diff --git a/google/privacy/dlp/v2/dlp.proto b/google/privacy/dlp/v2/dlp.proto index d590a82c..4b151b3e 100644 --- a/google/privacy/dlp/v2/dlp.proto +++ b/google/privacy/dlp/v2/dlp.proto @@ -41,11 +41,19 @@ option php_namespace = "Google\\Cloud\\Dlp\\V2"; // blocks or images. // The service also includes methods for sensitive data redaction and // scheduling of data scans on Google Cloud Platform based data sets. +// +// To learn more about concepts and find how-to guides see +// https://cloud.google.com/dlp/docs/. service DlpService { // Finds potentially sensitive info in content. // This method has limits on input size, processing time, and output size. - // [How-to guide for text](/dlp/docs/inspecting-text), [How-to guide for - // images](/dlp/docs/inspecting-images) + // + // When no InfoTypes or CustomInfoTypes are specified in this request, the + // system will automatically choose what detectors to run. By default this may + // be all types, but may change over time as detectors are updated. + // + // For how to guides, see https://cloud.google.com/dlp/docs/inspecting-images + // and https://cloud.google.com/dlp/docs/inspecting-text, rpc InspectContent(InspectContentRequest) returns (InspectContentResponse) { option (google.api.http) = { post: "/v2/{parent=projects/*}/content:inspect" @@ -55,7 +63,12 @@ service DlpService { // Redacts potentially sensitive info from an image. // This method has limits on input size, processing time, and output size. - // [How-to guide](/dlp/docs/redacting-sensitive-data-images) + // See https://cloud.google.com/dlp/docs/redacting-sensitive-data-images to + // learn more. + // + // When no InfoTypes or CustomInfoTypes are specified in this request, the + // system will automatically choose what detectors to run. By default this may + // be all types, but may change over time as detectors are updated. rpc RedactImage(RedactImageRequest) returns (RedactImageResponse) { option (google.api.http) = { post: "/v2/{parent=projects/*}/image:redact" @@ -65,7 +78,12 @@ service DlpService { // De-identifies potentially sensitive info from a ContentItem. // This method has limits on input size and output size. - // [How-to guide](/dlp/docs/deidentify-sensitive-data) + // See https://cloud.google.com/dlp/docs/deidentify-sensitive-data to + // learn more. + // + // When no InfoTypes or CustomInfoTypes are specified in this request, the + // system will automatically choose what detectors to run. By default this may + // be all types, but may change over time as detectors are updated. rpc DeidentifyContent(DeidentifyContentRequest) returns (DeidentifyContentResponse) { option (google.api.http) = { post: "/v2/{parent=projects/*}/content:deidentify" @@ -74,6 +92,9 @@ service DlpService { } // Re-identifies content that has been de-identified. + // See + // https://cloud.google.com/dlp/docs/pseudonymization#re-identification_in_free_text_code_example + // to learn more. rpc ReidentifyContent(ReidentifyContentRequest) returns (ReidentifyContentResponse) { option (google.api.http) = { post: "/v2/{parent=projects/*}/content:reidentify" @@ -82,8 +103,8 @@ service DlpService { } // Returns a list of the sensitive information types that the DLP API - // supports. For more information, see [Listing supported predefined - // infoTypes](/dlp/docs/listing-infotypes). + // supports. See https://cloud.google.com/dlp/docs/infotypes-reference to + // learn more. rpc ListInfoTypes(ListInfoTypesRequest) returns (ListInfoTypesResponse) { option (google.api.http) = { get: "/v2/infoTypes" @@ -92,6 +113,7 @@ service DlpService { // Creates an InspectTemplate for re-using frequently used configuration // for inspecting content, images, and storage. + // See https://cloud.google.com/dlp/docs/creating-templates to learn more. rpc CreateInspectTemplate(CreateInspectTemplateRequest) returns (InspectTemplate) { option (google.api.http) = { post: "/v2/{parent=organizations/*}/inspectTemplates" @@ -104,6 +126,7 @@ service DlpService { } // Updates the InspectTemplate. + // See https://cloud.google.com/dlp/docs/creating-templates to learn more. rpc UpdateInspectTemplate(UpdateInspectTemplateRequest) returns (InspectTemplate) { option (google.api.http) = { patch: "/v2/{name=organizations/*/inspectTemplates/*}" @@ -116,6 +139,7 @@ service DlpService { } // Gets an InspectTemplate. + // See https://cloud.google.com/dlp/docs/creating-templates to learn more. rpc GetInspectTemplate(GetInspectTemplateRequest) returns (InspectTemplate) { option (google.api.http) = { get: "/v2/{name=organizations/*/inspectTemplates/*}" @@ -126,6 +150,7 @@ service DlpService { } // Lists InspectTemplates. + // See https://cloud.google.com/dlp/docs/creating-templates to learn