chore: regens API reference docs (#889)
diff --git a/docs/dyn/dlp_v2.projects.jobTriggers.html b/docs/dyn/dlp_v2.projects.jobTriggers.html
index 54445c2..723e13c 100644
--- a/docs/dyn/dlp_v2.projects.jobTriggers.html
+++ b/docs/dyn/dlp_v2.projects.jobTriggers.html
@@ -78,7 +78,7 @@
<code><a href="#activate">activate(name, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Activate a job trigger. Causes the immediate execute of a trigger</p>
<p class="toc_element">
- <code><a href="#create">create(parent, body, x__xgafv=None)</a></code></p>
+ <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Creates a job trigger to run DLP actions such as scanning storage for</p>
<p class="toc_element">
<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
@@ -87,13 +87,13 @@
<code><a href="#get">get(name, x__xgafv=None)</a></code></p>
<p class="firstline">Gets a job trigger.</p>
<p class="toc_element">
- <code><a href="#list">list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</a></code></p>
+ <code><a href="#list">list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None, locationId=None, filter=None)</a></code></p>
<p class="firstline">Lists job triggers.</p>
<p class="toc_element">
<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
- <code><a href="#patch">patch(name, body, x__xgafv=None)</a></code></p>
+ <code><a href="#patch">patch(name, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Updates a job trigger.</p>
<h3>Method Details</h3>
<div class="method">
@@ -102,7 +102,7 @@
instead of waiting on the trigger event to occur.
Args:
- name: string, Resource name of the trigger to activate, for example
+ name: string, Required. Resource name of the trigger to activate, for example
`projects/dlp-test-project/jobTriggers/53234423`. (required)
body: object, The request body.
The object takes the form of:
@@ -122,11 +122,10 @@
"errors": [ # A stream of errors encountered running the job.
{ # Details information about an error encountered during job execution or
# the results of an unsuccessful activation of the JobTrigger.
- # Output only field.
"timestamps": [ # The times the error occurred.
"A String",
],
- "details": { # The `Status` type defines a logical error model that is suitable for
+ "details": { # The `Status` type defines a logical error model that is suitable for # Detailed error codes and messages.
# different programming environments, including REST APIs and RPC APIs. It is
# used by [gRPC](https://github.com/grpc). Each `Status` message contains
# three pieces of data: error code, error message, and error details.
@@ -148,20 +147,20 @@
],
"name": "A String", # The server-assigned name.
"inspectDetails": { # The results of an inspect DataSource job. # Results from inspecting a data source.
- "requestedOptions": { # The configuration used for this job.
+ "requestedOptions": { # Snapshot of the inspection configuration. # The configuration used for this job.
"snapshotInspectTemplate": { # The inspectTemplate contains a configuration (set of types of sensitive data # If run with an InspectTemplate, a snapshot of its state at the time of
# this run.
# to be detected) to be used anywhere you otherwise would normally specify
# InspectConfig. See https://cloud.google.com/dlp/docs/concepts-templates
# to learn more.
- "updateTime": "A String", # The last update timestamp of a inspectTemplate, output only field.
+ "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.
"displayName": "A String", # Display name (max 256 chars).
"description": "A String", # Short description (max 256 chars).
"inspectConfig": { # Configuration description of the scanning process. # The core content of the template. Configuration of the scanning process.
# When used with redactContent only info_types and min_likelihood are currently
# used.
"excludeInfoTypes": True or False, # When true, excludes type information of the findings.
- "limits": {
+ "limits": { # Configuration to control the number of findings returned. # Configuration to control the number of findings returned.
"maxFindingsPerRequest": 42, # Max number of findings that will be returned per request/job.
# When set within `InspectContentRequest`, the maximum returned is 2000
# regardless if this is set higher.
@@ -176,13 +175,13 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"maxFindings": 42, # Max findings limit for the given infoType.
},
],
"maxFindingsPerItem": 42, # Max number of findings that will be returned for each item scanned.
- # When set within `InspectDataSourceRequest`,
+ # When set within `InspectJobConfig`,
# the maximum returned is 2000 regardless if this is set higher.
# When set within `InspectContentRequest`, this field is ignored.
},
@@ -222,7 +221,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"dictionary": { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType.
# be used to match sensitive information specific to the data, such as a list
@@ -286,8 +285,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -341,8 +340,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -391,7 +390,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -441,7 +440,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -458,99 +457,28 @@
# system may automatically choose what detectors to run. By default this may
# be all types, but may change over time as detectors are updated.
#
- # The special InfoType name "ALL_BASIC" can be used to trigger all detectors,
- # but may change over time as new InfoTypes are added. If you need precise
- # control and predictability as to what detectors are run you should specify
- # specific InfoTypes listed in the reference.
+ # If you need precise control and predictability as to what detectors are
+ # run you should specify specific InfoTypes listed in the reference,
+ # otherwise a default list will be used, which may change over time.
{ # Type of information detected by the API.
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
- "createTime": "A String", # The creation timestamp of a inspectTemplate, output only field.
- "name": "A String", # The template name. Output only.
+ "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.
+ "name": "A String", # Output only. The template name.
#
# The template will have one of the following formats:
# `projects/PROJECT_ID/inspectTemplates/TEMPLATE_ID` OR
- # `organizations/ORGANIZATION_ID/inspectTemplates/TEMPLATE_ID`
+ # `organizations/ORGANIZATION_ID/inspectTemplates/TEMPLATE_ID`;
},
- "jobConfig": {
+ "jobConfig": { # Controls what and how to inspect for findings. # Inspect config.
"storageConfig": { # Shared message indicating Cloud storage type. # The data to scan.
- "datastoreOptions": { # Options defining a data set within Google Cloud Datastore. # Google Cloud Datastore options specification.
- "partitionId": { # Datastore partition ID. # A partition ID identifies a grouping of entities. The grouping is always
- # by project and namespace, however the namespace ID may be empty.
- # A partition ID identifies a grouping of entities. The grouping is always
- # by project and namespace, however the namespace ID may be empty.
- #
- # A partition ID contains several dimensions:
- # project ID and namespace ID.
- "projectId": "A String", # The ID of the project to which the entities belong.
- "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
- },
- "kind": { # A representation of a Datastore kind. # The kind to process.
- "name": "A String", # The name of the kind.
- },
- },
- "bigQueryOptions": { # Options defining BigQuery table and row identifiers. # BigQuery options specification.
- "excludedFields": [ # References to fields excluded from scanning. This allows you to skip
- # inspection of entire columns which you know have no findings.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
- "rowsLimit": "A String", # Max number of rows to scan. If the table has more rows than this value, the
- # rest of the rows are omitted. If not set, or if set to 0, all rows will be
- # scanned. Only one of rows_limit and rows_limit_percent can be specified.
- # Cannot be used in conjunction with TimespanConfig.
- "sampleMethod": "A String",
- "identifyingFields": [ # References to fields uniquely identifying rows within the table.
- # Nested fields in the format, like `person.birthdate.year`, are allowed.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
- "rowsLimitPercent": 42, # Max percentage of rows to scan. The rest are omitted. The number of rows
- # scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and
- # 100 means no limit. Defaults to 0. Only one of rows_limit and
- # rows_limit_percent can be specified. Cannot be used in conjunction with
- # TimespanConfig.
- "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
- # identified by its project_id, dataset_id, and table_name. Within a query
- # a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
- "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
- # If omitted, project ID is inferred from the API call.
- "tableId": "A String", # Name of the table.
- "datasetId": "A String", # Dataset ID of the table.
- },
- },
- "timespanConfig": { # Configuration of the timespan of the items to include in scanning.
- # Currently only supported when inspecting Google Cloud Storage and BigQuery.
- "timestampField": { # General identifier of a data field in a storage service. # Specification of the field containing the timestamp of scanned items.
- # Used for data sources like Datastore or BigQuery.
- # If not specified for BigQuery, table last modification timestamp
- # is checked against given time span.
- # The valid data types of the timestamp field are:
- # for BigQuery - timestamp, date, datetime;
- # for Datastore - timestamp.
- # Datastore entity will be scanned if the timestamp property does not exist
- # or its value is empty or invalid.
- "name": "A String", # Name describing the field.
- },
- "endTime": "A String", # Exclude files or rows newer than this value.
- # If set to zero, no upper time limit is applied.
- "startTime": "A String", # Exclude files or rows older than this value.
- "enableAutoPopulationOfTimespanConfig": True or False, # When the job is started by a JobTrigger we will automatically figure out
- # a valid start_time to avoid scanning files that have not been modified
- # since the last time the JobTrigger executed. This will be based on the
- # time of the execution of the last run of the JobTrigger.
- },
- "cloudStorageOptions": { # Options defining a file or a set of files within a Google Cloud Storage # Google Cloud Storage options specification.
+ "cloudStorageOptions": { # Options defining a file or a set of files within a Google Cloud Storage # Google Cloud Storage options.
# bucket.
"bytesLimitPerFile": "A String", # Max number of bytes to scan from a file. If a scanned file's size is bigger
# than this value then the rest of the bytes are omitted. Only one
@@ -558,7 +486,7 @@
"sampleMethod": "A String",
"fileSet": { # Set of files to scan. # The set of one or more files to scan.
"url": "A String", # The Cloud Storage url of the file(s) to scan, in the format
- # `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed.
+ # `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed.
#
# If the url ends in a trailing slash, the bucket or directory represented
# by the url will be scanned non-recursively (content in sub-directories
@@ -623,26 +551,151 @@
],
},
},
+ "filesLimitPercent": 42, # Limits the number of files to scan to this percentage of the input FileSet.
+ # Number of files scanned is rounded down. Must be between 0 and 100,
+ # inclusively. Both 0 and 100 means no limit. Defaults to 0.
"bytesLimitPerFilePercent": 42, # Max percentage of bytes to scan from a file. The rest are omitted. The
# number of bytes scanned is rounded down. Must be between 0 and 100,
# inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one
# of bytes_limit_per_file and bytes_limit_per_file_percent can be specified.
- "filesLimitPercent": 42, # Limits the number of files to scan to this percentage of the input FileSet.
- # Number of files scanned is rounded down. Must be between 0 and 100,
- # inclusively. Both 0 and 100 means no limit. Defaults to 0.
"fileTypes": [ # List of file type groups to include in the scan.
# If empty, all files are scanned and available data format processors
# are applied. In addition, the binary content of the selected files
# is always scanned as well.
+ # Images are scanned only as binary if the specified region
+ # does not support image inspection and no file_types were specified.
+ # Image inspection is restricted to 'global', 'us', 'asia', and 'europe'.
"A String",
],
},
+ "datastoreOptions": { # Options defining a data set within Google Cloud Datastore. # Google Cloud Datastore options.
+ "partitionId": { # Datastore partition ID. # A partition ID identifies a grouping of entities. The grouping is always
+ # by project and namespace, however the namespace ID may be empty.
+ # A partition ID identifies a grouping of entities. The grouping is always
+ # by project and namespace, however the namespace ID may be empty.
+ #
+ # A partition ID contains several dimensions:
+ # project ID and namespace ID.
+ "projectId": "A String", # The ID of the project to which the entities belong.
+ "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
+ },
+ "kind": { # A representation of a Datastore kind. # The kind to process.
+ "name": "A String", # The name of the kind.
+ },
+ },
+ "bigQueryOptions": { # Options defining BigQuery table and row identifiers. # BigQuery options.
+ "excludedFields": [ # References to fields excluded from scanning. This allows you to skip
+ # inspection of entire columns which you know have no findings.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ "rowsLimit": "A String", # Max number of rows to scan. If the table has more rows than this value, the
+ # rest of the rows are omitted. If not set, or if set to 0, all rows will be
+ # scanned. Only one of rows_limit and rows_limit_percent can be specified.
+ # Cannot be used in conjunction with TimespanConfig.
+ "sampleMethod": "A String",
+ "identifyingFields": [ # Table fields that may uniquely identify a row within the table. When
+ # `actions.saveFindings.outputConfig.table` is specified, the values of
+ # columns specified here are available in the output table under
+ # `location.content_locations.record_location.record_key.id_values`. Nested
+ # fields such as `person.birthdate.year` are allowed.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ "rowsLimitPercent": 42, # Max percentage of rows to scan. The rest are omitted. The number of rows
+ # scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and
+ # 100 means no limit. Defaults to 0. Only one of rows_limit and
+ # rows_limit_percent can be specified. Cannot be used in conjunction with
+ # TimespanConfig.
+ "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
+ # identified by its project_id, dataset_id, and table_name. Within a query
+ # a table is often referenced with a string in the format of:
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
+ "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
+ # If omitted, project ID is inferred from the API call.
+ "tableId": "A String", # Name of the table.
+ "datasetId": "A String", # Dataset ID of the table.
+ },
+ },
+ "timespanConfig": { # Configuration of the timespan of the items to include in scanning.
+ # Currently only supported when inspecting Google Cloud Storage and BigQuery.
+ "timestampField": { # General identifier of a data field in a storage service. # Specification of the field containing the timestamp of scanned items.
+ # Used for data sources like Datastore and BigQuery.
+ #
+ # For BigQuery:
+ # Required to filter out rows based on the given start and
+ # end times. If not specified and the table was modified between the given
+ # start and end times, the entire table will be scanned.
+ # The valid data types of the timestamp field are: `INTEGER`, `DATE`,
+ # `TIMESTAMP`, or `DATETIME` BigQuery column.
+ #
+ # For Datastore.
+ # Valid data types of the timestamp field are: `TIMESTAMP`.
+ # Datastore entity will be scanned if the timestamp property does not
+ # exist or its value is empty or invalid.
+ "name": "A String", # Name describing the field.
+ },
+ "endTime": "A String", # Exclude files or rows newer than this value.
+ # If set to zero, no upper time limit is applied.
+ "startTime": "A String", # Exclude files or rows older than this value.
+ "enableAutoPopulationOfTimespanConfig": True or False, # When the job is started by a JobTrigger we will automatically figure out
+ # a valid start_time to avoid scanning files that have not been modified
+ # since the last time the JobTrigger executed. This will be based on the
+ # time of the execution of the last run of the JobTrigger.
+ },
+ "hybridOptions": { # Configuration to control jobs where the content being inspected is outside # Hybrid inspection options.
+ # Early access feature is in a pre-release state and might change or have
+ # limited support. For more information, see
+ # https://cloud.google.com/products#product-launch-stages.
+ # of Google Cloud Platform.
+ "tableOptions": { # Instructions regarding the table content being inspected. # If the container is a table, additional information to make findings
+ # meaningful such as the columns that are primary keys.
+ "identifyingFields": [ # The columns that are the primary keys for table objects included in
+ # ContentItem. A copy of this cell's value will stored alongside alongside
+ # each finding so that the finding can be traced to the specific row it came
+ # from. No more than 3 may be provided.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ },
+ "labels": { # To organize findings, these labels will be added to each finding.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
+ #
+ # Label values must be between 0 and 63 characters long and must conform
+ # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`.
+ #
+ # No more than 10 labels can be associated with a given finding.
+ #
+ # Examples:
+ # * `"environment" : "production"`
+ # * `"pipeline" : "etl"`
+ "a_key": "A String",
+ },
+ "requiredFindingLabelKeys": [ # These are labels that each inspection request must include within their
+ # 'finding_labels' map. Request may contain others, but any missing one of
+ # these will be rejected.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
+ #
+ # No more than 10 keys can be required.
+ "A String",
+ ],
+ "description": "A String", # A short description of where the data is coming from. Will be stored once
+ # in the job. 256 max length.
+ },
},
"inspectConfig": { # Configuration description of the scanning process. # How and what to scan for.
# When used with redactContent only info_types and min_likelihood are currently
# used.
"excludeInfoTypes": True or False, # When true, excludes type information of the findings.
- "limits": {
+ "limits": { # Configuration to control the number of findings returned. # Configuration to control the number of findings returned.
"maxFindingsPerRequest": 42, # Max number of findings that will be returned per request/job.
# When set within `InspectContentRequest`, the maximum returned is 2000
# regardless if this is set higher.
@@ -657,13 +710,13 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"maxFindings": 42, # Max findings limit for the given infoType.
},
],
"maxFindingsPerItem": 42, # Max number of findings that will be returned for each item scanned.
- # When set within `InspectDataSourceRequest`,
+ # When set within `InspectJobConfig`,
# the maximum returned is 2000 regardless if this is set higher.
# When set within `InspectContentRequest`, this field is ignored.
},
@@ -703,7 +756,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"dictionary": { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType.
# be used to match sensitive information specific to the data, such as a list
@@ -767,8 +820,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -822,8 +875,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -872,7 +925,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -922,7 +975,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -939,16 +992,15 @@
# system may automatically choose what detectors to run. By default this may
# be all types, but may change over time as detectors are updated.
#
- # The special InfoType name "ALL_BASIC" can be used to trigger all detectors,
- # but may change over time as new InfoTypes are added. If you need precise
- # control and predictability as to what detectors are run you should specify
- # specific InfoTypes listed in the reference.
+ # If you need precise control and predictability as to what detectors are
+ # run you should specify specific InfoTypes listed in the reference,
+ # otherwise a default list will be used, which may change over time.
{ # Type of information detected by the API.
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -962,7 +1014,7 @@
# OutputStorageConfig. Only a single instance of this action can be
# specified.
# Compatible with: Inspect, Risk
- "outputConfig": { # Cloud repository for storing output.
+ "outputConfig": { # Cloud repository for storing output. # Location to store findings outside of DLP.
"table": { # Message defining the location of a BigQuery table. A table is uniquely # Store findings in an existing table or a new table in an existing
# dataset. If table_id is not set a new one will be generated
# for you with the following format:
@@ -979,8 +1031,8 @@
# quasi-identifiers, cannot store their results in the same table.
# identified by its project_id, dataset_id, and table_name. Within a query
# a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
"projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
# If omitted, project ID is inferred from the API call.
"tableId": "A String", # Name of the table.
@@ -995,9 +1047,10 @@
# If unspecified, then all available columns will be used for a new table or
# an (existing) table with no schema, and no changes will be made to an
# existing table that has a schema.
+ # Only for use with external storage.
},
},
- "jobNotificationEmails": { # Enable email notification to project owners and editors on jobs's # Enable email notification to project owners and editors on job's
+ "jobNotificationEmails": { # Enable email notification to project owners and editors on jobs's # Enable email notification for project owners and editors on job's
# completion/failure.
# completion/failure.
},
@@ -1012,6 +1065,22 @@
# Only a single instance of this action can be specified.
# Compatible with: Inspect
},
+ "publishToStackdriver": { # Enable Stackdriver metric dlp.googleapis.com/finding_count. This # Enable Stackdriver metric dlp.googleapis.com/finding_count.
+ # will publish a metric to stack driver on each infotype requested and
+ # how many findings were found for it. CustomDetectors will be bucketed
+ # as 'Custom' under the Stackdriver label 'info_type'.
+ },
+ "publishFindingsToCloudDataCatalog": { # Publish findings of a DlpJob to Cloud Data Catalog. Labels summarizing the # Publish findings to Cloud Datahub.
+ # results of the DlpJob will be applied to the entry for the resource scanned
+ # in Cloud Data Catalog. Any labels previously written by another DlpJob will
+ # be deleted. InfoType naming patterns are strictly enforced when using this
+ # feature. Note that the findings will be persisted in Cloud Data Catalog
+ # storage and are governed by Data Catalog service-specific policy, see
+ # https://cloud.google.com/terms/service-terms
+ # Only a single instance of this action can be specified and only allowed if
+ # all resources being scanned are BigQuery tables.
