docs: update generated docs (#981)
diff --git a/docs/dyn/dlp_v2.projects.locations.deidentifyTemplates.html b/docs/dyn/dlp_v2.projects.locations.deidentifyTemplates.html
index 8470d93..c48eb49 100644
--- a/docs/dyn/dlp_v2.projects.locations.deidentifyTemplates.html
+++ b/docs/dyn/dlp_v2.projects.locations.deidentifyTemplates.html
@@ -75,7 +75,7 @@
<h1><a href="dlp_v2.html">Cloud Data Loss Prevention (DLP) API</a> . <a href="dlp_v2.projects.html">projects</a> . <a href="dlp_v2.projects.locations.html">locations</a> . <a href="dlp_v2.projects.locations.deidentifyTemplates.html">deidentifyTemplates</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
- <code><a href="#create">create(parent, locationId, body=None, x__xgafv=None)</a></code></p>
+ <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Creates a DeidentifyTemplate for re-using frequently used configuration</p>
<p class="toc_element">
<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
@@ -84,7 +84,7 @@
<code><a href="#get">get(name, x__xgafv=None)</a></code></p>
<p class="firstline">Gets a DeidentifyTemplate.</p>
<p class="toc_element">
- <code><a href="#list">list(parent, locationId, pageSize=None, orderBy=None, pageToken=None, x__xgafv=None)</a></code></p>
+ <code><a href="#list">list(parent, pageSize=None, locationId=None, orderBy=None, pageToken=None, x__xgafv=None)</a></code></p>
<p class="firstline">Lists DeidentifyTemplates.</p>
<p class="toc_element">
<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
@@ -94,17 +94,18 @@
<p class="firstline">Updates the DeidentifyTemplate.</p>
<h3>Method Details</h3>
<div class="method">
- <code class="details" id="create">create(parent, locationId, body=None, x__xgafv=None)</code>
+ <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>
<pre>Creates a DeidentifyTemplate for re-using frequently used configuration
for de-identifying content, images, and storage.
See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
more.
Args:
- parent: string, Required. The parent resource name, for example projects/my-project-id or
-organizations/my-org-id. (required)
- locationId: string, The geographic location to store the deidentification template. Reserved
-for future extensions. (required)
+ parent: string, Required. Parent resource name.
+- Format:projects/[PROJECT-ID]
+- Format:organizations/[ORGANIZATION-ID]
+- Format:projects/[PROJECT-ID]/locations/[LOCATION-ID]
+- Format:organizations/[ORGANIZATION-ID]/locations/[LOCATION-ID] (required)
body: object, The request body.
The object takes the form of:
@@ -120,10 +121,6 @@
# The template will have one of the following formats:
# `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR
# `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
- "description": "A String", # Short description (max 256 chars).
- "displayName": "A String", # Display name (max 256 chars).
- "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.
- "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.
"deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
"infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
# transformation everywhere.
@@ -134,11 +131,18 @@
# for a given infoType.
{ # A transformation to apply to text that is identified as a specific
# info_type.
- "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
+ "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
+ # this transformation to apply to all findings that correspond to
+ # infoTypes that were requested in `InspectConfig`.
+ { # Type of information detected by the API.
+ "name": "A String", # Name of the information type. Either a name of your choosing when
+ # creating a CustomInfoType, or one of the names listed
+ # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ ],
+ "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -152,7 +156,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -160,10 +163,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -181,10 +180,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -197,10 +248,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -218,8 +265,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -245,7 +436,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -261,9 +452,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -286,16 +478,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -313,19 +510,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -361,38 +575,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -410,6 +600,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -423,13 +617,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -441,29 +648,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -472,6 +706,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -483,269 +731,20 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
- "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
- # this transformation to apply to all findings that correspond to
- # infoTypes that were requested in `InspectConfig`.
- { # Type of information detected by the API.
- "name": "A String", # Name of the information type. Either a name of your choosing when
- # creating a CustomInfoType, or one of the names listed
- # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- ],
},
],
},
@@ -758,25 +757,103 @@
# Information about any incompatible transformations, and how they were
# handled, is returned in the response as part of the
# `TransformationOverviews`.
- "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error
- },
"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would # Ignore errors
# cause an error. For example, if a `DateShift` transformation were applied
# an an IP address, this mode would leave the IP address unchanged in the
# response.
},
+ "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error
+ },
},
"recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
# specific locations within structured datasets, such as transforming
# a column within a table.
# table.
+ "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that
+ # match any suppression rule are omitted from the output.
+ { # Configuration to suppress records whose suppression conditions evaluate to
+ # true.
+ "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
+ # evaluated to be suppressed from the transformed content.
+ # a field.
+ "expressions": { # An expression, consisting or an operator and conditions. # An expression.
+ "conditions": { # A collection of conditions. # Conditions to apply to the expression.
+ "conditions": [ # A collection of conditions.
+ { # The field type of `value` and `field` do not need to match to be
+ # considered equal, but not all comparisons are possible.
+ # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
+ # but all other comparisons are invalid with incompatible types.
+ # A `value` of type:
+ #
+ # - `string` can be compared against all other types
+ # - `boolean` can only be compared against other booleans
+ # - `integer` can be compared against doubles or a string if the string value
+ # can be parsed as an integer.
+ # - `double` can be compared against integers or a string if the string can
+ # be parsed as a double.
+ # - `Timestamp` can be compared against strings in RFC 3339 date string
+ # format.
+ # - `TimeOfDay` can be compared against timestamps and strings in the format
+ # of 'HH:mm:ss'.
+ #
+ # If we fail to compare do to type mismatch, a warning will be given and
+ # the condition will evaluate to false.
+ "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
+ "name": "A String", # Name describing the field.
+ },
+ "value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "operator": "A String", # Required. Operator used to compare the field or infoType to the value.
+ },
+ ],
+ },
+ "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
+ # only supported value is `AND`.
+ },
+ },
+ },
+ ],
"fieldTransformations": [ # Transform the record by applying various field transformations.
{ # The transformation to apply to the field.
- "fields": [ # Required. Input field(s) to apply the transformation to.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
"infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
# transform content that matches an `InfoType`.
# apply various `PrimitiveTransformation`s to each finding, where the
@@ -786,11 +863,18 @@
# for a given infoType.
{ # A transformation to apply to text that is identified as a specific
# info_type.
- "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
+ "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
+ # this transformation to apply to all findings that correspond to
+ # infoTypes that were requested in `InspectConfig`.
+ { # Type of information detected by the API.
+ "name": "A String", # Name of the information type. Either a name of your choosing when
+ # creating a CustomInfoType, or one of the names listed
+ # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ ],
+ "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -804,7 +888,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -812,10 +895,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -833,10 +912,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -849,10 +980,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -870,8 +997,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -897,7 +1168,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -913,9 +1184,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -938,16 +1210,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -965,19 +1242,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -1013,38 +1307,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -1062,6 +1332,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -1075,13 +1349,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -1093,29 +1380,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -1124,6 +1438,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -1135,277 +1463,24 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
- "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
- # this transformation to apply to all findings that correspond to
- # infoTypes that were requested in `InspectConfig`.
- { # Type of information detected by the API.
- "name": "A String", # Name of the information type. Either a name of your choosing when
- # creating a CustomInfoType, or one of the names listed
- # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- ],
},
],
},
"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
- },
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -1419,7 +1494,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -1427,10 +1501,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -1448,10 +1518,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -1464,10 +1586,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -1485,8 +1603,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -1512,7 +1774,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -1528,9 +1790,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -1553,16 +1816,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -1580,19 +1848,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -1628,38 +1913,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -1677,6 +1938,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -1690,13 +1955,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -1708,29 +1986,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -1739,6 +2044,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -1750,257 +2069,19 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
"condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
# given `RecordCondition`. The conditions are allowed to reference fields
@@ -2013,8 +2094,6 @@
# - Redact a field if the date of birth field is greater than 85.
# a field.
"expressions": { # An expression, consisting or an operator and conditions. # An expression.