more. rpc ListInspectTemplates(ListInspectTemplatesRequest) returns (ListInspectTemplatesResponse) { option (google.api.http) = { get: "/v2/{parent=organizations/*}/inspectTemplates" @@ -136,6 +161,7 @@ service DlpService { } // Deletes an InspectTemplate. + // See https://cloud.google.com/dlp/docs/creating-templates to learn more. rpc DeleteInspectTemplate(DeleteInspectTemplateRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v2/{name=organizations/*/inspectTemplates/*}" @@ -147,6 +173,8 @@ service DlpService { // Creates a DeidentifyTemplate for re-using frequently used configuration // for de-identifying content, images, and storage. + // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn + // more. rpc CreateDeidentifyTemplate(CreateDeidentifyTemplateRequest) returns (DeidentifyTemplate) { option (google.api.http) = { post: "/v2/{parent=organizations/*}/deidentifyTemplates" @@ -159,6 +187,8 @@ service DlpService { } // Updates the DeidentifyTemplate. + // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn + // more. rpc UpdateDeidentifyTemplate(UpdateDeidentifyTemplateRequest) returns (DeidentifyTemplate) { option (google.api.http) = { patch: "/v2/{name=organizations/*/deidentifyTemplates/*}" @@ -171,6 +201,8 @@ service DlpService { } // Gets a DeidentifyTemplate. + // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn + // more. rpc GetDeidentifyTemplate(GetDeidentifyTemplateRequest) returns (DeidentifyTemplate) { option (google.api.http) = { get: "/v2/{name=organizations/*/deidentifyTemplates/*}" @@ -181,6 +213,8 @@ service DlpService { } // Lists DeidentifyTemplates. + // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn + // more. rpc ListDeidentifyTemplates(ListDeidentifyTemplatesRequest) returns (ListDeidentifyTemplatesResponse) { option (google.api.http) = { get: "/v2/{parent=organizations/*}/deidentifyTemplates" @@ -191,6 +225,8 @@ service DlpService { } // Deletes a DeidentifyTemplate. + // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn + // more. rpc DeleteDeidentifyTemplate(DeleteDeidentifyTemplateRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v2/{name=organizations/*/deidentifyTemplates/*}" @@ -202,6 +238,7 @@ service DlpService { // Creates a job trigger to run DLP actions such as scanning storage for // sensitive information on a set schedule. + // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more. rpc CreateJobTrigger(CreateJobTriggerRequest) returns (JobTrigger) { option (google.api.http) = { post: "/v2/{parent=projects/*}/jobTriggers" @@ -210,6 +247,7 @@ service DlpService { } // Updates a job trigger. + // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more. rpc UpdateJobTrigger(UpdateJobTriggerRequest) returns (JobTrigger) { option (google.api.http) = { patch: "/v2/{name=projects/*/jobTriggers/*}" @@ -218,6 +256,7 @@ service DlpService { } // Gets a job trigger. + // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more. rpc GetJobTrigger(GetJobTriggerRequest) returns (JobTrigger) { option (google.api.http) = { get: "/v2/{name=projects/*/jobTriggers/*}" @@ -225,6 +264,7 @@ service DlpService { } // Lists job triggers. + // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more. rpc ListJobTriggers(ListJobTriggersRequest) returns (ListJobTriggersResponse) { option (google.api.http) = { get: "/v2/{parent=projects/*}/jobTriggers" @@ -232,6 +272,7 @@ service DlpService { } // Deletes a job trigger. + // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more. rpc DeleteJobTrigger(DeleteJobTriggerRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v2/{name=projects/*/jobTriggers/*}" @@ -239,7 +280,12 @@ service DlpService { } // Creates a new job to inspect storage or calculate risk metrics. - // [How-to guide](/dlp/docs/compute-risk-analysis). + // See https://cloud.google.com/dlp/docs/inspecting-storage and + // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more. + // + // When no InfoTypes or CustomInfoTypes are specified in inspect jobs, the + // system will automatically choose what detectors to run. By default this may + // be all types, but may change over time as detectors are updated. rpc CreateDlpJob(CreateDlpJobRequest) returns (DlpJob) { option (google.api.http) = { post: "/v2/{parent=projects/*}/dlpJobs" @@ -248,6 +294,8 @@ service DlpService { } // Lists DlpJobs that match the specified filter in the request. + // See https://cloud.google.com/dlp/docs/inspecting-storage and + // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more. rpc ListDlpJobs(ListDlpJobsRequest) returns (ListDlpJobsResponse) { option (google.api.http) = { get: "/v2/{parent=projects/*}/dlpJobs" @@ -255,6 +303,8 @@ service DlpService { } // Gets the latest state of a long-running