From ca97f8c75f0e9ee01d4f365d65818a9240a00fe2 Mon Sep 17 00:00:00 2001 From: googleapis-publisher Date: Thu, 9 Mar 2017 12:01:56 -0800 Subject: [PATCH] Synchronize new proto changes. --- google/privacy/dlp/README.md | 7 + google/privacy/dlp/v2beta1/dlp.proto | 373 +++++++++++++++++++++++ google/privacy/dlp/v2beta1/storage.proto | 180 +++++++++++ 3 files changed, 560 insertions(+) create mode 100644 google/privacy/dlp/README.md create mode 100644 google/privacy/dlp/v2beta1/dlp.proto create mode 100644 google/privacy/dlp/v2beta1/storage.proto diff --git a/google/privacy/dlp/README.md b/google/privacy/dlp/README.md new file mode 100644 index 00000000..629d72b8 --- /dev/null +++ b/google/privacy/dlp/README.md @@ -0,0 +1,7 @@ +# Google Data Loss Prevention (DLP) API + +The Google Data Loss Prevention API provides methods for detection +of privacy-sensitive fragments in text, images, and Google Cloud +Platform storage repositories. + +Documentation: https://cloud.google.com/dlp/docs diff --git a/google/privacy/dlp/v2beta1/dlp.proto b/google/privacy/dlp/v2beta1/dlp.proto new file mode 100644 index 00000000..5258a6bd --- /dev/null +++ b/google/privacy/dlp/v2beta1/dlp.proto @@ -0,0 +1,373 @@ +// Copyright 2017 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.privacy.dlp.v2beta1; + +import "google/api/annotations.proto"; +import "google/longrunning/operations.proto"; +import "google/privacy/dlp/v2beta1/storage.proto"; +import "google/protobuf/timestamp.proto"; + +option go_package = "google.golang.org/genproto/googleapis/privacy/dlp/v2beta1;dlp"; +option java_multiple_files = true; +option java_outer_classname = "DlpProto"; +option java_package = "com.google.privacy.dlp.v2beta1"; + + +// The DLP API is a service that allows clients +// to detect the presence of Personally Identifiable Information (PII) and other +// privacy-sensitive data in user-supplied, unstructured data streams, like text +// blocks or images. +// The service also includes methods for sensitive data redaction and +// scheduling of data scans on Google Cloud Platform based data sets. +service DlpService { + // Find potentially sensitive info in a list of strings. + // This method has limits on input size, processing time, and output size. + rpc InspectContent(InspectContentRequest) returns (InspectContentResponse) { + option (google.api.http) = { post: "/v2beta1/content:inspect" body: "*" }; + } + + // Redact potentially sensitive info from a list of strings. + // This method has limits on input size, processing time, and output size. + rpc RedactContent(RedactContentRequest) returns (RedactContentResponse) { + option (google.api.http) = { post: "/v2beta1/content:redact" body: "*" }; + } + + // Schedule a job scanning content in a Google Cloud Platform data repository. + rpc CreateInspectOperation(CreateInspectOperationRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { post: "/v2beta1/inspect/operations" body: "*" }; + } + + // Returns list of results for given inspect operation result set id. + rpc ListInspectFindings(ListInspectFindingsRequest) returns (ListInspectFindingsResponse) { + option (google.api.http) = { get: "/v2beta1/{name=inspect/results/*}/findings" }; + } + + // Returns sensitive information types for given category. + rpc ListInfoTypes(ListInfoTypesRequest) returns (ListInfoTypesResponse) { + option (google.api.http) = { get: "/v2beta1/rootCategories/{category=*}/infoTypes" }; + } + + // Returns the list of root categories of sensitive information. + rpc ListRootCategories(ListRootCategoriesRequest) returns (ListRootCategoriesResponse) { + option (google.api.http) = { get: "/v2beta1/rootCategories" }; + } +} + +// Configuration description of the scanning process. +// When used with redactContent only info_types and min_likelihood are currently +// used. +message InspectConfig { + // Restrict what info_types to look for. The values must correspond to + // InfoType values returned by ListInfoTypes or found in documentation. + // Empty info_types runs all enabled detectors. + repeated InfoType info_types = 1; + + // Only return findings equal or above this threshold. + Likelihood min_likelihood = 2; + + // Limit the number of findings per content item. + int32 max_findings = 3; + + // When true, a contextual quote from the data that triggered a finding will + // be included in the response; see Finding.quote. + bool include_quote = 4; + + // When true, exclude type information of the findings. + bool exclude_types = 6; +} + +// Container structure for the content to inspect. +message ContentItem { + // Type of the content, as defined in Content-Type HTTP