- "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
- # only supported value is `AND`.
"conditions": { # A collection of conditions. # Conditions to apply to the expression.
"conditions": [ # A collection of conditions.
{ # The field type of `value` and `field` do not need to match to be
@@ -2036,12 +2115,29 @@
#
# If we fail to compare do to type mismatch, a warning will be given and
# the condition will evaluate to false.
+ "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
+ "name": "A String", # Name describing the field.
+ },
"value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -2053,129 +2149,39 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
- "name": "A String", # Name describing the field.
},
"operator": "A String", # Required. Operator used to compare the field or infoType to the value.
},
],
},
- },
- },
- },
- ],
- "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that
- # match any suppression rule are omitted from the output.
- { # Configuration to suppress records whose suppression conditions evaluate to
- # true.
- "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
- # evaluated to be suppressed from the transformed content.
- # a field.
- "expressions": { # An expression, consisting or an operator and conditions. # An expression.
"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
# only supported value is `AND`.
- "conditions": { # A collection of conditions. # Conditions to apply to the expression.
- "conditions": [ # A collection of conditions.
- { # The field type of `value` and `field` do not need to match to be
- # considered equal, but not all comparisons are possible.
- # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
- # but all other comparisons are invalid with incompatible types.
- # A `value` of type:
- #
- # - `string` can be compared against all other types
- # - `boolean` can only be compared against other booleans
- # - `integer` can be compared against doubles or a string if the string value
- # can be parsed as an integer.
- # - `double` can be compared against integers or a string if the string can
- # be parsed as a double.
- # - `Timestamp` can be compared against strings in RFC 3339 date string
- # format.
- # - `TimeOfDay` can be compared against timestamps and strings in the format
- # of 'HH:mm:ss'.
- #
- # If we fail to compare do to type mismatch, a warning will be given and
- # the condition will evaluate to false.
- "value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
- "name": "A String", # Name describing the field.
- },
- "operator": "A String", # Required. Operator used to compare the field or infoType to the value.
- },
- ],
- },
},
},
+ "fields": [ # Required. Input field(s) to apply the transformation to.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
},
],
},
},
+ "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.
+ "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.
+ "description": "A String", # Short description (max 256 chars).
+ "displayName": "A String", # Display name (max 256 chars).
},
- "locationId": "A String", # The geographic location to store the deidentification template. Reserved
- # for future extensions.
+ "locationId": "A String", # Deprecated. This field has no effect.
}
x__xgafv: string, V1 error format.
@@ -2193,10 +2199,6 @@
# The template will have one of the following formats:
# `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR
# `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
- "description": "A String", # Short description (max 256 chars).
- "displayName": "A String", # Display name (max 256 chars).
- "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.
- "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.
"deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
"infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
# transformation everywhere.
@@ -2207,11 +2209,18 @@
# for a given infoType.
{ # A transformation to apply to text that is identified as a specific
# info_type.
- "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
+ "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
+ # this transformation to apply to all findings that correspond to
+ # infoTypes that were requested in `InspectConfig`.
+ { # Type of information detected by the API.
+ "name": "A String", # Name of the information type. Either a name of your choosing when
+ # creating a CustomInfoType, or one of the names listed
+ # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ ],
+ "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -2225,7 +2234,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -2233,10 +2241,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -2254,10 +2258,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -2270,10 +2326,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -2291,8 +2343,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -2318,7 +2514,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -2334,9 +2530,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -2359,16 +2556,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -2386,19 +2588,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -2434,38 +2653,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -2483,6 +2678,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -2496,13 +2695,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -2514,29 +2726,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -2545,6 +2784,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -2556,269 +2809,20 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
- "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
- # this transformation to apply to all findings that correspond to
- # infoTypes that were requested in `InspectConfig`.
- { # Type of information detected by the API.
- "name": "A String", # Name of the information type. Either a name of your choosing when
- # creating a CustomInfoType, or one of the names listed
- # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- ],
},
],
},
@@ -2831,25 +2835,103 @@
# Information about any incompatible transformations, and how they were
# handled, is returned in the response as part of the
# `TransformationOverviews`.
- "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error
- },
"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would # Ignore errors
# cause an error. For example, if a `DateShift` transformation were applied
# an an IP address, this mode would leave the IP address unchanged in the
# response.
},
+ "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error
+ },
},
"recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
# specific locations within structured datasets, such as transforming
# a column within a table.
# table.
+ "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that
+ # match any suppression rule are omitted from the output.
+ { # Configuration to suppress records whose suppression conditions evaluate to
+ # true.
+ "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
+ # evaluated to be suppressed from the transformed content.
+ # a field.
+ "expressions": { # An expression, consisting or an operator and conditions. # An expression.
+ "conditions": { # A collection of conditions. # Conditions to apply to the expression.
+ "conditions": [ # A collection of conditions.
+ { # The field type of `value` and `field` do not need to match to be
+ # considered equal, but not all comparisons are possible.
+ # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
+ # but all other comparisons are invalid with incompatible types.
+ # A `value` of type:
+ #
+ # - `string` can be compared against all other types
+ # - `boolean` can only be compared against other booleans
+ # - `integer` can be compared against doubles or a string if the string value
+ # can be parsed as an integer.
+ # - `double` can be compared against integers or a string if the string can
+ # be parsed as a double.
+ # - `Timestamp` can be compared against strings in RFC 3339 date string
+ # format.
+ # - `TimeOfDay` can be compared against timestamps and strings in the format
+ # of 'HH:mm:ss'.
+ #
+ # If we fail to compare do to type mismatch, a warning will be given and
+ # the condition will evaluate to false.
+ "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
+ "name": "A String", # Name describing the field.
+ },
+ "value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "operator": "A String", # Required. Operator used to compare the field or infoType to the value.
+ },
+ ],
+ },
+ "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
+ # only supported value is `AND`.
+ },
+ },
+ },
+ ],
"fieldTransformations": [ # Transform the record by applying various field transformations.
{ # The transformation to apply to the field.
- "fields": [ # Required. Input field(s) to apply the transformation to.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
"infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
# transform content that matches an `InfoType`.
# apply various `PrimitiveTransformation`s to each finding, where the
@@ -2859,11 +2941,18 @@
# for a given infoType.
{ # A transformation to apply to text that is identified as a specific
# info_type.
- "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
+ "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
+ # this transformation to apply to all findings that correspond to
+ # infoTypes that were requested in `InspectConfig`.
+ { # Type of information detected by the API.
+ "name": "A String", # Name of the information type. Either a name of your choosing when
+ # creating a CustomInfoType, or one of the names listed
+ # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ ],
+ "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -2877,7 +2966,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -2885,10 +2973,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -2906,10 +2990,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -2922,10 +3058,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -2943,8 +3075,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -2970,7 +3246,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -2986,9 +3262,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -3011,16 +3288,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -3038,19 +3320,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -3086,38 +3385,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -3135,6 +3410,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -3148,13 +3427,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -3166,29 +3458,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -3197,6 +3516,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -3208,277 +3541,24 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
- "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
- # this transformation to apply to all findings that correspond to
- # infoTypes that were requested in `InspectConfig`.
- { # Type of information detected by the API.
- "name": "A String", # Name of the information type. Either a name of your choosing when
- # creating a CustomInfoType, or one of the names listed
- # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- ],
},
],
},
"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
- },
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -3492,7 +3572,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -3500,10 +3579,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -3521,10 +3596,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -3537,10 +3664,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -3558,8 +3681,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -3585,7 +3852,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -3601,9 +3868,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -3626,16 +3894,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -3653,19 +3926,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -3701,38 +3991,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -3750,6 +4016,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -3763,13 +4033,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -3781,29 +4064,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -3812,6 +4122,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -3823,257 +4147,19 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
"condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
# given `RecordCondition`. The conditions are allowed to reference fields
@@ -4086,8 +4172,6 @@
# - Redact a field if the date of birth field is greater than 85.
# a field.
"expressions": { # An expression, consisting or an operator and conditions. # An expression.