DlpJob. + // See https://cloud.google.com/dlp/docs/inspecting-storage and + // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more. rpc GetDlpJob(GetDlpJobRequest) returns (DlpJob) { option (google.api.http) = { get: "/v2/{name=projects/*/dlpJobs/*}" @@ -264,6 +314,8 @@ service DlpService { // Deletes a long-running DlpJob. This method indicates that the client is // no longer interested in the DlpJob result. The job will be cancelled if // possible. + // See https://cloud.google.com/dlp/docs/inspecting-storage and + // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more. rpc DeleteDlpJob(DeleteDlpJobRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v2/{name=projects/*/dlpJobs/*}" @@ -273,6 +325,8 @@ service DlpService { // Starts asynchronous cancellation on a long-running DlpJob. The server // makes a best effort to cancel the DlpJob, but success is not // guaranteed. + // See https://cloud.google.com/dlp/docs/inspecting-storage and + // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more. rpc CancelDlpJob(CancelDlpJobRequest) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/v2/{name=projects/*/dlpJobs/*}:cancel" @@ -315,11 +369,17 @@ message InspectConfig { } // Restricts what info_types to look for. The values must correspond to - // InfoType values returned by ListInfoTypes or found in documentation. + // InfoType values returned by ListInfoTypes or listed at + // https://cloud.google.com/dlp/docs/infotypes-reference. + // + // When no InfoTypes or CustomInfoTypes are specified in a request, the + // system may automatically choose what detectors to run. By default this may + // be all types, but may change over time as detectors are updated. repeated InfoType info_types = 1; // Only returns findings equal or above this threshold. The default is // POSSIBLE. + // See https://cloud.google.com/dlp/docs/likelihood to learn more. Likelihood min_likelihood = 2; FindingLimits limits = 3; @@ -331,7 +391,8 @@ message InspectConfig { // When true, excludes type information of the findings. bool exclude_info_types = 5; - // Custom infoTypes provided by the user. + // CustomInfoTypes provided by the user. See + // https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more. repeated CustomInfoType custom_info_types = 6; // List of options defining data content to scan. @@ -371,7 +432,9 @@ message ContentItem { // String data to inspect or redact. string value = 3; - // Structured content for inspection. + // Structured content for inspection. See + // https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to + // learn more. Table table = 4; // Content data to inspect or redact. Replaces `type` and `data`. @@ -380,6 +443,8 @@ message ContentItem { } // Structured content to inspect. Up to 50,000 `Value`s per request allowed. +// See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to +// learn more. message Table { message Row { repeated Value values = 1; @@ -408,16 +473,16 @@ message InspectResult { message Finding { // The content that was found. Even if the content is not textual, it // may be converted to a textual representation here. - // Provided if requested by the `InspectConfig` and the finding is + // Provided if `include_quote` is true and the finding is // less than or equal to 4096 bytes long. If the finding exceeds 4096 bytes // in length, the quote may be omitted. string quote = 1; // The type of content that might have been found. - // Provided if requested by the `InspectConfig`. + // Provided if `excluded_types` is false. InfoType info_type = 2; - // Estimate of how likely it is that the `info_type` is correct. + // Confidence of how likely it is that the `info_type` is correct. Likelihood likelihood = 3; // Where the content was found. @@ -537,8 +602,8 @@ message BoundingBox { int32 height = 4; } -// Request to search for potentially sensitive info in a list of items -// and replace it with a default or provided content. +// Request to search for potentially sensitive info in an image and redact it +// by covering it with a colored rectangle. message RedactImageRequest { // Configuration for determining how redaction of images should occur. message ImageRedactionConfig { @@ -551,7 +616,7 @@ message RedactImageRequest { InfoType info_type = 1; // If true, all text found in the image, regardless whether it matches an - // info_type, is redacted. + // info_type, is redacted. Only one should be provided. bool redact_all_text = 2; } @@ -569,6 +634,10 @@ message RedactImageRequest { // The configuration for specifying what content to redact from images. repeated ImageRedactionConfig image_redaction_configs = 5; + // Whether the response should include findings along with the redacted + // image. + bool