ContentItem. -message DeidentifyContentResponse { - // The de-identified item. - ContentItem item = 1; - - // An overview of the changes that were made on the `item`. - TransformationOverview overview = 2; -} - -// Request to re-identify an item. -message ReidentifyContentRequest { - // The parent resource name. - string parent = 1; - - // Configuration for the re-identification of the content item. - // This field shares the same proto message type that is used for - // de-identification, however its usage here is for the reversal of the - // previous de-identification. Re-identification is performed by examining - // the transformations used to de-identify the items and executing the - // reverse. This requires that only reversible transformations - // be provided here. The reversible transformations are: - // - // - `CryptoReplaceFfxFpeConfig` - DeidentifyConfig reidentify_config = 2; - - // Configuration for the inspector. - InspectConfig inspect_config = 3; - - // The item to re-identify. Will be treated as text. - ContentItem item = 4; - - // Optional template to use. Any configuration directly specified in - // `inspect_config` will override those set in the template. Singular fields - // that are set in this request will replace their corresponding fields in the - // template. Repeated fields are appended. Singular sub-messages and groups - // are recursively merged. - string inspect_template_name = 5; - - // Optional template to use. References an instance of `DeidentifyTemplate`. - // Any configuration directly specified in `reidentify_config` or - // `inspect_config` will override those set in the template. Singular fields - // that are set in this request will replace their corresponding fields in the - // template. Repeated fields are appended. Singular sub-messages and groups - // are recursively merged. - string reidentify_template_name = 6; -} - -// Results of re-identifying a item. -message ReidentifyContentResponse { - // The re-identified item. - ContentItem item = 1; - - // An overview of the changes that were made to the `item`. - TransformationOverview overview = 2; -} - -// Request to search for potentially sensitive info in a ContentItem. -message InspectContentRequest { - // The parent resource name, for example projects/my-project-id. - string parent = 1; - - // Configuration for the inspector. What specified here will override - // the template referenced by the inspect_template_name argument. - InspectConfig inspect_config = 2; - - // The item to inspect. - ContentItem item = 3; - - // Optional template to use. Any configuration directly specified in - // inspect_config will override those set in the template. Singular fields - // that are set in this request will replace their corresponding fields in the - // template. Repeated fields are appended. Singular sub-messages and groups - // are recursively merged. - string inspect_template_name = 4; -} - -// Results of inspecting an item. -message InspectContentResponse { - // The findings. - InspectResult result = 1; -} - -// Request for scheduling a scan of a data subset from a Google Platform data -// repository. -message InspectDataSourceRequest { - // The parent resource name, for example projects/my-project-id. - string parent = 1; - - // A configuration for the job. - InspectJobConfig job_config = 2; - - // Optional job ID to use for the created job. If not provided, a job ID will - // automatically be generated. Must be unique within the project. The job ID - // can contain uppercase and lowercase letters, numbers, and hyphens; that is, - // it must match the regular expression: `[a-zA-Z\\d-]+`. The maximum length - // is 100 characters. Can be empty to allow the system to generate one. - string job_id = 3; -} - -// Cloud repository for storing output. -message OutputStorageConfig { - // Predefined schemas for storing findings. - enum OutputSchema { - OUTPUT_SCHEMA_UNSPECIFIED = 0; - - // Basic schema including only `info_type`, `quote`, `certainty`, and - // `timestamp`. - BASIC_COLUMNS = 1; - - // Schema tailored to findings from scanning Google Cloud Storage. - GCS_COLUMNS = 2; - - // Schema tailored to findings from scanning Google Datastore. - DATASTORE_COLUMNS = 3; - - // Schema tailored to findings from scanning Google BigQuery. - BIG_QUERY_COLUMNS = 4; - - // Schema containing all columns. - ALL_COLUMNS = 5; - } - - oneof type { - // Store findings in an existing table or a new table in an existing - // dataset. Each column in an existing table must have the same name, type, - // and mode of a field in the `Finding` object. If table_id is not set a new - // one will be generated for you with the following format: - // dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. Pacific timezone will be used for - // generating the date details. - BigQueryTable table = 1; - } - - // Schema used for writing the findings. Columns are derived from the - // `Finding` object. If appending to an existing table, any columns from the - // predefined schema that are missing will be added. No columns in the - // existing table will be deleted. - // - // If unspecified, then all available columns will be used for a new table, - // and no changes will be made to an existing table. - OutputSchema output_schema = 3; -} - -// Statistics regarding a specific InfoType. -message InfoTypeStatistics { - // The type of finding this stat is for. - InfoType info_type = 1; - - // Number of findings for this infoType. - int64 count = 2; -} - -// The results of an inspect DataSource job. -message InspectDataSourceDetails { - message RequestedOptions { - // If run with an inspect template, a snapshot of it's state at the time of - // this run. - InspectTemplate snapshot_inspect_template = 1; - - InspectJobConfig job_config = 3; - } - - message Result { - // Total size in bytes that were processed. - int64 processed_bytes = 1; - - // Estimate of the number of bytes to process. - int64 total_estimated_bytes = 2; - - // Statistics of how many instances of each info type were found during - // inspect job. - repeated InfoTypeStatistics info_type_stats = 3; - } - - // The configuration used for this job. - RequestedOptions requested_options = 2; - - // A summary of the outcome of this inspect job. - Result result = 3; -} - -// InfoType description. -message InfoTypeDescription { - // Internal name of the infoType. - string name = 1; - - // Human readable form of the infoType name. - string display_name = 2; - - // Which parts of the API supports this InfoType. - repeated InfoTypeSupportedBy supported_by = 3; -} - -// Request for the list of infoTypes. -message ListInfoTypesRequest { - // Optional BCP-47 language code for localized infoType friendly - // names. If omitted, or if localized strings are not available, - // en-US strings will be returned. - string language_code = 1; - - // Optional filter to only return infoTypes supported by certain parts of the - // API. Defaults to supported_by=INSPECT. - string filter = 2; -} - -// Response to the ListInfoTypes request. -message ListInfoTypesResponse { - // Set of sensitive infoTypes. - repeated InfoTypeDescription info_types = 1; -} - -// Request for creating a risk analysis DlpJob. -message AnalyzeDataSourceRiskRequest { - // The parent resource name, for example projects/my-project-id. - string parent = 1; - - // Configuration for this risk analysis job. - RiskAnalysisJobConfig job_config = 2; - - // Optional job ID to use for the created job. If not provided, a job ID will - // automatically be generated. Must be unique within the project. The job ID - // can contain uppercase and lowercase letters, numbers, and hyphens; that is, - // it must match the regular expression: `[a-zA-Z\\d-]+`. The maximum length - // is 100 characters. Can be empty to allow the system to generate one. - string job_id = 3; -} - -// Configuration for a risk analysis job. -message RiskAnalysisJobConfig { - // Privacy metric to compute. - PrivacyMetric privacy_metric = 1; - - // Input dataset to compute metrics over. - BigQueryTable source_table = 2; - - // Actions to execute at the completion of the job. Are executed in the order - // provided. - repeated Action actions = 3; -} - -// Privacy metric to compute for reidentification risk analysis. -message PrivacyMetric { - // Compute numerical stats over an individual column, including - // min, max, and quantiles. - message NumericalStatsConfig { - // Field to compute numerical stats on. Supported types are - // integer, float, date, datetime, timestamp, time. - FieldId field = 1; - } - - // Compute numerical stats over an individual column, including - // number of distinct values and value count distribution. - message CategoricalStatsConfig { - // Field to compute categorical stats on. All column types are - // supported except for arrays and structs. However, it may be more - // informative to use NumericalStats when the field type is supported, - // depending on the data. - FieldId field = 1; - } - - // k-anonymity metric, used for analysis of reidentification risk. - message KAnonymityConfig { - // Set of fields to compute k-anonymity over. When multiple fields are - // specified, they are considered a single composite key. Structs and - // repeated data types are not supported; however, nested fields are - // supported so long as they are not structs themselves or nested within - // a repeated field. - repeated FieldId quasi_ids = 1; - - // Optional message indicating that each distinct entity_id should not - // contribute to the k-anonymity count more than once per equivalence class. - // If an entity_id appears on several rows with different quasi-identifier - // tuples, it will contribute to each count exactly once. - // - // This can lead to unexpected results. Consider a table where ID 1 is - // associated to quasi-identifier "foo", ID 2 to "bar", and ID 3 to *both* - // quasi-identifiers "foo" and "bar" (on separate rows), and where this ID - // is used as entity_id. Then, the anonymity value associated to ID 3 will - // be 2, even if it is the only ID to be associated to both values "foo" and - // "bar". - EntityId entity_id = 2; - } - - // l-diversity metric, used for analysis of reidentification risk. - message LDiversityConfig { - // Set of quasi-identifiers indicating how equivalence classes are - // defined for the l-diversity computation. When multiple fields are - // specified, they are considered a single composite key. - repeated FieldId quasi_ids = 1; - - // Sensitive field for computing the l-value. - FieldId sensitive_attribute = 2; - } - - // Reidentifiability metric. This corresponds to a risk model similar to what - // is called "journalist risk" in the literature, except the attack dataset is - // statistically modeled instead of being perfectly known. This can be done - // using publicly available data (like the US Census), or using a custom - // statistical model (indicated as one or several BigQuery tables), or by - // extrapolating from the distribution of