- "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
- # only supported value is `AND`.
"conditions": { # A collection of conditions. # Conditions to apply to the expression.
"conditions": [ # A collection of conditions.
{ # The field type of `value` and `field` do not need to match to be
@@ -4109,12 +4193,29 @@
#
# If we fail to compare do to type mismatch, a warning will be given and
# the condition will evaluate to false.
+ "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
+ "name": "A String", # Name describing the field.
+ },
"value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -4126,126 +4227,37 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
- "name": "A String", # Name describing the field.
},
"operator": "A String", # Required. Operator used to compare the field or infoType to the value.
},
],
},
- },
- },
- },
- ],
- "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that
- # match any suppression rule are omitted from the output.
- { # Configuration to suppress records whose suppression conditions evaluate to
- # true.
- "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
- # evaluated to be suppressed from the transformed content.
- # a field.
- "expressions": { # An expression, consisting or an operator and conditions. # An expression.
"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
# only supported value is `AND`.
- "conditions": { # A collection of conditions. # Conditions to apply to the expression.
- "conditions": [ # A collection of conditions.
- { # The field type of `value` and `field` do not need to match to be
- # considered equal, but not all comparisons are possible.
- # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
- # but all other comparisons are invalid with incompatible types.
- # A `value` of type:
- #
- # - `string` can be compared against all other types
- # - `boolean` can only be compared against other booleans
- # - `integer` can be compared against doubles or a string if the string value
- # can be parsed as an integer.
- # - `double` can be compared against integers or a string if the string can
- # be parsed as a double.
- # - `Timestamp` can be compared against strings in RFC 3339 date string
- # format.
- # - `TimeOfDay` can be compared against timestamps and strings in the format
- # of 'HH:mm:ss'.
- #
- # If we fail to compare do to type mismatch, a warning will be given and
- # the condition will evaluate to false.
- "value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
- "name": "A String", # Name describing the field.
- },
- "operator": "A String", # Required. Operator used to compare the field or infoType to the value.
- },
- ],
- },
},
},
+ "fields": [ # Required. Input field(s) to apply the transformation to.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
},
],
},
},
+ "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.
+ "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.
+ "description": "A String", # Short description (max 256 chars).
+ "displayName": "A String", # Display name (max 256 chars).
}</pre>
</div>
@@ -4304,10 +4316,6 @@
# The template will have one of the following formats:
# `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR
# `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
- "description": "A String", # Short description (max 256 chars).
- "displayName": "A String", # Display name (max 256 chars).
- "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.
- "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.
"deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
"infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
# transformation everywhere.
@@ -4318,11 +4326,18 @@
# for a given infoType.
{ # A transformation to apply to text that is identified as a specific
# info_type.
- "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
+ "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
+ # this transformation to apply to all findings that correspond to
+ # infoTypes that were requested in `InspectConfig`.
+ { # Type of information detected by the API.
+ "name": "A String", # Name of the information type. Either a name of your choosing when
+ # creating a CustomInfoType, or one of the names listed
+ # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ ],
+ "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -4336,7 +4351,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -4344,10 +4358,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -4365,10 +4375,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -4381,10 +4443,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -4402,8 +4460,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -4429,7 +4631,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -4445,9 +4647,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -4470,16 +4673,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -4497,19 +4705,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -4545,38 +4770,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -4594,6 +4795,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -4607,13 +4812,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -4625,29 +4843,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -4656,6 +4901,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -4667,269 +4926,20 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
- "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
- # this transformation to apply to all findings that correspond to
- # infoTypes that were requested in `InspectConfig`.
- { # Type of information detected by the API.
- "name": "A String", # Name of the information type. Either a name of your choosing when
- # creating a CustomInfoType, or one of the names listed
- # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- ],
},
],
},
@@ -4942,25 +4952,103 @@
# Information about any incompatible transformations, and how they were
# handled, is returned in the response as part of the
# `TransformationOverviews`.
- "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error
- },
"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would # Ignore errors
# cause an error. For example, if a `DateShift` transformation were applied
# an an IP address, this mode would leave the IP address unchanged in the
# response.
},
+ "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error
+ },
},
"recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
# specific locations within structured datasets, such as transforming
# a column within a table.
# table.
+ "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that
+ # match any suppression rule are omitted from the output.
+ { # Configuration to suppress records whose suppression conditions evaluate to
+ # true.
+ "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
+ # evaluated to be suppressed from the transformed content.
+ # a field.
+ "expressions": { # An expression, consisting or an operator and conditions. # An expression.
+ "conditions": { # A collection of conditions. # Conditions to apply to the expression.
+ "conditions": [ # A collection of conditions.
+ { # The field type of `value` and `field` do not need to match to be
+ # considered equal, but not all comparisons are possible.
+ # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
+ # but all other comparisons are invalid with incompatible types.
+ # A `value` of type:
+ #
+ # - `string` can be compared against all other types
+ # - `boolean` can only be compared against other booleans
+ # - `integer` can be compared against doubles or a string if the string value
+ # can be parsed as an integer.
+ # - `double` can be compared against integers or a string if the string can
+ # be parsed as a double.
+ # - `Timestamp` can be compared against strings in RFC 3339 date string
+ # format.
+ # - `TimeOfDay` can be compared against timestamps and strings in the format
+ # of 'HH:mm:ss'.
+ #
+ # If we fail to compare do to type mismatch, a warning will be given and
+ # the condition will evaluate to false.
+ "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
+ "name": "A String", # Name describing the field.
+ },
+ "value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "operator": "A String", # Required. Operator used to compare the field or infoType to the value.
+ },
+ ],
+ },
+ "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
+ # only supported value is `AND`.
+ },
+ },
+ },
+ ],
"fieldTransformations": [ # Transform the record by applying various field transformations.
{ # The transformation to apply to the field.
- "fields": [ # Required. Input field(s) to apply the transformation to.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
"infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
# transform content that matches an `InfoType`.
# apply various `PrimitiveTransformation`s to each finding, where the
@@ -4970,11 +5058,18 @@
# for a given infoType.
{ # A transformation to apply to text that is identified as a specific
# info_type.
- "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
+ "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
+ # this transformation to apply to all findings that correspond to
+ # infoTypes that were requested in `InspectConfig`.
+ { # Type of information detected by the API.
+ "name": "A String", # Name of the information type. Either a name of your choosing when
+ # creating a CustomInfoType, or one of the names listed
+ # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ ],
+ "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -4988,7 +5083,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -4996,10 +5090,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -5017,10 +5107,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -5033,10 +5175,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -5054,8 +5192,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -5081,7 +5363,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -5097,9 +5379,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -5122,16 +5405,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -5149,19 +5437,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -5197,38 +5502,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -5246,6 +5527,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -5259,13 +5544,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -5277,29 +5575,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -5308,6 +5633,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -5319,277 +5658,24 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
- "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
- # this transformation to apply to all findings that correspond to
- # infoTypes that were requested in `InspectConfig`.
- { # Type of information detected by the API.
- "name": "A String", # Name of the information type. Either a name of your choosing when
- # creating a CustomInfoType, or one of the names listed
- # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- ],
},
],
},
"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
- },
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -5603,7 +5689,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -5611,10 +5696,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -5632,10 +5713,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -5648,10 +5781,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -5669,8 +5798,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -5696,7 +5969,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -5712,9 +5985,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -5737,16 +6011,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -5764,19 +6043,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -5812,38 +6108,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -5861,6 +6133,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -5874,13 +6150,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -5892,29 +6181,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -5923,6 +6239,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -5934,257 +6264,19 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
"condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
# given `RecordCondition`. The conditions are allowed to reference fields
@@ -6197,8 +6289,6 @@
# - Redact a field if the date of birth field is greater than 85.
# a field.
"expressions": { # An expression, consisting or an operator and conditions. # An expression.