include_findings = 6; + // The content must be PNG, JPEG, SVG or BMP. ByteContentItem byte_item = 7; } @@ -594,6 +663,9 @@ message RedactImageResponse { // set to true, then this field will include all text, if any, that was found // in the image. string extracted_text = 2; + + // The findings. Populated when include_findings in the request is true. + InspectResult inspect_result = 3; } // Request to de-identify a list of items. @@ -736,18 +808,27 @@ message OutputStorageConfig { oneof type { // Store findings in an existing table or a new table in an existing - // dataset. Each column in an existing table must have the same name, type, - // and mode of a field in the `Finding` object. If table_id is not set a new - // one will be generated for you with the following format: + // dataset. If table_id is not set a new one will be generated + // for you with the following format: // dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. Pacific timezone will be used for // generating the date details. + // + // For Inspect, each column in an existing output table must have the same + // name, type, and mode of a field in the `Finding` object. + // + // For Risk, an existing output table should be the output of a previous + // Risk analysis job run on the same source table, with the same privacy + // metric and quasi-identifiers. Risk jobs that analyze the same table but + // compute a different privacy metric, or use different sets of + // quasi-identifiers, cannot store their results in the same table. BigQueryTable table = 1; } - // Schema used for writing the findings. Columns are derived from the - // `Finding` object. If appending to an existing table, any columns from the - // predefined schema that are missing will be added. No columns in the - // existing table will be deleted. + // Schema used for writing the findings for Inspect jobs. This field is only + // used for Inspect and must be unspecified for Risk jobs. Columns are derived + // from the `Finding` object. If appending to an existing table, any columns + // from the predefined schema that are missing will be added. No columns in + // the existing table will be deleted. // // If unspecified, then all available columns will be used for a new table, // and no changes will be made to an existing table. @@ -822,7 +903,8 @@ message ListInfoTypesResponse { repeated InfoTypeDescription info_types = 1; } -// Configuration for a risk analysis job. +// Configuration for a risk analysis job. See +// https://cloud.google.com/dlp/docs/concepts-risk-analysis to learn more. message RiskAnalysisJobConfig { // Privacy metric to compute. PrivacyMetric privacy_metric = 1; @@ -835,6 +917,61 @@ message RiskAnalysisJobConfig { repeated Action actions = 3; } +// A column with a semantic tag attached. +message QuasiId { + // Identifies the column. [required] + FieldId field = 1; + + // Semantic tag that identifies what a column contains, to determine which + // statistical model to use to estimate the reidentifiability of each + // value. [required] + oneof tag { + // A column can be tagged with a InfoType to use the relevant public + // dataset as a statistical model of population, if available. We + // currently support US ZIP codes, region codes, ages and genders. + // To programmatically obtain the list of supported InfoTypes, use + // ListInfoTypes with the supported_by=RISK_ANALYSIS filter. + InfoType info_type = 2; + + // A column can be tagged with a custom tag. In this case, the user must + // indicate an auxiliary table that contains statistical information on + // the possible values of this column (below). + string custom_tag = 3; + + // If no semantic tag is indicated, we infer the statistical model from + // the distribution of values in the input data + google.protobuf.Empty inferred = 4; + } +} + +// An auxiliary table containing statistical information on the relative +// frequency of different quasi-identifiers values. It has one or several +// quasi-identifiers columns, and one column that indicates the relative +// frequency of each quasi-identifier tuple. +// If a tuple is present in the data but not in the auxiliary table, the +// corresponding relative frequency is assumed to be zero (and thus, the +// tuple is highly reidentifiable). +message StatisticalTable { + // A quasi-identifier column has a custom_tag, used to know which column + // in the data corresponds to which column in the statistical model. + message QuasiIdentifierField { + FieldId field = 1; + + string custom_tag = 2; + } + + // Auxiliary table location. [required] + BigQueryTable table = 3; + + // Quasi-identifier columns. [required] + repeated QuasiIdentifierField quasi_ids = 1; + + // The relative frequency column must