+ # Compatible with: Inspect
+ },
"pubSub": { # Publish a message into given Pub/Sub topic when DlpJob has completed. The # Publish a notification to a pubsub topic.
# message contains a single field, `DlpJobName`, which is equal to the
# finished job's
@@ -1036,16 +1105,29 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
},
],
"totalEstimatedBytes": "A String", # Estimate of the number of bytes to process.
"processedBytes": "A String", # Total size in bytes that were processed.
+ "hybridStats": { # Statistics related to processing hybrid inspect requests. # Statistics related to the processing of hybrid inspect.
+ # Early access feature is in a pre-release state and might change or have
+ # limited support. For more information, see
+ # https://cloud.google.com/products#product-launch-stages.
+ "abortedCount": "A String", # The number of hybrid inspection requests aborted because the job ran
+ # out of quota or was ended before they could be processed.
+ "pendingCount": "A String", # The number of hybrid requests currently being processed. Only populated
+ # when called via method `getDlpJob`.
+ # A burst of traffic may cause hybrid inspect requests to be enqueued.
+ # Processing will take place as quickly as possible, but resource limitations
+ # may impact how long a request is enqueued for.
+ "processedCount": "A String", # The number of hybrid inspection requests processed within this job.
+ },
},
},
"riskDetails": { # Result of a risk analysis operation request. # Results from analyzing risk of a data source.
- "numericalStatsResult": { # Result of the numerical stats computation.
+ "numericalStatsResult": { # Result of the numerical stats computation. # Numerical stats result
"quantileValues": [ # List of 99 values that partition the set of field values into 100 equal
# sized buckets.
{ # Set of primitive values supported by the system.
@@ -1054,10 +1136,10 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
- "floatValue": 3.14,
- "timestampValue": "A String",
- "dayOfWeekValue": "A String",
- "timeValue": { # Represents a time of day. The date and time zone are either not significant
+ "floatValue": 3.14, # float
+ "timestampValue": "A String", # timestamp
+ "dayOfWeekValue": "A String", # day of week
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
@@ -1067,7 +1149,7 @@
# allow the value 60 if it allows leap-seconds.
"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
},
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
# is relative to the Proleptic Gregorian Calendar. This can represent:
#
@@ -1077,17 +1159,17 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
},
- "stringValue": "A String",
- "booleanValue": True or False,
- "integerValue": "A String",
+ "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ "integerValue": "A String", # integer
},
],
"maxValue": { # Set of primitive values supported by the system. # Maximum value appearing in the column.
@@ -1096,10 +1178,10 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
- "floatValue": 3.14,
- "timestampValue": "A String",
- "dayOfWeekValue": "A String",
- "timeValue": { # Represents a time of day. The date and time zone are either not significant
+ "floatValue": 3.14, # float
+ "timestampValue": "A String", # timestamp
+ "dayOfWeekValue": "A String", # day of week
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
@@ -1109,7 +1191,7 @@
# allow the value 60 if it allows leap-seconds.
"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
},
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
# is relative to the Proleptic Gregorian Calendar. This can represent:
#
@@ -1119,17 +1201,17 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
},
- "stringValue": "A String",
- "booleanValue": True or False,
- "integerValue": "A String",
+ "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ "integerValue": "A String", # integer
},
"minValue": { # Set of primitive values supported by the system. # Minimum value appearing in the column.
# Note that for the purposes of inspection or transformation, the number
@@ -1137,10 +1219,10 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
- "floatValue": 3.14,
- "timestampValue": "A String",
- "dayOfWeekValue": "A String",
- "timeValue": { # Represents a time of day. The date and time zone are either not significant
+ "floatValue": 3.14, # float
+ "timestampValue": "A String", # timestamp
+ "dayOfWeekValue": "A String", # day of week
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
@@ -1150,7 +1232,7 @@
# allow the value 60 if it allows leap-seconds.
"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
},
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
# is relative to the Proleptic Gregorian Calendar. This can represent:
#
@@ -1160,20 +1242,20 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
},
- "stringValue": "A String",
- "booleanValue": True or False,
- "integerValue": "A String",
+ "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ "integerValue": "A String", # integer
},
},
- "kMapEstimationResult": { # Result of the reidentifiability analysis. Note that these results are an
+ "kMapEstimationResult": { # Result of the reidentifiability analysis. Note that these results are an # K-map result
# estimation, not exact values.
"kMapEstimationHistogram": [ # The intervals [min_anonymity, max_anonymity] do not overlap. If a value
# doesn't correspond to any such interval, the associated frequency is
@@ -1202,10 +1284,10 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
- "floatValue": 3.14,
- "timestampValue": "A String",
- "dayOfWeekValue": "A String",
- "timeValue": { # Represents a time of day. The date and time zone are either not significant
+ "floatValue": 3.14, # float
+ "timestampValue": "A String", # timestamp
+ "dayOfWeekValue": "A String", # day of week
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
@@ -1215,7 +1297,7 @@
# allow the value 60 if it allows leap-seconds.
"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
},
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
# is relative to the Proleptic Gregorian Calendar. This can represent:
#
@@ -1225,17 +1307,17 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
},
- "stringValue": "A String",
- "booleanValue": True or False,
- "integerValue": "A String",
+ "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ "integerValue": "A String", # integer
},
],
},
@@ -1247,9 +1329,9 @@
},
],
},
- "kAnonymityResult": { # Result of the k-anonymity computation.
+ "kAnonymityResult": { # Result of the k-anonymity computation. # K-anonymity result
"equivalenceClassHistogramBuckets": [ # Histogram of k-anonymity equivalence classes.
- {
+ { # Histogram of k-anonymity equivalence classes.
"bucketValues": [ # Sample of equivalence classes in this bucket. The total number of
# classes returned per bucket is capped at 20.
{ # The set of columns' values that share the same ldiversity value
@@ -1262,10 +1344,10 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
- "floatValue": 3.14,
- "timestampValue": "A String",
- "dayOfWeekValue": "A String",
- "timeValue": { # Represents a time of day. The date and time zone are either not significant
+ "floatValue": 3.14, # float
+ "timestampValue": "A String", # timestamp
+ "dayOfWeekValue": "A String", # day of week
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
@@ -1275,7 +1357,7 @@
# allow the value 60 if it allows leap-seconds.
"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
},
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
# is relative to the Proleptic Gregorian Calendar. This can represent:
#
@@ -1285,17 +1367,17 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
},
- "stringValue": "A String",
- "booleanValue": True or False,
- "integerValue": "A String",
+ "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ "integerValue": "A String", # integer
},
],
"equivalenceClassSize": "A String", # Size of the equivalence class, for example number of rows with the
@@ -1309,9 +1391,9 @@
},
],
},
- "lDiversityResult": { # Result of the l-diversity computation.
+ "lDiversityResult": { # Result of the l-diversity computation. # L-divesity result
"sensitiveValueFrequencyHistogramBuckets": [ # Histogram of l-diversity equivalence class sensitive value frequencies.
- {
+ { # Histogram of l-diversity equivalence class sensitive value frequencies.
"bucketValues": [ # Sample of equivalence classes in this bucket. The total number of
# classes returned per bucket is capped at 20.
{ # The set of columns' values that share the same ldiversity value.
@@ -1324,10 +1406,10 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
- "floatValue": 3.14,
- "timestampValue": "A String",
- "dayOfWeekValue": "A String",
- "timeValue": { # Represents a time of day. The date and time zone are either not significant
+ "floatValue": 3.14, # float
+ "timestampValue": "A String", # timestamp
+ "dayOfWeekValue": "A String", # day of week
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
@@ -1337,7 +1419,7 @@
# allow the value 60 if it allows leap-seconds.
"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
},
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
# is relative to the Proleptic Gregorian Calendar. This can represent:
#
@@ -1347,17 +1429,17 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
},
- "stringValue": "A String",
- "booleanValue": True or False,
- "integerValue": "A String",
+ "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ "integerValue": "A String", # integer
},
],
"topSensitiveValues": [ # Estimated frequencies of top sensitive values.
@@ -1369,10 +1451,10 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
- "floatValue": 3.14,
- "timestampValue": "A String",
- "dayOfWeekValue": "A String",
- "timeValue": { # Represents a time of day. The date and time zone are either not significant
+ "floatValue": 3.14, # float
+ "timestampValue": "A String", # timestamp
+ "dayOfWeekValue": "A String", # day of week
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
@@ -1382,7 +1464,7 @@
# allow the value 60 if it allows leap-seconds.
"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
},
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
# is relative to the Proleptic Gregorian Calendar. This can represent:
#
@@ -1392,17 +1474,17 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
},
- "stringValue": "A String",
- "booleanValue": True or False,
- "integerValue": "A String",
+ "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ "integerValue": "A String", # integer
},
},
],
@@ -1419,27 +1501,26 @@
],
},
"requestedPrivacyMetric": { # Privacy metric to compute for reidentification risk analysis. # Privacy metric to compute.
- "numericalStatsConfig": { # Compute numerical stats over an individual column, including
+ "numericalStatsConfig": { # Compute numerical stats over an individual column, including # Numerical stats
# min, max, and quantiles.
"field": { # General identifier of a data field in a storage service. # Field to compute numerical stats on. Supported types are
# integer, float, date, datetime, timestamp, time.
"name": "A String", # Name describing the field.
},
},
- "kMapEstimationConfig": { # Reidentifiability metric. This corresponds to a risk model similar to what
+ "kMapEstimationConfig": { # Reidentifiability metric. This corresponds to a risk model similar to what # k-map
# is called "journalist risk" in the literature, except the attack dataset is
# statistically modeled instead of being perfectly known. This can be done
# using publicly available data (like the US Census), or using a custom
# statistical model (indicated as one or several BigQuery tables), or by
# extrapolating from the distribution of values in the input dataset.
- # A column with a semantic tag attached.
"regionCode": "A String", # ISO 3166-1 alpha-2 region code to use in the statistical modeling.
- # Required if no column is tagged with a region-specific InfoType (like
+ # Set if no column is tagged with a region-specific InfoType (like
# US_ZIP_5) or a region code.
- "quasiIds": [ # Fields considered to be quasi-identifiers. No two columns can have the
- # same tag. [required]
- {
- "field": { # General identifier of a data field in a storage service. # Identifies the column. [required]
+ "quasiIds": [ # Required. Fields considered to be quasi-identifiers. No two columns can have the
+ # same tag.
+ { # A column with a semantic tag attached.
+ "field": { # General identifier of a data field in a storage service. # Required. Identifies the column.
"name": "A String", # Name describing the field.
},
"customTag": "A String", # A column can be tagged with a custom tag. In this case, the user must
@@ -1454,7 +1535,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"inferred": { # A generic empty message that you can re-use to avoid defining duplicated # If no semantic tag is indicated, we infer the statistical model from
# the distribution of values in the input data
@@ -1479,34 +1560,33 @@
# If a tuple is present in the data but not in the auxiliary table, the
# corresponding relative frequency is assumed to be zero (and thus, the
# tuple is highly reidentifiable).
- "relativeFrequency": { # General identifier of a data field in a storage service. # The relative frequency column must contain a floating-point number
- # between 0 and 1 (inclusive). Null values are assumed to be zero.
- # [required]
- "name": "A String", # Name describing the field.
- },
- "quasiIds": [ # Quasi-identifier columns. [required]
- { # A quasi-identifier column has a custom_tag, used to know which column
- # in the data corresponds to which column in the statistical model.
- "field": { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- "customTag": "A String",
- },
- ],
- "table": { # Message defining the location of a BigQuery table. A table is uniquely # Auxiliary table location. [required]
+ "table": { # Message defining the location of a BigQuery table. A table is uniquely # Required. Auxiliary table location.
# identified by its project_id, dataset_id, and table_name. Within a query
# a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
"projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
# If omitted, project ID is inferred from the API call.
"tableId": "A String", # Name of the table.
"datasetId": "A String", # Dataset ID of the table.
},
+ "quasiIds": [ # Required. Quasi-identifier columns.
+ { # A quasi-identifier column has a custom_tag, used to know which column
+ # in the data corresponds to which column in the statistical model.
+ "field": { # General identifier of a data field in a storage service. # Identifies the column.
+ "name": "A String", # Name describing the field.
+ },
+ "customTag": "A String", # A auxiliary field.
+ },
+ ],
+ "relativeFrequency": { # General identifier of a data field in a storage service. # Required. The relative frequency column must contain a floating-point number
+ # between 0 and 1 (inclusive). Null values are assumed to be zero.
+ "name": "A String", # Name describing the field.
+ },
},
],
},
- "lDiversityConfig": { # l-diversity metric, used for analysis of reidentification risk.
+ "lDiversityConfig": { # l-diversity metric, used for analysis of reidentification risk. # l-diversity
"sensitiveAttribute": { # General identifier of a data field in a storage service. # Sensitive field for computing the l-value.
"name": "A String", # Name describing the field.
},
@@ -1518,94 +1598,8 @@
},
],
},
- "deltaPresenceEstimationConfig": { # δ-presence metric, used to estimate how likely it is for an attacker to
- # figure out that one given individual appears in a de-identified dataset.
- # Similarly to the k-map metric, we cannot compute δ-presence exactly without
- # knowing the attack dataset, so we use a statistical model instead.
- "regionCode": "A String", # ISO 3166-1 alpha-2 region code to use in the statistical modeling.
- # Required if no column is tagged with a region-specific InfoType (like
- # US_ZIP_5) or a region code.
- "quasiIds": [ # Fields considered to be quasi-identifiers. No two fields can have the
- # same tag. [required]
- { # A column with a semantic tag attached.
- "field": { # General identifier of a data field in a storage service. # Identifies the column. [required]
- "name": "A String", # Name describing the field.
- },
- "customTag": "A String", # A column can be tagged with a custom tag. In this case, the user must
- # indicate an auxiliary table that contains statistical information on
- # the possible values of this column (below).
- "infoType": { # Type of information detected by the API. # A column can be tagged with a InfoType to use the relevant public
- # dataset as a statistical model of population, if available. We
- # currently support US ZIP codes, region codes, ages and genders.
- # To programmatically obtain the list of supported InfoTypes, use
- # ListInfoTypes with the supported_by=RISK_ANALYSIS filter.
- "name": "A String", # Name of the information type. Either a name of your choosing when
- # creating a CustomInfoType, or one of the names listed
- # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
- # a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
- },
- "inferred": { # A generic empty message that you can re-use to avoid defining duplicated # If no semantic tag is indicated, we infer the statistical model from
- # the distribution of values in the input data
- # empty messages in your APIs. A typical example is to use it as the request
- # or the response type of an API method. For instance:
- #
- # service Foo {
- # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
- # }
- #
- # The JSON representation for `Empty` is empty JSON object `{}`.
- },
- },
- ],
- "auxiliaryTables": [ # Several auxiliary tables can be used in the analysis. Each custom_tag
- # used to tag a quasi-identifiers field must appear in exactly one
- # field of one auxiliary table.
- { # An auxiliary table containing statistical information on the relative
- # frequency of different quasi-identifiers values. It has one or several
- # quasi-identifiers columns, and one column that indicates the relative
- # frequency of each quasi-identifier tuple.
- # If a tuple is present in the data but not in the auxiliary table, the
- # corresponding relative frequency is assumed to be zero (and thus, the
- # tuple is highly reidentifiable).
- "relativeFrequency": { # General identifier of a data field in a storage service. # The relative frequency column must contain a floating-point number
- # between 0 and 1 (inclusive). Null values are assumed to be zero.
- # [required]
- "name": "A String", # Name describing the field.
- },
- "quasiIds": [ # Quasi-identifier columns. [required]
- { # A quasi-identifier column has a custom_tag, used to know which column
- # in the data corresponds to which column in the statistical model.
- "field": { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- "customTag": "A String",
- },
- ],
- "table": { # Message defining the location of a BigQuery table. A table is uniquely # Auxiliary table location. [required]
- # identified by its project_id, dataset_id, and table_name. Within a query
- # a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
- "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
- # If omitted, project ID is inferred from the API call.
- "tableId": "A String", # Name of the table.
- "datasetId": "A String", # Dataset ID of the table.
- },
- },
- ],
- },
- "categoricalStatsConfig": { # Compute numerical stats over an individual column, including
- # number of distinct values and value count distribution.
- "field": { # General identifier of a data field in a storage service. # Field to compute categorical stats on. All column types are
- # supported except for arrays and structs. However, it may be more
- # informative to use NumericalStats when the field type is supported,
- # depending on the data.
- "name": "A String", # Name describing the field.
- },
- },
- "kAnonymityConfig": { # k-anonymity metric, used for analysis of reidentification risk.
- "entityId": { # An entity in a dataset is a field or set of fields that correspond to a # Optional message indicating that multiple rows might be associated to a
+ "kAnonymityConfig": { # k-anonymity metric, used for analysis of reidentification risk. # K-anonymity
+ "entityId": { # An entity in a dataset is a field or set of fields that correspond to a # Message indicating that multiple rows might be associated to a
# single individual. If the same entity_id is associated to multiple
# quasi-identifier tuples over distinct rows, we consider the entire
# collection of tuples as the composite quasi-identifier. This collection
@@ -1633,10 +1627,97 @@
},
],
},
+ "categoricalStatsConfig": { # Compute numerical stats over an individual column, including # Categorical stats
+ # number of distinct values and value count distribution.
+ "field": { # General identifier of a data field in a storage service. # Field to compute categorical stats on. All column types are
+ # supported except for arrays and structs. However, it may be more
+ # informative to use NumericalStats when the field type is supported,
+ # depending on the data.
+ "name": "A String", # Name describing the field.
+ },
+ },
+ "deltaPresenceEstimationConfig": { # δ-presence metric, used to estimate how likely it is for an attacker to # delta-presence
+ # figure out that one given individual appears in a de-identified dataset.
+ # Similarly to the k-map metric, we cannot compute δ-presence exactly without
+ # knowing the attack dataset, so we use a statistical model instead.
+ "regionCode": "A String", # ISO 3166-1 alpha-2 region code to use in the statistical modeling.
+ # Set if no column is tagged with a region-specific InfoType (like
+ # US_ZIP_5) or a region code.
+ "quasiIds": [ # Required. Fields considered to be quasi-identifiers. No two fields can have the
+ # same tag.
+ { # A column with a semantic tag attached.
+ "field": { # General identifier of a data field in a storage service. # Required. Identifies the column.
+ "name": "A String", # Name describing the field.
+ },
+ "customTag": "A String", # A column can be tagged with a custom tag. In this case, the user must
+ # indicate an auxiliary table that contains statistical information on
+ # the possible values of this column (below).
+ "infoType": { # Type of information detected by the API. # A column can be tagged with a InfoType to use the relevant public
+ # dataset as a statistical model of population, if available. We
+ # currently support US ZIP codes, region codes, ages and genders.
+ # To programmatically obtain the list of supported InfoTypes, use
+ # ListInfoTypes with the supported_by=RISK_ANALYSIS filter.
+ "name": "A String", # Name of the information type. Either a name of your choosing when
+ # creating a CustomInfoType, or one of the names listed
+ # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
+ # a built-in type. InfoType names should conform to the pattern
+ # `[a-zA-Z0-9_]{1,64}`.
+ },
+ "inferred": { # A generic empty message that you can re-use to avoid defining duplicated # If no semantic tag is indicated, we infer the statistical model from
+ # the distribution of values in the input data
+ # empty messages in your APIs. A typical example is to use it as the request
+ # or the response type of an API method. For instance:
+ #
+ # service Foo {
+ # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
+ # }
+ #
+ # The JSON representation for `Empty` is empty JSON object `{}`.