- "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
- # only supported value is `AND`.
"conditions": { # A collection of conditions. # Conditions to apply to the expression.
"conditions": [ # A collection of conditions.
{ # The field type of `value` and `field` do not need to match to be
@@ -6220,12 +6310,29 @@
#
# If we fail to compare do to type mismatch, a warning will be given and
# the condition will evaluate to false.
+ "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
+ "name": "A String", # Name describing the field.
+ },
"value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -6237,142 +6344,55 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
- "name": "A String", # Name describing the field.
},
"operator": "A String", # Required. Operator used to compare the field or infoType to the value.
},
],
},
- },
- },
- },
- ],
- "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that
- # match any suppression rule are omitted from the output.
- { # Configuration to suppress records whose suppression conditions evaluate to
- # true.
- "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
- # evaluated to be suppressed from the transformed content.
- # a field.
- "expressions": { # An expression, consisting or an operator and conditions. # An expression.
"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
# only supported value is `AND`.
- "conditions": { # A collection of conditions. # Conditions to apply to the expression.
- "conditions": [ # A collection of conditions.
- { # The field type of `value` and `field` do not need to match to be
- # considered equal, but not all comparisons are possible.
- # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
- # but all other comparisons are invalid with incompatible types.
- # A `value` of type:
- #
- # - `string` can be compared against all other types
- # - `boolean` can only be compared against other booleans
- # - `integer` can be compared against doubles or a string if the string value
- # can be parsed as an integer.
- # - `double` can be compared against integers or a string if the string can
- # be parsed as a double.
- # - `Timestamp` can be compared against strings in RFC 3339 date string
- # format.
- # - `TimeOfDay` can be compared against timestamps and strings in the format
- # of 'HH:mm:ss'.
- #
- # If we fail to compare do to type mismatch, a warning will be given and
- # the condition will evaluate to false.
- "value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
- "name": "A String", # Name describing the field.
- },
- "operator": "A String", # Required. Operator used to compare the field or infoType to the value.
- },
- ],
- },
},
},
+ "fields": [ # Required. Input field(s) to apply the transformation to.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
},
],
},
},
+ "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.
+ "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.
+ "description": "A String", # Short description (max 256 chars).
+ "displayName": "A String", # Display name (max 256 chars).
}</pre>
</div>
<div class="method">
- <code class="details" id="list">list(parent, locationId, pageSize=None, orderBy=None, pageToken=None, x__xgafv=None)</code>
+ <code class="details" id="list">list(parent, pageSize=None, locationId=None, orderBy=None, pageToken=None, x__xgafv=None)</code>
<pre>Lists DeidentifyTemplates.
See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
more.
Args:
- parent: string, Required. The parent resource name, for example projects/my-project-id or
-organizations/my-org-id. (required)
- locationId: string, The geographic location where deidentifications templates will be retrieved
-from. Use `-` for all locations. Reserved for future extensions. (required)
+ parent: string, Required. Parent resource name.
+- Format:projects/[PROJECT-ID]
+- Format:organizations/[ORGANIZATION-ID]
+- Format:projects/[PROJECT-ID]/locations/[LOCATION-ID]
+- Format:organizations/[ORGANIZATION-ID]/locations/[LOCATION-ID] (required)
pageSize: integer, Size of the page, can be limited by server. If zero server returns
a page of max size 100.
+ locationId: string, Deprecated. This field has no effect.
orderBy: string, Comma separated list of fields to order by,
followed by `asc` or `desc` postfix. This list is case-insensitive,
default sorting order is ascending, redundant space characters are
@@ -6408,10 +6428,6 @@
# The template will have one of the following formats:
# `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR
# `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
- "description": "A String", # Short description (max 256 chars).
- "displayName": "A String", # Display name (max 256 chars).
- "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.
- "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.
"deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
"infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
# transformation everywhere.
@@ -6422,11 +6438,18 @@
# for a given infoType.
{ # A transformation to apply to text that is identified as a specific
# info_type.
- "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
+ "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
+ # this transformation to apply to all findings that correspond to
+ # infoTypes that were requested in `InspectConfig`.
+ { # Type of information detected by the API.
+ "name": "A String", # Name of the information type. Either a name of your choosing when
+ # creating a CustomInfoType, or one of the names listed
+ # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ ],
+ "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -6440,7 +6463,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -6448,10 +6470,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -6469,10 +6487,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -6485,10 +6555,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -6506,8 +6572,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -6533,7 +6743,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -6549,9 +6759,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -6574,16 +6785,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -6601,19 +6817,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -6649,38 +6882,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -6698,6 +6907,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -6711,13 +6924,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -6729,29 +6955,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -6760,6 +7013,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -6771,269 +7038,20 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
- "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
- # this transformation to apply to all findings that correspond to
- # infoTypes that were requested in `InspectConfig`.
- { # Type of information detected by the API.
- "name": "A String", # Name of the information type. Either a name of your choosing when
- # creating a CustomInfoType, or one of the names listed
- # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- ],
},
],
},
@@ -7046,25 +7064,103 @@
# Information about any incompatible transformations, and how they were
# handled, is returned in the response as part of the
# `TransformationOverviews`.
- "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error
- },
"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would # Ignore errors
# cause an error. For example, if a `DateShift` transformation were applied
# an an IP address, this mode would leave the IP address unchanged in the
# response.
},
+ "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error
+ },
},
"recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
# specific locations within structured datasets, such as transforming
# a column within a table.
# table.
+ "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that
+ # match any suppression rule are omitted from the output.
+ { # Configuration to suppress records whose suppression conditions evaluate to
+ # true.
+ "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
+ # evaluated to be suppressed from the transformed content.
+ # a field.
+ "expressions": { # An expression, consisting or an operator and conditions. # An expression.
+ "conditions": { # A collection of conditions. # Conditions to apply to the expression.
+ "conditions": [ # A collection of conditions.
+ { # The field type of `value` and `field` do not need to match to be
+ # considered equal, but not all comparisons are possible.
+ # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
+ # but all other comparisons are invalid with incompatible types.
+ # A `value` of type:
+ #
+ # - `string` can be compared against all other types
+ # - `boolean` can only be compared against other booleans
+ # - `integer` can be compared against doubles or a string if the string value
+ # can be parsed as an integer.
+ # - `double` can be compared against integers or a string if the string can
+ # be parsed as a double.
+ # - `Timestamp` can be compared against strings in RFC 3339 date string
+ # format.
+ # - `TimeOfDay` can be compared against timestamps and strings in the format
+ # of 'HH:mm:ss'.
+ #
+ # If we fail to compare do to type mismatch, a warning will be given and
+ # the condition will evaluate to false.
+ "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
+ "name": "A String", # Name describing the field.
+ },
+ "value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "operator": "A String", # Required. Operator used to compare the field or infoType to the value.
+ },
+ ],
+ },
+ "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
+ # only supported value is `AND`.
+ },
+ },
+ },
+ ],
"fieldTransformations": [ # Transform the record by applying various field transformations.
{ # The transformation to apply to the field.
- "fields": [ # Required. Input field(s) to apply the transformation to.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
"infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
# transform content that matches an `InfoType`.
# apply various `PrimitiveTransformation`s to each finding, where the
@@ -7074,11 +7170,18 @@
# for a given infoType.
{ # A transformation to apply to text that is identified as a specific
# info_type.
- "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
+ "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
+ # this transformation to apply to all findings that correspond to
+ # infoTypes that were requested in `InspectConfig`.
+ { # Type of information detected by the API.