values in the input dataset. - message KMapEstimationConfig { - // A column with a semantic tag attached. - message TaggedField { - // Identifies the column. [required] - FieldId field = 1; - - // Semantic tag that identifies what a column contains, to determine which - // statistical model to use to estimate the reidentifiability of each - // value. [required] - oneof tag { - // A column can be tagged with a InfoType to use the relevant public - // dataset as a statistical model of population, if available. We - // currently support US ZIP codes, region codes, ages and genders. - // To programmatically obtain the list of supported InfoTypes, use - // ListInfoTypes with the supported_by=RISK_ANALYSIS filter. - InfoType info_type = 2; - - // A column can be tagged with a custom tag. In this case, the user must - // indicate an auxiliary table that contains statistical information on - // the possible values of this column (below). - string custom_tag = 3; - - // If no semantic tag is indicated, we infer the statistical model from - // the distribution of values in the input data - google.protobuf.Empty inferred = 4; - } - } - - // An auxiliary table contains statistical information on the relative - // frequency of different quasi-identifiers values. It has one or several - // quasi-identifiers columns, and one column that indicates the relative - // frequency of each quasi-identifier tuple. - // If a tuple is present in the data but not in the auxiliary table, the - // corresponding relative frequency is assumed to be zero (and thus, the - // tuple is highly reidentifiable). - message AuxiliaryTable { - // A quasi-identifier column has a custom_tag, used to know which column - // in the data corresponds to which column in the statistical model. - message QuasiIdField { - FieldId field = 1; - - string custom_tag = 2; - } - - // Auxiliary table location. [required] - BigQueryTable table = 3; - - // Quasi-identifier columns. [required] - repeated QuasiIdField quasi_ids = 1; - - // The relative frequency column must contain a floating-point number - // between 0 and 1 (inclusive). Null values are assumed to be zero. - // [required] - FieldId relative_frequency = 2; - } - - // Fields considered to be quasi-identifiers. No two columns can have the - // same tag. [required] - repeated TaggedField quasi_ids = 1; - - // ISO 3166-1 alpha-2 region code to use in the statistical modeling. - // Required if no column is tagged with a region-specific InfoType (like - // US_ZIP_5) or a region code. - string region_code = 2; - - // Several auxiliary tables can be used in the analysis. Each custom_tag - // used to tag a quasi-identifiers column must appear in exactly one column - // of one auxiliary table. - repeated AuxiliaryTable auxiliary_tables = 3; - } - - oneof type { - NumericalStatsConfig numerical_stats_config = 1; - - CategoricalStatsConfig categorical_stats_config = 2; - - KAnonymityConfig k_anonymity_config = 3; - - LDiversityConfig l_diversity_config = 4; - - KMapEstimationConfig k_map_estimation_config = 5; - } -} - -// Result of a risk analysis operation request. -message AnalyzeDataSourceRiskDetails { - // Result of the numerical stats computation. - message NumericalStatsResult { - // Minimum value appearing in the column. - Value min_value = 1; - - // Maximum value appearing in the column. - Value max_value = 2; - - // List of 99 values that partition the set of field values into 100 equal - // sized buckets. - repeated Value quantile_values = 4; - } - - // Result of the categorical stats computation. - message CategoricalStatsResult { - message CategoricalStatsHistogramBucket { - // Lower bound on the value frequency of the values in this bucket. - int64 value_frequency_lower_bound = 1; - - // Upper bound on the value frequency of the values in this bucket. - int64 value_frequency_upper_bound = 2; - - // Total number of values in this bucket. - int64 bucket_size = 3; - - // Sample of value frequencies in this bucket. The total number of - // values returned per bucket is capped at 20. - repeated ValueFrequency bucket_values = 4; - } - - // Histogram of value frequencies in the column. - repeated CategoricalStatsHistogramBucket value_frequency_histogram_buckets = 5; - } - - // Result of the k-anonymity computation. - message KAnonymityResult { - // The set of columns' values that share the same ldiversity value - message KAnonymityEquivalenceClass { - // Set of values defining the equivalence class. One value per - // quasi-identifier column in the original KAnonymity metric message. - // The order is always the same as the original request. - repeated Value quasi_ids_values = 1; - - // Size of the equivalence class, for example number of rows with the - // above set of values. - int64 equivalence_class_size = 2; - } - - message KAnonymityHistogramBucket { - // Lower bound on the size of the equivalence classes in this bucket. - int64 equivalence_class_size_lower_bound = 1; - - // Upper bound on the size of the equivalence classes in this bucket. - int64 equivalence_class_size_upper_bound = 2; - - // Total number of equivalence classes in this bucket. - int64 bucket_size = 3; - - // Sample of equivalence classes in this bucket. The total number of - // classes returned per bucket is capped at 20. - repeated KAnonymityEquivalenceClass bucket_values = 4; - } - - // Histogram of k-anonymity equivalence classes. - repeated KAnonymityHistogramBucket equivalence_class_histogram_buckets = 5; - } - - // Result of the l-diversity computation. - message LDiversityResult { - // The set of columns' values that share the same ldiversity value. - message LDiversityEquivalenceClass { - // Quasi-identifier values defining the k-anonymity equivalence - // class. The order is always the same as the original request. - repeated Value quasi_ids_values = 1; - - // Size of the k-anonymity equivalence class. - int64 equivalence_class_size = 2; - - // Number of distinct sensitive values in this equivalence class. - int64 num_distinct_sensitive_values = 3; - - // Estimated frequencies of top sensitive values. - repeated ValueFrequency top_sensitive_values = 4; - } - - message LDiversityHistogramBucket { - // Lower bound on the sensitive value frequencies of the equivalence - // classes in this bucket. - int64 sensitive_value_frequency_lower_bound = 1; - - // Upper bound on the sensitive value frequencies of the equivalence - // classes in this bucket. - int64 sensitive_value_frequency_upper_bound = 2; - - // Total number of equivalence classes in this bucket. - int64 bucket_size = 3; - - // Sample of equivalence classes in this bucket. The total number of - // classes returned per bucket is capped at 20. - repeated LDiversityEquivalenceClass bucket_values = 4; - } - - // Histogram of l-diversity equivalence class sensitive value frequencies. - repeated LDiversityHistogramBucket sensitive_value_frequency_histogram_buckets = 5; - } - - // Result of the reidentifiability analysis. Note that these results are an - // estimation, not exact values. - message KMapEstimationResult { - // A tuple of values for the quasi-identifier columns. - message KMapEstimationQuasiIdValues { - // The quasi-identifier values. - repeated Value quasi_ids_values = 1; - - // The estimated anonymity for these quasi-identifier values. - int64 estimated_anonymity = 2; - } - - // A KMapEstimationHistogramBucket message with the following values: - // min_anonymity: 3 - // max_anonymity: 5 - // frequency: 42 - // means that there are 42 records whose quasi-identifier values correspond - // to 3, 4 or 5 people in the overlying population. An important particular - // case is when min_anonymity = max_anonymity = 1: the frequency field then - // corresponds to the number of uniquely identifiable records. - message KMapEstimationHistogramBucket { - // Always positive. - int64 min_anonymity = 1; - - // Always greater than or equal to min_anonymity. - int64 max_anonymity = 2; - - // Number of records within these anonymity bounds. - int64 bucket_size = 5; - - // Sample of quasi-identifier tuple values in this bucket. The total - // number of classes returned per bucket is capped at 20. - repeated KMapEstimationQuasiIdValues bucket_values = 6; - } - - // The intervals [min_anonymity, max_anonymity] do not overlap. If a value - // doesn't correspond to any such interval, the associated frequency is - // zero. For example, the following records: - // {min_anonymity: 1, max_anonymity: 1, frequency: 17} - // {min_anonymity: 2, max_anonymity: 3, frequency: 42} - // {min_anonymity: 5, max_anonymity: 10, frequency: 99} - // mean that there are no record with an estimated anonymity of 4, 5, or - // larger than 10. - repeated KMapEstimationHistogramBucket k_map_estimation_histogram = 1; - } - - // Privacy metric to compute. - PrivacyMetric requested_privacy_metric = 1; - - // Input dataset to compute metrics over. - BigQueryTable requested_source_table = 2; - - // Values associated with this metric. - oneof result { - NumericalStatsResult numerical_stats_result = 3; - - CategoricalStatsResult categorical_stats_result = 4; - - KAnonymityResult k_anonymity_result = 5; - - LDiversityResult l_diversity_result = 6; - - KMapEstimationResult k_map_estimation_result = 7; - } -} - -// A value of a field, including its frequency. -message ValueFrequency { - // A value contained in the field in question. - Value value = 1; - - // How many times the value is contained in the field. - int64 count = 2; -} - -// Set of primitive values supported by the system. -// Note that for the purposes of inspection or transformation, the number -// of bytes considered to comprise a 'Value' is based on its representation -// as a UTF-8 encoded string. For example, if 'integer_value' is set to -// 123456789, the number of bytes would be counted as 9, even though an -// int64 only holds up to 8 bytes of data. -message Value { - oneof type { - int64 integer_value = 1; - - double float_value = 2; - - string string_value = 3; - - bool boolean_value = 4; - - google.protobuf.Timestamp timestamp_value = 5; - - google.type.TimeOfDay time_value = 6; - - google.type.Date date_value = 7; - - google.type.DayOfWeek day_of_week_value = 8; - } -} - -// Message for infoType-dependent details parsed from quote. -message QuoteInfo { - // Object representation of the quote. - oneof parsed_quote { - DateTime date_time = 2; - } -} - -// Message for a date time object. -message DateTime { - message TimeZone { - // Set only if the offset can be determined. Positive for time ahead of UTC. - // E.g. For "UTC-9", this value is -540. - int32 offset_minutes = 1; - } - - // One or more of the following must be set. All fields are optional, but - // when set must be valid date or time values. - google.type.Date date = 1; - - google.type.DayOfWeek day_of_week = 2; - - google.type.TimeOfDay time = 3; - - TimeZone time_zone = 4; -} - -// The configuration that controls how the data will change. -message DeidentifyConfig { - oneof transformation { - // Treat