+ },
+ },
+ ],
+ "auxiliaryTables": [ # Several auxiliary tables can be used in the analysis. Each custom_tag
+ # used to tag a quasi-identifiers field must appear in exactly one
+ # field of one auxiliary table.
+ { # An auxiliary table containing statistical information on the relative
+ # frequency of different quasi-identifiers values. It has one or several
+ # quasi-identifiers columns, and one column that indicates the relative
+ # frequency of each quasi-identifier tuple.
+ # If a tuple is present in the data but not in the auxiliary table, the
+ # corresponding relative frequency is assumed to be zero (and thus, the
+ # tuple is highly reidentifiable).
+ "relativeFrequency": { # General identifier of a data field in a storage service. # Required. The relative frequency column must contain a floating-point number
+ # between 0 and 1 (inclusive). Null values are assumed to be zero.
+ "name": "A String", # Name describing the field.
+ },
+ "quasiIds": [ # Required. Quasi-identifier columns.
+ { # A quasi-identifier column has a custom_tag, used to know which column
+ # in the data corresponds to which column in the statistical model.
+ "field": { # General identifier of a data field in a storage service. # Identifies the column.
+ "name": "A String", # Name describing the field.
+ },
+ "customTag": "A String", # A column can be tagged with a custom tag. In this case, the user must
+ # indicate an auxiliary table that contains statistical information on
+ # the possible values of this column (below).
+ },
+ ],
+ "table": { # Message defining the location of a BigQuery table. A table is uniquely # Required. Auxiliary table location.
+ # identified by its project_id, dataset_id, and table_name. Within a query
+ # a table is often referenced with a string in the format of:
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
+ "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
+ # If omitted, project ID is inferred from the API call.
+ "tableId": "A String", # Name of the table.
+ "datasetId": "A String", # Dataset ID of the table.
+ },
+ },
+ ],
+ },
},
- "categoricalStatsResult": { # Result of the categorical stats computation.
+ "categoricalStatsResult": { # Result of the categorical stats computation. # Categorical stats result
"valueFrequencyHistogramBuckets": [ # Histogram of value frequencies in the column.
- {
+ { # Histogram of value frequencies in the column.
"bucketValues": [ # Sample of value frequencies in this bucket. The total number of
# values returned per bucket is capped at 20.
{ # A value of a field, including its frequency.
@@ -1647,10 +1728,10 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
- "floatValue": 3.14,
- "timestampValue": "A String",
- "dayOfWeekValue": "A String",
- "timeValue": { # Represents a time of day. The date and time zone are either not significant
+ "floatValue": 3.14, # float
+ "timestampValue": "A String", # timestamp
+ "dayOfWeekValue": "A String", # day of week
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
@@ -1660,7 +1741,7 @@
# allow the value 60 if it allows leap-seconds.
"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
},
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
# is relative to the Proleptic Gregorian Calendar. This can represent:
#
@@ -1670,17 +1751,17 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
},
- "stringValue": "A String",
- "booleanValue": True or False,
- "integerValue": "A String",
+ "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ "integerValue": "A String", # integer
},
},
],
@@ -1691,7 +1772,7 @@
},
],
},
- "deltaPresenceEstimationResult": { # Result of the δ-presence computation. Note that these results are an
+ "deltaPresenceEstimationResult": { # Result of the δ-presence computation. Note that these results are an # Delta-presence result
# estimation, not exact values.
"deltaPresenceEstimationHistogram": [ # The intervals [min_probability, max_probability) do not overlap. If a
# value doesn't correspond to any such interval, the associated frequency
@@ -1720,10 +1801,10 @@
# as a UTF-8 encoded string. For example, if 'integer_value' is set to
# 123456789, the number of bytes would be counted as 9, even though an
# int64 only holds up to 8 bytes of data.
- "floatValue": 3.14,
- "timestampValue": "A String",
- "dayOfWeekValue": "A String",
- "timeValue": { # Represents a time of day. The date and time zone are either not significant
+ "floatValue": 3.14, # float
+ "timestampValue": "A String", # timestamp
+ "dayOfWeekValue": "A String", # day of week
+ "timeValue": { # Represents a time of day. The date and time zone are either not significant # time of day
# or are specified elsewhere. An API may choose to allow leap seconds. Related
# types are google.type.Date and `google.protobuf.Timestamp`.
"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
@@ -1733,7 +1814,7 @@
# allow the value 60 if it allows leap-seconds.
"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
},
- "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
+ "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
# and time zone are either specified elsewhere or are not significant. The date
# is relative to the Proleptic Gregorian Calendar. This can represent:
#
@@ -1743,17 +1824,17 @@
# * A year and month value, with a zero day, e.g. a credit card expiration date
#
# Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
- "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
- # a year.
+ "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
+ # month and day.
"day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
# if specifying a year by itself or a year and month where the day is not
# significant.
- "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
- # month and day.
+ "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
+ # a year.
},
- "stringValue": "A String",
- "booleanValue": True or False,
- "integerValue": "A String",
+ "stringValue": "A String", # string
+ "booleanValue": True or False, # boolean
+ "integerValue": "A String", # integer
},
],
"estimatedProbability": 3.14, # The estimated probability that a given individual sharing these
@@ -1776,8 +1857,8 @@
"requestedSourceTable": { # Message defining the location of a BigQuery table. A table is uniquely # Input dataset to compute metrics over.
# identified by its project_id, dataset_id, and table_name. Within a query
# a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
"projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
# If omitted, project ID is inferred from the API call.
"tableId": "A String", # Name of the table.
@@ -1795,14 +1876,14 @@
</div>
<div class="method">
- <code class="details" id="create">create(parent, body, x__xgafv=None)</code>
+ <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>
<pre>Creates a job trigger to run DLP actions such as scanning storage for
sensitive information on a set schedule.
See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
Args:
- parent: string, The parent resource name, for example projects/my-project-id. (required)
- body: object, The request body. (required)
+ parent: string, Required. The parent resource name, for example projects/my-project-id. (required)
+ body: object, The request body.
The object takes the form of:
{ # Request message for CreateJobTrigger.
@@ -1810,21 +1891,22 @@
# numbers, and hyphens; that is, it must match the regular
# expression: `[a-zA-Z\\d-_]+`. The maximum length is 100
# characters. Can be empty to allow the system to generate one.
- "jobTrigger": { # Contains a configuration to make dlp api calls on a repeating basis. # The JobTrigger to create.
+ "locationId": "A String", # The geographic location to store the job trigger. Reserved for
+ # future extensions.
+ "jobTrigger": { # Contains a configuration to make dlp api calls on a repeating basis. # Required. The JobTrigger to create.
# See https://cloud.google.com/dlp/docs/concepts-job-triggers to learn more.
- "status": "A String", # A status for this trigger. [required]
- "updateTime": "A String", # The last update timestamp of a triggeredJob, output only field.
- "errors": [ # A stream of errors encountered when the trigger was activated. Repeated
+ "status": "A String", # Required. A status for this trigger.
+ "updateTime": "A String", # Output only. The last update timestamp of a triggeredJob.
+ "errors": [ # Output only. A stream of errors encountered when the trigger was activated. Repeated
# errors may result in the JobTrigger automatically being paused.
# Will return the last 100 errors. Whenever the JobTrigger is modified
- # this list will be cleared. Output only field.
+ # this list will be cleared.
{ # Details information about an error encountered during job execution or
# the results of an unsuccessful activation of the JobTrigger.
- # Output only field.
"timestamps": [ # The times the error occurred.
"A String",
],
- "details": { # The `Status` type defines a logical error model that is suitable for
+ "details": { # The `Status` type defines a logical error model that is suitable for # Detailed error codes and messages.
# different programming environments, including REST APIs and RPC APIs. It is
# used by [gRPC](https://github.com/grpc). Each `Status` message contains
# three pieces of data: error code, error message, and error details.
@@ -1846,79 +1928,31 @@
],
"displayName": "A String", # Display name (max 100 chars)
"description": "A String", # User provided description (max 256 chars)
- "inspectJob": {
- "storageConfig": { # Shared message indicating Cloud storage type. # The data to scan.
- "datastoreOptions": { # Options defining a data set within Google Cloud Datastore. # Google Cloud Datastore options specification.
- "partitionId": { # Datastore partition ID. # A partition ID identifies a grouping of entities. The grouping is always
- # by project and namespace, however the namespace ID may be empty.
- # A partition ID identifies a grouping of entities. The grouping is always
- # by project and namespace, however the namespace ID may be empty.
+ "triggers": [ # A list of triggers which will be OR'ed together. Only one in the list
+ # needs to trigger for a job to be started. The list may contain only
+ # a single Schedule trigger and must have at least one object.
+ { # What event needs to occur for a new job to be started.
+ "manual": { # Job trigger option for hybrid jobs. Jobs must be manually created # For use with hybrid jobs. Jobs must be manually created and finished.
+ # Early access feature is in a pre-release state and might change or have
+ # limited support. For more information, see
+ # https://cloud.google.com/products#product-launch-stages.
+ # and finished.
+ },
+ "schedule": { # Schedule for triggeredJobs. # Create a job on a repeating basis based on the elapse of time.
+ "recurrencePeriodDuration": "A String", # With this option a job is started a regular periodic basis. For
+ # example: every day (86400 seconds).
#
- # A partition ID contains several dimensions:
- # project ID and namespace ID.
- "projectId": "A String", # The ID of the project to which the entities belong.
- "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
- },
- "kind": { # A representation of a Datastore kind. # The kind to process.
- "name": "A String", # The name of the kind.
- },
+ # A scheduled start time will be skipped if the previous
+ # execution has not ended when its scheduled time occurs.
+ #
+ # This value must be set to a time duration greater than or equal
+ # to 1 day and can be no longer than 60 days.
},
- "bigQueryOptions": { # Options defining BigQuery table and row identifiers. # BigQuery options specification.
- "excludedFields": [ # References to fields excluded from scanning. This allows you to skip
- # inspection of entire columns which you know have no findings.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
- "rowsLimit": "A String", # Max number of rows to scan. If the table has more rows than this value, the
- # rest of the rows are omitted. If not set, or if set to 0, all rows will be
- # scanned. Only one of rows_limit and rows_limit_percent can be specified.
- # Cannot be used in conjunction with TimespanConfig.
- "sampleMethod": "A String",
- "identifyingFields": [ # References to fields uniquely identifying rows within the table.
- # Nested fields in the format, like `person.birthdate.year`, are allowed.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
- "rowsLimitPercent": 42, # Max percentage of rows to scan. The rest are omitted. The number of rows
- # scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and
- # 100 means no limit. Defaults to 0. Only one of rows_limit and
- # rows_limit_percent can be specified. Cannot be used in conjunction with
- # TimespanConfig.
- "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
- # identified by its project_id, dataset_id, and table_name. Within a query
- # a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
- "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
- # If omitted, project ID is inferred from the API call.
- "tableId": "A String", # Name of the table.
- "datasetId": "A String", # Dataset ID of the table.
- },
- },
- "timespanConfig": { # Configuration of the timespan of the items to include in scanning.
- # Currently only supported when inspecting Google Cloud Storage and BigQuery.
- "timestampField": { # General identifier of a data field in a storage service. # Specification of the field containing the timestamp of scanned items.
- # Used for data sources like Datastore or BigQuery.
- # If not specified for BigQuery, table last modification timestamp
- # is checked against given time span.
- # The valid data types of the timestamp field are:
- # for BigQuery - timestamp, date, datetime;
- # for Datastore - timestamp.
- # Datastore entity will be scanned if the timestamp property does not exist
- # or its value is empty or invalid.
- "name": "A String", # Name describing the field.
- },
- "endTime": "A String", # Exclude files or rows newer than this value.
- # If set to zero, no upper time limit is applied.
- "startTime": "A String", # Exclude files or rows older than this value.
- "enableAutoPopulationOfTimespanConfig": True or False, # When the job is started by a JobTrigger we will automatically figure out
- # a valid start_time to avoid scanning files that have not been modified
- # since the last time the JobTrigger executed. This will be based on the
- # time of the execution of the last run of the JobTrigger.
- },
- "cloudStorageOptions": { # Options defining a file or a set of files within a Google Cloud Storage # Google Cloud Storage options specification.
+ },
+ ],
+ "inspectJob": { # Controls what and how to inspect for findings. # For inspect jobs, a snapshot of the configuration.
+ "storageConfig": { # Shared message indicating Cloud storage type. # The data to scan.
+ "cloudStorageOptions": { # Options defining a file or a set of files within a Google Cloud Storage # Google Cloud Storage options.
# bucket.
"bytesLimitPerFile": "A String", # Max number of bytes to scan from a file. If a scanned file's size is bigger
# than this value then the rest of the bytes are omitted. Only one
@@ -1926,7 +1960,7 @@
"sampleMethod": "A String",
"fileSet": { # Set of files to scan. # The set of one or more files to scan.
"url": "A String", # The Cloud Storage url of the file(s) to scan, in the format
- # `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed.
+ # `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed.
#
# If the url ends in a trailing slash, the bucket or directory represented
# by the url will be scanned non-recursively (content in sub-directories
@@ -1991,26 +2025,151 @@
],
},
},
+ "filesLimitPercent": 42, # Limits the number of files to scan to this percentage of the input FileSet.
+ # Number of files scanned is rounded down. Must be between 0 and 100,
+ # inclusively. Both 0 and 100 means no limit. Defaults to 0.
"bytesLimitPerFilePercent": 42, # Max percentage of bytes to scan from a file. The rest are omitted. The
# number of bytes scanned is rounded down. Must be between 0 and 100,
# inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one
# of bytes_limit_per_file and bytes_limit_per_file_percent can be specified.
- "filesLimitPercent": 42, # Limits the number of files to scan to this percentage of the input FileSet.
- # Number of files scanned is rounded down. Must be between 0 and 100,
- # inclusively. Both 0 and 100 means no limit. Defaults to 0.
"fileTypes": [ # List of file type groups to include in the scan.
# If empty, all files are scanned and available data format processors
# are applied. In addition, the binary content of the selected files
# is always scanned as well.
+ # Images are scanned only as binary if the specified region
+ # does not support image inspection and no file_types were specified.
+ # Image inspection is restricted to 'global', 'us', 'asia', and 'europe'.
"A String",
],
},
+ "datastoreOptions": { # Options defining a data set within Google Cloud Datastore. # Google Cloud Datastore options.
+ "partitionId": { # Datastore partition ID. # A partition ID identifies a grouping of entities. The grouping is always
+ # by project and namespace, however the namespace ID may be empty.
+ # A partition ID identifies a grouping of entities. The grouping is always
+ # by project and namespace, however the namespace ID may be empty.
+ #
+ # A partition ID contains several dimensions:
+ # project ID and namespace ID.
+ "projectId": "A String", # The ID of the project to which the entities belong.
+ "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
+ },
+ "kind": { # A representation of a Datastore kind. # The kind to process.
+ "name": "A String", # The name of the kind.
+ },
+ },
+ "bigQueryOptions": { # Options defining BigQuery table and row identifiers. # BigQuery options.
+ "excludedFields": [ # References to fields excluded from scanning. This allows you to skip
+ # inspection of entire columns which you know have no findings.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ "rowsLimit": "A String", # Max number of rows to scan. If the table has more rows than this value, the
+ # rest of the rows are omitted. If not set, or if set to 0, all rows will be
+ # scanned. Only one of rows_limit and rows_limit_percent can be specified.
+ # Cannot be used in conjunction with TimespanConfig.
+ "sampleMethod": "A String",
+ "identifyingFields": [ # Table fields that may uniquely identify a row within the table. When
+ # `actions.saveFindings.outputConfig.table` is specified, the values of
+ # columns specified here are available in the output table under
+ # `location.content_locations.record_location.record_key.id_values`. Nested
+ # fields such as `person.birthdate.year` are allowed.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ "rowsLimitPercent": 42, # Max percentage of rows to scan. The rest are omitted. The number of rows
+ # scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and
+ # 100 means no limit. Defaults to 0. Only one of rows_limit and
+ # rows_limit_percent can be specified. Cannot be used in conjunction with
+ # TimespanConfig.
+ "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
+ # identified by its project_id, dataset_id, and table_name. Within a query
+ # a table is often referenced with a string in the format of:
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
+ "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
+ # If omitted, project ID is inferred from the API call.
+ "tableId": "A String", # Name of the table.
+ "datasetId": "A String", # Dataset ID of the table.
+ },
+ },
+ "timespanConfig": { # Configuration of the timespan of the items to include in scanning.
+ # Currently only supported when inspecting Google Cloud Storage and BigQuery.
+ "timestampField": { # General identifier of a data field in a storage service. # Specification of the field containing the timestamp of scanned items.
+ # Used for data sources like Datastore and BigQuery.
+ #
+ # For BigQuery:
+ # Required to filter out rows based on the given start and
+ # end times. If not specified and the table was modified between the given
+ # start and end times, the entire table will be scanned.
+ # The valid data types of the timestamp field are: `INTEGER`, `DATE`,
+ # `TIMESTAMP`, or `DATETIME` BigQuery column.
+ #
+ # For Datastore.
+ # Valid data types of the timestamp field are: `TIMESTAMP`.
+ # Datastore entity will be scanned if the timestamp property does not
+ # exist or its value is empty or invalid.
+ "name": "A String", # Name describing the field.
+ },
+ "endTime": "A String", # Exclude files or rows newer than this value.
+ # If set to zero, no upper time limit is applied.
+ "startTime": "A String", # Exclude files or rows older than this value.
+ "enableAutoPopulationOfTimespanConfig": True or False, # When the job is started by a JobTrigger we will automatically figure out
+ # a valid start_time to avoid scanning files that have not been modified
+ # since the last time the JobTrigger executed. This will be based on the
+ # time of the execution of the last run of the JobTrigger.
+ },
+ "hybridOptions": { # Configuration to control jobs where the content being inspected is outside # Hybrid inspection options.
+ # Early access feature is in a pre-release state and might change or have
+ # limited support. For more information, see
+ # https://cloud.google.com/products#product-launch-stages.
+ # of Google Cloud Platform.
+ "tableOptions": { # Instructions regarding the table content being inspected. # If the container is a table, additional information to make findings
+ # meaningful such as the columns that are primary keys.
+ "identifyingFields": [ # The columns that are the primary keys for table objects included in
+ # ContentItem. A copy of this cell's value will stored alongside alongside
+ # each finding so that the finding can be traced to the specific row it came
+ # from. No more than 3 may be provided.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ },
+ "labels": { # To organize findings, these labels will be added to each finding.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
+ #
+ # Label values must be between 0 and 63 characters long and must conform
+ # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`.
+ #
+ # No more than 10 labels can be associated with a given finding.
+ #
+ # Examples:
+ # * `"environment" : "production"`
+ # * `"pipeline" : "etl"`
+ "a_key": "A String",
+ },
+ "requiredFindingLabelKeys": [ # These are labels that each inspection request must include within their
+ # 'finding_labels' map. Request may contain others, but any missing one of
+ # these will be rejected.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
+ #
+ # No more than 10 keys can be required.
+ "A String",
+ ],
+ "description": "A String", # A short description of where the data is coming from. Will be stored once
+ # in the job. 256 max length.
+ },
},
"inspectConfig": { # Configuration description of the scanning process. # How and what to scan for.
# When used with redactContent only info_types and min_likelihood are currently
# used.
"excludeInfoTypes": True or False, # When true, excludes type information of the findings.
- "limits": {
+ "limits": { # Configuration to control the number of findings returned. # Configuration to control the number of findings returned.
"maxFindingsPerRequest": 42, # Max number of findings that will be returned per request/job.