header. + // Supported types are: all "text" types, octet streams, PNG images, + // JPEG images. + string type = 1; + + // Data of the item either in the byte array or UTF-8 string form. + oneof data_item { + // Content data to inspect or redact. + bytes data = 2; + + // String data to inspect or redact. + string value = 3; + } +} + +// All the findings for a single scanned item. +message InspectResult { + // List of findings for an item. + repeated Finding findings = 1; + + // If true, then this item might have more findings than were returned, + // and the findings returned are an arbitrary subset of all findings. + // The findings list might be truncated because the input items were too + // large, or because the server reached the maximum amount of resources + // allowed for a single API call. For best results, divide the input into + // smaller batches. + bool findings_truncated = 2; +} + +// Container structure describing a single finding within a string or image. +message Finding { + // The specific string that may be potentially sensitive info. + string quote = 1; + + // The specific type of info the string might be. + InfoType info_type = 2; + + // Estimate of how likely it is that the info_type is correct. + Likelihood likelihood = 3; + + // Location of the info found. + Location location = 4; + + // Timestamp when finding was detected. + google.protobuf.Timestamp create_time = 6; +} + +// Specifies the location of a finding within its source item. +message Location { + // Zero-based byte offsets within a content item. + Range byte_range = 1; + + // Character offsets within a content item, included when content type + // is a text. Default charset assumed to be UTF-8. + Range codepoint_range = 2; + + // Location within an image's pixels. + repeated ImageLocation image_boxes = 3; + + // Key of the finding. + RecordKey record_key = 4; + + // Field id of the field containing the finding. + FieldId field_id = 5; +} + +// Generic half-open interval [start, end) +message Range { + // Index of the first character of the range (inclusive). + int64 start = 1; + + // Index of the last character of the range (exclusive). + int64 end = 2; +} + +// Bounding box encompassing detected text within an image. +message ImageLocation { + // Top coordinate of the bounding box. (0,0) is upper left. + int32 top = 1; + + // Left coordinate of the bounding box. (0,0) is upper left. + int32 left = 2; + + // Width of the bounding box in pixels. + int32 width = 3; + + // Height of the bounding box in pixels. + int32 height = 4; +} + +// Request to search for potentially sensitive info in a list of items +// and replace it with a default or provided content. +message RedactContentRequest { + message ReplaceConfig { + // Type of information to replace. Only one ReplaceConfig per info_type + // should be provided. If ReplaceConfig does not have an info_type, we'll + // match it against all info_types that are found but not specified in + // another ReplaceConfig. + InfoType info_type = 1; + + // Content replacing sensitive information of given type. Max 256 chars. + string replace_with = 2; + } + + // Configuration for the inspector. + InspectConfig inspect_config = 1; + + // The list of items to inspect. Up to 100 are allowed per request. + repeated ContentItem items = 2; + + // The strings to replace findings with. Must specify at least one. + repeated ReplaceConfig replace_configs = 3; +} + +// Results of deidentifying a list of items. +message RedactContentResponse { + // The redacted content. + repeated ContentItem items = 1; +} + +// Request to search for potentially sensitive info in a list of items. +message InspectContentRequest { + // Configuration for the inspector. + InspectConfig inspect_config = 1; + + // The list of items to inspect. Items in a single request are + // considered "related" unless inspect_config.independent_inputs is true. + // Up to 100 are allowed per request. + repeated ContentItem items = 2; +} + +// Results of inspecting a list of items. +message InspectContentResponse { + // Each content_item from the request will have a result in this list, in the + // same order as the request. + repeated InspectResult results = 1; +} + +// Request for scheduling a scan of a data subset from a Google Platform data +// repository. +message CreateInspectOperationRequest { + // Configuration for the inspector. + InspectConfig inspect_config = 1; + + // Specification of the data set to process. + StorageConfig storage_config = 2; +} + +// Stats regarding a specific InfoType. +message InfoTypeStatistics { + // The type of finding this stat is for. + InfoType info_type = 1; + + // Number of findings for this info type. + int64 count = 2; +} + +// Metadata returned within GetOperation for an inspect request. +message InspectOperationMetadata { + // Total size in bytes that were processed. + int64 processed_bytes = 1; + + // Estimate of the number of bytes to process. + int64 total_estimated_bytes = 4; + + repeated InfoTypeStatistics info_type_stats = 2; + + // The time which this request was started. + google.protobuf.Timestamp create_time = 3; +} + +// The operational data. +message InspectOperationResult { + // The server-assigned name, which is only unique within the same service that + // originally returns it. If you use the default HTTP mapping, the + // `name` should have the format of `inspect/results/{id}`. + string name = 1; +} + +// Request for the list of results in a given inspect operation. +message ListInspectFindingsRequest { + // Identifier of the results set returned as metadata of + // the longrunning operation created by a call to CreateInspectOperation. + // Should be in the format of `inspect/results/{id}. + string name = 1; + + // Maximum number of results to return. + // If 0, the implementation will select a reasonable value. + int32 page_size = 2; + + // The value returned by the last `ListInspectFindingsResponse`; indicates + // that this is a continuation of a prior `ListInspectFindings` call, and that + // the system should return the next page of data. + string page_token = 3; +} + +// Response to the ListInspectFindings request. +message ListInspectFindingsResponse { + // The results. + InspectResult result = 1; + + // If not empty, indicates that there may be more results that match the + // request; this value should be passed in a new `ListInspectFindingsRequest`. + string next_page_token = 2; +} + +// Info type description. +message InfoTypeDescription { + // Internal name of the info type. + string name = 1; + + // Human readable form of the info type name. + string display_name = 2; + + // List of categories this info type belongs to. + repeated CategoryDescription categories = 3; +} + +// Request for the list of info types belonging to a given category, +// or all supported info types if no category is specified. +message ListInfoTypesRequest { + // Category name as returned by ListRootCategories. + string category = 1; + + // Optional BCP-47 language code for localized info type friendly + // names. If omitted, or if localized strings are not available, + // en-US strings will be returned. + string language_code = 2; +} + +// Response to the ListInfoTypes request. +message ListInfoTypesResponse { + // Set of sensitive info types belonging to a category. + repeated InfoTypeDescription info_types = 1; +} + +// Info Type Category description. +message CategoryDescription { + // Internal name of the category. + string name = 1; + + // Human readable form of the category name. + string display_name = 2; +} + +// Request for root categories of Info Types supported by the API. +// Example values might include "FINANCE", "HEALTH", "FAST", "DEFAULT". +message ListRootCategoriesRequest { + // Optional language code for localized friendly category names. + // If omitted or if localized strings are not available, + // en-US strings will be returned. + string language_code = 1; +} + +// Response for ListRootCategories request. +message ListRootCategoriesResponse { + // List of all into type categories supported by the API. + repeated CategoryDescription categories = 1; +} + +// Categorization of results based on how likely they are to represent a match, +// based on the number of elements they contain which imply a match. +enum Likelihood { + // Default value; information with all likelihoods will be included. + LIKELIHOOD_UNSPECIFIED = 0; + + // Few matching elements. + VERY_UNLIKELY = 1; + + UNLIKELY = 2; + + // Some matching elements. + POSSIBLE = 3; + + LIKELY = 4; + + // Many matching elements. + VERY_LIKELY = 5; +} diff --git a/google/privacy/dlp/v2beta1/storage.proto b/google/privacy/dlp/v2beta1/storage.proto new file mode 100644 index 00000000..c0cb145d --- /dev/null +++ b/google/privacy/dlp/v2beta1/storage.proto @@ -0,0 +1,180 @@ +// Copyright 2017 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.privacy.dlp.v2beta1; + +import "google/api/annotations.proto"; + +option go_package = "google.golang.org/genproto/googleapis/privacy/dlp/v2beta1;dlp"; +option java_multiple_files = true; +option java_outer_classname = "DlpStorage"; +option java_package = "com.google.privacy.dlp.v2beta1"; + + +// Type of information detected by the API. +message InfoType { + // Name of the information