the dataset as free-form text and apply the same free text - // transformation everywhere. - InfoTypeTransformations info_type_transformations = 1; - - // Treat the dataset as structured. Transformations can be applied to - // specific locations within structured datasets, such as transforming - // a column within a table. - RecordTransformations record_transformations = 2; - } -} - -// A rule for transforming a value. -message PrimitiveTransformation { - oneof transformation { - ReplaceValueConfig replace_config = 1; - - RedactConfig redact_config = 2; - - CharacterMaskConfig character_mask_config = 3; - - CryptoReplaceFfxFpeConfig crypto_replace_ffx_fpe_config = 4; - - FixedSizeBucketingConfig fixed_size_bucketing_config = 5; - - BucketingConfig bucketing_config = 6; - - ReplaceWithInfoTypeConfig replace_with_info_type_config = 7; - - TimePartConfig time_part_config = 8; - - CryptoHashConfig crypto_hash_config = 9; - - DateShiftConfig date_shift_config = 11; - } -} - -// For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a -// portion of the value. -message TimePartConfig { - enum TimePart { - TIME_PART_UNSPECIFIED = 0; - - // [0-9999] - YEAR = 1; - - // [1-12] - MONTH = 2; - - // [1-31] - DAY_OF_MONTH = 3; - - // [1-7] - DAY_OF_WEEK = 4; - - // [1-52] - WEEK_OF_YEAR = 5; - - // [0-23] - HOUR_OF_DAY = 6; - } - - TimePart part_to_extract = 1; -} - -// Pseudonymization method that generates surrogates via cryptographic hashing. -// Uses SHA-256. -// The key size must be either 32 or 64 bytes. -// Outputs a 32 byte digest as an uppercase hex string -// (for example, 41D1567F7F99F1DC2A5FAB886DEE5BEE). -// Currently, only string and integer values can be hashed. -message CryptoHashConfig { - // The key used by the hash function. - CryptoKey crypto_key = 1; -} - -// Replace each input value with a given `Value`. -message ReplaceValueConfig { - // Value to replace it with. - Value new_value = 1; -} - -// Replace each matching finding with the name of the info_type. -message ReplaceWithInfoTypeConfig { - -} - -// Redact a given value. For example, if used with an `InfoTypeTransformation` -// transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the -// output would be 'My phone number is '. -message RedactConfig { - -} - -// Characters to skip when doing deidentification of a value. These will be left -// alone and skipped. -message CharsToIgnore { - enum CommonCharsToIgnore { - COMMON_CHARS_TO_IGNORE_UNSPECIFIED = 0; - - // 0-9 - NUMERIC = 1; - - // A-Z - ALPHA_UPPER_CASE = 2; - - // a-z - ALPHA_LOWER_CASE = 3; - - // US Punctuation, one of !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ - PUNCTUATION = 4; - - // Whitespace character, one of [ \t\n\x0B\f\r] - WHITESPACE = 5; - } - - oneof characters { - string characters_to_skip = 1; - - CommonCharsToIgnore common_characters_to_ignore = 2; - } -} - -// Partially mask a string by replacing a given number of characters with a -// fixed character. Masking can start from the beginning or end of the string. -// This can be used on data of any type (numbers, longs, and so on) and when -// de-identifying structured data we'll attempt to preserve the original data's -// type. (This allows you to take a long like 123 and modify it to a string like -// **3. -message CharacterMaskConfig { - // Character to mask the sensitive values—for example, "*" for an - // alphabetic string such as name, or "0" for a numeric string such as ZIP - // code or credit card number. String must have length 1. If not supplied, we - // will default to "*" for strings, 0 for digits. - string masking_character = 1; - - // Number of characters to mask. If not set, all matching chars will be - // masked. Skipped characters do not count towards this tally. - int32 number_to_mask = 2; - - // Mask characters in reverse order. For example, if `masking_character` is - // '0', number_to_mask is 14, and `reverse_order` is false, then - // 1234-5678-9012-3456 -> 00000000000000-3456 - // If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` - // is true, then 12345 -> 12*** - bool reverse_order = 3; - - // When masking a string, items in this list will be skipped when replacing. - // For example, if your string is 555-555-5555 and you ask us to skip `-` and - // mask 5 chars with * we would produce ***-*55-5555. - repeated CharsToIgnore characters_to_ignore = 4; -} - -// Buckets values based on fixed size ranges. The -// Bucketing transformation can provide all of this functionality, -// but requires more configuration. This message is provided as a convenience to -// the user for simple bucketing strategies. -// -// The transformed value will be a hyphenated string of -// -, i.e if lower_bound = 10 and upper_bound = 20 -// all values that are within this bucket will be replaced with "10-20". -// -// This can be used on data of type: double, long. -// -// If the bound Value type differs from the type of data -// being transformed, we will first attempt converting the type of the data to -// be transformed to match the type of the bound before comparing. -message FixedSizeBucketingConfig { - // Lower bound value of buckets. All values less than `lower_bound` are - // grouped together into a single bucket; for example if `lower_bound` = 10, - // then all values less than 10 are replaced with the value “-10”. [Required]. - Value lower_bound = 1; - - // Upper bound value of buckets. All values greater than upper_bound are - // grouped together into a single bucket; for example if `upper_bound` = 89, - // then all values greater than 89 are replaced with the value “89+”. - // [Required]. - Value upper_bound = 2; - - // Size of each bucket (except for minimum and maximum buckets). So if - // `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the - // following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, - // 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. - double bucket_size = 3; -} - -// Generalization function that buckets values based on ranges. The ranges and -// replacement values are dynamically provided by the user for custom behavior, -// such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH -// This can be used on -// data of type: number, long, string, timestamp. -// If the bound `Value` type differs from the type of data being transformed, we -// will first attempt converting the type of the data to be transformed to match -// the type of the bound before comparing. -message BucketingConfig { - // Bucket is represented as a range, along with replacement values. - message Bucket { - // Lower bound of the range, inclusive. Type should be the same as max if - // used. - Value min = 1; - - // Upper bound of the range, exclusive; type must match min. - Value max = 2; - - // Replacement value for this bucket. If not provided - // the default behavior will be to hyphenate the min-max range. - Value replacement_value = 3; - } - - // Set of buckets. Ranges must be non-overlapping. - repeated Bucket buckets = 1; -} - -// Replaces an identifier with a surrogate using FPE with the FFX -// mode of operation; however when used in the `ReidentifyContent` API method, -// it serves the opposite function by reversing the surrogate back into -// the original identifier. -// The identifier must be encoded as ASCII. -// For a given crypto key and context, the same identifier will be -// replaced with the same surrogate. -// Identifiers must be at least two characters long. -// In the case that the identifier is the empty string, it will be skipped. -message CryptoReplaceFfxFpeConfig { - // These are commonly used subsets of the alphabet that the FFX mode - // natively supports. In the algorithm, the alphabet is selected using - // the "radix". Therefore each corresponds to particular radix. - enum FfxCommonNativeAlphabet { - FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0; - - // [0-9] (radix of 10) - NUMERIC = 1; - - // [0-9A-F] (radix of 16) - HEXADECIMAL = 2; - - // [0-9A-Z] (radix of 36) - UPPER_CASE_ALPHA_NUMERIC = 3; - - // [0-9A-Za-z] (radix of 62) - ALPHA_NUMERIC = 4; - } - - // The key used by the encryption algorithm. [required] - CryptoKey crypto_key = 1; - - // The 'tweak', a context may be used for higher security since the same - // identifier in two different contexts won't be given the same surrogate. If - // the context is not set, a default tweak will be used. - // - // If the context is set but: - // - // 1. there is no record present when transforming a given value or - // 1. the field is not present when transforming a given value, - // - // a default tweak will be used. - // - // Note that case (1) is expected when an `InfoTypeTransformation` is - // applied to both structured and non-structured `ContentItem`s. - // Currently, the referenced field may be of value type integer or string. - // - // The tweak is constructed as a sequence of bytes in big endian byte order - // such that: - // - // - a 64 bit integer is encoded followed by a single byte of value 1 - // - a string is encoded in UTF-8 format followed by a single byte of value - // å 2 - FieldId context = 2; - - oneof alphabet { - FfxCommonNativeAlphabet common_alphabet = 4; - - // This is supported by mapping these to the alphanumeric characters - // that the FFX mode natively supports. This happens before/after - // encryption/decryption. - // Each character listed must appear only once. - // Number of characters must be in the range [2, 62]. - // This must be encoded as ASCII. - // The order of characters does not matter. - string custom_alphabet = 5; - - // The native way to select the alphabet. Must be in the range [2, 62]. - int32 radix = 6; - } - - // The custom infoType to annotate the surrogate with. - // This annotation will be applied to the surrogate by prefixing it with - // the name of the custom infoType followed by the number of - // characters comprising the surrogate. The following scheme defines the - // format: info_type_name(surrogate_character_count):surrogate - // - // For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and - // the surrogate is 'abc', the full replacement value - // will be: 'MY_TOKEN_INFO_TYPE(3):abc' - // - // This annotation identifies the surrogate when inspecting content using the - // custom infoType - // [`SurrogateType`](/dlp/docs/reference/rest/v2beta2/InspectConfig#surrogatetype). - // This facilitates reversal of the surrogate when it occurs in free text. - // - // In order for inspection to work properly, the name of this infoType must - // not occur naturally anywhere in your data; otherwise, inspection may - // find a surrogate that does not correspond to an actual identifier. - // Therefore, choose your custom infoType name carefully after considering - // what your data looks like. One way to select a name that has a high chance - // of yielding reliable detection is to include one or more unicode characters - // that are highly improbable to exist in your data. - // For example, assuming your data is entered from a regular ASCII keyboard, - // the