# When set within `InspectContentRequest`, the maximum returned is 2000
# regardless if this is set higher.
@@ -2025,13 +2184,13 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"maxFindings": 42, # Max findings limit for the given infoType.
},
],
"maxFindingsPerItem": 42, # Max number of findings that will be returned for each item scanned.
- # When set within `InspectDataSourceRequest`,
+ # When set within `InspectJobConfig`,
# the maximum returned is 2000 regardless if this is set higher.
# When set within `InspectContentRequest`, this field is ignored.
},
@@ -2071,7 +2230,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"dictionary": { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType.
# be used to match sensitive information specific to the data, such as a list
@@ -2135,8 +2294,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -2190,8 +2349,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -2240,7 +2399,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -2290,7 +2449,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -2307,16 +2466,15 @@
# system may automatically choose what detectors to run. By default this may
# be all types, but may change over time as detectors are updated.
#
- # The special InfoType name "ALL_BASIC" can be used to trigger all detectors,
- # but may change over time as new InfoTypes are added. If you need precise
- # control and predictability as to what detectors are run you should specify
- # specific InfoTypes listed in the reference.
+ # If you need precise control and predictability as to what detectors are
+ # run you should specify specific InfoTypes listed in the reference,
+ # otherwise a default list will be used, which may change over time.
{ # Type of information detected by the API.
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -2330,7 +2488,7 @@
# OutputStorageConfig. Only a single instance of this action can be
# specified.
# Compatible with: Inspect, Risk
- "outputConfig": { # Cloud repository for storing output.
+ "outputConfig": { # Cloud repository for storing output. # Location to store findings outside of DLP.
"table": { # Message defining the location of a BigQuery table. A table is uniquely # Store findings in an existing table or a new table in an existing
# dataset. If table_id is not set a new one will be generated
# for you with the following format:
@@ -2347,8 +2505,8 @@
# quasi-identifiers, cannot store their results in the same table.
# identified by its project_id, dataset_id, and table_name. Within a query
# a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
"projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
# If omitted, project ID is inferred from the API call.
"tableId": "A String", # Name of the table.
@@ -2363,9 +2521,10 @@
# If unspecified, then all available columns will be used for a new table or
# an (existing) table with no schema, and no changes will be made to an
# existing table that has a schema.
+ # Only for use with external storage.
},
},
- "jobNotificationEmails": { # Enable email notification to project owners and editors on jobs's # Enable email notification to project owners and editors on job's
+ "jobNotificationEmails": { # Enable email notification to project owners and editors on jobs's # Enable email notification for project owners and editors on job's
# completion/failure.
# completion/failure.
},
@@ -2380,6 +2539,22 @@
# Only a single instance of this action can be specified.
# Compatible with: Inspect
},
+ "publishToStackdriver": { # Enable Stackdriver metric dlp.googleapis.com/finding_count. This # Enable Stackdriver metric dlp.googleapis.com/finding_count.
+ # will publish a metric to stack driver on each infotype requested and
+ # how many findings were found for it. CustomDetectors will be bucketed
+ # as 'Custom' under the Stackdriver label 'info_type'.
+ },
+ "publishFindingsToCloudDataCatalog": { # Publish findings of a DlpJob to Cloud Data Catalog. Labels summarizing the # Publish findings to Cloud Datahub.
+ # results of the DlpJob will be applied to the entry for the resource scanned
+ # in Cloud Data Catalog. Any labels previously written by another DlpJob will
+ # be deleted. InfoType naming patterns are strictly enforced when using this
+ # feature. Note that the findings will be persisted in Cloud Data Catalog
+ # storage and are governed by Data Catalog service-specific policy, see
+ # https://cloud.google.com/terms/service-terms
+ # Only a single instance of this action can be specified and only allowed if
+ # all resources being scanned are BigQuery tables.
+ # Compatible with: Inspect
+ },
"pubSub": { # Publish a message into given Pub/Sub topic when DlpJob has completed. The # Publish a notification to a pubsub topic.
# message contains a single field, `DlpJobName`, which is equal to the
# finished job's
@@ -2393,27 +2568,11 @@
},
],
},
- "triggers": [ # A list of triggers which will be OR'ed together. Only one in the list
- # needs to trigger for a job to be started. The list may contain only
- # a single Schedule trigger and must have at least one object.
- { # What event needs to occur for a new job to be started.
- "schedule": { # Schedule for triggeredJobs. # Create a job on a repeating basis based on the elapse of time.
- "recurrencePeriodDuration": "A String", # With this option a job is started a regular periodic basis. For
- # example: every day (86400 seconds).
- #
- # A scheduled start time will be skipped if the previous
- # execution has not ended when its scheduled time occurs.
- #
- # This value must be set to a time duration greater than or equal
- # to 1 day and can be no longer than 60 days.
- },
- },
- ],
- "lastRunTime": "A String", # The timestamp of the last time this trigger executed, output only field.
- "createTime": "A String", # The creation timestamp of a triggeredJob, output only field.
+ "lastRunTime": "A String", # Output only. The timestamp of the last time this trigger executed.
+ "createTime": "A String", # Output only. The creation timestamp of a triggeredJob.
"name": "A String", # Unique resource name for the triggeredJob, assigned by the service when the
# triggeredJob is created, for example
- # `projects/dlp-test-project/triggeredJobs/53234423`.
+ # `projects/dlp-test-project/jobTriggers/53234423`.
},
}
@@ -2427,19 +2586,18 @@
{ # Contains a configuration to make dlp api calls on a repeating basis.
# See https://cloud.google.com/dlp/docs/concepts-job-triggers to learn more.
- "status": "A String", # A status for this trigger. [required]
- "updateTime": "A String", # The last update timestamp of a triggeredJob, output only field.
- "errors": [ # A stream of errors encountered when the trigger was activated. Repeated
+ "status": "A String", # Required. A status for this trigger.
+ "updateTime": "A String", # Output only. The last update timestamp of a triggeredJob.
+ "errors": [ # Output only. A stream of errors encountered when the trigger was activated. Repeated
# errors may result in the JobTrigger automatically being paused.
# Will return the last 100 errors. Whenever the JobTrigger is modified
- # this list will be cleared. Output only field.
+ # this list will be cleared.
{ # Details information about an error encountered during job execution or
# the results of an unsuccessful activation of the JobTrigger.
- # Output only field.
"timestamps": [ # The times the error occurred.
"A String",
],
- "details": { # The `Status` type defines a logical error model that is suitable for
+ "details": { # The `Status` type defines a logical error model that is suitable for # Detailed error codes and messages.
# different programming environments, including REST APIs and RPC APIs. It is
# used by [gRPC](https://github.com/grpc). Each `Status` message contains
# three pieces of data: error code, error message, and error details.
@@ -2461,79 +2619,31 @@
],
"displayName": "A String", # Display name (max 100 chars)
"description": "A String", # User provided description (max 256 chars)
- "inspectJob": {
- "storageConfig": { # Shared message indicating Cloud storage type. # The data to scan.
- "datastoreOptions": { # Options defining a data set within Google Cloud Datastore. # Google Cloud Datastore options specification.
- "partitionId": { # Datastore partition ID. # A partition ID identifies a grouping of entities. The grouping is always
- # by project and namespace, however the namespace ID may be empty.
- # A partition ID identifies a grouping of entities. The grouping is always
- # by project and namespace, however the namespace ID may be empty.
+ "triggers": [ # A list of triggers which will be OR'ed together. Only one in the list
+ # needs to trigger for a job to be started. The list may contain only
+ # a single Schedule trigger and must have at least one object.
+ { # What event needs to occur for a new job to be started.
+ "manual": { # Job trigger option for hybrid jobs. Jobs must be manually created # For use with hybrid jobs. Jobs must be manually created and finished.
+ # Early access feature is in a pre-release state and might change or have
+ # limited support. For more information, see
+ # https://cloud.google.com/products#product-launch-stages.
+ # and finished.
+ },
+ "schedule": { # Schedule for triggeredJobs. # Create a job on a repeating basis based on the elapse of time.
+ "recurrencePeriodDuration": "A String", # With this option a job is started a regular periodic basis. For
+ # example: every day (86400 seconds).
#
- # A partition ID contains several dimensions:
- # project ID and namespace ID.
- "projectId": "A String", # The ID of the project to which the entities belong.
- "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
- },
- "kind": { # A representation of a Datastore kind. # The kind to process.
- "name": "A String", # The name of the kind.
- },
+ # A scheduled start time will be skipped if the previous
+ # execution has not ended when its scheduled time occurs.
+ #
+ # This value must be set to a time duration greater than or equal
+ # to 1 day and can be no longer than 60 days.
},
- "bigQueryOptions": { # Options defining BigQuery table and row identifiers. # BigQuery options specification.
- "excludedFields": [ # References to fields excluded from scanning. This allows you to skip
- # inspection of entire columns which you know have no findings.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
- "rowsLimit": "A String", # Max number of rows to scan. If the table has more rows than this value, the
- # rest of the rows are omitted. If not set, or if set to 0, all rows will be
- # scanned. Only one of rows_limit and rows_limit_percent can be specified.
- # Cannot be used in conjunction with TimespanConfig.
- "sampleMethod": "A String",
- "identifyingFields": [ # References to fields uniquely identifying rows within the table.
- # Nested fields in the format, like `person.birthdate.year`, are allowed.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
- "rowsLimitPercent": 42, # Max percentage of rows to scan. The rest are omitted. The number of rows
- # scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and
- # 100 means no limit. Defaults to 0. Only one of rows_limit and
- # rows_limit_percent can be specified. Cannot be used in conjunction with
- # TimespanConfig.
- "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
- # identified by its project_id, dataset_id, and table_name. Within a query
- # a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
- "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
- # If omitted, project ID is inferred from the API call.
- "tableId": "A String", # Name of the table.
- "datasetId": "A String", # Dataset ID of the table.
- },
- },
- "timespanConfig": { # Configuration of the timespan of the items to include in scanning.
- # Currently only supported when inspecting Google Cloud Storage and BigQuery.
- "timestampField": { # General identifier of a data field in a storage service. # Specification of the field containing the timestamp of scanned items.
- # Used for data sources like Datastore or BigQuery.
- # If not specified for BigQuery, table last modification timestamp
- # is checked against given time span.
- # The valid data types of the timestamp field are:
- # for BigQuery - timestamp, date, datetime;
- # for Datastore - timestamp.
- # Datastore entity will be scanned if the timestamp property does not exist
- # or its value is empty or invalid.
- "name": "A String", # Name describing the field.
- },
- "endTime": "A String", # Exclude files or rows newer than this value.
- # If set to zero, no upper time limit is applied.
- "startTime": "A String", # Exclude files or rows older than this value.
- "enableAutoPopulationOfTimespanConfig": True or False, # When the job is started by a JobTrigger we will automatically figure out
- # a valid start_time to avoid scanning files that have not been modified
- # since the last time the JobTrigger executed. This will be based on the
- # time of the execution of the last run of the JobTrigger.
- },
- "cloudStorageOptions": { # Options defining a file or a set of files within a Google Cloud Storage # Google Cloud Storage options specification.
+ },
+ ],
+ "inspectJob": { # Controls what and how to inspect for findings. # For inspect jobs, a snapshot of the configuration.
+ "storageConfig": { # Shared message indicating Cloud storage type. # The data to scan.
+ "cloudStorageOptions": { # Options defining a file or a set of files within a Google Cloud Storage # Google Cloud Storage options.
# bucket.
"bytesLimitPerFile": "A String", # Max number of bytes to scan from a file. If a scanned file's size is bigger
# than this value then the rest of the bytes are omitted. Only one
@@ -2541,7 +2651,7 @@
"sampleMethod": "A String",
"fileSet": { # Set of files to scan. # The set of one or more files to scan.
"url": "A String", # The Cloud Storage url of the file(s) to scan, in the format
- # `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed.
+ # `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed.
#
# If the url ends in a trailing slash, the bucket or directory represented
# by the url will be scanned non-recursively (content in sub-directories
@@ -2606,26 +2716,151 @@
],
},
},
+ "filesLimitPercent": 42, # Limits the number of files to scan to this percentage of the input FileSet.
+ # Number of files scanned is rounded down. Must be between 0 and 100,
+ # inclusively. Both 0 and 100 means no limit. Defaults to 0.
"bytesLimitPerFilePercent": 42, # Max percentage of bytes to scan from a file. The rest are omitted. The
# number of bytes scanned is rounded down. Must be between 0 and 100,
# inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one
# of bytes_limit_per_file and bytes_limit_per_file_percent can be specified.
- "filesLimitPercent": 42, # Limits the number of files to scan to this percentage of the input FileSet.
- # Number of files scanned is rounded down. Must be between 0 and 100,
- # inclusively. Both 0 and 100 means no limit. Defaults to 0.
"fileTypes": [ # List of file type groups to include in the scan.
# If empty, all files are scanned and available data format processors
# are applied. In addition, the binary content of the selected files
# is always scanned as well.
+ # Images are scanned only as binary if the specified region
+ # does not support image inspection and no file_types were specified.
+ # Image inspection is restricted to 'global', 'us', 'asia', and 'europe'.
"A String",
],
},
+ "datastoreOptions": { # Options defining a data set within Google Cloud Datastore. # Google Cloud Datastore options.
+ "partitionId": { # Datastore partition ID. # A partition ID identifies a grouping of entities. The grouping is always
+ # by project and namespace, however the namespace ID may be empty.
+ # A partition ID identifies a grouping of entities. The grouping is always
+ # by project and namespace, however the namespace ID may be empty.
+ #
+ # A partition ID contains several dimensions:
+ # project ID and namespace ID.
+ "projectId": "A String", # The ID of the project to which the entities belong.
+ "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
+ },
+ "kind": { # A representation of a Datastore kind. # The kind to process.
+ "name": "A String", # The name of the kind.
+ },
+ },
+ "bigQueryOptions": { # Options defining BigQuery table and row identifiers. # BigQuery options.
+ "excludedFields": [ # References to fields excluded from scanning. This allows you to skip
+ # inspection of entire columns which you know have no findings.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ "rowsLimit": "A String", # Max number of rows to scan. If the table has more rows than this value, the
+ # rest of the rows are omitted. If not set, or if set to 0, all rows will be
+ # scanned. Only one of rows_limit and rows_limit_percent can be specified.
+ # Cannot be used in conjunction with TimespanConfig.
+ "sampleMethod": "A String",
+ "identifyingFields": [ # Table fields that may uniquely identify a row within the table. When
+ # `actions.saveFindings.outputConfig.table` is specified, the values of
+ # columns specified here are available in the output table under
+ # `location.content_locations.record_location.record_key.id_values`. Nested
+ # fields such as `person.birthdate.year` are allowed.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ "rowsLimitPercent": 42, # Max percentage of rows to scan. The rest are omitted. The number of rows
+ # scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and
+ # 100 means no limit. Defaults to 0. Only one of rows_limit and
+ # rows_limit_percent can be specified. Cannot be used in conjunction with
+ # TimespanConfig.
+ "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
+ # identified by its project_id, dataset_id, and table_name. Within a query
+ # a table is often referenced with a string in the format of:
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
+ "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
+ # If omitted, project ID is inferred from the API call.
+ "tableId": "A String", # Name of the table.
+ "datasetId": "A String", # Dataset ID of the table.
+ },
+ },
+ "timespanConfig": { # Configuration of the timespan of the items to include in scanning.
+ # Currently only supported when inspecting Google Cloud Storage and BigQuery.
+ "timestampField": { # General identifier of a data field in a storage service. # Specification of the field containing the timestamp of scanned items.
+ # Used for data sources like Datastore and BigQuery.
+ #
+ # For BigQuery:
+ # Required to filter out rows based on the given start and
+ # end times. If not specified and the table was modified between the given
+ # start and end times, the entire table will be scanned.
+ # The valid data types of the timestamp field are: `INTEGER`, `DATE`,
+ # `TIMESTAMP`, or `DATETIME` BigQuery column.
+ #
+ # For Datastore.
+ # Valid data types of the timestamp field are: `TIMESTAMP`.
+ # Datastore entity will be scanned if the timestamp property does not
+ # exist or its value is empty or invalid.
+ "name": "A String", # Name describing the field.
+ },
+ "endTime": "A String", # Exclude files or rows newer than this value.
+ # If set to zero, no upper time limit is applied.
+ "startTime": "A String", # Exclude files or rows older than this value.
+ "enableAutoPopulationOfTimespanConfig": True or False, # When the job is started by a JobTrigger we will automatically figure out
+ # a valid start_time to avoid scanning files that have not been modified
+ # since the last time the JobTrigger executed. This will be based on the
+ # time of the execution of the last run of the JobTrigger.
+ },
+ "hybridOptions": { # Configuration to control jobs where the content being inspected is outside # Hybrid inspection options.
+ # Early access feature is in a pre-release state and might change or have
+ # limited support. For more information, see
+ # https://cloud.google.com/products#product-launch-stages.
+ # of Google Cloud Platform.
+ "tableOptions": { # Instructions regarding the table content being inspected. # If the container is a table, additional information to make findings
+ # meaningful such as the columns that are primary keys.
+ "identifyingFields": [ # The columns that are the primary keys for table objects included in
+ # ContentItem. A copy of this cell's value will stored alongside alongside
+ # each finding so that the finding can be traced to the specific row it came
+ # from. No more than 3 may be provided.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ },
+ "labels": { # To organize findings, these labels will be added to each finding.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
+ #
+ # Label values must be between 0 and 63 characters long and must conform
+ # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`.
+ #
+ # No more than 10 labels can be associated with a given finding.
+ #
+ # Examples:
+ # * `"environment" : "production"`
+ # * `"pipeline" : "etl"`
+ "a_key": "A String",
+ },
+ "requiredFindingLabelKeys": [ # These are labels that each inspection request must include within their
+ # 'finding_labels' map. Request may contain others, but any missing one of
+ # these will be rejected.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
+ #
+ # No more than 10 keys can be required.
+ "A String",
+ ],
+ "description": "A String", # A short description of where the data is coming from. Will be stored once
+ # in the job. 256 max length.
+ },
},
"inspectConfig": { # Configuration description of the scanning process. # How and what to scan for.
# When used with redactContent only info_types and min_likelihood are currently
# used.
"excludeInfoTypes": True or False, # When true, excludes type information of the findings.
- "limits": {
+ "limits": { # Configuration to control the number of findings returned. # Configuration to control the number of findings returned.
"maxFindingsPerRequest": 42, # Max number of findings that will be returned per request/job.
# When set within `InspectContentRequest`, the maximum returned is 2000
# regardless if this is set higher.
@@ -2640,13 +2875,13 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"maxFindings": 42, # Max findings limit for the given infoType.
},
],
"maxFindingsPerItem": 42, # Max number of findings that will be returned for each item scanned.
- # When set within `InspectDataSourceRequest`,
+ # When set within `InspectJobConfig`,
# the maximum returned is 2000 regardless if this is set higher.
# When set within `InspectContentRequest`, this field is ignored.
},
@@ -2686,7 +2921,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"dictionary": { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType.
# be used to match sensitive information specific to the data, such as a list
@@ -2750,8 +2985,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -2805,8 +3040,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -2855,7 +3090,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -2905,7 +3140,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -2922,16 +3157,15 @@
# system may automatically choose what detectors to run. By default this may
# be all types, but may change over time as detectors are updated.
#
- # The special InfoType name "ALL_BASIC" can be used to trigger all detectors,
- # but may change over time as new InfoTypes are added. If you need precise
- # control and predictability as to what detectors are run you should specify
- # specific InfoTypes listed in the reference.