+ "name": "A String", # Name of the information type. Either a name of your choosing when
+ # creating a CustomInfoType, or one of the names listed
+ # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ ],
+ "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -7092,7 +7195,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -7100,10 +7202,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -7121,10 +7219,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -7137,10 +7287,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -7158,8 +7304,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -7185,7 +7475,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -7201,9 +7491,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -7226,16 +7517,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -7253,19 +7549,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -7301,38 +7614,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -7350,6 +7639,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -7363,13 +7656,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -7381,29 +7687,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -7412,6 +7745,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -7423,277 +7770,24 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
- "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
- # this transformation to apply to all findings that correspond to
- # infoTypes that were requested in `InspectConfig`.
- { # Type of information detected by the API.
- "name": "A String", # Name of the information type. Either a name of your choosing when
- # creating a CustomInfoType, or one of the names listed
- # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- ],
},
],
},
"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
- },
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -7707,7 +7801,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -7715,10 +7808,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -7736,10 +7825,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -7752,10 +7893,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -7773,8 +7910,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -7800,7 +8081,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -7816,9 +8097,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -7841,16 +8123,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -7868,19 +8155,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -7916,38 +8220,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -7965,6 +8245,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -7978,13 +8262,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -7996,29 +8293,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -8027,6 +8351,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -8038,257 +8376,19 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
"condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
# given `RecordCondition`. The conditions are allowed to reference fields
@@ -8301,8 +8401,6 @@
# - Redact a field if the date of birth field is greater than 85.
# a field.
"expressions": { # An expression, consisting or an operator and conditions. # An expression.
- "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
- # only supported value is `AND`.
"conditions": { # A collection of conditions. # Conditions to apply to the expression.
"conditions": [ # A collection of conditions.
{ # The field type of `value` and `field` do not need to match to be
@@ -8324,12 +8422,29 @@
#
# If we fail to compare do to type mismatch, a warning will be given and
# the condition will evaluate to false.
+ "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
+ "name": "A String", # Name describing the field.
+ },
"value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -8341,126 +8456,37 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
- "name": "A String", # Name describing the field.
},
"operator": "A String", # Required. Operator used to compare the field or infoType to the value.
},
],
},
- },
- },
- },
- ],
- "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that
- # match any suppression rule are omitted from the output.
- { # Configuration to suppress records whose suppression conditions evaluate to
- # true.
- "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
- # evaluated to be suppressed from the transformed content.
- # a field.
- "expressions": { # An expression, consisting or an operator and conditions. # An expression.
"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
# only supported value is `AND`.
- "conditions": { # A collection of conditions. # Conditions to apply to the expression.
- "conditions": [ # A collection of conditions.
- { # The field type of `value` and `field` do not need to match to be
- # considered equal, but not all comparisons are possible.
- # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
- # but all other comparisons are invalid with incompatible types.
- # A `value` of type:
- #
- # - `string` can be compared against all other types
- # - `boolean` can only be compared against other booleans
- # - `integer` can be compared against doubles or a string if the string value
- # can be parsed as an integer.
- # - `double` can be compared against integers or a string if the string can
- # be parsed as a double.
- # - `Timestamp` can be compared against strings in RFC 3339 date string
- # format.
- # - `TimeOfDay` can be compared against timestamps and strings in the format
- # of 'HH:mm:ss'.
- #
- # If we fail to compare do to type mismatch, a warning will be given and
- # the condition will evaluate to false.
- "value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
- "name": "A String", # Name describing the field.
- },
- "operator": "A String", # Required. Operator used to compare the field or infoType to the value.
- },
- ],
- },
},
},
+ "fields": [ # Required. Input field(s) to apply the transformation to.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
},
],
},
},
+ "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.
+ "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.
+ "description": "A String", # Short description (max 256 chars).
+ "displayName": "A String", # Display name (max 256 chars).
},
],
}</pre>
@@ -8501,10 +8527,6 @@
# The template will have one of the following formats:
# `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR
# `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
- "description": "A String", # Short description (max 256 chars).
- "displayName": "A String", # Display name (max 256 chars).
- "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.
- "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.
"deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
"infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
# transformation everywhere.
@@ -8515,11 +8537,18 @@
# for a given infoType.
{ # A transformation to apply to text that is identified as a specific
# info_type.
- "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
+ "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
+ # this transformation to apply to all findings that correspond to
+ # infoTypes that were requested in `InspectConfig`.
+ { # Type of information detected by the API.
+ "name": "A String", # Name of the information type. Either a name of your choosing when
+ # creating a CustomInfoType, or one of the names listed
+ # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ ],
+ "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -8533,7 +8562,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -8541,10 +8569,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -8562,10 +8586,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -8578,10 +8654,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -8599,8 +8671,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -8626,7 +8842,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -8642,9 +8858,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -8667,16 +8884,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -8694,19 +8916,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -8742,38 +8981,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -8791,6 +9006,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -8804,13 +9023,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -8822,29 +9054,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -8853,6 +9112,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -8864,269 +9137,20 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
- "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
- # this transformation to apply to all findings that correspond to
- # infoTypes that were requested in `InspectConfig`.
- { # Type of information detected by the API.
- "name": "A String", # Name of the information type. Either a name of your choosing when
- # creating a CustomInfoType, or one of the names listed
- # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- ],
},
],
},
@@ -9139,25 +9163,103 @@
# Information about any incompatible transformations, and how they were
# handled, is returned in the response as part of the
# `TransformationOverviews`.
- "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error
- },
"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would # Ignore errors
# cause an error. For example, if a `DateShift` transformation were applied
# an an IP address, this mode would leave the IP address unchanged in the
# response.
},
+ "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error
+ },
},
"recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
# specific locations within structured datasets, such as transforming
# a column within a table.
# table.
+ "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that
+ # match any suppression rule are omitted from the output.
+ { # Configuration to suppress records whose suppression conditions evaluate to
+ # true.
+ "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
+ # evaluated to be suppressed from the transformed content.
+ # a field.
+ "expressions": { # An expression, consisting or an operator and conditions. # An expression.
+ "conditions": { # A collection of conditions. # Conditions to apply to the expression.
+ "conditions": [ # A collection of conditions.
+ { # The field type of `value` and `field` do not need to match to be
+ # considered equal, but not all comparisons are possible.
+ # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
+ # but all other comparisons are invalid with incompatible types.
+ # A `value` of type:
+ #
+ # - `string` can be compared against all other types
+ # - `boolean` can only be compared against other booleans
+ # - `integer` can be compared against doubles or a string if the string value
+ # can be parsed as an integer.
+ # - `double` can be compared against integers or a string if the string can
+ # be parsed as a double.
+ # - `Timestamp` can be compared against strings in RFC 3339 date string
+ # format.
+ # - `TimeOfDay` can be compared against timestamps and strings in the format
+ # of 'HH:mm:ss'.
+ #
+ # If we fail to compare do to type mismatch, a warning will be given and
+ # the condition will evaluate to false.
+ "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
+ "name": "A String", # Name describing the field.
+ },
+ "value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "operator": "A String", # Required. Operator used to compare the field or infoType to the value.
+ },
+ ],
+ },
+ "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
+ # only supported value is `AND`.
+ },
+ },
+ },
+ ],
"fieldTransformations": [ # Transform the record by applying various field transformations.
{ # The transformation to apply to the field.
- "fields": [ # Required. Input field(s) to apply the transformation to.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
"infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
# transform content that matches an `InfoType`.
# apply various `PrimitiveTransformation`s to each finding, where the
@@ -9167,11 +9269,18 @@
# for a given infoType.
{ # A transformation to apply to text that is identified as a specific
# info_type.
- "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
+ "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
+ # this transformation to apply to all findings that correspond to
+ # infoTypes that were requested in `InspectConfig`.
+ { # Type of information detected by the API.