symbol with the hex code point 29DD might be used like so: - // ⧝MY_TOKEN_TYPE - InfoType surrogate_info_type = 8; -} - -// This is a data encryption key (DEK) (as opposed to -// a key encryption key (KEK) stored by KMS). -// When using KMS to wrap/unwrap DEKs, be sure to set an appropriate -// IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot -// unwrap the data crypto key. -message CryptoKey { - oneof source { - TransientCryptoKey transient = 1; - - UnwrappedCryptoKey unwrapped = 2; - - KmsWrappedCryptoKey kms_wrapped = 3; - } -} - -// Use this to have a random data crypto key generated. -// It will be discarded after the request finishes. -message TransientCryptoKey { - // Name of the key. [required] - // This is an arbitrary string used to differentiate different keys. - // A unique key is generated per name: two separate `TransientCryptoKey` - // protos share the same generated key if their names are the same. - // When the data crypto key is generated, this name is not used in any way - // (repeating the api call will result in a different key being generated). - string name = 1; -} - -// Using raw keys is prone to security risks due to accidentally -// leaking the key. Choose another type of key if possible. -message UnwrappedCryptoKey { - // The AES 128/192/256 bit key. [required] - bytes key = 1; -} - -// Include to use an existing data crypto key wrapped by KMS. -// Authorization requires the following IAM permissions when sending a request -// to perform a crypto transformation using a kms-wrapped crypto key: -// dlp.kms.encrypt -message KmsWrappedCryptoKey { - // The wrapped data crypto key. [required] - bytes wrapped_key = 1; - - // The resource name of the KMS CryptoKey to use for unwrapping. [required] - string crypto_key_name = 2; -} - -// Shifts dates by random number of days, with option to be consistent for the -// same context. -message DateShiftConfig { - // Range of shift in days. Actual shift will be selected at random within this - // range (inclusive ends). Negative means shift to earlier in time. Must not - // be more than 365250 days (1000 years) each direction. - // - // For example, 3 means shift date to at most 3 days into the future. - // [Required] - int32 upper_bound_days = 1; - - // For example, -5 means shift date to at most 5 days back in the past. - // [Required] - int32 lower_bound_days = 2; - - // Points to the field that contains the context, for example, an entity id. - // If set, must also set method. If set, shift will be consistent for the - // given context. - FieldId context = 3; - - // Method for calculating shift that takes context into consideration. If - // set, must also set context. Can only be applied to table items. - oneof method { - // Causes the shift to be computed based on this key and the context. This - // results in the same shift for the same context and crypto_key. - CryptoKey crypto_key = 4; - } -} - -// A type of transformation that will scan unstructured text and -// apply various `PrimitiveTransformation`s to each finding, where the -// transformation is applied to only values that were identified as a specific -// info_type. -message InfoTypeTransformations { - // A transformation to apply to text that is identified as a specific - // info_type. - message InfoTypeTransformation { - // InfoTypes to apply the transformation to. Empty list will match all - // available infoTypes for this transformation. - repeated InfoType info_types = 1; - - // Primitive transformation to apply to the infoType. [required] - PrimitiveTransformation primitive_transformation = 2; - } - - // Transformation for each infoType. Cannot specify more than one - // for a given infoType. [required] - repeated InfoTypeTransformation transformations = 1; -} - -// The transformation to apply to the field. -message FieldTransformation { - // Input field(s) to apply the transformation to. [required] - repeated FieldId fields = 1; - - // Only apply the transformation if the condition evaluates to true for the - // given `RecordCondition`. The conditions are allowed to reference fields - // that are not used in the actual transformation. [optional] - // - // Example Use Cases: - // - // - Apply a different bucket transformation to an age column if the zip code - // column for the same record is within a specific range. - // - Redact a field if the date of birth field is greater than 85. - RecordCondition condition = 3; - - // Transformation to apply. [required] - oneof transformation { - // Apply the transformation to the entire field. - PrimitiveTransformation primitive_transformation = 4; - - // Treat the contents of the field as free text, and selectively - // transform content that matches an `InfoType`. - InfoTypeTransformations info_type_transformations = 5; - } -} - -// A type of transformation that is applied over structured data such as a -// table. -message RecordTransformations { - // Transform the record by applying various field transformations. - repeated FieldTransformation field_transformations = 1; - - // Configuration defining which records get suppressed entirely. Records that - // match any suppression rule are omitted from the output [optional]. - repeated RecordSuppression record_suppressions = 2; -} - -// Configuration to suppress records whose suppression conditions evaluate to -// true. -message RecordSuppression { - // A condition that when it evaluates to true will result in the record being - // evaluated to be suppressed from the transformed content. - RecordCondition condition = 1; -} - -// A condition for determining whether a transformation should be applied to -// a field. -message RecordCondition { - // The field type of `value` and `field` do not need to match to be - // considered equal, but not all comparisons are possible. - // - // A `value` of type: - // - // - `string` can be compared against all other types - // - `boolean` can only be compared against other booleans - // - `integer` can be compared against doubles or a string if the string value - // can be parsed as an integer. - // - `double` can be compared against integers or a string if the string can - // be parsed as a double. - // - `Timestamp` can be compared against strings in RFC 3339 date string - // format. - // - `TimeOfDay` can be compared against timestamps and strings in the format - // of 'HH:mm:ss'. - // - // If we fail to compare do to type mismatch, a warning will be given and - // the condition will evaluate to false. - message Condition { - // Field within the record this condition is evaluated against. [required] - FieldId field = 1; - - // Operator used to compare the field or infoType to the value. [required] - RelationalOperator operator = 3; - - // Value to compare against. [Required, except for `EXISTS` tests.] - Value value = 4; - } - - // A collection of conditions. - message Conditions { - repeated Condition conditions = 1; - } - - // An expression, consisting or an operator and conditions. - message Expressions { - enum LogicalOperator { - LOGICAL_OPERATOR_UNSPECIFIED = 0; - - AND = 1; - } - - // The operator to apply to the result of conditions. Default and currently - // only supported value is `AND`. - LogicalOperator logical_operator = 1; - - oneof type { - Conditions conditions = 3; - } - } - - // An expression. - Expressions expressions = 3; -} - -// Overview of the modifications that occurred. -message TransformationOverview { - // Total size in bytes that were transformed in some way. - int64 transformed_bytes = 2; - - // Transformations applied to the dataset. - repeated TransformationSummary transformation_summaries = 3; -} - -// Summary of a single tranformation. -// Only one of 'transformation', 'field_transformation', or 'record_suppress' -// will be set. -message TransformationSummary { - // A collection that informs the user the number of times a particular - // `TransformationResultCode` and error details occurred. - message SummaryResult { - int64 count = 1; - - TransformationResultCode code = 2; - - // A place for warnings or errors to show up if a transformation didn't - // work as expected. - string details = 3; - } - - // Possible outcomes of transformations. - enum TransformationResultCode { - TRANSFORMATION_RESULT_CODE_UNSPECIFIED = 0; - - SUCCESS = 1; - - ERROR = 2; - } - - // Set if the transformation was limited to a specific info_type. - InfoType info_type = 1; - - // Set if the transformation was limited to a specific FieldId. - FieldId field = 2; - - // The specific transformation these stats apply to. - PrimitiveTransformation transformation = 3; - - // The field transformation that was applied. - // If multiple field transformations are requested for a single field, - // this list will contain all of them; otherwise, only one is supplied. - repeated FieldTransformation field_transformations = 5; - - // The specific suppression option these stats apply to. - RecordSuppression record_suppress = 6; - - repeated SummaryResult results = 4; - - // Total size in bytes that were transformed in some way. - int64 transformed_bytes = 7; -} - -// Schedule for triggeredJobs. -message Schedule { - oneof option { - // With this option a job is started a regular periodic basis. For - // example: every 10 minutes. - // - // A scheduled start time will be skipped if the previous - // execution has not ended when its scheduled time occurs. - // - // This value must be set to a time duration greater than or equal - // to 60 minutes and can be no longer than 60 days. - google.protobuf.Duration reccurrence_period_duration = 1; - } -} - -// The inspectTemplate contains a configuration (set of types of sensitive data -// to be detected) to be used anywhere you otherwise would normally specify -// InspectConfig. -message InspectTemplate { - // The template name. Output only. - // - // The template will have one of the following formats: - // `projects/PROJECT_ID/inspectTemplates/TEMPLATE_ID` OR - // `organizations/ORGANIZATION_ID/inspectTemplates/TEMPLATE_ID` - string name = 1; - - // Display name (max 256 chars). - string display_name = 2; - - // Short description (max 256 chars). - string description = 3; - - // The creation timestamp of a inspectTemplate, output only field. - google.protobuf.Timestamp create_time = 4; - - // The last update timestamp of a inspectTemplate, output only field. - google.protobuf.Timestamp update_time = 5; - - // The core content of the template. Configuration of the scanning process. - InspectConfig inspect_config = 6; -} - -// The DeidentifyTemplates contains instructions on how to deidentify content. -message DeidentifyTemplate { - // The template name. Output only. - // - // The template will have one of the following formats: - // `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR - // `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` - string name = 1; - - // Display name (max 256 chars). - string display_name = 2; - - // Short description (max 256 chars). - string description = 3; - - // The creation