+ # If you need precise control and predictability as to what detectors are
+ # run you should specify specific InfoTypes listed in the reference,
+ # otherwise a default list will be used, which may change over time.
{ # Type of information detected by the API.
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -2945,7 +3179,7 @@
# OutputStorageConfig. Only a single instance of this action can be
# specified.
# Compatible with: Inspect, Risk
- "outputConfig": { # Cloud repository for storing output.
+ "outputConfig": { # Cloud repository for storing output. # Location to store findings outside of DLP.
"table": { # Message defining the location of a BigQuery table. A table is uniquely # Store findings in an existing table or a new table in an existing
# dataset. If table_id is not set a new one will be generated
# for you with the following format:
@@ -2962,8 +3196,8 @@
# quasi-identifiers, cannot store their results in the same table.
# identified by its project_id, dataset_id, and table_name. Within a query
# a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
"projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
# If omitted, project ID is inferred from the API call.
"tableId": "A String", # Name of the table.
@@ -2978,9 +3212,10 @@
# If unspecified, then all available columns will be used for a new table or
# an (existing) table with no schema, and no changes will be made to an
# existing table that has a schema.
+ # Only for use with external storage.
},
},
- "jobNotificationEmails": { # Enable email notification to project owners and editors on jobs's # Enable email notification to project owners and editors on job's
+ "jobNotificationEmails": { # Enable email notification to project owners and editors on jobs's # Enable email notification for project owners and editors on job's
# completion/failure.
# completion/failure.
},
@@ -2995,6 +3230,22 @@
# Only a single instance of this action can be specified.
# Compatible with: Inspect
},
+ "publishToStackdriver": { # Enable Stackdriver metric dlp.googleapis.com/finding_count. This # Enable Stackdriver metric dlp.googleapis.com/finding_count.
+ # will publish a metric to stack driver on each infotype requested and
+ # how many findings were found for it. CustomDetectors will be bucketed
+ # as 'Custom' under the Stackdriver label 'info_type'.
+ },
+ "publishFindingsToCloudDataCatalog": { # Publish findings of a DlpJob to Cloud Data Catalog. Labels summarizing the # Publish findings to Cloud Datahub.
+ # results of the DlpJob will be applied to the entry for the resource scanned
+ # in Cloud Data Catalog. Any labels previously written by another DlpJob will
+ # be deleted. InfoType naming patterns are strictly enforced when using this
+ # feature. Note that the findings will be persisted in Cloud Data Catalog
+ # storage and are governed by Data Catalog service-specific policy, see
+ # https://cloud.google.com/terms/service-terms
+ # Only a single instance of this action can be specified and only allowed if
+ # all resources being scanned are BigQuery tables.
+ # Compatible with: Inspect
+ },
"pubSub": { # Publish a message into given Pub/Sub topic when DlpJob has completed. The # Publish a notification to a pubsub topic.
# message contains a single field, `DlpJobName`, which is equal to the
# finished job's
@@ -3008,27 +3259,11 @@
},
],
},
- "triggers": [ # A list of triggers which will be OR'ed together. Only one in the list
- # needs to trigger for a job to be started. The list may contain only
- # a single Schedule trigger and must have at least one object.
- { # What event needs to occur for a new job to be started.
- "schedule": { # Schedule for triggeredJobs. # Create a job on a repeating basis based on the elapse of time.
- "recurrencePeriodDuration": "A String", # With this option a job is started a regular periodic basis. For
- # example: every day (86400 seconds).
- #
- # A scheduled start time will be skipped if the previous
- # execution has not ended when its scheduled time occurs.
- #
- # This value must be set to a time duration greater than or equal
- # to 1 day and can be no longer than 60 days.
- },
- },
- ],
- "lastRunTime": "A String", # The timestamp of the last time this trigger executed, output only field.
- "createTime": "A String", # The creation timestamp of a triggeredJob, output only field.
+ "lastRunTime": "A String", # Output only. The timestamp of the last time this trigger executed.
+ "createTime": "A String", # Output only. The creation timestamp of a triggeredJob.
"name": "A String", # Unique resource name for the triggeredJob, assigned by the service when the
# triggeredJob is created, for example
- # `projects/dlp-test-project/triggeredJobs/53234423`.
+ # `projects/dlp-test-project/jobTriggers/53234423`.
}</pre>
</div>
@@ -3038,7 +3273,7 @@
See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
Args:
- name: string, Resource name of the project and the triggeredJob, for example
+ name: string, Required. Resource name of the project and the triggeredJob, for example
`projects/dlp-test-project/jobTriggers/53234423`. (required)
x__xgafv: string, V1 error format.
Allowed values
@@ -3066,7 +3301,7 @@
See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
Args:
- name: string, Resource name of the project and the triggeredJob, for example
+ name: string, Required. Resource name of the project and the triggeredJob, for example
`projects/dlp-test-project/jobTriggers/53234423`. (required)
x__xgafv: string, V1 error format.
Allowed values
@@ -3078,19 +3313,18 @@
{ # Contains a configuration to make dlp api calls on a repeating basis.
# See https://cloud.google.com/dlp/docs/concepts-job-triggers to learn more.
- "status": "A String", # A status for this trigger. [required]
- "updateTime": "A String", # The last update timestamp of a triggeredJob, output only field.
- "errors": [ # A stream of errors encountered when the trigger was activated. Repeated
+ "status": "A String", # Required. A status for this trigger.
+ "updateTime": "A String", # Output only. The last update timestamp of a triggeredJob.
+ "errors": [ # Output only. A stream of errors encountered when the trigger was activated. Repeated
# errors may result in the JobTrigger automatically being paused.
# Will return the last 100 errors. Whenever the JobTrigger is modified
- # this list will be cleared. Output only field.
+ # this list will be cleared.
{ # Details information about an error encountered during job execution or
# the results of an unsuccessful activation of the JobTrigger.
- # Output only field.
"timestamps": [ # The times the error occurred.
"A String",
],
- "details": { # The `Status` type defines a logical error model that is suitable for
+ "details": { # The `Status` type defines a logical error model that is suitable for # Detailed error codes and messages.
# different programming environments, including REST APIs and RPC APIs. It is
# used by [gRPC](https://github.com/grpc). Each `Status` message contains
# three pieces of data: error code, error message, and error details.
@@ -3112,79 +3346,31 @@
],
"displayName": "A String", # Display name (max 100 chars)
"description": "A String", # User provided description (max 256 chars)
- "inspectJob": {
- "storageConfig": { # Shared message indicating Cloud storage type. # The data to scan.
- "datastoreOptions": { # Options defining a data set within Google Cloud Datastore. # Google Cloud Datastore options specification.
- "partitionId": { # Datastore partition ID. # A partition ID identifies a grouping of entities. The grouping is always
- # by project and namespace, however the namespace ID may be empty.
- # A partition ID identifies a grouping of entities. The grouping is always
- # by project and namespace, however the namespace ID may be empty.
+ "triggers": [ # A list of triggers which will be OR'ed together. Only one in the list
+ # needs to trigger for a job to be started. The list may contain only
+ # a single Schedule trigger and must have at least one object.
+ { # What event needs to occur for a new job to be started.
+ "manual": { # Job trigger option for hybrid jobs. Jobs must be manually created # For use with hybrid jobs. Jobs must be manually created and finished.
+ # Early access feature is in a pre-release state and might change or have
+ # limited support. For more information, see
+ # https://cloud.google.com/products#product-launch-stages.
+ # and finished.
+ },
+ "schedule": { # Schedule for triggeredJobs. # Create a job on a repeating basis based on the elapse of time.
+ "recurrencePeriodDuration": "A String", # With this option a job is started a regular periodic basis. For
+ # example: every day (86400 seconds).
#
- # A partition ID contains several dimensions:
- # project ID and namespace ID.
- "projectId": "A String", # The ID of the project to which the entities belong.
- "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
- },
- "kind": { # A representation of a Datastore kind. # The kind to process.
- "name": "A String", # The name of the kind.
- },
+ # A scheduled start time will be skipped if the previous
+ # execution has not ended when its scheduled time occurs.
+ #
+ # This value must be set to a time duration greater than or equal
+ # to 1 day and can be no longer than 60 days.
},
- "bigQueryOptions": { # Options defining BigQuery table and row identifiers. # BigQuery options specification.
- "excludedFields": [ # References to fields excluded from scanning. This allows you to skip
- # inspection of entire columns which you know have no findings.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
- "rowsLimit": "A String", # Max number of rows to scan. If the table has more rows than this value, the
- # rest of the rows are omitted. If not set, or if set to 0, all rows will be
- # scanned. Only one of rows_limit and rows_limit_percent can be specified.
- # Cannot be used in conjunction with TimespanConfig.
- "sampleMethod": "A String",
- "identifyingFields": [ # References to fields uniquely identifying rows within the table.
- # Nested fields in the format, like `person.birthdate.year`, are allowed.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
- "rowsLimitPercent": 42, # Max percentage of rows to scan. The rest are omitted. The number of rows
- # scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and
- # 100 means no limit. Defaults to 0. Only one of rows_limit and
- # rows_limit_percent can be specified. Cannot be used in conjunction with
- # TimespanConfig.
- "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
- # identified by its project_id, dataset_id, and table_name. Within a query
- # a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
- "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
- # If omitted, project ID is inferred from the API call.
- "tableId": "A String", # Name of the table.
- "datasetId": "A String", # Dataset ID of the table.
- },
- },
- "timespanConfig": { # Configuration of the timespan of the items to include in scanning.
- # Currently only supported when inspecting Google Cloud Storage and BigQuery.
- "timestampField": { # General identifier of a data field in a storage service. # Specification of the field containing the timestamp of scanned items.
- # Used for data sources like Datastore or BigQuery.
- # If not specified for BigQuery, table last modification timestamp
- # is checked against given time span.
- # The valid data types of the timestamp field are:
- # for BigQuery - timestamp, date, datetime;
- # for Datastore - timestamp.
- # Datastore entity will be scanned if the timestamp property does not exist
- # or its value is empty or invalid.
- "name": "A String", # Name describing the field.
- },
- "endTime": "A String", # Exclude files or rows newer than this value.
- # If set to zero, no upper time limit is applied.
- "startTime": "A String", # Exclude files or rows older than this value.
- "enableAutoPopulationOfTimespanConfig": True or False, # When the job is started by a JobTrigger we will automatically figure out
- # a valid start_time to avoid scanning files that have not been modified
- # since the last time the JobTrigger executed. This will be based on the
- # time of the execution of the last run of the JobTrigger.
- },
- "cloudStorageOptions": { # Options defining a file or a set of files within a Google Cloud Storage # Google Cloud Storage options specification.
+ },
+ ],
+ "inspectJob": { # Controls what and how to inspect for findings. # For inspect jobs, a snapshot of the configuration.
+ "storageConfig": { # Shared message indicating Cloud storage type. # The data to scan.
+ "cloudStorageOptions": { # Options defining a file or a set of files within a Google Cloud Storage # Google Cloud Storage options.
# bucket.
"bytesLimitPerFile": "A String", # Max number of bytes to scan from a file. If a scanned file's size is bigger
# than this value then the rest of the bytes are omitted. Only one
@@ -3192,7 +3378,7 @@
"sampleMethod": "A String",
"fileSet": { # Set of files to scan. # The set of one or more files to scan.
"url": "A String", # The Cloud Storage url of the file(s) to scan, in the format
- # `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed.
+ # `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed.
#
# If the url ends in a trailing slash, the bucket or directory represented
# by the url will be scanned non-recursively (content in sub-directories
@@ -3257,26 +3443,151 @@
],
},
},
+ "filesLimitPercent": 42, # Limits the number of files to scan to this percentage of the input FileSet.
+ # Number of files scanned is rounded down. Must be between 0 and 100,
+ # inclusively. Both 0 and 100 means no limit. Defaults to 0.
"bytesLimitPerFilePercent": 42, # Max percentage of bytes to scan from a file. The rest are omitted. The
# number of bytes scanned is rounded down. Must be between 0 and 100,
# inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one
# of bytes_limit_per_file and bytes_limit_per_file_percent can be specified.
- "filesLimitPercent": 42, # Limits the number of files to scan to this percentage of the input FileSet.
- # Number of files scanned is rounded down. Must be between 0 and 100,
- # inclusively. Both 0 and 100 means no limit. Defaults to 0.
"fileTypes": [ # List of file type groups to include in the scan.
# If empty, all files are scanned and available data format processors
# are applied. In addition, the binary content of the selected files
# is always scanned as well.
+ # Images are scanned only as binary if the specified region
+ # does not support image inspection and no file_types were specified.
+ # Image inspection is restricted to 'global', 'us', 'asia', and 'europe'.
"A String",
],
},
+ "datastoreOptions": { # Options defining a data set within Google Cloud Datastore. # Google Cloud Datastore options.
+ "partitionId": { # Datastore partition ID. # A partition ID identifies a grouping of entities. The grouping is always
+ # by project and namespace, however the namespace ID may be empty.
+ # A partition ID identifies a grouping of entities. The grouping is always
+ # by project and namespace, however the namespace ID may be empty.
+ #
+ # A partition ID contains several dimensions:
+ # project ID and namespace ID.
+ "projectId": "A String", # The ID of the project to which the entities belong.
+ "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
+ },
+ "kind": { # A representation of a Datastore kind. # The kind to process.
+ "name": "A String", # The name of the kind.
+ },
+ },
+ "bigQueryOptions": { # Options defining BigQuery table and row identifiers. # BigQuery options.
+ "excludedFields": [ # References to fields excluded from scanning. This allows you to skip
+ # inspection of entire columns which you know have no findings.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ "rowsLimit": "A String", # Max number of rows to scan. If the table has more rows than this value, the
+ # rest of the rows are omitted. If not set, or if set to 0, all rows will be
+ # scanned. Only one of rows_limit and rows_limit_percent can be specified.
+ # Cannot be used in conjunction with TimespanConfig.
+ "sampleMethod": "A String",
+ "identifyingFields": [ # Table fields that may uniquely identify a row within the table. When
+ # `actions.saveFindings.outputConfig.table` is specified, the values of
+ # columns specified here are available in the output table under
+ # `location.content_locations.record_location.record_key.id_values`. Nested
+ # fields such as `person.birthdate.year` are allowed.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ "rowsLimitPercent": 42, # Max percentage of rows to scan. The rest are omitted. The number of rows
+ # scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and
+ # 100 means no limit. Defaults to 0. Only one of rows_limit and
+ # rows_limit_percent can be specified. Cannot be used in conjunction with
+ # TimespanConfig.
+ "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
+ # identified by its project_id, dataset_id, and table_name. Within a query
+ # a table is often referenced with a string in the format of:
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
+ "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
+ # If omitted, project ID is inferred from the API call.
+ "tableId": "A String", # Name of the table.
+ "datasetId": "A String", # Dataset ID of the table.
+ },
+ },
+ "timespanConfig": { # Configuration of the timespan of the items to include in scanning.
+ # Currently only supported when inspecting Google Cloud Storage and BigQuery.
+ "timestampField": { # General identifier of a data field in a storage service. # Specification of the field containing the timestamp of scanned items.
+ # Used for data sources like Datastore and BigQuery.
+ #
+ # For BigQuery:
+ # Required to filter out rows based on the given start and
+ # end times. If not specified and the table was modified between the given
+ # start and end times, the entire table will be scanned.
+ # The valid data types of the timestamp field are: `INTEGER`, `DATE`,
+ # `TIMESTAMP`, or `DATETIME` BigQuery column.
+ #
+ # For Datastore.
+ # Valid data types of the timestamp field are: `TIMESTAMP`.
+ # Datastore entity will be scanned if the timestamp property does not
+ # exist or its value is empty or invalid.
+ "name": "A String", # Name describing the field.
+ },
+ "endTime": "A String", # Exclude files or rows newer than this value.
+ # If set to zero, no upper time limit is applied.
+ "startTime": "A String", # Exclude files or rows older than this value.
+ "enableAutoPopulationOfTimespanConfig": True or False, # When the job is started by a JobTrigger we will automatically figure out
+ # a valid start_time to avoid scanning files that have not been modified
+ # since the last time the JobTrigger executed. This will be based on the
+ # time of the execution of the last run of the JobTrigger.
+ },
+ "hybridOptions": { # Configuration to control jobs where the content being inspected is outside # Hybrid inspection options.
+ # Early access feature is in a pre-release state and might change or have
+ # limited support. For more information, see
+ # https://cloud.google.com/products#product-launch-stages.
+ # of Google Cloud Platform.
+ "tableOptions": { # Instructions regarding the table content being inspected. # If the container is a table, additional information to make findings
+ # meaningful such as the columns that are primary keys.
+ "identifyingFields": [ # The columns that are the primary keys for table objects included in
+ # ContentItem. A copy of this cell's value will stored alongside alongside
+ # each finding so that the finding can be traced to the specific row it came
+ # from. No more than 3 may be provided.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ },
+ "labels": { # To organize findings, these labels will be added to each finding.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
+ #
+ # Label values must be between 0 and 63 characters long and must conform
+ # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`.
+ #
+ # No more than 10 labels can be associated with a given finding.
+ #
+ # Examples:
+ # * `"environment" : "production"`
+ # * `"pipeline" : "etl"`
+ "a_key": "A String",
+ },
+ "requiredFindingLabelKeys": [ # These are labels that each inspection request must include within their
+ # 'finding_labels' map. Request may contain others, but any missing one of
+ # these will be rejected.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
+ #
+ # No more than 10 keys can be required.
+ "A String",
+ ],
+ "description": "A String", # A short description of where the data is coming from. Will be stored once
+ # in the job. 256 max length.
+ },
},
"inspectConfig": { # Configuration description of the scanning process. # How and what to scan for.
# When used with redactContent only info_types and min_likelihood are currently
# used.
"excludeInfoTypes": True or False, # When true, excludes type information of the findings.
- "limits": {
+ "limits": { # Configuration to control the number of findings returned. # Configuration to control the number of findings returned.
"maxFindingsPerRequest": 42, # Max number of findings that will be returned per request/job.
# When set within `InspectContentRequest`, the maximum returned is 2000
# regardless if this is set higher.
@@ -3291,13 +3602,13 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"maxFindings": 42, # Max findings limit for the given infoType.
},
],
"maxFindingsPerItem": 42, # Max number of findings that will be returned for each item scanned.
- # When set within `InspectDataSourceRequest`,
+ # When set within `InspectJobConfig`,
# the maximum returned is 2000 regardless if this is set higher.
# When set within `InspectContentRequest`, this field is ignored.
},
@@ -3337,7 +3648,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"dictionary": { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType.
# be used to match sensitive information specific to the data, such as a list
@@ -3401,8 +3712,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -3456,8 +3767,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -3506,7 +3817,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -3556,7 +3867,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -3573,16 +3884,15 @@
# system may automatically choose what detectors to run. By default this may
# be all types, but may change over time as detectors are updated.
#
- # The special InfoType name "ALL_BASIC" can be used to trigger all detectors,
- # but may change over time as new InfoTypes are added. If you need precise
- # control and predictability as to what detectors are run you should specify
- # specific InfoTypes listed in the reference.
+ # If you need precise control and predictability as to what detectors are
+ # run you should specify specific InfoTypes listed in the reference,
+ # otherwise a default list will be used, which may change over time.
{ # Type of information detected by the API.
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -3596,7 +3906,7 @@
# OutputStorageConfig. Only a single instance of this action can be
# specified.
# Compatible with: Inspect, Risk
- "outputConfig": { # Cloud repository for storing output.