+ "name": "A String", # Name of the information type. Either a name of your choosing when
+ # creating a CustomInfoType, or one of the names listed
+ # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ ],
+ "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -9185,7 +9294,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -9193,10 +9301,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -9214,10 +9318,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -9230,10 +9386,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -9251,8 +9403,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -9278,7 +9574,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -9294,9 +9590,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -9319,16 +9616,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -9346,19 +9648,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -9394,38 +9713,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -9443,6 +9738,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -9456,13 +9755,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -9474,29 +9786,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -9505,6 +9844,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -9516,277 +9869,24 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
- "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
- # this transformation to apply to all findings that correspond to
- # infoTypes that were requested in `InspectConfig`.
- { # Type of information detected by the API.
- "name": "A String", # Name of the information type. Either a name of your choosing when
- # creating a CustomInfoType, or one of the names listed
- # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- ],
},
],
},
"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
- },
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -9800,7 +9900,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -9808,10 +9907,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -9829,10 +9924,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -9845,10 +9992,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -9866,8 +10009,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -9893,7 +10180,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -9909,9 +10196,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -9934,16 +10222,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -9961,19 +10254,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -10009,38 +10319,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -10058,6 +10344,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -10071,13 +10361,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -10089,29 +10392,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -10120,6 +10450,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -10131,257 +10475,19 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
"condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
# given `RecordCondition`. The conditions are allowed to reference fields
@@ -10394,8 +10500,6 @@
# - Redact a field if the date of birth field is greater than 85.
# a field.
"expressions": { # An expression, consisting or an operator and conditions. # An expression.
- "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
- # only supported value is `AND`.
"conditions": { # A collection of conditions. # Conditions to apply to the expression.
"conditions": [ # A collection of conditions.
{ # The field type of `value` and `field` do not need to match to be
@@ -10417,12 +10521,29 @@
#
# If we fail to compare do to type mismatch, a warning will be given and
# the condition will evaluate to false.
+ "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
+ "name": "A String", # Name describing the field.
+ },
"value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -10434,126 +10555,37 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
- "name": "A String", # Name describing the field.
},
"operator": "A String", # Required. Operator used to compare the field or infoType to the value.
},
],
},
- },
- },
- },
- ],
- "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that
- # match any suppression rule are omitted from the output.
- { # Configuration to suppress records whose suppression conditions evaluate to
- # true.
- "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
- # evaluated to be suppressed from the transformed content.
- # a field.
- "expressions": { # An expression, consisting or an operator and conditions. # An expression.
"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
# only supported value is `AND`.
- "conditions": { # A collection of conditions. # Conditions to apply to the expression.
- "conditions": [ # A collection of conditions.
- { # The field type of `value` and `field` do not need to match to be
- # considered equal, but not all comparisons are possible.
- # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
- # but all other comparisons are invalid with incompatible types.
- # A `value` of type:
- #
- # - `string` can be compared against all other types
- # - `boolean` can only be compared against other booleans
- # - `integer` can be compared against doubles or a string if the string value
- # can be parsed as an integer.
- # - `double` can be compared against integers or a string if the string can
- # be parsed as a double.
- # - `Timestamp` can be compared against strings in RFC 3339 date string
- # format.
- # - `TimeOfDay` can be compared against timestamps and strings in the format
- # of 'HH:mm:ss'.
- #
- # If we fail to compare do to type mismatch, a warning will be given and
- # the condition will evaluate to false.
- "value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
- "name": "A String", # Name describing the field.
- },
- "operator": "A String", # Required. Operator used to compare the field or infoType to the value.
- },
- ],
- },
},
},
+ "fields": [ # Required. Input field(s) to apply the transformation to.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
},
],
},
},
+ "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.
+ "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.
+ "description": "A String", # Short description (max 256 chars).
+ "displayName": "A String", # Display name (max 256 chars).
},
"updateMask": "A String", # Mask to control which fields get updated.
}
@@ -10573,10 +10605,6 @@
# The template will have one of the following formats:
# `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR
# `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
- "description": "A String", # Short description (max 256 chars).
- "displayName": "A String", # Display name (max 256 chars).
- "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.
- "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.
"deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
"infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
# transformation everywhere.
@@ -10587,11 +10615,18 @@
# for a given infoType.
{ # A transformation to apply to text that is identified as a specific
# info_type.
- "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
+ "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
+ # this transformation to apply to all findings that correspond to
+ # infoTypes that were requested in `InspectConfig`.
+ { # Type of information detected by the API.
+ "name": "A String", # Name of the information type. Either a name of your choosing when
+ # creating a CustomInfoType, or one of the names listed
+ # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ ],
+ "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -10605,7 +10640,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -10613,10 +10647,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -10634,10 +10664,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -10650,10 +10732,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -10671,8 +10749,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -10698,7 +10920,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -10714,9 +10936,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -10739,16 +10962,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -10766,19 +10994,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -10814,38 +11059,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -10863,6 +11084,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -10876,13 +11101,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -10894,29 +11132,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -10925,6 +11190,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -10936,269 +11215,20 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
- "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
- # this transformation to apply to all findings that correspond to
- # infoTypes that were requested in `InspectConfig`.
- { # Type of information detected by the API.
- "name": "A String", # Name of the information type. Either a name of your choosing when
- # creating a CustomInfoType, or one of the names listed
- # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- ],
},
],
},
@@ -11211,25 +11241,103 @@
# Information about any incompatible transformations, and how they were
# handled, is returned in the response as part of the
# `TransformationOverviews`.
- "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error
- },
"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would # Ignore errors
# cause an error. For example, if a `DateShift` transformation were applied
# an an IP address, this mode would leave the IP address unchanged in the
# response.
},
+ "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error
+ },
},
"recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
# specific locations within structured datasets, such as transforming
# a column within a table.
# table.
+ "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that
+ # match any suppression rule are omitted from the output.
+ { # Configuration to suppress records whose suppression conditions evaluate to
+ # true.
+ "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
+ # evaluated to be suppressed from the transformed content.
+ # a field.
+ "expressions": { # An expression, consisting or an operator and conditions. # An expression.
+ "conditions": { # A collection of conditions. # Conditions to apply to the expression.
+ "conditions": [ # A collection of conditions.
+ { # The field type of `value` and `field` do not need to match to be
+ # considered equal, but not all comparisons are possible.
+ # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
+ # but all other comparisons are invalid with incompatible types.
+ # A `value` of type:
+ #
+ # - `string` can be compared against all other types
+ # - `boolean` can only be compared against other booleans
+ # - `integer` can be compared against doubles or a string if the string value
+ # can be parsed as an integer.
+ # - `double` can be compared against integers or a string if the string can
+ # be parsed as a double.
+ # - `Timestamp` can be compared against strings in RFC 3339 date string
+ # format.
+ # - `TimeOfDay` can be compared against timestamps and strings in the format
+ # of 'HH:mm:ss'.
+ #
+ # If we fail to compare do to type mismatch, a warning will be given and
+ # the condition will evaluate to false.
+ "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
+ "name": "A String", # Name describing the field.
+ },
+ "value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "operator": "A String", # Required. Operator used to compare the field or infoType to the value.
+ },
+ ],
+ },
+ "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
+ # only supported value is `AND`.
+ },
+ },
+ },
+ ],
"fieldTransformations": [ # Transform the record by applying various field transformations.
{ # The transformation to apply to the field.
- "fields": [ # Required. Input field(s) to apply the transformation to.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
"infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
# transform content that matches an `InfoType`.
# apply various `PrimitiveTransformation`s to each finding, where the
@@ -11239,11 +11347,18 @@
# for a given infoType.
{ # A transformation to apply to text that is identified as a specific
# info_type.
- "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
+ "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
+ # this transformation to apply to all findings that correspond to
+ # infoTypes that were requested in `InspectConfig`.
+ { # Type of information detected by the API.