timestamp of a inspectTemplate, output only field. - google.protobuf.Timestamp create_time = 4; - - // The last update timestamp of a inspectTemplate, output only field. - google.protobuf.Timestamp update_time = 5; - - // ///////////// // The core content of the template // /////////////// - DeidentifyConfig deidentify_config = 6; -} - -// Contains a configuration to make dlp api calls on a repeating basis. -message JobTrigger { - // What event needs to occur for a new job to be started. - message Trigger { - oneof trigger { - // Create a job on a repeating basis based on the elapse of time. - Schedule schedule = 1; - } - } - - // The results of an unsuccessful activation of the JobTrigger. - message Error { - google.rpc.Status details = 1; - - // The times the error occurred. - repeated google.protobuf.Timestamp timestamps = 2; - } - - // Whether the trigger is currently active. If PAUSED or CANCELLED, no jobs - // will be created with this configuration. The service may automatically - // pause triggers experiencing frequent errors. To restart a job, set the - // status to HEALTHY after correcting user errors. - enum Status { - STATUS_UNSPECIFIED = 0; - - // Trigger is healthy. - HEALTHY = 1; - - // Trigger is temporarily paused. - PAUSED = 2; - - // Trigger is cancelled and can not be resumed. - CANCELLED = 3; - } - - // Unique resource name for the triggeredJob, assigned by the service when the - // triggeredJob is created, for example - // `projects/dlp-test-project/triggeredJobs/53234423`. - string name = 1; - - // Display name (max 100 chars) - string display_name = 2; - - // User provided description (max 256 chars) - string description = 3; - - // The configuration details for the specific type of job to run. - oneof job { - InspectJobConfig inspect_job = 4; - } - - // A list of triggers which will be OR'ed together. Only one in the list - // needs to trigger for a job to be started. The list may contain only - // a single Schedule trigger and must have at least one object. - repeated Trigger triggers = 5; - - // A stream of errors encountered when the trigger was activated. Repeated - // errors may result in the JobTrigger automaticaly being paused. - // Will return the last 100 errors. Whenever the JobTrigger is modified - // this list will be cleared. Output only field. - repeated Error errors = 6; - - // The creation timestamp of a triggeredJob, output only field. - google.protobuf.Timestamp create_time = 7; - - // The last update timestamp of a triggeredJob, output only field. - google.protobuf.Timestamp update_time = 8; - - // The timestamp of the last time this trigger executed. - google.protobuf.Timestamp last_run_time = 9; - - // A status for this trigger. [required] - Status status = 10; -} - -// A task to execute on the completion of a job. -message Action { - // If set, the detailed findings will be persisted to the specified - // OutputStorageConfig. Compatible with: Inspect - message SaveFindings { - OutputStorageConfig output_config = 1; - } - - // Publish the results of a DlpJob to a pub sub channel. - // Compatible with: Inpect, Risk - message PublishToPubSub { - // Cloud Pub/Sub topic to send notifications to. The topic must have given - // publishing access rights to the DLP API service account executing - // the long running DlpJob sending the notifications. - // Format is projects/{project}/topics/{topic}. - string topic = 1; - } - - oneof action { - // Save resulting findings in a provided location. - SaveFindings save_findings = 1; - - // Publish a notification to a pubsub topic. - PublishToPubSub pub_sub = 2; - } -} - -// Request message for CreateInspectTemplate. -message CreateInspectTemplateRequest { - // The parent resource name, for example projects/my-project-id or - // organizations/my-org-id. - string parent = 1; - - // The InspectTemplate to create. - InspectTemplate inspect_template = 2; - - // The template id can contain uppercase and lowercase letters, - // numbers, and hyphens; that is, it must match the regular - // expression: `[a-zA-Z\\d-]+`. The maximum length is 100 - // characters. Can be empty to allow the system to generate one. - string template_id = 3; -} - -// Request message for UpdateInspectTemplate. -message UpdateInspectTemplateRequest { - // Resource name of organization and inspectTemplate to be updated, for - // example `organizations/433245324/inspectTemplates/432452342` or - // projects/project-id/inspectTemplates/432452342. - string name = 1; - - // New InspectTemplate value. - InspectTemplate inspect_template = 2; - - // Mask to control which fields get updated. - google.protobuf.FieldMask update_mask = 3; -} - -// Request message for GetInspectTemplate. -message GetInspectTemplateRequest { - // Resource name of the organization and inspectTemplate to be read, for - // example `organizations/433245324/inspectTemplates/432452342` or - // projects/project-id/inspectTemplates/432452342. - string name = 1; -} - -// Request message for ListInspectTemplates. -message ListInspectTemplatesRequest { - // The parent resource name, for example projects/my-project-id or - // organizations/my-org-id. - string parent = 1; - - // Optional page token to continue retrieval. Comes from previous call - // to `ListInspectTemplates`. - string page_token = 2; - - // Optional size of the page, can be limited by server. If zero server returns - // a page of max size 100. - int32 page_size = 3; -} - -// Response message for ListInspectTemplates. -message ListInspectTemplatesResponse { - // List of inspectTemplates, up to page_size in ListInspectTemplatesRequest. - repeated InspectTemplate inspect_templates = 1; - - // If the next page is available then the next page token to be used - // in following ListInspectTemplates request. - string next_page_token = 2; -} - -// Request message for DeleteInspectTemplate. -message DeleteInspectTemplateRequest { - // Resource name of the organization and inspectTemplate to be deleted, for - // example `organizations/433245324/inspectTemplates/432452342` or - // projects/project-id/inspectTemplates/432452342. - string name = 1; -} - -// Request message for CreateJobTrigger. -message CreateJobTriggerRequest { - // The parent resource name, for example projects/my-project-id. - string parent = 1; - - // The JobTrigger to create. - JobTrigger job_trigger = 2; - - // The trigger id can contain uppercase and lowercase letters, - // numbers, and hyphens; that is, it must match the regular - // expression: `[a-zA-Z\\d-]+`. The maximum length is 100 - // characters. Can be empty to allow the system to generate one. - string trigger_id = 3; -} - -// Request message for UpdateJobTrigger. -message UpdateJobTriggerRequest { - // Resource name of the project and the triggeredJob, for example - // `projects/dlp-test-project/jobTriggers/53234423`. - string name = 1; - - // New JobTrigger value. - JobTrigger job_trigger = 2; - - // Mask to control which fields get updated. - google.protobuf.FieldMask update_mask = 3; -} - -// Request message for GetJobTrigger. -message GetJobTriggerRequest { - // Resource name of the project and the triggeredJob, for example - // `projects/dlp-test-project/jobTriggers/53234423`. - string name = 1; -} - -// Request message for ListJobTriggers. -message ListJobTriggersRequest { - // The parent resource name, for example projects/my-project-id. - string parent = 1; - - // Optional page token to continue retrieval. Comes from previous call - // to ListJobTriggers. `order_by` and `filter` should not change for - // subsequent calls, but can be omitted if token is specified. - string page_token = 2; - - // Optional size of the page, can be limited by a server. - int32 page_size = 3; - - // Optional comma separated list of triggeredJob fields to order by, - // followed by 'asc/desc' postfix, i.e. - // `"create_time asc,name desc,schedule_mode asc"`. This list is - // case-insensitive. - // - // Example: `"name asc,schedule_mode desc, status desc"` - // - // Supported filters keys and values are: - // - // - `create_time`: corresponds to time the triggeredJob was created. - // - `update_time`: corresponds to time the triggeredJob was last updated. - // - `name`: corresponds to JobTrigger's display name. - // - `status`: corresponds to the triggeredJob status. - string order_by = 4; -} - -// Response message for ListJobTriggers. -message ListJobTriggersResponse { - // List of triggeredJobs, up to page_size in ListJobTriggersRequest. - repeated JobTrigger job_triggers = 1; - - // If the next page is available then the next page token to be used - // in following ListJobTriggers request. - string next_page_token = 2; -} - -// Request message for DeleteJobTrigger. -message DeleteJobTriggerRequest { - // Resource name of the project and the triggeredJob, for example - // `projects/dlp-test-project/jobTriggers/53234423`. - string name = 1; -} - -message InspectJobConfig { - // The data to scan. - StorageConfig storage_config = 1; - - // Where to put the findings. - OutputStorageConfig output_config = 2; - - // How and what to scan for. - InspectConfig inspect_config = 3; - - // If provided, will be used as the default for all values in InspectConfig. - // `inspect_config` will be merged into the values persisted as part of the - // template. - string inspect_template_name = 4; - - // Actions to execute at the completion of the job. Are executed in the order - // provided. - repeated Action actions = 5; -} - -// Combines all of the information about a DLP job. -message DlpJob { - enum JobState { - JOB_STATE_UNSPECIFIED = 0; - - // The job has not yet started. - PENDING = 1; - - // The job is currently running. - RUNNING = 2; - - // The job is no longer running. - DONE = 3; - - // The job was canceled before it could complete. - CANCELED = 4; - - // The job had an error and did not complete. - FAILED = 5; - } - - // The server-assigned name. - string name = 1; - - // The type of job. - DlpJobType type = 2; - - // State of a job. - JobState state = 3; - - oneof details { - // Results from analyzing risk of a data source. - AnalyzeDataSourceRiskDetails risk_details = 4; - - // Results from inspecting a data source. - InspectDataSourceDetails inspect_details = 5; - } - - // Time when the job was created. - google.protobuf.Timestamp create_time = 6; - - // Time when the job started. - google.protobuf.Timestamp start_time = 7; - - // Time when the job finished. - google.protobuf.Timestamp end_time = 8; - - // A stream of errors encountered running the job. - repeated google.rpc.Status error_results = 9; - - // If created by a job trigger, the resource name of the trigger that - // instantiated the job. - string job_trigger_name = 10; -} - -// The request message for [DlpJobs.GetDlpJob][]. -message GetDlpJobRequest { - // The name of the DlpJob resource. - string name = 1; -} - -// The request message for listing DLP jobs. -message ListDlpJobsRequest { - // The parent resource name, for example projects/my-project-id. - string parent = 4; - - // Optional. Allows filtering. - // - // Supported syntax: - // - // * Filter expressions are made up of one or more restrictions. - // * Restrictions can be combined by `AND` or `OR` logical operators. A - // sequence of restrictions implicitly uses `AND`. - // * A restriction has the form of ` `. - // * Supported fields/values for inspect jobs: - // - `state` - PENDING|RUNNING|CANCELED|FINISHED|FAILED - // - `inspected_storage` - DATASTORE|CLOUD_STORAGE|BIGQUERY - // - `trigger_name` - The resource name of the trigger that created job. - // * Supported fields for risk analysis jobs: - // - `state` - RUNNING|CANCELED|FINISHED|FAILED - // * The operator must be `=` or `!