+ "outputConfig": { # Cloud repository for storing output. # Location to store findings outside of DLP.
"table": { # Message defining the location of a BigQuery table. A table is uniquely # Store findings in an existing table or a new table in an existing
# dataset. If table_id is not set a new one will be generated
# for you with the following format:
@@ -3613,8 +3923,8 @@
# quasi-identifiers, cannot store their results in the same table.
# identified by its project_id, dataset_id, and table_name. Within a query
# a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
"projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
# If omitted, project ID is inferred from the API call.
"tableId": "A String", # Name of the table.
@@ -3629,9 +3939,10 @@
# If unspecified, then all available columns will be used for a new table or
# an (existing) table with no schema, and no changes will be made to an
# existing table that has a schema.
+ # Only for use with external storage.
},
},
- "jobNotificationEmails": { # Enable email notification to project owners and editors on jobs's # Enable email notification to project owners and editors on job's
+ "jobNotificationEmails": { # Enable email notification to project owners and editors on jobs's # Enable email notification for project owners and editors on job's
# completion/failure.
# completion/failure.
},
@@ -3646,6 +3957,22 @@
# Only a single instance of this action can be specified.
# Compatible with: Inspect
},
+ "publishToStackdriver": { # Enable Stackdriver metric dlp.googleapis.com/finding_count. This # Enable Stackdriver metric dlp.googleapis.com/finding_count.
+ # will publish a metric to stack driver on each infotype requested and
+ # how many findings were found for it. CustomDetectors will be bucketed
+ # as 'Custom' under the Stackdriver label 'info_type'.
+ },
+ "publishFindingsToCloudDataCatalog": { # Publish findings of a DlpJob to Cloud Data Catalog. Labels summarizing the # Publish findings to Cloud Datahub.
+ # results of the DlpJob will be applied to the entry for the resource scanned
+ # in Cloud Data Catalog. Any labels previously written by another DlpJob will
+ # be deleted. InfoType naming patterns are strictly enforced when using this
+ # feature. Note that the findings will be persisted in Cloud Data Catalog
+ # storage and are governed by Data Catalog service-specific policy, see
+ # https://cloud.google.com/terms/service-terms
+ # Only a single instance of this action can be specified and only allowed if
+ # all resources being scanned are BigQuery tables.
+ # Compatible with: Inspect
+ },
"pubSub": { # Publish a message into given Pub/Sub topic when DlpJob has completed. The # Publish a notification to a pubsub topic.
# message contains a single field, `DlpJobName`, which is equal to the
# finished job's
@@ -3659,38 +3986,22 @@
},
],
},
- "triggers": [ # A list of triggers which will be OR'ed together. Only one in the list
- # needs to trigger for a job to be started. The list may contain only
- # a single Schedule trigger and must have at least one object.
- { # What event needs to occur for a new job to be started.
- "schedule": { # Schedule for triggeredJobs. # Create a job on a repeating basis based on the elapse of time.
- "recurrencePeriodDuration": "A String", # With this option a job is started a regular periodic basis. For
- # example: every day (86400 seconds).
- #
- # A scheduled start time will be skipped if the previous
- # execution has not ended when its scheduled time occurs.
- #
- # This value must be set to a time duration greater than or equal
- # to 1 day and can be no longer than 60 days.
- },
- },
- ],
- "lastRunTime": "A String", # The timestamp of the last time this trigger executed, output only field.
- "createTime": "A String", # The creation timestamp of a triggeredJob, output only field.
+ "lastRunTime": "A String", # Output only. The timestamp of the last time this trigger executed.
+ "createTime": "A String", # Output only. The creation timestamp of a triggeredJob.
"name": "A String", # Unique resource name for the triggeredJob, assigned by the service when the
# triggeredJob is created, for example
- # `projects/dlp-test-project/triggeredJobs/53234423`.
+ # `projects/dlp-test-project/jobTriggers/53234423`.
}</pre>
</div>
<div class="method">
- <code class="details" id="list">list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</code>
+ <code class="details" id="list">list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None, locationId=None, filter=None)</code>
<pre>Lists job triggers.
See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
Args:
- parent: string, The parent resource name, for example `projects/my-project-id`. (required)
- orderBy: string, Optional comma separated list of triggeredJob fields to order by,
+ parent: string, Required. The parent resource name, for example `projects/my-project-id`. (required)
+ orderBy: string, Comma separated list of triggeredJob fields to order by,
followed by `asc` or `desc` postfix. This list is case-insensitive,
default sorting order is ascending, redundant space characters are
insignificant.
@@ -3705,22 +4016,24 @@
- `name`: corresponds to JobTrigger's name.
- `display_name`: corresponds to JobTrigger's display name.
- `status`: corresponds to JobTrigger's status.
- pageSize: integer, Optional size of the page, can be limited by a server.
- pageToken: string, Optional page token to continue retrieval. Comes from previous call
+ pageSize: integer, Size of the page, can be limited by a server.
+ pageToken: string, Page token to continue retrieval. Comes from previous call
to ListJobTriggers. `order_by` field must not
change for subsequent calls.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
- filter: string, Optional. Allows filtering.
+ locationId: string, The geographic location where job triggers will be retrieved from.
+Use `-` for all locations. Reserved for future extensions.
+ filter: string, Allows filtering.
Supported syntax:
* Filter expressions are made up of one or more restrictions.
* Restrictions can be combined by `AND` or `OR` logical operators. A
sequence of restrictions implicitly uses `AND`.
-* A restriction has the form of `<field> <operator> <value>`.
+* A restriction has the form of `{field} {operator} {value}`.
* Supported fields/values for inspect jobs:
- `status` - HEALTHY|PAUSED|CANCELLED
- `inspected_storage` - DATASTORE|CLOUD_STORAGE|BIGQUERY
@@ -3734,7 +4047,7 @@
* inspected_storage = cloud_storage AND status = HEALTHY
* inspected_storage = cloud_storage OR inspected_storage = bigquery
* inspected_storage = cloud_storage AND (state = PAUSED OR state = HEALTHY)
-* last_run_time > \"2017-12-12T00:00:00+00:00\"
+* last_run_time > \"2017-12-12T00:00:00+00:00\"
The length of this field should be no more than 500 characters.
@@ -3747,19 +4060,18 @@
"jobTriggers": [ # List of triggeredJobs, up to page_size in ListJobTriggersRequest.
{ # Contains a configuration to make dlp api calls on a repeating basis.
# See https://cloud.google.com/dlp/docs/concepts-job-triggers to learn more.
- "status": "A String", # A status for this trigger. [required]
- "updateTime": "A String", # The last update timestamp of a triggeredJob, output only field.
- "errors": [ # A stream of errors encountered when the trigger was activated. Repeated
+ "status": "A String", # Required. A status for this trigger.
+ "updateTime": "A String", # Output only. The last update timestamp of a triggeredJob.
+ "errors": [ # Output only. A stream of errors encountered when the trigger was activated. Repeated
# errors may result in the JobTrigger automatically being paused.
# Will return the last 100 errors. Whenever the JobTrigger is modified
- # this list will be cleared. Output only field.
+ # this list will be cleared.
{ # Details information about an error encountered during job execution or
# the results of an unsuccessful activation of the JobTrigger.
- # Output only field.
"timestamps": [ # The times the error occurred.
"A String",
],
- "details": { # The `Status` type defines a logical error model that is suitable for
+ "details": { # The `Status` type defines a logical error model that is suitable for # Detailed error codes and messages.
# different programming environments, including REST APIs and RPC APIs. It is
# used by [gRPC](https://github.com/grpc). Each `Status` message contains
# three pieces of data: error code, error message, and error details.
@@ -3781,79 +4093,31 @@
],
"displayName": "A String", # Display name (max 100 chars)
"description": "A String", # User provided description (max 256 chars)
- "inspectJob": {
- "storageConfig": { # Shared message indicating Cloud storage type. # The data to scan.
- "datastoreOptions": { # Options defining a data set within Google Cloud Datastore. # Google Cloud Datastore options specification.
- "partitionId": { # Datastore partition ID. # A partition ID identifies a grouping of entities. The grouping is always
- # by project and namespace, however the namespace ID may be empty.
- # A partition ID identifies a grouping of entities. The grouping is always
- # by project and namespace, however the namespace ID may be empty.
+ "triggers": [ # A list of triggers which will be OR'ed together. Only one in the list
+ # needs to trigger for a job to be started. The list may contain only
+ # a single Schedule trigger and must have at least one object.
+ { # What event needs to occur for a new job to be started.
+ "manual": { # Job trigger option for hybrid jobs. Jobs must be manually created # For use with hybrid jobs. Jobs must be manually created and finished.
+ # Early access feature is in a pre-release state and might change or have
+ # limited support. For more information, see
+ # https://cloud.google.com/products#product-launch-stages.
+ # and finished.
+ },
+ "schedule": { # Schedule for triggeredJobs. # Create a job on a repeating basis based on the elapse of time.
+ "recurrencePeriodDuration": "A String", # With this option a job is started a regular periodic basis. For
+ # example: every day (86400 seconds).
#
- # A partition ID contains several dimensions:
- # project ID and namespace ID.
- "projectId": "A String", # The ID of the project to which the entities belong.
- "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
- },
- "kind": { # A representation of a Datastore kind. # The kind to process.
- "name": "A String", # The name of the kind.
- },
+ # A scheduled start time will be skipped if the previous
+ # execution has not ended when its scheduled time occurs.
+ #
+ # This value must be set to a time duration greater than or equal
+ # to 1 day and can be no longer than 60 days.
},
- "bigQueryOptions": { # Options defining BigQuery table and row identifiers. # BigQuery options specification.
- "excludedFields": [ # References to fields excluded from scanning. This allows you to skip
- # inspection of entire columns which you know have no findings.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
- "rowsLimit": "A String", # Max number of rows to scan. If the table has more rows than this value, the
- # rest of the rows are omitted. If not set, or if set to 0, all rows will be
- # scanned. Only one of rows_limit and rows_limit_percent can be specified.
- # Cannot be used in conjunction with TimespanConfig.
- "sampleMethod": "A String",
- "identifyingFields": [ # References to fields uniquely identifying rows within the table.
- # Nested fields in the format, like `person.birthdate.year`, are allowed.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
- "rowsLimitPercent": 42, # Max percentage of rows to scan. The rest are omitted. The number of rows
- # scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and
- # 100 means no limit. Defaults to 0. Only one of rows_limit and
- # rows_limit_percent can be specified. Cannot be used in conjunction with
- # TimespanConfig.
- "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
- # identified by its project_id, dataset_id, and table_name. Within a query
- # a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
- "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
- # If omitted, project ID is inferred from the API call.
- "tableId": "A String", # Name of the table.
- "datasetId": "A String", # Dataset ID of the table.
- },
- },
- "timespanConfig": { # Configuration of the timespan of the items to include in scanning.
- # Currently only supported when inspecting Google Cloud Storage and BigQuery.
- "timestampField": { # General identifier of a data field in a storage service. # Specification of the field containing the timestamp of scanned items.
- # Used for data sources like Datastore or BigQuery.
- # If not specified for BigQuery, table last modification timestamp
- # is checked against given time span.
- # The valid data types of the timestamp field are:
- # for BigQuery - timestamp, date, datetime;
- # for Datastore - timestamp.
- # Datastore entity will be scanned if the timestamp property does not exist
- # or its value is empty or invalid.
- "name": "A String", # Name describing the field.
- },
- "endTime": "A String", # Exclude files or rows newer than this value.
- # If set to zero, no upper time limit is applied.
- "startTime": "A String", # Exclude files or rows older than this value.
- "enableAutoPopulationOfTimespanConfig": True or False, # When the job is started by a JobTrigger we will automatically figure out
- # a valid start_time to avoid scanning files that have not been modified
- # since the last time the JobTrigger executed. This will be based on the
- # time of the execution of the last run of the JobTrigger.
- },
- "cloudStorageOptions": { # Options defining a file or a set of files within a Google Cloud Storage # Google Cloud Storage options specification.
+ },
+ ],
+ "inspectJob": { # Controls what and how to inspect for findings. # For inspect jobs, a snapshot of the configuration.
+ "storageConfig": { # Shared message indicating Cloud storage type. # The data to scan.
+ "cloudStorageOptions": { # Options defining a file or a set of files within a Google Cloud Storage # Google Cloud Storage options.
# bucket.
"bytesLimitPerFile": "A String", # Max number of bytes to scan from a file. If a scanned file's size is bigger
# than this value then the rest of the bytes are omitted. Only one
@@ -3861,7 +4125,7 @@
"sampleMethod": "A String",
"fileSet": { # Set of files to scan. # The set of one or more files to scan.
"url": "A String", # The Cloud Storage url of the file(s) to scan, in the format
- # `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed.
+ # `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed.
#
# If the url ends in a trailing slash, the bucket or directory represented
# by the url will be scanned non-recursively (content in sub-directories
@@ -3926,26 +4190,151 @@
],
},
},
+ "filesLimitPercent": 42, # Limits the number of files to scan to this percentage of the input FileSet.
+ # Number of files scanned is rounded down. Must be between 0 and 100,
+ # inclusively. Both 0 and 100 means no limit. Defaults to 0.
"bytesLimitPerFilePercent": 42, # Max percentage of bytes to scan from a file. The rest are omitted. The
# number of bytes scanned is rounded down. Must be between 0 and 100,
# inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one
# of bytes_limit_per_file and bytes_limit_per_file_percent can be specified.
- "filesLimitPercent": 42, # Limits the number of files to scan to this percentage of the input FileSet.
- # Number of files scanned is rounded down. Must be between 0 and 100,
- # inclusively. Both 0 and 100 means no limit. Defaults to 0.
"fileTypes": [ # List of file type groups to include in the scan.
# If empty, all files are scanned and available data format processors
# are applied. In addition, the binary content of the selected files
# is always scanned as well.
+ # Images are scanned only as binary if the specified region
+ # does not support image inspection and no file_types were specified.
+ # Image inspection is restricted to 'global', 'us', 'asia', and 'europe'.
"A String",
],
},
+ "datastoreOptions": { # Options defining a data set within Google Cloud Datastore. # Google Cloud Datastore options.
+ "partitionId": { # Datastore partition ID. # A partition ID identifies a grouping of entities. The grouping is always
+ # by project and namespace, however the namespace ID may be empty.
+ # A partition ID identifies a grouping of entities. The grouping is always
+ # by project and namespace, however the namespace ID may be empty.
+ #
+ # A partition ID contains several dimensions:
+ # project ID and namespace ID.
+ "projectId": "A String", # The ID of the project to which the entities belong.
+ "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
+ },
+ "kind": { # A representation of a Datastore kind. # The kind to process.
+ "name": "A String", # The name of the kind.
+ },
+ },
+ "bigQueryOptions": { # Options defining BigQuery table and row identifiers. # BigQuery options.
+ "excludedFields": [ # References to fields excluded from scanning. This allows you to skip
+ # inspection of entire columns which you know have no findings.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ "rowsLimit": "A String", # Max number of rows to scan. If the table has more rows than this value, the
+ # rest of the rows are omitted. If not set, or if set to 0, all rows will be
+ # scanned. Only one of rows_limit and rows_limit_percent can be specified.
+ # Cannot be used in conjunction with TimespanConfig.
+ "sampleMethod": "A String",
+ "identifyingFields": [ # Table fields that may uniquely identify a row within the table. When
+ # `actions.saveFindings.outputConfig.table` is specified, the values of
+ # columns specified here are available in the output table under
+ # `location.content_locations.record_location.record_key.id_values`. Nested
+ # fields such as `person.birthdate.year` are allowed.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ "rowsLimitPercent": 42, # Max percentage of rows to scan. The rest are omitted. The number of rows
+ # scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and
+ # 100 means no limit. Defaults to 0. Only one of rows_limit and
+ # rows_limit_percent can be specified. Cannot be used in conjunction with
+ # TimespanConfig.
+ "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
+ # identified by its project_id, dataset_id, and table_name. Within a query
+ # a table is often referenced with a string in the format of:
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
+ "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
+ # If omitted, project ID is inferred from the API call.
+ "tableId": "A String", # Name of the table.
+ "datasetId": "A String", # Dataset ID of the table.
+ },
+ },
+ "timespanConfig": { # Configuration of the timespan of the items to include in scanning.
+ # Currently only supported when inspecting Google Cloud Storage and BigQuery.
+ "timestampField": { # General identifier of a data field in a storage service. # Specification of the field containing the timestamp of scanned items.
+ # Used for data sources like Datastore and BigQuery.
+ #
+ # For BigQuery:
+ # Required to filter out rows based on the given start and
+ # end times. If not specified and the table was modified between the given
+ # start and end times, the entire table will be scanned.
+ # The valid data types of the timestamp field are: `INTEGER`, `DATE`,
+ # `TIMESTAMP`, or `DATETIME` BigQuery column.
+ #
+ # For Datastore.
+ # Valid data types of the timestamp field are: `TIMESTAMP`.
+ # Datastore entity will be scanned if the timestamp property does not
+ # exist or its value is empty or invalid.
+ "name": "A String", # Name describing the field.
+ },
+ "endTime": "A String", # Exclude files or rows newer than this value.
+ # If set to zero, no upper time limit is applied.
+ "startTime": "A String", # Exclude files or rows older than this value.
+ "enableAutoPopulationOfTimespanConfig": True or False, # When the job is started by a JobTrigger we will automatically figure out
+ # a valid start_time to avoid scanning files that have not been modified
+ # since the last time the JobTrigger executed. This will be based on the
+ # time of the execution of the last run of the JobTrigger.
+ },
+ "hybridOptions": { # Configuration to control jobs where the content being inspected is outside # Hybrid inspection options.
+ # Early access feature is in a pre-release state and might change or have
+ # limited support. For more information, see
+ # https://cloud.google.com/products#product-launch-stages.
+ # of Google Cloud Platform.
+ "tableOptions": { # Instructions regarding the table content being inspected. # If the container is a table, additional information to make findings
+ # meaningful such as the columns that are primary keys.
+ "identifyingFields": [ # The columns that are the primary keys for table objects included in
+ # ContentItem. A copy of this cell's value will stored alongside alongside
+ # each finding so that the finding can be traced to the specific row it came
+ # from. No more than 3 may be provided.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ },
+ "labels": { # To organize findings, these labels will be added to each finding.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
+ #
+ # Label values must be between 0 and 63 characters long and must conform
+ # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`.
+ #
+ # No more than 10 labels can be associated with a given finding.
+ #
+ # Examples:
+ # * `"environment" : "production"`
+ # * `"pipeline" : "etl"`
+ "a_key": "A String",
+ },
+ "requiredFindingLabelKeys": [ # These are labels that each inspection request must include within their
+ # 'finding_labels' map. Request may contain others, but any missing one of
+ # these will be rejected.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
+ #
+ # No more than 10 keys can be required.
+ "A String",
+ ],
+ "description": "A String", # A short description of where the data is coming from. Will be stored once
+ # in the job. 256 max length.
+ },
},
"inspectConfig": { # Configuration description of the scanning process. # How and what to scan for.
# When used with redactContent only info_types and min_likelihood are currently
# used.
"excludeInfoTypes": True or False, # When true, excludes type information of the findings.
- "limits": {
+ "limits": { # Configuration to control the number of findings returned. # Configuration to control the number of findings returned.
"maxFindingsPerRequest": 42, # Max number of findings that will be returned per request/job.
# When set within `InspectContentRequest`, the maximum returned is 2000
# regardless if this is set higher.
@@ -3960,13 +4349,13 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"maxFindings": 42, # Max findings limit for the given infoType.