contain a floating-point number + // between 0 and 1 (inclusive). Null values are assumed to be zero. + // [required] + FieldId relative_frequency = 2; +} + // Privacy metric to compute for reidentification risk analysis. message PrivacyMetric { // Compute numerical stats over an individual column, including @@ -965,6 +1102,26 @@ message PrivacyMetric { repeated AuxiliaryTable auxiliary_tables = 3; } + // δ-presence metric, used to estimate how likely it is for an attacker to + // figure out that one given individual appears in a de-identified dataset. + // Similarly to the k-map metric, we cannot compute δ-presence exactly without + // knowing the attack dataset, so we use a statistical model instead. + message DeltaPresenceEstimationConfig { + // Fields considered to be quasi-identifiers. No two fields can have the + // same tag. [required] + repeated QuasiId quasi_ids = 1; + + // ISO 3166-1 alpha-2 region code to use in the statistical modeling. + // Required if no column is tagged with a region-specific InfoType (like + // US_ZIP_5) or a region code. + string region_code = 2; + + // Several auxiliary tables can be used in the analysis. Each custom_tag + // used to tag a quasi-identifiers field must appear in exactly one + // field of one auxiliary table. + repeated StatisticalTable auxiliary_tables = 3; + } + oneof type { NumericalStatsConfig numerical_stats_config = 1; @@ -975,6 +1132,8 @@ message PrivacyMetric { LDiversityConfig l_diversity_config = 4; KMapEstimationConfig k_map_estimation_config = 5; + + DeltaPresenceEstimationConfig delta_presence_estimation_config = 6; } } @@ -1144,6 +1303,63 @@ message AnalyzeDataSourceRiskDetails { repeated KMapEstimationHistogramBucket k_map_estimation_histogram = 1; } + // Result of the δ-presence computation. Note that these results are an + // estimation, not exact values. + message DeltaPresenceEstimationResult { + // A tuple of values for the quasi-identifier columns. + message DeltaPresenceEstimationQuasiIdValues { + // The quasi-identifier values. + repeated Value quasi_ids_values = 1; + + // The estimated probability that a given individual sharing these + // quasi-identifier values is in the dataset. This value, typically called + // δ, is the ratio between the number of records in the dataset with these + // quasi-identifier values, and the total number of individuals (inside + // *and* outside the dataset) with these quasi-identifier values. + // For example, if there are 15 individuals in the dataset who share the + // same quasi-identifier values, and an estimated 100 people in the entire + // population with these values, then δ is 0.15. + double estimated_probability = 2; + } + + // A DeltaPresenceEstimationHistogramBucket message with the following + // values: + // min_probability: 0.1 + // max_probability: 0.2 + // frequency: 42 + // means that there are 42 records for which δ is in [0.1, 0.2). An + // important particular case is when min_probability = max_probability = 1: + // then, every individual who shares this quasi-identifier combination is in + // the dataset. + message DeltaPresenceEstimationHistogramBucket { + // Between 0 and 1. + double min_probability = 1; + + // Always greater than or equal to min_probability. + double max_probability = 2; + + // Number of records within these probability bounds. + int64 bucket_size = 5; + + // Sample of quasi-identifier tuple values in this bucket. The total + // number of classes returned per bucket is capped at 20. + repeated DeltaPresenceEstimationQuasiIdValues bucket_values = 6; + + // Total number of distinct quasi-identifier tuple values in this bucket. + int64 bucket_value_count = 7; + } + + // The intervals [min_probability, max_probability) do not overlap. If a + // value doesn't correspond to any such interval, the associated frequency + // is zero. For example, the following records: + // {min_probability: 0, max_probability: 0.1, frequency: 17} + // {min_probability: 0.2, max_probability: 0.3, frequency: 42} + // {min_probability: 0.3, max_probability: 0.4, frequency: 99} + // mean that there are no record with an estimated probability in [0.1, 0.2) + // nor larger or equal to 0.4. + repeated DeltaPresenceEstimationHistogramBucket delta_presence_estimation_histogram = 1; + } + // Privacy metric to compute. PrivacyMetric requested_privacy_metric = 1; @@ -1161,6 +1377,8 @@ message AnalyzeDataSourceRiskDetails { LDiversityResult l_diversity_result = 6; KMapEstimationResult k_map_estimation_result = 7; + + DeltaPresenceEstimationResult delta_presence_estimation_result = 9; } } @@ -1395,6 +1613,8 @@ message CharacterMaskConfig { // If the bound Value type differs from the type of data // being transformed, we will first