=`. - // - // Examples: - // - // * inspected_storage = cloud_storage AND state = done - // * inspected_storage = cloud_storage OR inspected_storage = bigquery - // * inspected_storage = cloud_storage AND (state = done OR state = canceled) - // - // The length of this field should be no more than 500 characters. - string filter = 1; - - // The standard list page size. - int32 page_size = 2; - - // The standard list page token. - string page_token = 3; - - // The type of job. Defaults to `DlpJobType.INSPECT` - DlpJobType type = 5; -} - -// The response message for listing DLP jobs. -message ListDlpJobsResponse { - // A list of DlpJobs that matches the specified filter in the request. - repeated DlpJob jobs = 1; - - // The standard List next-page token. - string next_page_token = 2; -} - -// The request message for canceling a DLP job. -message CancelDlpJobRequest { - // The name of the DlpJob resource to be cancelled. - string name = 1; -} - -// The request message for deleting a DLP job. -message DeleteDlpJobRequest { - // The name of the DlpJob resource to be deleted. - string name = 1; -} - -// Request message for CreateDeidentifyTemplate. -message CreateDeidentifyTemplateRequest { - // The parent resource name, for example projects/my-project-id or - // organizations/my-org-id. - string parent = 1; - - // The DeidentifyTemplate to create. - DeidentifyTemplate deidentify_template = 2; - - // The template id can contain uppercase and lowercase letters, - // numbers, and hyphens; that is, it must match the regular - // expression: `[a-zA-Z\\d-]+`. The maximum length is 100 - // characters. Can be empty to allow the system to generate one. - string template_id = 3; -} - -// Request message for UpdateDeidentifyTemplate. -message UpdateDeidentifyTemplateRequest { - // Resource name of organization and deidentify template to be updated, for - // example `organizations/433245324/deidentifyTemplates/432452342` or - // projects/project-id/deidentifyTemplates/432452342. - string name = 1; - - // New DeidentifyTemplate value. - DeidentifyTemplate deidentify_template = 2; - - // Mask to control which fields get updated. - google.protobuf.FieldMask update_mask = 3; -} - -// Request message for GetDeidentifyTemplate. -message GetDeidentifyTemplateRequest { - // Resource name of the organization and deidentify template to be read, for - // example `organizations/433245324/deidentifyTemplates/432452342` or - // projects/project-id/deidentifyTemplates/432452342. - string name = 1; -} - -// Request message for ListDeidentifyTemplates. -message ListDeidentifyTemplatesRequest { - // The parent resource name, for example projects/my-project-id or - // organizations/my-org-id. - string parent = 1; - - // Optional page token to continue retrieval. Comes from previous call - // to `ListDeidentifyTemplates`. - string page_token = 2; - - // Optional size of the page, can be limited by server. If zero server returns - // a page of max size 100. - int32 page_size = 3; -} - -// Response message for ListDeidentifyTemplates. -message ListDeidentifyTemplatesResponse { - // List of deidentify templates, up to page_size in - // ListDeidentifyTemplatesRequest. - repeated DeidentifyTemplate deidentify_templates = 1; - - // If the next page is available then the next page token to be used - // in following ListDeidentifyTemplates request. - string next_page_token = 2; -} - -// Request message for DeleteDeidentifyTemplate. -message DeleteDeidentifyTemplateRequest { - // Resource name of the organization and deidentify template to be deleted, - // for example `organizations/433245324/deidentifyTemplates/432452342` or - // projects/project-id/deidentifyTemplates/432452342. - string name = 1; -} - -// Parts of the APIs which use certain infoTypes. -enum InfoTypeSupportedBy { - ENUM_TYPE_UNSPECIFIED = 0; - - // Supported by the inspect operations. - INSPECT = 1; - - // Supported by the risk analysis operations. - RISK_ANALYSIS = 2; -} - -// Operators available for comparing the value of fields. -enum RelationalOperator { - RELATIONAL_OPERATOR_UNSPECIFIED = 0; - - // Equal. - EQUAL_TO = 1; - - // Not equal to. - NOT_EQUAL_TO = 2; - - // Greater than. - GREATER_THAN = 3; - - // Less than. - LESS_THAN = 4; - - // Greater than or equals. - GREATER_THAN_OR_EQUALS = 5; - - // Less than or equals. - LESS_THAN_OR_EQUALS = 6; - - // Exists - EXISTS = 7; -} - -// An enum to represent the various type of DLP jobs. -enum DlpJobType { - DLP_JOB_TYPE_UNSPECIFIED = 0; - - // The job inspected Google Cloud for sensitive data. - INSPECT_JOB = 1; - - // The job executed a Risk Analysis computation. - RISK_ANALYSIS_JOB = 2; -} diff --git a/google/privacy/dlp/v2beta2/dlp_gapic.yaml b/google/privacy/dlp/v2beta2/dlp_gapic.yaml deleted file mode 100644 index 375bcfd2..00000000 --- a/google/privacy/dlp/v2beta2/dlp_gapic.yaml +++ /dev/null @@ -1,493 +0,0 @@ -type: com.google.api.codegen.ConfigProto -config_schema_version: 1.0.0 -language_settings: - java: - package_name: com.google.cloud.dlp.v2beta2 - python: - package_name: google.cloud.dlp_v2beta2.gapic - go: - package_name: cloud.google.com/go/dlp/apiv2beta2 - csharp: - package_name: Google.Cloud.Dlp.V2Beta2 - ruby: - package_name: Google::Cloud::Dlp::V2beta2 - php: - package_name: Google\Cloud\Dlp\V2beta2 - nodejs: - package_name: dlp.v2beta2 - domain_layer_location: google-cloud -license_header: - copyright_file: copyright-google.txt - license_file: license-header-apache-2.0.txt -collection_oneofs: -- oneof_name: deidentify_template_oneof - collection_names: - - organization_deidentify_template - - project_deidentify_template -- oneof_name: inspect_template_oneof - collection_names: - - organization_inspect_template - - project_inspect_template -# A list of API interface configurations. -interfaces: -- name: google.privacy.dlp.v2beta2.DlpService - # A list of resource collection configurations. - # Consists of a name_pattern and an entity_name. - # The name_pattern is a pattern to describe the names of the resources of this - # collection, using the platform's conventions for URI patterns. A generator - # may use this to generate methods to compose and decompose such names. The - # pattern should use named placeholders as in `shelves/{shelf}/books/{book}`; - # those will be taken as hints for the parameter names of the generated - # methods. If empty, no name methods are generated. - # The entity_name is the name to be used as a basis for generated methods and - # classes. - collections: - - name_pattern: organizations/{organization} - entity_name: organization - - name_pattern: organizations/{organization}/deidentifyTemplates/{deidentify_template} - entity_name: organization_deidentify_template - - name_pattern: projects/{project}/deidentifyTemplates/{deidentify_template} - entity_name: project_deidentify_template - - name_pattern: organizations/{organization}/inspectTemplates/{inspect_template} - entity_name: organization_inspect_template - - name_pattern: projects/{project}/inspectTemplates/{inspect_template} - entity_name: project_inspect_template - - name_pattern: projects/{project}/jobTriggers/{job_trigger} - entity_name: project_job_trigger - - name_pattern: projects/{project} - entity_name: project - - name_pattern: projects/{project}/dlpJobs/{dlp_job} - entity_name: dlp_job - # Definition for retryable codes. - retry_codes_def: - - name: idempotent - retry_codes: - - UNAVAILABLE - - DEADLINE_EXCEEDED - - name: non_idempotent - retry_codes: [] - # Definition for retry/backoff parameters. - retry_params_def: - - name: default - initial_retry_delay_millis: 100 - retry_delay_multiplier: 1.3 - max_retry_delay_millis: 60000 - initial_rpc_timeout_millis: 20000 - rpc_timeout_multiplier: 1 - max_rpc_timeout_millis: 20000 - total_timeout_millis: 600000 - # A list of method configurations. - # Common properties: - # - # name - The simple name of the method. - # - # flattening - Specifies the configuration for parameter flattening. - # Describes the parameter groups for which a generator should produce method - # overloads which allow a client to directly pass request message fields as - # method parameters. This information may or may not be used, depending on - # the target language. - # Consists of groups, which each represent a list of parameters to be - # flattened. Each parameter listed must be a field of the request message. - # - # required_fields - Fields that are always required for a request to be - # valid. - # - # request_object_method - Turns on or off the generation of a method whose - # sole parameter is a request object. Not all languages will generate this - # method. - # - # resource_name_treatment - An enum that specifies how to treat the resource - # name formats defined in the field_name_patterns and - # response_field_name_patterns fields. - # UNSET: default value - # NONE: the collection configs will not be used by the generated code. - # VALIDATE: string fields will be validated by the client against the - # specified resource name formats. - # STATIC_TYPES: the client will use generated types for resource names. - # - # page_streaming - Specifies the configuration for paging. - # Describes information for generating a method which transforms a paging - # list RPC into a stream of resources. - # Consists of a request and a response. - # The request specifies request information of the list method. It defines - # which fields match the paging pattern in the request. The request consists - # of a page_size_field and a token_field. The page_size_field is the name of - # the optional field specifying the maximum number of elements to be - # returned in the response. The token_field is the name of the field in the - # request containing the page token. - # The response specifies response information of the list method. It defines - # which fields match the paging pattern in the response. The response - # consists of a token_field and a resources_field. The token_field is the - # name of the field in the response containing the next page token. The - # resources_field is the name of the field in the response containing the - # list of resources belonging to the page. - # - # retry_codes_name - Specifies the configuration for retryable codes. The - # name must be defined in interfaces.retry_codes_def. - # - # retry_params_name - Specifies the configuration