type, provided by the API call ListInfoTypes. + string name = 1; +} + +// General identifier of a data field in a storage service. +message FieldId { + // Column name describing the field. + string column_name = 1; +} + +// Datastore partition ID. +// A partition ID identifies a grouping of entities. The grouping is always +// by project and namespace, however the namespace ID may be empty. +// +// A partition ID contains several dimensions: +// project ID and namespace ID. +message PartitionId { + // The ID of the project to which the entities belong. + string project_id = 2; + + // If not empty, the ID of the namespace to which the entities belong. + string namespace_id = 4; +} + +// A representation of a Datastore kind. +message KindExpression { + // The name of the kind. + string name = 1; +} + +// A reference to a property relative to the Datastore kind expressions. +message PropertyReference { + // The name of the property. + // If name includes "."s, it may be interpreted as a property name path. + string name = 2; +} + +// A representation of a Datastore property in a projection. +message Projection { + // The property to project. + PropertyReference property = 1; +} + +// Options defining a data set within Google Cloud Datastore. +message DatastoreOptions { + // A partition ID identifies a grouping of entities. The grouping is always + // by project and namespace, however the namespace ID may be empty. + PartitionId partition_id = 1; + + // The kind to process. + KindExpression kind = 2; + + // Properties to scan. If none are specified, all properties will be scanned + // by default. + repeated Projection projection = 3; +} + +// Options defining a file or a set of files (path ending with *) within +// a Google Cloud Storage bucket. +message CloudStorageOptions { + // Set of files to scan. + message FileSet { + // The url, in the format gs:///. Trailing wildcard in the + // path is allowed. + string url = 1; + } + + FileSet file_set = 1; +} + +// Shared message indicating Cloud storage type. +message StorageConfig { + oneof type { + // Google Cloud Datastore options specification. + DatastoreOptions datastore_options = 2; + + // Google Cloud Storage options specification. + CloudStorageOptions cloud_storage_options = 3; + } +} + +// Record key for a finding in a Cloud Storage file. +message CloudStorageKey { + // Path to the file. + string file_path = 1; + + // Byte offset of the referenced data in the file. + int64 start_offset = 2; +} + +// Record key for a finding in Cloud Datastore. +message DatastoreKey { + // Datastore entity key. + Key entity_key = 1; +} + +// A unique identifier for a Datastore entity. +// If a key's partition ID or any of its path kinds or names are +// reserved/read-only, the key is reserved/read-only. +// A reserved/read-only key is forbidden in certain documented contexts. +message Key { + // A (kind, ID/name) pair used to construct a key path. + // + // If either name or ID is set, the element is complete. + // If neither is set, the element is incomplete. + message PathElement { + // The kind of the entity. + // A kind matching regex `__.*__` is reserved/read-only. + // A kind must not contain more than 1500 bytes when UTF-8 encoded. + // Cannot be `""`. + string kind = 1; + + // The type of ID. + oneof id_type { + // The auto-allocated ID of the entity. + // Never equal to zero. Values less than zero are discouraged and may not + // be supported in the future. + int64 id = 2; + + // The name of the entity. + // A name matching regex `__.*__` is reserved/read-only. + // A name must not be more than 1500 bytes when UTF-8 encoded. + // Cannot be `""`. + string name = 3; + } + } + + // Entities are partitioned into subsets, currently identified by a project + // ID and namespace ID. + // Queries are scoped to a single partition. + PartitionId partition_id = 1; + + // The entity path. + // An entity path consists of one or more elements composed of a kind and a + // string or numerical identifier, which identify entities. The first + // element identifies a _root entity_, the second element identifies + // a _child_ of the root entity, the third element identifies a child of the + // second entity, and so forth. The entities identified by all prefixes of + // the path are called the element's _ancestors_. + // + // A path can never be empty, and a path can have at most 100 elements. + repeated PathElement path = 2; +} + +// Message for a unique key indicating a record that contains a finding. +message RecordKey { + oneof type { + CloudStorageKey cloud_storage_key = 1; + + DatastoreKey datastore_key = 2; + } +}