attempt converting the type of the data to // be transformed to match the type of the bound before comparing. +// +// See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. message FixedSizeBucketingConfig { // Lower bound value of buckets. All values less than `lower_bound` are // grouped together into a single bucket; for example if `lower_bound` = 10, @@ -1422,6 +1642,7 @@ message FixedSizeBucketingConfig { // If the bound `Value` type differs from the type of data being transformed, we // will first attempt converting the type of the data to be transformed to match // the type of the bound before comparing. +// See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. message BucketingConfig { // Bucket is represented as a range, along with replacement values. message Bucket { @@ -1450,7 +1671,7 @@ message BucketingConfig { // replaced with the same surrogate. // Identifiers must be at least two characters long. // In the case that the identifier is the empty string, it will be skipped. -// See [Pseudonymization](/dlp/docs/pseudonymization) for example usage. +// See https://cloud.google.com/dlp/docs/pseudonymization to learn more. message CryptoReplaceFfxFpeConfig { // These are commonly used subsets of the alphabet that the FFX mode // natively supports. In the algorithm, the alphabet is selected using @@ -1587,7 +1808,8 @@ message KmsWrappedCryptoKey { } // Shifts dates by random number of days, with option to be consistent for the -// same context. +// same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting +// to learn more. message DateShiftConfig { // Range of shift in days. Actual shift will be selected at random within this // range (inclusive ends). Negative means shift to earlier in time. Must not @@ -1623,8 +1845,9 @@ message InfoTypeTransformations { // A transformation to apply to text that is identified as a specific // info_type. message InfoTypeTransformation { - // InfoTypes to apply the transformation to. Empty list will match all - // available infoTypes for this transformation. + // InfoTypes to apply the transformation to. An empty list will cause + // this transformation to apply to all findings that correspond to + // infoTypes that were requested in `InspectConfig`. repeated InfoType info_types = 1; // Primitive transformation to apply to the infoType. [required] @@ -1801,20 +2024,21 @@ message TransformationSummary { message Schedule { oneof option { // With this option a job is started a regular periodic basis. For - // example: every 10 minutes. + // example: every day (86400 seconds). // // A scheduled start time will be skipped if the previous // execution has not ended when its scheduled time occurs. // // This value must be set to a time duration greater than or equal - // to 60 minutes and can be no longer than 60 days. + // to 1 day and can be no longer than 60 days. google.protobuf.Duration recurrence_period_duration = 1; } } // The inspectTemplate contains a configuration (set of types of sensitive data // to be detected) to be used anywhere you otherwise would normally specify -// InspectConfig. +// InspectConfig. See https://cloud.google.com/dlp/docs/concepts-templates +// to learn more. message InspectTemplate { // The template name. Output only. // @@ -1840,6 +2064,7 @@ message InspectTemplate { } // The DeidentifyTemplates contains instructions on how to deidentify content. +// See https://cloud.google.com/dlp/docs/concepts-templates to learn more. message DeidentifyTemplate { // The template name. Output only. // @@ -1875,6 +2100,7 @@ message Error { } // Contains a configuration to make dlp api calls on a repeating basis. +// See https://cloud.google.com/dlp/docs/concepts-job-triggers to learn more. message JobTrigger { // What event needs to occur for a new job to be started. message Trigger { @@ -1942,11 +2168,12 @@ message JobTrigger { } // A task to execute on the completion of a job. +// See https://cloud.google.com/dlp/docs/concepts-actions to learn more. message Action { // If set, the detailed findings will be persisted to the specified // OutputStorageConfig. Only a single instance of this action can be // specified. - // Compatible with: Inspect + // Compatible with: Inspect, Risk message SaveFindings { OutputStorageConfig output_config = 1; } @@ -2116,30 +2343,29 @@ message CreateDlpJobRequest { // Request message for ListJobTriggers. message ListJobTriggersRequest { - // The parent resource name, for example projects/my-project-id. + // The parent resource name, for example `projects/my-project-id`. string parent = 1; // Optional page token to continue retrieval. Comes from previous call - // to ListJobTriggers. `order_by` and `filter` should not change for - // subsequent calls, but