for retry/backoff - # parameters. The name must be defined in interfaces.retry_params_def. - # - # field_name_patterns - Maps the field name of the request type to - # entity_name of interfaces.collections. - # Specifies the string pattern that the field must follow. - # - # timeout_millis - Specifies the default timeout for a non-retrying call. If - # the call is retrying, refer to retry_params_name instead. - methods: - - name: InspectContent - required_fields: - - parent - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - parent: project - timeout_millis: 300000 - - name: RedactImage - required_fields: - - parent - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - parent: project - timeout_millis: 300000 - - name: DeidentifyContent - required_fields: - - parent - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - parent: project - timeout_millis: 300000 - - name: ReidentifyContent - required_fields: - - parent - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - parent: project - timeout_millis: 300000 - - name: InspectDataSource - required_fields: - - parent - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: non_idempotent - retry_params_name: default - field_name_patterns: - parent: project - timeout_millis: 300000 - - name: AnalyzeDataSourceRisk - required_fields: - - parent - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: non_idempotent - retry_params_name: default - field_name_patterns: - parent: project - timeout_millis: 300000 - - name: ListInfoTypes - request_object_method: true - retry_codes_name: idempotent - retry_params_name: default - timeout_millis: 300000 - - name: CreateInspectTemplate - required_fields: - - parent - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: non_idempotent - retry_params_name: default - field_name_patterns: - parent: organization - timeout_millis: 300000 - - name: UpdateInspectTemplate - required_fields: - - name - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: non_idempotent - retry_params_name: default - field_name_patterns: - name: inspect_template_oneof - timeout_millis: 300000 - - name: GetInspectTemplate - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - name: inspect_template_oneof - timeout_millis: 300000 - - name: ListInspectTemplates - required_fields: - - parent - request_object_method: true - resource_name_treatment: STATIC_TYPES - page_streaming: - request: - page_size_field: page_size - token_field: page_token - response: - token_field: next_page_token - resources_field: inspect_templates - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - parent: organization - timeout_millis: 300000 - - name: DeleteInspectTemplate - required_fields: - - name - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - name: inspect_template_oneof - timeout_millis: 300000 - - name: CreateDeidentifyTemplate - required_fields: - - parent - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: non_idempotent - retry_params_name: default - field_name_patterns: - parent: organization - timeout_millis: 300000 - - name: UpdateDeidentifyTemplate - required_fields: - - name - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: non_idempotent - retry_params_name: default - field_name_patterns: - name: deidentify_template_oneof - timeout_millis: 300000 - - name: GetDeidentifyTemplate - required_fields: - - name - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - name: deidentify_template_oneof - timeout_millis: 300000 - - name: ListDeidentifyTemplates - required_fields: - - parent - request_object_method: true - resource_name_treatment: STATIC_TYPES - page_streaming: - request: - page_size_field: page_size - token_field: page_token - response: - token_field: next_page_token - resources_field: deidentify_templates - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - parent: organization - timeout_millis: 300000 - - name: DeleteDeidentifyTemplate - required_fields: - - name - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - name: deidentify_template_oneof - timeout_millis: 300000 - - name: ListDlpJobs - required_fields: - - parent - request_object_method: true - resource_name_treatment: STATIC_TYPES - page_streaming: - request: - page_size_field: page_size - token_field: page_token - response: - token_field: next_page_token - resources_field: jobs - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - parent: project - timeout_millis: 300000 - - name: GetDlpJob - required_fields: - - name - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - name: dlp_job - timeout_millis: 300000 - - name: DeleteDlpJob - required_fields: - - name - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - name: dlp_job - timeout_millis: 300000 - - name: CancelDlpJob - required_fields: - - name - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: non_idempotent - retry_params_name: default - field_name_patterns: - name: dlp_job - timeout_millis: 300000 - - name: ListJobTriggers - required_fields: - - parent - request_object_method: true - resource_name_treatment: STATIC_TYPES - page_streaming: - request: - page_size_field: page_size - token_field: page_token - response: - token_field: next_page_token - resources_field: job_triggers - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - parent: project - timeout_millis: 300000 - - name: GetJobTrigger - required_fields: - - name - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - name: project_job_trigger - timeout_millis: 300000 - - name: DeleteJobTrigger - required_fields: - - name - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: idempotent - retry_params_name: default - timeout_millis: 300000 - - name: UpdateJobTrigger - required_fields: - - name - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: non_idempotent - retry_params_name: default - field_name_patterns: - name: project_job_trigger - timeout_millis: 300000 - - name: CreateJobTrigger - required_fields: - - parent - request_object_method: true - resource_name_treatment: STATIC_TYPES - retry_codes_name: non_idempotent - retry_params_name: default - field_name_patterns: - parent: project - timeout_millis: 300000 - -resource_name_generation: -- message_name: InspectContentRequest - field_entity_map: - parent: project -- message_name: RedactImageRequest - field_entity_map: - parent: project -- message_name: DeidentifyContentRequest - field_entity_map: - parent: project -- message_name: ReidentifyContentRequest - field_entity_map: - parent: project -- message_name: InspectDataSourceRequest - field_entity_map: - parent: project -- message_name: AnalyzeDataSourceRiskRequest - field_entity_map: - parent: project -- message_name: CreateInspectTemplateRequest - field_entity_map: - parent: organization -- message_name: UpdateInspectTemplateRequest - field_entity_map: - name: inspect_template_oneof -- message_name: GetInspectTemplateRequest - field_entity_map: - name: inspect_template_oneof -- message_name: ListInspectTemplatesRequest - field_entity_map: - parent: organization -- message_name: DeleteInspectTemplateRequest - field_entity_map: - name: inspect_template_oneof -- message_name: CreateDeidentifyTemplateRequest - field_entity_map: - parent: organization -- message_name: UpdateDeidentifyTemplateRequest - field_entity_map: - name: deidentify_template_oneof -- message_name: GetDeidentifyTemplateRequest - field_entity_map: - name: deidentify_template_oneof -- message_name: ListDeidentifyTemplatesRequest - field_entity_map: - parent: organization -- message_name: DeleteDeidentifyTemplateRequest - field_entity_map: - name: deidentify_template_oneof -- message_name: CreateJobTriggerRequest - field_entity_map: - parent: project -- message_name: UpdateJobTriggerRequest - field_entity_map: - name: project_job_trigger -- message_name: GetJobTriggerRequest - field_entity_map: - name: project_job_trigger -- message_name: ListJobTriggersRequest - field_entity_map: - parent: project -- message_name: DeleteJobTriggerRequest - field_entity_map: - name: project_job_trigger -- message_name: ListDlpJobsRequest - field_entity_map: - parent: project -- message_name: GetDlpJobRequest - field_entity_map: - name: dlp_job -- message_name: DeleteDlpJobRequest - field_entity_map: - name: dlp_job -- message_name: CancelDlpJobRequest - field_entity_map: - name: dlp_job diff --git a/google/privacy/dlp/v2beta2/storage.proto b/google/privacy/dlp/v2beta2/storage.proto deleted file mode 100644 index 05e50530..00000000 --- a/google/privacy/dlp/v2beta2/storage.proto +++ /dev/null @@ -1,401 +0,0 @@ -// Copyright 2018 Google Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.privacy.dlp.v2beta2; - -import "google/api/annotations.proto"; -import "google/protobuf/timestamp.proto"; - -option csharp_namespace = "Google.Cloud.Dlp.V2Beta2"; -option go_package = "google.golang.org/genproto/googleapis/privacy/dlp/v2beta2;dlp"; -option java_multiple_files = true; -option java_outer_classname = "DlpStorage"; -option java_package = "com.google.privacy.dlp.v2beta2"; -option php_namespace = "Google\\Cloud\\Dlp\\V2beta2"; - - -// Type of information detected by the API. -message InfoType { - // Name of the information type. - string name = 1; -} - -// Custom information type provided by the user. Used to find domain-specific -// sensitive information configurable to the data in question. -message CustomInfoType { - // Custom information type based on a dictionary of words or phrases. This can - // be used to match sensitive information specific to the data, such as a list - // of employee IDs or job titles. - // - // Dictionary words are case-insensitive and all characters other than letters - // and digits in the unicode [Basic Multilingual - // Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane) - // will be replaced with whitespace when scanning for matches, so the - // dictionary phrase "Sam Johnson" will match all three phrases "sam johnson", - // "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters - // surrounding any match must be of a different type than the adjacent - // characters within the word, so letters must be next to non-letters and - // digits next to non-digits. For example, the dictionary word "jen" will - // match the first three letters of the text "jen123" but will return no - // matches for "jennifer". - // - // Dictionary words containing a large number of characters that are not - // letters or digits may result in unexpected findings because such characters - // are treated as whitespace. - message Dictionary { - // Message defining a list of words or phrases to search for in the data. - message WordList { - // Words or phrases defining the dictionary. The dictionary must contain - // at least one phrase and every phrase must contain at least 2 characters - // that are letters or digits. [required] - repeated string words = 1; - } - - oneof source { - // List of words or phrases to search for. - WordList word_list = 1; - } - } - - // Message defining a custom regular expression. - message Regex { - // Pattern defining the regular expression. - string