+ "name": "A String", # Name of the information type. Either a name of your choosing when
+ # creating a CustomInfoType, or one of the names listed
+ # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ ],
+ "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -11257,7 +11372,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -11265,10 +11379,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -11286,10 +11396,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -11302,10 +11464,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -11323,8 +11481,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -11350,7 +11652,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -11366,9 +11668,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -11391,16 +11694,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -11418,19 +11726,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -11466,38 +11791,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -11515,6 +11816,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -11528,13 +11833,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -11546,29 +11864,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -11577,6 +11922,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -11588,277 +11947,24 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
- "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
- # this transformation to apply to all findings that correspond to
- # infoTypes that were requested in `InspectConfig`.
- { # Type of information detected by the API.
- "name": "A String", # Name of the information type. Either a name of your choosing when
- # creating a CustomInfoType, or one of the names listed
- # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- ],
},
],
},
"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.
- "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
- # portion of the value.
- "partToExtract": "A String", # The part of the time to keep.
- },
"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
# same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
# to learn more.
@@ -11872,7 +11978,6 @@
# be more than 365250 days (1000 years) each direction.
#
# For example, 3 means shift date to at most 3 days into the future.
- "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
# results in the same shift for the same context and crypto_key. If
# set, must also set context. Can only be applied to table items.
@@ -11880,10 +11985,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -11901,10 +12002,62 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
+ "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
+ },
+ "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
+ # portion of the value.
+ "partToExtract": "A String", # The part of the time to keep.
},
"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype
},
+ "replaceConfig": { # Replace each input value with a given `Value`. # Replace
+ "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ },
"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
# Uses SHA-256.
# The key size must be either 32 or 64 bytes.
@@ -11917,10 +12070,6 @@
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -11938,8 +12087,152 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
+ "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
+ # fixed character. Masking can start from the beginning or end of the string.
+ # This can be used on data of any type (numbers, longs, and so on) and when
+ # de-identifying structured data we'll attempt to preserve the original data's
+ # type. (This allows you to take a long like 123 and modify it to a string like
+ # **3.
+ "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
+ # characters. For example, if the input string is `555-555-5555` and you
+ # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
+ # returns `***-**5-5555`.
+ { # Characters to skip when doing deidentification of a value. These will be left
+ # alone and skipped.
+ "charactersToSkip": "A String", # Characters to not transform when masking.
+ "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
+ # punctuation.
+ },
+ ],
+ "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
+ # masked. Skipped characters do not count towards this tally.
+ "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
+ # alphabetic string such as a name, or `0` for a numeric string such as ZIP
+ # code or credit card number. This string must have a length of 1. If not
+ # supplied, this value defaults to `*` for strings, and `0` for digits.
+ "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
+ # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
+ # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
+ # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
+ # is `true`, then the string `12345` is masked as `12***`.
+ },
+ "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
+ # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
+ # output would be 'My phone number is '.
+ },
+ "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
+ # Bucketing transformation can provide all of this functionality,
+ # but requires more configuration. This message is provided as a convenience to
+ # the user for simple bucketing strategies.
+ #
+ # The transformed value will be a hyphenated string of
+ # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
+ # all values that are within this bucket will be replaced with "10-20".
+ #
+ # This can be used on data of type: double, long.
+ #
+ # If the bound Value type differs from the type of data
+ # being transformed, we will first attempt converting the type of the data to
+ # be transformed to match the type of the bound before comparing.
+ #
+ # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
+ "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
+ # grouped together into a single bucket; for example if `upper_bound` = 89,
+ # then all values greater than 89 are replaced with the value "89+".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
+ # grouped together into a single bucket; for example if `lower_bound` = 10,
+ # then all values less than 10 are replaced with the value "-10".
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
+ },
+ "booleanValue": True or False, # boolean
+ },
+ "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
+ # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
+ # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
+ # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
+ },
"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
# (FPE) with the FFX mode of operation; however when used in the
# `ReidentifyContent` API method, it serves the opposite function by reversing
@@ -11965,7 +12258,7 @@
#
# This annotation identifies the surrogate when inspecting content using the
# custom infoType
- # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
+ # [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
# This facilitates reversal of the surrogate when it occurs in free text.
#
# In order for inspection to work properly, the name of this infoType must
@@ -11981,9 +12274,10 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
+ "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
# identifier in two different contexts won't be given the same surrogate. If
# the context is not set, a default tweak will be used.
@@ -12006,16 +12300,21 @@
# - a string is encoded in UTF-8 format followed by a single byte of value 2
"name": "A String", # Name describing the field.
},
- "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].
+ "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
+ # that the FFX mode natively supports. This happens before/after
+ # encryption/decryption.
+ # Each character listed must appear only once.
+ # Number of characters must be in the range [2, 95].
+ # This must be encoded as ASCII.
+ # The order of characters does not matter.
+ # The full list of allowed characters is:
+ # <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+ # ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -12033,19 +12332,36 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
- "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
- # that the FFX mode natively supports. This happens before/after
- # encryption/decryption.
- # Each character listed must appear only once.
- # Number of characters must be in the range [2, 95].
- # This must be encoded as ASCII.
- # The order of characters does not matter.
"commonAlphabet": "A String", # Common alphabets.
},
"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
# input. Outputs a base64 encoded representation of the encrypted output.
# Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+ "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
+ # referential integrity such that the same identifier in two different
+ # contexts will be given a distinct surrogate. The context is appended to
+ # plaintext value being encrypted. On decryption the provided context is
+ # validated against the value used during encryption. If a context was
+ # provided during encryption, same context must be provided during decryption
+ # as well.
+ #
+ # If the context is not set, plaintext would be used as is for encryption.
+ # If the context is set but:
+ #
+ # 1. there is no record present when transforming a given value or
+ # 2. the field is not present when transforming a given value,
+ #
+ # plaintext would be used as is for encryption.
+ #
+ # Note that case (1) is expected when an `InfoTypeTransformation` is
+ # applied to both structured and non-structured `ContentItem`s.
+ "name": "A String", # Name describing the field.
+ },
"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
# This annotation will be applied to the surrogate by prefixing it with
# the name of the custom info type followed by the number of
@@ -12081,38 +12397,14 @@
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # `[a-zA-Z0-9_]{1,64}`.
- },
- "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
- # referential integrity such that the same identifier in two different
- # contexts will be given a distinct surrogate. The context is appended to
- # plaintext value being encrypted. On decryption the provided context is
- # validated against the value used during encryption. If a context was
- # provided during encryption, same context must be provided during decryption
- # as well.
- #
- # If the context is not set, plaintext would be used as is for encryption.
- # If the context is set but:
- #
- # 1. there is no record present when transforming a given value or
- # 2. the field is not present when transforming a given value,
- #
- # plaintext would be used as is for encryption.
- #
- # Note that case (1) is expected when an `InfoTypeTransformation` is
- # applied to both structured and non-structured `ContentItem`s.
- "name": "A String", # Name describing the field.
+ # a built-in type. When sending Cloud DLP results to Data Catalog, infoType
+ # names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
},
"cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
# a key encryption key (KEK) stored by KMS).
# When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
# IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
# unwrap the data crypto key.
- "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
- # leaking the key. Choose another type of key if possible.
- "key": "A String", # Required. A 128/192/256 bit key.
- },
"transient": { # Use this to have a random data crypto key generated. # Transient crypto key
# It will be discarded after the request finishes.
"name": "A String", # Required. Name of the key.
@@ -12130,6 +12422,10 @@
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
},
+ "unwrapped": { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
+ # leaking the key. Choose another type of key if possible.
+ "key": "A String", # Required. A 128/192/256 bit key.
+ },
},
},
"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
@@ -12143,13 +12439,26 @@
# See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
"buckets": [ # Set of buckets. Ranges must be non-overlapping.
{ # Bucket is represented as a range, along with replacement values.
- "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
- # the default behavior will be to hyphenate the min-max range.