},
],
"maxFindingsPerItem": 42, # Max number of findings that will be returned for each item scanned.
- # When set within `InspectDataSourceRequest`,
+ # When set within `InspectJobConfig`,
# the maximum returned is 2000 regardless if this is set higher.
# When set within `InspectContentRequest`, this field is ignored.
},
@@ -4006,7 +4395,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"dictionary": { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType.
# be used to match sensitive information specific to the data, such as a list
@@ -4070,8 +4459,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -4125,8 +4514,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -4175,7 +4564,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -4225,7 +4614,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -4242,16 +4631,15 @@
# system may automatically choose what detectors to run. By default this may
# be all types, but may change over time as detectors are updated.
#
- # The special InfoType name "ALL_BASIC" can be used to trigger all detectors,
- # but may change over time as new InfoTypes are added. If you need precise
- # control and predictability as to what detectors are run you should specify
- # specific InfoTypes listed in the reference.
+ # If you need precise control and predictability as to what detectors are
+ # run you should specify specific InfoTypes listed in the reference,
+ # otherwise a default list will be used, which may change over time.
{ # Type of information detected by the API.
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -4265,7 +4653,7 @@
# OutputStorageConfig. Only a single instance of this action can be
# specified.
# Compatible with: Inspect, Risk
- "outputConfig": { # Cloud repository for storing output.
+ "outputConfig": { # Cloud repository for storing output. # Location to store findings outside of DLP.
"table": { # Message defining the location of a BigQuery table. A table is uniquely # Store findings in an existing table or a new table in an existing
# dataset. If table_id is not set a new one will be generated
# for you with the following format:
@@ -4282,8 +4670,8 @@
# quasi-identifiers, cannot store their results in the same table.
# identified by its project_id, dataset_id, and table_name. Within a query
# a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
"projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
# If omitted, project ID is inferred from the API call.
"tableId": "A String", # Name of the table.
@@ -4298,9 +4686,10 @@
# If unspecified, then all available columns will be used for a new table or
# an (existing) table with no schema, and no changes will be made to an
# existing table that has a schema.
+ # Only for use with external storage.
},
},
- "jobNotificationEmails": { # Enable email notification to project owners and editors on jobs's # Enable email notification to project owners and editors on job's
+ "jobNotificationEmails": { # Enable email notification to project owners and editors on jobs's # Enable email notification for project owners and editors on job's
# completion/failure.
# completion/failure.
},
@@ -4315,6 +4704,22 @@
# Only a single instance of this action can be specified.
# Compatible with: Inspect
},
+ "publishToStackdriver": { # Enable Stackdriver metric dlp.googleapis.com/finding_count. This # Enable Stackdriver metric dlp.googleapis.com/finding_count.
+ # will publish a metric to stack driver on each infotype requested and
+ # how many findings were found for it. CustomDetectors will be bucketed
+ # as 'Custom' under the Stackdriver label 'info_type'.
+ },
+ "publishFindingsToCloudDataCatalog": { # Publish findings of a DlpJob to Cloud Data Catalog. Labels summarizing the # Publish findings to Cloud Datahub.
+ # results of the DlpJob will be applied to the entry for the resource scanned
+ # in Cloud Data Catalog. Any labels previously written by another DlpJob will
+ # be deleted. InfoType naming patterns are strictly enforced when using this
+ # feature. Note that the findings will be persisted in Cloud Data Catalog
+ # storage and are governed by Data Catalog service-specific policy, see
+ # https://cloud.google.com/terms/service-terms
+ # Only a single instance of this action can be specified and only allowed if
+ # all resources being scanned are BigQuery tables.
+ # Compatible with: Inspect
+ },
"pubSub": { # Publish a message into given Pub/Sub topic when DlpJob has completed. The # Publish a notification to a pubsub topic.
# message contains a single field, `DlpJobName`, which is equal to the
# finished job's
@@ -4328,27 +4733,11 @@
},
],
},
- "triggers": [ # A list of triggers which will be OR'ed together. Only one in the list
- # needs to trigger for a job to be started. The list may contain only
- # a single Schedule trigger and must have at least one object.
- { # What event needs to occur for a new job to be started.
- "schedule": { # Schedule for triggeredJobs. # Create a job on a repeating basis based on the elapse of time.
- "recurrencePeriodDuration": "A String", # With this option a job is started a regular periodic basis. For
- # example: every day (86400 seconds).
- #
- # A scheduled start time will be skipped if the previous
- # execution has not ended when its scheduled time occurs.
- #
- # This value must be set to a time duration greater than or equal
- # to 1 day and can be no longer than 60 days.
- },
- },
- ],
- "lastRunTime": "A String", # The timestamp of the last time this trigger executed, output only field.
- "createTime": "A String", # The creation timestamp of a triggeredJob, output only field.
+ "lastRunTime": "A String", # Output only. The timestamp of the last time this trigger executed.
+ "createTime": "A String", # Output only. The creation timestamp of a triggeredJob.
"name": "A String", # Unique resource name for the triggeredJob, assigned by the service when the
# triggeredJob is created, for example
- # `projects/dlp-test-project/triggeredJobs/53234423`.
+ # `projects/dlp-test-project/jobTriggers/53234423`.
},
],
}</pre>
@@ -4369,32 +4758,31 @@
</div>
<div class="method">
- <code class="details" id="patch">patch(name, body, x__xgafv=None)</code>
+ <code class="details" id="patch">patch(name, body=None, x__xgafv=None)</code>
<pre>Updates a job trigger.
See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
Args:
- name: string, Resource name of the project and the triggeredJob, for example
+ name: string, Required. Resource name of the project and the triggeredJob, for example
`projects/dlp-test-project/jobTriggers/53234423`. (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{ # Request message for UpdateJobTrigger.
"jobTrigger": { # Contains a configuration to make dlp api calls on a repeating basis. # New JobTrigger value.
# See https://cloud.google.com/dlp/docs/concepts-job-triggers to learn more.
- "status": "A String", # A status for this trigger. [required]
- "updateTime": "A String", # The last update timestamp of a triggeredJob, output only field.
- "errors": [ # A stream of errors encountered when the trigger was activated. Repeated
+ "status": "A String", # Required. A status for this trigger.
+ "updateTime": "A String", # Output only. The last update timestamp of a triggeredJob.
+ "errors": [ # Output only. A stream of errors encountered when the trigger was activated. Repeated
# errors may result in the JobTrigger automatically being paused.
# Will return the last 100 errors. Whenever the JobTrigger is modified
- # this list will be cleared. Output only field.
+ # this list will be cleared.
{ # Details information about an error encountered during job execution or
# the results of an unsuccessful activation of the JobTrigger.
- # Output only field.
"timestamps": [ # The times the error occurred.
"A String",
],
- "details": { # The `Status` type defines a logical error model that is suitable for
+ "details": { # The `Status` type defines a logical error model that is suitable for # Detailed error codes and messages.
# different programming environments, including REST APIs and RPC APIs. It is
# used by [gRPC](https://github.com/grpc). Each `Status` message contains
# three pieces of data: error code, error message, and error details.
@@ -4416,79 +4804,31 @@
],
"displayName": "A String", # Display name (max 100 chars)
"description": "A String", # User provided description (max 256 chars)
- "inspectJob": {
- "storageConfig": { # Shared message indicating Cloud storage type. # The data to scan.
- "datastoreOptions": { # Options defining a data set within Google Cloud Datastore. # Google Cloud Datastore options specification.
- "partitionId": { # Datastore partition ID. # A partition ID identifies a grouping of entities. The grouping is always
- # by project and namespace, however the namespace ID may be empty.
- # A partition ID identifies a grouping of entities. The grouping is always
- # by project and namespace, however the namespace ID may be empty.
+ "triggers": [ # A list of triggers which will be OR'ed together. Only one in the list
+ # needs to trigger for a job to be started. The list may contain only
+ # a single Schedule trigger and must have at least one object.
+ { # What event needs to occur for a new job to be started.
+ "manual": { # Job trigger option for hybrid jobs. Jobs must be manually created # For use with hybrid jobs. Jobs must be manually created and finished.
+ # Early access feature is in a pre-release state and might change or have
+ # limited support. For more information, see
+ # https://cloud.google.com/products#product-launch-stages.
+ # and finished.
+ },
+ "schedule": { # Schedule for triggeredJobs. # Create a job on a repeating basis based on the elapse of time.
+ "recurrencePeriodDuration": "A String", # With this option a job is started a regular periodic basis. For
+ # example: every day (86400 seconds).
#
- # A partition ID contains several dimensions:
- # project ID and namespace ID.
- "projectId": "A String", # The ID of the project to which the entities belong.
- "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
- },
- "kind": { # A representation of a Datastore kind. # The kind to process.
- "name": "A String", # The name of the kind.
- },
+ # A scheduled start time will be skipped if the previous
+ # execution has not ended when its scheduled time occurs.
+ #
+ # This value must be set to a time duration greater than or equal
+ # to 1 day and can be no longer than 60 days.
},
- "bigQueryOptions": { # Options defining BigQuery table and row identifiers. # BigQuery options specification.
- "excludedFields": [ # References to fields excluded from scanning. This allows you to skip
- # inspection of entire columns which you know have no findings.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
- "rowsLimit": "A String", # Max number of rows to scan. If the table has more rows than this value, the
- # rest of the rows are omitted. If not set, or if set to 0, all rows will be
- # scanned. Only one of rows_limit and rows_limit_percent can be specified.
- # Cannot be used in conjunction with TimespanConfig.
- "sampleMethod": "A String",
- "identifyingFields": [ # References to fields uniquely identifying rows within the table.
- # Nested fields in the format, like `person.birthdate.year`, are allowed.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
- "rowsLimitPercent": 42, # Max percentage of rows to scan. The rest are omitted. The number of rows
- # scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and
- # 100 means no limit. Defaults to 0. Only one of rows_limit and
- # rows_limit_percent can be specified. Cannot be used in conjunction with
- # TimespanConfig.
- "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
- # identified by its project_id, dataset_id, and table_name. Within a query
- # a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
- "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
- # If omitted, project ID is inferred from the API call.
- "tableId": "A String", # Name of the table.
- "datasetId": "A String", # Dataset ID of the table.
- },
- },
- "timespanConfig": { # Configuration of the timespan of the items to include in scanning.
- # Currently only supported when inspecting Google Cloud Storage and BigQuery.
- "timestampField": { # General identifier of a data field in a storage service. # Specification of the field containing the timestamp of scanned items.
- # Used for data sources like Datastore or BigQuery.
- # If not specified for BigQuery, table last modification timestamp
- # is checked against given time span.
- # The valid data types of the timestamp field are:
- # for BigQuery - timestamp, date, datetime;
- # for Datastore - timestamp.
- # Datastore entity will be scanned if the timestamp property does not exist
- # or its value is empty or invalid.
- "name": "A String", # Name describing the field.
- },
- "endTime": "A String", # Exclude files or rows newer than this value.
- # If set to zero, no upper time limit is applied.
- "startTime": "A String", # Exclude files or rows older than this value.
- "enableAutoPopulationOfTimespanConfig": True or False, # When the job is started by a JobTrigger we will automatically figure out
- # a valid start_time to avoid scanning files that have not been modified
- # since the last time the JobTrigger executed. This will be based on the
- # time of the execution of the last run of the JobTrigger.
- },
- "cloudStorageOptions": { # Options defining a file or a set of files within a Google Cloud Storage # Google Cloud Storage options specification.
+ },
+ ],
+ "inspectJob": { # Controls what and how to inspect for findings. # For inspect jobs, a snapshot of the configuration.
+ "storageConfig": { # Shared message indicating Cloud storage type. # The data to scan.
+ "cloudStorageOptions": { # Options defining a file or a set of files within a Google Cloud Storage # Google Cloud Storage options.
# bucket.
"bytesLimitPerFile": "A String", # Max number of bytes to scan from a file. If a scanned file's size is bigger
# than this value then the rest of the bytes are omitted. Only one
@@ -4496,7 +4836,7 @@
"sampleMethod": "A String",
"fileSet": { # Set of files to scan. # The set of one or more files to scan.
"url": "A String", # The Cloud Storage url of the file(s) to scan, in the format
- # `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed.
+ # `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed.
#
# If the url ends in a trailing slash, the bucket or directory represented
# by the url will be scanned non-recursively (content in sub-directories
@@ -4561,26 +4901,151 @@
],
},
},
+ "filesLimitPercent": 42, # Limits the number of files to scan to this percentage of the input FileSet.
+ # Number of files scanned is rounded down. Must be between 0 and 100,
+ # inclusively. Both 0 and 100 means no limit. Defaults to 0.
"bytesLimitPerFilePercent": 42, # Max percentage of bytes to scan from a file. The rest are omitted. The
# number of bytes scanned is rounded down. Must be between 0 and 100,
# inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one
# of bytes_limit_per_file and bytes_limit_per_file_percent can be specified.
- "filesLimitPercent": 42, # Limits the number of files to scan to this percentage of the input FileSet.
- # Number of files scanned is rounded down. Must be between 0 and 100,
- # inclusively. Both 0 and 100 means no limit. Defaults to 0.
"fileTypes": [ # List of file type groups to include in the scan.
# If empty, all files are scanned and available data format processors
# are applied. In addition, the binary content of the selected files
# is always scanned as well.
+ # Images are scanned only as binary if the specified region
+ # does not support image inspection and no file_types were specified.
+ # Image inspection is restricted to 'global', 'us', 'asia', and 'europe'.
"A String",
],
},
+ "datastoreOptions": { # Options defining a data set within Google Cloud Datastore. # Google Cloud Datastore options.
+ "partitionId": { # Datastore partition ID. # A partition ID identifies a grouping of entities. The grouping is always
+ # by project and namespace, however the namespace ID may be empty.
+ # A partition ID identifies a grouping of entities. The grouping is always
+ # by project and namespace, however the namespace ID may be empty.
+ #
+ # A partition ID contains several dimensions:
+ # project ID and namespace ID.
+ "projectId": "A String", # The ID of the project to which the entities belong.
+ "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
+ },
+ "kind": { # A representation of a Datastore kind. # The kind to process.
+ "name": "A String", # The name of the kind.
+ },
+ },
+ "bigQueryOptions": { # Options defining BigQuery table and row identifiers. # BigQuery options.
+ "excludedFields": [ # References to fields excluded from scanning. This allows you to skip
+ # inspection of entire columns which you know have no findings.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ "rowsLimit": "A String", # Max number of rows to scan. If the table has more rows than this value, the
+ # rest of the rows are omitted. If not set, or if set to 0, all rows will be
+ # scanned. Only one of rows_limit and rows_limit_percent can be specified.
+ # Cannot be used in conjunction with TimespanConfig.
+ "sampleMethod": "A String",
+ "identifyingFields": [ # Table fields that may uniquely identify a row within the table. When
+ # `actions.saveFindings.outputConfig.table` is specified, the values of
+ # columns specified here are available in the output table under
+ # `location.content_locations.record_location.record_key.id_values`. Nested
+ # fields such as `person.birthdate.year` are allowed.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ "rowsLimitPercent": 42, # Max percentage of rows to scan. The rest are omitted. The number of rows
+ # scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and
+ # 100 means no limit. Defaults to 0. Only one of rows_limit and
+ # rows_limit_percent can be specified. Cannot be used in conjunction with
+ # TimespanConfig.
+ "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
+ # identified by its project_id, dataset_id, and table_name. Within a query
+ # a table is often referenced with a string in the format of:
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
+ "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
+ # If omitted, project ID is inferred from the API call.
+ "tableId": "A String", # Name of the table.
+ "datasetId": "A String", # Dataset ID of the table.
+ },
+ },
+ "timespanConfig": { # Configuration of the timespan of the items to include in scanning.
+ # Currently only supported when inspecting Google Cloud Storage and BigQuery.
+ "timestampField": { # General identifier of a data field in a storage service. # Specification of the field containing the timestamp of scanned items.
+ # Used for data sources like Datastore and BigQuery.
+ #
+ # For BigQuery:
+ # Required to filter out rows based on the given start and
+ # end times. If not specified and the table was modified between the given
+ # start and end times, the entire table will be scanned.
+ # The valid data types of the timestamp field are: `INTEGER`, `DATE`,
+ # `TIMESTAMP`, or `DATETIME` BigQuery column.
+ #
+ # For Datastore.
+ # Valid data types of the timestamp field are: `TIMESTAMP`.
+ # Datastore entity will be scanned if the timestamp property does not
+ # exist or its value is empty or invalid.
+ "name": "A String", # Name describing the field.
+ },
+ "endTime": "A String", # Exclude files or rows newer than this value.
+ # If set to zero, no upper time limit is applied.
+ "startTime": "A String", # Exclude files or rows older than this value.
+ "enableAutoPopulationOfTimespanConfig": True or False, # When the job is started by a JobTrigger we will automatically figure out
+ # a valid start_time to avoid scanning files that have not been modified
+ # since the last time the JobTrigger executed. This will be based on the
+ # time of the execution of the last run of the JobTrigger.
+ },
+ "hybridOptions": { # Configuration to control jobs where the content being inspected is outside # Hybrid inspection options.
+ # Early access feature is in a pre-release state and might change or have
+ # limited support. For more information, see
+ # https://cloud.google.com/products#product-launch-stages.
+ # of Google Cloud Platform.
+ "tableOptions": { # Instructions regarding the table content being inspected. # If the container is a table, additional information to make findings
+ # meaningful such as the columns that are primary keys.
+ "identifyingFields": [ # The columns that are the primary keys for table objects included in
+ # ContentItem. A copy of this cell's value will stored alongside alongside
+ # each finding so that the finding can be traced to the specific row it came
+ # from. No more than 3 may be provided.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ },
+ "labels": { # To organize findings, these labels will be added to each finding.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
+ #
+ # Label values must be between 0 and 63 characters long and must conform
+ # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`.
+ #
+ # No more than 10 labels can be associated with a given finding.
+ #
+ # Examples:
+ # * `"environment" : "production"`
+ # * `"pipeline" : "etl"`
+ "a_key": "A String",
+ },
+ "requiredFindingLabelKeys": [ # These are labels that each inspection request must include within their
+ # 'finding_labels' map. Request may contain others, but any missing one of
+ # these will be rejected.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
+ #
+ # No more than 10 keys can be required.
+ "A String",
+ ],
+ "description": "A String", # A short description of where the data is coming from. Will be stored once
+ # in the job. 256 max length.
+ },
},
"inspectConfig": { # Configuration description of the scanning process. # How and what to scan for.
# When used with redactContent only info_types and min_likelihood are currently
# used.
"excludeInfoTypes": True or False, # When true, excludes type information of the findings.
- "limits": {
+ "limits": { # Configuration to control the number of findings returned. # Configuration to control the number of findings returned.
"maxFindingsPerRequest": 42, # Max number of findings that will be returned per request/job.
# When set within `InspectContentRequest`, the maximum returned is 2000
# regardless if this is set higher.
@@ -4595,13 +5060,13 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"maxFindings": 42, # Max findings limit for the given infoType.
},
],
"maxFindingsPerItem": 42, # Max number of findings that will be returned for each item scanned.
- # When set within `InspectDataSourceRequest`,
+ # When set within `InspectJobConfig`,
# the maximum returned is 2000 regardless if this is set higher.
# When set within `InspectContentRequest`, this field is ignored.
},
@@ -4641,7 +5106,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"dictionary": { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType.