pattern = 1; - } - - // Message for detecting output from deidentification transformations - // such as - // [`CryptoReplaceFfxFpeConfig`](/dlp/docs/reference/rest/v2beta1/content/deidentify#CryptoReplaceFfxFpeConfig). - // These types of transformations are - // those that perform pseudonymization, thereby producing a "surrogate" as - // output. This should be used in conjunction with a field on the - // transformation such as `surrogate_info_type`. This custom info type does - // not support the use of `detection_rules`. - message SurrogateType { - - } - - // Rule for modifying a custom info type to alter behavior under certain - // circumstances, depending on the specific details of the rule. Not supported - // for the `surrogate_type` custom info type. - message DetectionRule { - // Message for specifying a window around a finding to apply a detection - // rule. - message Proximity { - // Number of characters before the finding to consider. - int32 window_before = 1; - - // Number of characters after the finding to consider. - int32 window_after = 2; - } - - // Message for specifying an adjustment to the likelihood of a finding as - // part of a detection rule. - message LikelihoodAdjustment { - oneof adjustment { - // Set the likelihood of a finding to a fixed value. - Likelihood fixed_likelihood = 1; - - // Increase or decrease the likelihood by the specified number of - // levels. For example, if a finding would be `POSSIBLE` without the - // detection rule and `relative_likelihood` is 1, then it is upgraded to - // `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. - // Likelihood may never drop below `VERY_UNLIKELY` or exceed - // `VERY_LIKELY`, so applying an adjustment of 1 followed by an - // adjustment of -1 when base likelihood is `VERY_LIKELY` will result in - // a final likelihood of `LIKELY`. - int32 relative_likelihood = 2; - } - } - - // Detection rule that adjusts the likelihood of findings within a certain - // proximity of hotwords. - message HotwordRule { - // Regex pattern defining what qualifies as a hotword. - Regex hotword_regex = 1; - - // Proximity of the finding within which the entire hotword must reside. - // The total length of the window cannot exceed 1000 characters. Note that - // the finding itself will be included in the window, so that hotwords may - // be used to match substrings of the finding itself. For example, the - // certainty of a phone number regex "\(\d{3}\) \d{3}-\d{4}" could be - // adjusted upwards if the area code is known to be the local area code of - // a company office using the hotword regex "\(xxx\)", where "xxx" - // is the area code in question. - Proximity proximity = 2; - - // Likelihood adjustment to apply to all matching findings. - LikelihoodAdjustment likelihood_adjustment = 3; - } - - oneof type { - // Hotword-based detection rule. - HotwordRule hotword_rule = 1; - } - } - - // Info type configuration. All custom info types must have configurations - // that do not conflict with built-in info types or other custom info types. - InfoType info_type = 1; - - // Likelihood to return for this custom info type. This base value can be - // altered by a detection rule if the finding meets the criteria specified by - // the rule. Defaults to `VERY_LIKELY` if not specified. - Likelihood likelihood = 6; - - oneof type { - // Dictionary-based custom info type. - Dictionary dictionary = 2; - - // Regex-based custom info type. - Regex regex = 3; - - // Surrogate info type. - SurrogateType surrogate_type = 4; - } - - // Set of detection rules to apply to all findings of this custom info type. - // Rules are applied in order that they are specified. Not supported for the - // `surrogate_type` custom info type. - repeated DetectionRule detection_rules = 7; -} - -// General identifier of a data field in a storage service. -message FieldId { - // Name describing the field. - string name = 1; -} - -// Datastore partition ID. -// A partition ID identifies a grouping of entities. The grouping is always -// by project and namespace, however the namespace ID may be empty. -// -// A partition ID contains several dimensions: -// project ID and namespace ID. -message PartitionId { - // The ID of the project to which the entities belong. - string project_id = 2; - - // If not empty, the ID of the namespace to which the entities belong. - string namespace_id = 4; -} - -// A representation of a Datastore kind. -message KindExpression { - // The name of the kind. - string name = 1; -} - -// Options defining a data set within Google Cloud Datastore. -message DatastoreOptions { - // A partition ID identifies a grouping of entities. The grouping is always - // by project and namespace, however the namespace ID may be empty. - PartitionId partition_id = 1; - - // The kind to process. - KindExpression kind = 2; -} - -// Options defining a file or a set of files (path ending with *) within -// a Google Cloud Storage bucket. -message CloudStorageOptions { - // Set of files to scan. - message FileSet { - // The url, in the format `gs:///`. Trailing wildcard in the - // path is allowed. - string url = 1; - } - - FileSet file_set = 1; - - // Max number of bytes to scan from a file. If a scanned file's size is bigger - // than this value then the rest of the bytes are omitted. - int64 bytes_limit_per_file = 4; -} - -// Options defining BigQuery table and row identifiers. -message BigQueryOptions { - // Complete BigQuery table reference. - BigQueryTable table_reference = 1; - - // References to fields uniquely identifying rows within the table. - // Nested fields in the format, like `person.birthdate.year`, are allowed. - repeated FieldId identifying_fields = 2; -} - -// Shared message indicating Cloud storage type. -message StorageConfig { - // Configuration of the timespan of the items to include in scanning. - // Currently only supported when inspecting Google Cloud Storage and BigQuery. - message TimespanConfig { - // Exclude files older than this value. - google.protobuf.Timestamp start_time = 1; - - // Exclude files newer than this value. - // If set to zero, no upper time limit is applied. - google.protobuf.Timestamp end_time = 2; - - // When the job is started by a JobTrigger we will automatically figure out - // a valid start_time to avoid scanning files that have not been modified - // since the last time the JobTrigger executed. This will be based on the - // time of the execution of the last run of the JobTrigger. - bool enable_auto_population_of_timespan_config = 4; - } - - oneof type { - // Google Cloud Datastore options specification. - DatastoreOptions datastore_options = 2; - - // Google Cloud Storage options specification. - CloudStorageOptions cloud_storage_options = 3; - - // BigQuery options specification. - BigQueryOptions big_query_options = 4; - } - - TimespanConfig timespan_config = 6; -} - -// Row key for identifying a record in BigQuery table. -message BigQueryKey { - // Complete BigQuery table reference. - BigQueryTable table_reference = 1; - - // Absolute number of the row from the beginning of the table at the time - // of scanning. - int64 row_number = 2; -} - -// Record key for a finding in a Cloud Storage file. -message CloudStorageKey { - // Path to the file. - string file_path = 1; - - // Byte offset of the referenced data in the file. - int64 start_offset = 2; -} - -// Record key for a finding in Cloud Datastore. -message DatastoreKey { - // Datastore entity key. - Key entity_key = 1; -} - -// A unique identifier for a Datastore entity. -// If a key's partition ID or any of its path kinds or names are -// reserved/read-only, the key is reserved/read-only. -// A reserved/read-only key is forbidden in certain documented contexts. -message Key { - // A (kind, ID/name) pair used to construct a key path. - // - // If either name or ID is set, the element is complete. - // If neither is set, the element is incomplete. - message PathElement { - // The kind of the entity. - // A kind matching regex `__.*__` is reserved/read-only. - // A kind must not contain more than 1500 bytes when UTF-8 encoded. - // Cannot be `""`. - string kind = 1; - - // The type of ID. - oneof id_type { - // The auto-allocated ID of the entity. - // Never equal to zero. Values less than zero are discouraged and may not - // be supported in the future. - int64 id = 2; - - // The name of the entity. - // A name matching regex `__.*__` is reserved/read-only. - // A name must not be more than 1500 bytes when UTF-8 encoded. - // Cannot be `""`. - string name = 3; - } - } - - // Entities are partitioned into subsets, currently identified by a project - // ID and namespace ID. - // Queries are scoped to a single partition. - PartitionId partition_id = 1; - - // The entity path. - // An entity path consists of one or more elements composed of a kind and a - // string or numerical identifier, which identify entities. The first - // element identifies a _root entity_, the second element identifies - // a _child_ of the root entity, the third element identifies a child of the - // second entity, and so forth. The entities identified by all prefixes of - // the path are called the element's _ancestors_. - // - // A path can never be empty, and a path can have at most 100 elements. - repeated PathElement path = 2; -} - -// Message for a unique key indicating a record that contains a finding. -message RecordKey { - oneof type { - CloudStorageKey cloud_storage_key = 1; - - DatastoreKey datastore_key = 2; - - BigQueryKey big_query_key = 3; - } -} - -// Message defining the location of a BigQuery table. A table is uniquely -// identified by its project_id, dataset_id, and table_name. Within a query -// a table is often referenced with a string in the format of: -// `:.` or -// `..`. -message BigQueryTable { - // The Google Cloud Platform project ID of the project containing the table. - // If omitted, project ID is inferred from the API call. - string project_id = 1; - - // Dataset ID of the table. - string dataset_id = 2; - - // Name of the table. - string table_id = 3; -} - -// An entity in a dataset is a field or set of fields that correspond to a -// single person. For example, in medical records the `EntityId` might be -// a patient identifier, or for financial records it might be an account -// identifier. This message is used when generalizations or analysis must be -// consistent across multiple rows pertaining to the same entity. -message EntityId { - // Composite key indicating which field contains the entity identifier. - FieldId field = 1; -} - -// Categorization of results based on how likely they are to represent a match, -// based on the number of elements they contain which imply a match. -enum Likelihood { - // Default value; information with all likelihoods is included. - LIKELIHOOD_UNSPECIFIED = 0; - - // Few matching elements. - VERY_UNLIKELY = 1; - - UNLIKELY = 2; - - // Some matching elements. - POSSIBLE = 3; - - LIKELY = 4; - - // Many matching elements. - VERY_LIKELY = 5; -}