+ "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -12161,29 +12470,56 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ },
+ "replacementValue": { # Set of primitive values supported by the system. # Required. Replacement value for this bucket.
+ # Note that for the purposes of inspection or transformation, the number
+ # of bytes considered to comprise a 'Value' is based on its representation
+ # as a UTF-8 encoded string. For example, if 'integer_value' is set to
+ # 123456789, the number of bytes would be counted as 9, even though an
+ # int64 only holds up to 8 bytes of data.
"integerValue": "A String", # integer
"timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
# allow the value 60 if it allows leap-seconds.
"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
+ "timestampValue": "A String", # timestamp
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
+ # and time zone are either specified elsewhere or are not significant. The date
+ # is relative to the Proleptic Gregorian Calendar. This can represent:
+ #
+ # * A full date, with non-zero year, month and day values
+ # * A month and day value, with a zero year, e.g. an anniversary
+ # * A year on its own, with zero month and day values
+ # * A year and month value, with a zero day, e.g. a credit card expiration date
+ #
+ # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
+ "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
+ # if specifying a year by itself or a year and month where the day is not
+ # significant.
},
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
"min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
# used.
@@ -12192,6 +12528,20 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -12203,257 +12553,19 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
},
},
],
},
- "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
- # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
- # output would be 'My phone number is '.
- },
- "replaceConfig": { # Replace each input value with a given `Value`. # Replace
- "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The # Fixed size bucketing
- # Bucketing transformation can provide all of this functionality,
- # but requires more configuration. This message is provided as a convenience to
- # the user for simple bucketing strategies.
- #
- # The transformed value will be a hyphenated string of
- # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
- # all values that are within this bucket will be replaced with "10-20".
- #
- # This can be used on data of type: double, long.
- #
- # If the bound Value type differs from the type of data
- # being transformed, we will first attempt converting the type of the data to
- # be transformed to match the type of the bound before comparing.
- #
- # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
- "upperBound": { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
- # grouped together into a single bucket; for example if `upper_bound` = 89,
- # then all values greater than 89 are replaced with the value "89+".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
- # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
- # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
- # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
- "lowerBound": { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
- # grouped together into a single bucket; for example if `lower_bound` = 10,
- # then all values less than 10 are replaced with the value "-10".
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- },
- "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a # Mask
- # fixed character. Masking can start from the beginning or end of the string.
- # This can be used on data of any type (numbers, longs, and so on) and when
- # de-identifying structured data we'll attempt to preserve the original data's
- # type. (This allows you to take a long like 123 and modify it to a string like
- # **3.
- "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing
- # characters. For example, if the input string is `555-555-5555` and you
- # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
- # returns `***-**5-5555`.
- { # Characters to skip when doing deidentification of a value. These will be left
- # alone and skipped.
- "charactersToSkip": "A String", # Characters to not transform when masking.
- "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing
- # punctuation.
- },
- ],
- "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
- # masked. Skipped characters do not count towards this tally.
- "maskingCharacter": "A String", # Character to use to mask the sensitive values&mdash;for example, `*` for an
- # alphabetic string such as a name, or `0` for a numeric string such as ZIP
- # code or credit card number. This string must have a length of 1. If not
- # supplied, this value defaults to `*` for strings, and `0` for digits.
- "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
- # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
- # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
- # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
- # is `true`, then the string `12345` is masked as `12***`.
- },
},
"condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
# given `RecordCondition`. The conditions are allowed to reference fields
@@ -12466,8 +12578,6 @@
# - Redact a field if the date of birth field is greater than 85.
# a field.
"expressions": { # An expression, consisting or an operator and conditions. # An expression.
- "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
- # only supported value is `AND`.
"conditions": { # A collection of conditions. # Conditions to apply to the expression.
"conditions": [ # A collection of conditions.
{ # The field type of `value` and `field` do not need to match to be
@@ -12489,12 +12599,29 @@
#
# If we fail to compare do to type mismatch, a warning will be given and
# the condition will evaluate to false.
+ "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
+ "name": "A String", # Name describing the field.
+ },
"value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
# Note that for the purposes of inspection or transformation, the number
# of bytes considered to comprise a 'Value' is based on its representation
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
+ "integerValue": "A String", # integer
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
+ # or are specified elsewhere. An API may choose to allow leap seconds. Related
+ # types are google.type.Date and `google.protobuf.Timestamp`.
+ "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
+ # allow the value 60 if it allows leap-seconds.
+ "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
+ "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
+ "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
+ # to allow the value "24:00:00" for scenarios like business closing time.
+ },
+ "dayOfWeekValue": "A String", # day of week
+ "floatValue": 3.14, # float
+ "stringValue": "A String", # string
"timestampValue": "A String", # timestamp
"dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
@@ -12506,126 +12633,37 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
"month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
# month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
},
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
"booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
- "name": "A String", # Name describing the field.
},
"operator": "A String", # Required. Operator used to compare the field or infoType to the value.
},
],
},
- },
- },
- },
- ],
- "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that
- # match any suppression rule are omitted from the output.
- { # Configuration to suppress records whose suppression conditions evaluate to
- # true.
- "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
- # evaluated to be suppressed from the transformed content.
- # a field.
- "expressions": { # An expression, consisting or an operator and conditions. # An expression.
"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
# only supported value is `AND`.
- "conditions": { # A collection of conditions. # Conditions to apply to the expression.
- "conditions": [ # A collection of conditions.
- { # The field type of `value` and `field` do not need to match to be
- # considered equal, but not all comparisons are possible.
- # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
- # but all other comparisons are invalid with incompatible types.
- # A `value` of type:
- #
- # - `string` can be compared against all other types
- # - `boolean` can only be compared against other booleans
- # - `integer` can be compared against doubles or a string if the string value
- # can be parsed as an integer.
- # - `double` can be compared against integers or a string if the string can
- # be parsed as a double.
- # - `Timestamp` can be compared against strings in RFC 3339 date string
- # format.
- # - `TimeOfDay` can be compared against timestamps and strings in the format
- # of 'HH:mm:ss'.
- #
- # If we fail to compare do to type mismatch, a warning will be given and
- # the condition will evaluate to false.
- "value": { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
- # Note that for the purposes of inspection or transformation, the number
- # of bytes considered to comprise a 'Value' is based on its representation
- # as a UTF-8 encoded string. For example, if 'integer_value' is set to
- # 123456789, the number of bytes would be counted as 9, even though an
- # int64 only holds up to 8 bytes of data.
- "timestampValue": "A String", # timestamp
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
- # and time zone are either specified elsewhere or are not significant. The date
- # is relative to the Proleptic Gregorian Calendar. This can represent:
- #
- # * A full date, with non-zero year, month and day values
- # * A month and day value, with a zero year, e.g. an anniversary
- # * A year on its own, with zero month and day values
- # * A year and month value, with a zero day, e.g. a credit card expiration date
- #
- # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
- "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
- # if specifying a year by itself or a year and month where the day is not
- # significant.
- },
- "stringValue": "A String", # string
- "integerValue": "A String", # integer
- "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
- # or are specified elsewhere. An API may choose to allow leap seconds. Related
- # types are google.type.Date and `google.protobuf.Timestamp`.
- "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
- # to allow the value "24:00:00" for scenarios like business closing time.
- "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
- "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
- # allow the value 60 if it allows leap-seconds.
- "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
- },
- "booleanValue": True or False, # boolean
- "floatValue": 3.14, # float
- "dayOfWeekValue": "A String", # day of week
- },
- "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
- "name": "A String", # Name describing the field.
- },
- "operator": "A String", # Required. Operator used to compare the field or infoType to the value.
- },
- ],
- },
},
},
+ "fields": [ # Required. Input field(s) to apply the transformation to.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
},
],
},
},
+ "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.
+ "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.
+ "description": "A String", # Short description (max 256 chars).
+ "displayName": "A String", # Display name (max 256 chars).
}</pre>
</div>