can be omitted if token is specified. + // to ListJobTriggers. `order_by` field must not + // change for subsequent calls. string page_token = 2; // Optional size of the page, can be limited by a server. int32 page_size = 3; // Optional comma separated list of triggeredJob fields to order by, - // followed by 'asc/desc' postfix, i.e. - // `"create_time asc,name desc,schedule_mode asc"`. This list is - // case-insensitive. + // followed by `asc` or `desc` postfix. This list is case-insensitive, + // default sorting order is ascending, redundant space characters are + // insignificant. // - // Example: `"name asc,schedule_mode desc, status desc"` + // Example: `name asc,update_time, create_time desc` // - // Supported filters keys and values are: + // Supported fields are: // // - `create_time`: corresponds to time the triggeredJob was created. // - `update_time`: corresponds to time the triggeredJob was last updated. - // - `name`: corresponds to JobTrigger's display name. - // - `status`: corresponds to the triggeredJob status. + // - `name`: corresponds to JobTrigger's name. string order_by = 4; } diff --git a/google/privacy/dlp/v2/storage.proto b/google/privacy/dlp/v2/storage.proto index cb8e9c97..5c2ca503 100644 --- a/google/privacy/dlp/v2/storage.proto +++ b/google/privacy/dlp/v2/storage.proto @@ -29,7 +29,10 @@ option php_namespace = "Google\\Cloud\\Dlp\\V2"; // Type of information detected by the API. message InfoType { - // Name of the information type. + // Name of the information type. Either a name of your choosing when + // creating a CustomInfoType, or one of the names listed + // at https://cloud.google.com/dlp/docs/infotypes-reference when specifying + // a built-in type. string name = 1; } @@ -86,13 +89,13 @@ message CustomInfoType { // These types of transformations are // those that perform pseudonymization, thereby producing a "surrogate" as // output. This should be used in conjunction with a field on the - // transformation such as `surrogate_info_type`. This custom info type does + // transformation such as `surrogate_info_type`. This CustomInfoType does // not support the use of `detection_rules`. message SurrogateType { } - // Rule for modifying a custom info type to alter behavior under certain + // Rule for modifying a CustomInfoType to alter behavior under certain // circumstances, depending on the specific details of the rule. Not supported // for the `surrogate_type` custom info type. message DetectionRule { @@ -125,10 +128,10 @@ message CustomInfoType { } } - // Detection rule that adjusts the likelihood of findings within a certain + // The rule that adjusts the likelihood of findings within a certain // proximity of hotwords. message HotwordRule { - // Regex pattern defining what qualifies as a hotword. + // Regular expression pattern defining what qualifies as a hotword. Regex hotword_regex = 1; // Proximity of the finding within which the entire hotword must reside. @@ -151,29 +154,30 @@ message CustomInfoType { } } - // Info type configuration. All custom info types must have configurations - // that do not conflict with built-in info types or other custom info types. + // All CustomInfoTypes must have a name + // that does not conflict with built-in InfoTypes or other CustomInfoTypes. InfoType info_type = 1; - // Likelihood to return for this custom info type. This base value can be + // Likelihood to return for this CustomInfoType. This base value can be // altered by a detection rule if the finding meets the criteria specified by // the rule. Defaults to `VERY_LIKELY` if not specified. Likelihood likelihood = 6; oneof type { - // Dictionary-based custom info type. + // A list of phrases to detect as a CustomInfoType. Dictionary dictionary = 2; - // Regex-based custom info type. + // Regular expression based CustomInfoType. Regex regex = 3; - // Surrogate info type. + // Message for detecting output from deidentification transformations that + // support reversing. SurrogateType surrogate_type = 4; } - // Set of detection rules to apply to all findings of this custom info type. + // Set of detection rules to apply to all findings of this CustomInfoType. // Rules are applied in order that they are specified. Not supported for the - // `surrogate_type` custom info type. + // `surrogate_type` CustomInfoType. repeated DetectionRule detection_rules = 7; } @@ -438,7 +442,7 @@ message EntityId { // Categorization of results based on how likely they are to represent a match, // based on the number of elements they contain which imply a match. enum Likelihood { - // Default value; information with all likelihoods is included. + // Default value; same as POSSIBLE. LIKELIHOOD_UNSPECIFIED = 0; // Few matching elements.