# be used to match sensitive information specific to the data, such as a list
@@ -4705,8 +5170,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -4760,8 +5225,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -4810,7 +5275,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -4860,7 +5325,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -4877,16 +5342,15 @@
# system may automatically choose what detectors to run. By default this may
# be all types, but may change over time as detectors are updated.
#
- # The special InfoType name "ALL_BASIC" can be used to trigger all detectors,
- # but may change over time as new InfoTypes are added. If you need precise
- # control and predictability as to what detectors are run you should specify
- # specific InfoTypes listed in the reference.
+ # If you need precise control and predictability as to what detectors are
+ # run you should specify specific InfoTypes listed in the reference,
+ # otherwise a default list will be used, which may change over time.
{ # Type of information detected by the API.
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -4900,7 +5364,7 @@
# OutputStorageConfig. Only a single instance of this action can be
# specified.
# Compatible with: Inspect, Risk
- "outputConfig": { # Cloud repository for storing output.
+ "outputConfig": { # Cloud repository for storing output. # Location to store findings outside of DLP.
"table": { # Message defining the location of a BigQuery table. A table is uniquely # Store findings in an existing table or a new table in an existing
# dataset. If table_id is not set a new one will be generated
# for you with the following format:
@@ -4917,8 +5381,8 @@
# quasi-identifiers, cannot store their results in the same table.
# identified by its project_id, dataset_id, and table_name. Within a query
# a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
"projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
# If omitted, project ID is inferred from the API call.
"tableId": "A String", # Name of the table.
@@ -4933,9 +5397,10 @@
# If unspecified, then all available columns will be used for a new table or
# an (existing) table with no schema, and no changes will be made to an
# existing table that has a schema.
+ # Only for use with external storage.
},
},
- "jobNotificationEmails": { # Enable email notification to project owners and editors on jobs's # Enable email notification to project owners and editors on job's
+ "jobNotificationEmails": { # Enable email notification to project owners and editors on jobs's # Enable email notification for project owners and editors on job's
# completion/failure.
# completion/failure.
},
@@ -4950,6 +5415,22 @@
# Only a single instance of this action can be specified.
# Compatible with: Inspect
},
+ "publishToStackdriver": { # Enable Stackdriver metric dlp.googleapis.com/finding_count. This # Enable Stackdriver metric dlp.googleapis.com/finding_count.
+ # will publish a metric to stack driver on each infotype requested and
+ # how many findings were found for it. CustomDetectors will be bucketed
+ # as 'Custom' under the Stackdriver label 'info_type'.
+ },
+ "publishFindingsToCloudDataCatalog": { # Publish findings of a DlpJob to Cloud Data Catalog. Labels summarizing the # Publish findings to Cloud Datahub.
+ # results of the DlpJob will be applied to the entry for the resource scanned
+ # in Cloud Data Catalog. Any labels previously written by another DlpJob will
+ # be deleted. InfoType naming patterns are strictly enforced when using this
+ # feature. Note that the findings will be persisted in Cloud Data Catalog
+ # storage and are governed by Data Catalog service-specific policy, see
+ # https://cloud.google.com/terms/service-terms
+ # Only a single instance of this action can be specified and only allowed if
+ # all resources being scanned are BigQuery tables.
+ # Compatible with: Inspect
+ },
"pubSub": { # Publish a message into given Pub/Sub topic when DlpJob has completed. The # Publish a notification to a pubsub topic.
# message contains a single field, `DlpJobName`, which is equal to the
# finished job's
@@ -4963,27 +5444,11 @@
},
],
},
- "triggers": [ # A list of triggers which will be OR'ed together. Only one in the list
- # needs to trigger for a job to be started. The list may contain only
- # a single Schedule trigger and must have at least one object.
- { # What event needs to occur for a new job to be started.
- "schedule": { # Schedule for triggeredJobs. # Create a job on a repeating basis based on the elapse of time.
- "recurrencePeriodDuration": "A String", # With this option a job is started a regular periodic basis. For
- # example: every day (86400 seconds).
- #
- # A scheduled start time will be skipped if the previous
- # execution has not ended when its scheduled time occurs.
- #
- # This value must be set to a time duration greater than or equal
- # to 1 day and can be no longer than 60 days.
- },
- },
- ],
- "lastRunTime": "A String", # The timestamp of the last time this trigger executed, output only field.
- "createTime": "A String", # The creation timestamp of a triggeredJob, output only field.
+ "lastRunTime": "A String", # Output only. The timestamp of the last time this trigger executed.
+ "createTime": "A String", # Output only. The creation timestamp of a triggeredJob.
"name": "A String", # Unique resource name for the triggeredJob, assigned by the service when the
# triggeredJob is created, for example
- # `projects/dlp-test-project/triggeredJobs/53234423`.
+ # `projects/dlp-test-project/jobTriggers/53234423`.
},
"updateMask": "A String", # Mask to control which fields get updated.
}
@@ -4998,19 +5463,18 @@
{ # Contains a configuration to make dlp api calls on a repeating basis.
# See https://cloud.google.com/dlp/docs/concepts-job-triggers to learn more.
- "status": "A String", # A status for this trigger. [required]
- "updateTime": "A String", # The last update timestamp of a triggeredJob, output only field.
- "errors": [ # A stream of errors encountered when the trigger was activated. Repeated
+ "status": "A String", # Required. A status for this trigger.
+ "updateTime": "A String", # Output only. The last update timestamp of a triggeredJob.
+ "errors": [ # Output only. A stream of errors encountered when the trigger was activated. Repeated
# errors may result in the JobTrigger automatically being paused.
# Will return the last 100 errors. Whenever the JobTrigger is modified
- # this list will be cleared. Output only field.
+ # this list will be cleared.
{ # Details information about an error encountered during job execution or
# the results of an unsuccessful activation of the JobTrigger.
- # Output only field.
"timestamps": [ # The times the error occurred.
"A String",
],
- "details": { # The `Status` type defines a logical error model that is suitable for
+ "details": { # The `Status` type defines a logical error model that is suitable for # Detailed error codes and messages.
# different programming environments, including REST APIs and RPC APIs. It is
# used by [gRPC](https://github.com/grpc). Each `Status` message contains
# three pieces of data: error code, error message, and error details.
@@ -5032,79 +5496,31 @@
],
"displayName": "A String", # Display name (max 100 chars)
"description": "A String", # User provided description (max 256 chars)
- "inspectJob": {
- "storageConfig": { # Shared message indicating Cloud storage type. # The data to scan.
- "datastoreOptions": { # Options defining a data set within Google Cloud Datastore. # Google Cloud Datastore options specification.
- "partitionId": { # Datastore partition ID. # A partition ID identifies a grouping of entities. The grouping is always
- # by project and namespace, however the namespace ID may be empty.
- # A partition ID identifies a grouping of entities. The grouping is always
- # by project and namespace, however the namespace ID may be empty.
+ "triggers": [ # A list of triggers which will be OR'ed together. Only one in the list
+ # needs to trigger for a job to be started. The list may contain only
+ # a single Schedule trigger and must have at least one object.
+ { # What event needs to occur for a new job to be started.
+ "manual": { # Job trigger option for hybrid jobs. Jobs must be manually created # For use with hybrid jobs. Jobs must be manually created and finished.
+ # Early access feature is in a pre-release state and might change or have
+ # limited support. For more information, see
+ # https://cloud.google.com/products#product-launch-stages.
+ # and finished.
+ },
+ "schedule": { # Schedule for triggeredJobs. # Create a job on a repeating basis based on the elapse of time.
+ "recurrencePeriodDuration": "A String", # With this option a job is started a regular periodic basis. For
+ # example: every day (86400 seconds).
#
- # A partition ID contains several dimensions:
- # project ID and namespace ID.
- "projectId": "A String", # The ID of the project to which the entities belong.
- "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
- },
- "kind": { # A representation of a Datastore kind. # The kind to process.
- "name": "A String", # The name of the kind.
- },
+ # A scheduled start time will be skipped if the previous
+ # execution has not ended when its scheduled time occurs.
+ #
+ # This value must be set to a time duration greater than or equal
+ # to 1 day and can be no longer than 60 days.
},
- "bigQueryOptions": { # Options defining BigQuery table and row identifiers. # BigQuery options specification.
- "excludedFields": [ # References to fields excluded from scanning. This allows you to skip
- # inspection of entire columns which you know have no findings.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
- "rowsLimit": "A String", # Max number of rows to scan. If the table has more rows than this value, the
- # rest of the rows are omitted. If not set, or if set to 0, all rows will be
- # scanned. Only one of rows_limit and rows_limit_percent can be specified.
- # Cannot be used in conjunction with TimespanConfig.
- "sampleMethod": "A String",
- "identifyingFields": [ # References to fields uniquely identifying rows within the table.
- # Nested fields in the format, like `person.birthdate.year`, are allowed.
- { # General identifier of a data field in a storage service.
- "name": "A String", # Name describing the field.
- },
- ],
- "rowsLimitPercent": 42, # Max percentage of rows to scan. The rest are omitted. The number of rows
- # scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and
- # 100 means no limit. Defaults to 0. Only one of rows_limit and
- # rows_limit_percent can be specified. Cannot be used in conjunction with
- # TimespanConfig.
- "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
- # identified by its project_id, dataset_id, and table_name. Within a query
- # a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
- "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
- # If omitted, project ID is inferred from the API call.
- "tableId": "A String", # Name of the table.
- "datasetId": "A String", # Dataset ID of the table.
- },
- },
- "timespanConfig": { # Configuration of the timespan of the items to include in scanning.
- # Currently only supported when inspecting Google Cloud Storage and BigQuery.
- "timestampField": { # General identifier of a data field in a storage service. # Specification of the field containing the timestamp of scanned items.
- # Used for data sources like Datastore or BigQuery.
- # If not specified for BigQuery, table last modification timestamp
- # is checked against given time span.
- # The valid data types of the timestamp field are:
- # for BigQuery - timestamp, date, datetime;
- # for Datastore - timestamp.
- # Datastore entity will be scanned if the timestamp property does not exist
- # or its value is empty or invalid.
- "name": "A String", # Name describing the field.
- },
- "endTime": "A String", # Exclude files or rows newer than this value.
- # If set to zero, no upper time limit is applied.
- "startTime": "A String", # Exclude files or rows older than this value.
- "enableAutoPopulationOfTimespanConfig": True or False, # When the job is started by a JobTrigger we will automatically figure out
- # a valid start_time to avoid scanning files that have not been modified
- # since the last time the JobTrigger executed. This will be based on the
- # time of the execution of the last run of the JobTrigger.
- },
- "cloudStorageOptions": { # Options defining a file or a set of files within a Google Cloud Storage # Google Cloud Storage options specification.
+ },
+ ],
+ "inspectJob": { # Controls what and how to inspect for findings. # For inspect jobs, a snapshot of the configuration.
+ "storageConfig": { # Shared message indicating Cloud storage type. # The data to scan.
+ "cloudStorageOptions": { # Options defining a file or a set of files within a Google Cloud Storage # Google Cloud Storage options.
# bucket.
"bytesLimitPerFile": "A String", # Max number of bytes to scan from a file. If a scanned file's size is bigger
# than this value then the rest of the bytes are omitted. Only one
@@ -5112,7 +5528,7 @@
"sampleMethod": "A String",
"fileSet": { # Set of files to scan. # The set of one or more files to scan.
"url": "A String", # The Cloud Storage url of the file(s) to scan, in the format
- # `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed.
+ # `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed.
#
# If the url ends in a trailing slash, the bucket or directory represented
# by the url will be scanned non-recursively (content in sub-directories
@@ -5177,26 +5593,151 @@
],
},
},
+ "filesLimitPercent": 42, # Limits the number of files to scan to this percentage of the input FileSet.
+ # Number of files scanned is rounded down. Must be between 0 and 100,
+ # inclusively. Both 0 and 100 means no limit. Defaults to 0.
"bytesLimitPerFilePercent": 42, # Max percentage of bytes to scan from a file. The rest are omitted. The
# number of bytes scanned is rounded down. Must be between 0 and 100,
# inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one
# of bytes_limit_per_file and bytes_limit_per_file_percent can be specified.
- "filesLimitPercent": 42, # Limits the number of files to scan to this percentage of the input FileSet.
- # Number of files scanned is rounded down. Must be between 0 and 100,
- # inclusively. Both 0 and 100 means no limit. Defaults to 0.
"fileTypes": [ # List of file type groups to include in the scan.
# If empty, all files are scanned and available data format processors
# are applied. In addition, the binary content of the selected files
# is always scanned as well.
+ # Images are scanned only as binary if the specified region
+ # does not support image inspection and no file_types were specified.
+ # Image inspection is restricted to 'global', 'us', 'asia', and 'europe'.
"A String",
],
},
+ "datastoreOptions": { # Options defining a data set within Google Cloud Datastore. # Google Cloud Datastore options.
+ "partitionId": { # Datastore partition ID. # A partition ID identifies a grouping of entities. The grouping is always
+ # by project and namespace, however the namespace ID may be empty.
+ # A partition ID identifies a grouping of entities. The grouping is always
+ # by project and namespace, however the namespace ID may be empty.
+ #
+ # A partition ID contains several dimensions:
+ # project ID and namespace ID.
+ "projectId": "A String", # The ID of the project to which the entities belong.
+ "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
+ },
+ "kind": { # A representation of a Datastore kind. # The kind to process.
+ "name": "A String", # The name of the kind.
+ },
+ },
+ "bigQueryOptions": { # Options defining BigQuery table and row identifiers. # BigQuery options.
+ "excludedFields": [ # References to fields excluded from scanning. This allows you to skip
+ # inspection of entire columns which you know have no findings.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ "rowsLimit": "A String", # Max number of rows to scan. If the table has more rows than this value, the
+ # rest of the rows are omitted. If not set, or if set to 0, all rows will be
+ # scanned. Only one of rows_limit and rows_limit_percent can be specified.
+ # Cannot be used in conjunction with TimespanConfig.
+ "sampleMethod": "A String",
+ "identifyingFields": [ # Table fields that may uniquely identify a row within the table. When
+ # `actions.saveFindings.outputConfig.table` is specified, the values of
+ # columns specified here are available in the output table under
+ # `location.content_locations.record_location.record_key.id_values`. Nested
+ # fields such as `person.birthdate.year` are allowed.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ "rowsLimitPercent": 42, # Max percentage of rows to scan. The rest are omitted. The number of rows
+ # scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and
+ # 100 means no limit. Defaults to 0. Only one of rows_limit and
+ # rows_limit_percent can be specified. Cannot be used in conjunction with
+ # TimespanConfig.
+ "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
+ # identified by its project_id, dataset_id, and table_name. Within a query
+ # a table is often referenced with a string in the format of:
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
+ "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
+ # If omitted, project ID is inferred from the API call.
+ "tableId": "A String", # Name of the table.
+ "datasetId": "A String", # Dataset ID of the table.
+ },
+ },
+ "timespanConfig": { # Configuration of the timespan of the items to include in scanning.
+ # Currently only supported when inspecting Google Cloud Storage and BigQuery.
+ "timestampField": { # General identifier of a data field in a storage service. # Specification of the field containing the timestamp of scanned items.
+ # Used for data sources like Datastore and BigQuery.
+ #
+ # For BigQuery:
+ # Required to filter out rows based on the given start and
+ # end times. If not specified and the table was modified between the given
+ # start and end times, the entire table will be scanned.
+ # The valid data types of the timestamp field are: `INTEGER`, `DATE`,
+ # `TIMESTAMP`, or `DATETIME` BigQuery column.
+ #
+ # For Datastore.
+ # Valid data types of the timestamp field are: `TIMESTAMP`.
+ # Datastore entity will be scanned if the timestamp property does not
+ # exist or its value is empty or invalid.
+ "name": "A String", # Name describing the field.
+ },
+ "endTime": "A String", # Exclude files or rows newer than this value.
+ # If set to zero, no upper time limit is applied.
+ "startTime": "A String", # Exclude files or rows older than this value.
+ "enableAutoPopulationOfTimespanConfig": True or False, # When the job is started by a JobTrigger we will automatically figure out
+ # a valid start_time to avoid scanning files that have not been modified
+ # since the last time the JobTrigger executed. This will be based on the
+ # time of the execution of the last run of the JobTrigger.
+ },
+ "hybridOptions": { # Configuration to control jobs where the content being inspected is outside # Hybrid inspection options.
+ # Early access feature is in a pre-release state and might change or have
+ # limited support. For more information, see
+ # https://cloud.google.com/products#product-launch-stages.
+ # of Google Cloud Platform.
+ "tableOptions": { # Instructions regarding the table content being inspected. # If the container is a table, additional information to make findings
+ # meaningful such as the columns that are primary keys.
+ "identifyingFields": [ # The columns that are the primary keys for table objects included in
+ # ContentItem. A copy of this cell's value will stored alongside alongside
+ # each finding so that the finding can be traced to the specific row it came
+ # from. No more than 3 may be provided.
+ { # General identifier of a data field in a storage service.
+ "name": "A String", # Name describing the field.
+ },
+ ],
+ },
+ "labels": { # To organize findings, these labels will be added to each finding.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
+ #
+ # Label values must be between 0 and 63 characters long and must conform
+ # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`.
+ #
+ # No more than 10 labels can be associated with a given finding.
+ #
+ # Examples:
+ # * `"environment" : "production"`
+ # * `"pipeline" : "etl"`
+ "a_key": "A String",
+ },
+ "requiredFindingLabelKeys": [ # These are labels that each inspection request must include within their
+ # 'finding_labels' map. Request may contain others, but any missing one of
+ # these will be rejected.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`.
+ #
+ # No more than 10 keys can be required.
+ "A String",
+ ],
+ "description": "A String", # A short description of where the data is coming from. Will be stored once
+ # in the job. 256 max length.
+ },
},
"inspectConfig": { # Configuration description of the scanning process. # How and what to scan for.
# When used with redactContent only info_types and min_likelihood are currently
# used.
"excludeInfoTypes": True or False, # When true, excludes type information of the findings.
- "limits": {
+ "limits": { # Configuration to control the number of findings returned. # Configuration to control the number of findings returned.
"maxFindingsPerRequest": 42, # Max number of findings that will be returned per request/job.
# When set within `InspectContentRequest`, the maximum returned is 2000
# regardless if this is set higher.
@@ -5211,13 +5752,13 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"maxFindings": 42, # Max findings limit for the given infoType.
},
],
"maxFindingsPerItem": 42, # Max number of findings that will be returned for each item scanned.
- # When set within `InspectDataSourceRequest`,
+ # When set within `InspectJobConfig`,
# the maximum returned is 2000 regardless if this is set higher.
# When set within `InspectContentRequest`, this field is ignored.
},
@@ -5257,7 +5798,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
"dictionary": { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType.
# be used to match sensitive information specific to the data, such as a list
@@ -5321,8 +5862,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -5376,8 +5917,8 @@
# a company office using the hotword regex "\(xxx\)", where "xxx"
# is the area code in question.
# rule.
- "windowAfter": 42, # Number of characters after the finding to consider.
"windowBefore": 42, # Number of characters before the finding to consider.
+ "windowAfter": 42, # Number of characters after the finding to consider.
},
"hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
"pattern": "A String", # Pattern defining the regular expression. Its syntax
@@ -5426,7 +5967,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -5476,7 +6017,7 @@
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -5493,16 +6034,15 @@
# system may automatically choose what detectors to run. By default this may
# be all types, but may change over time as detectors are updated.
#
- # The special InfoType name "ALL_BASIC" can be used to trigger all detectors,
- # but may change over time as new InfoTypes are added. If you need precise
- # control and predictability as to what detectors are run you should specify
- # specific InfoTypes listed in the reference.
+ # If you need precise control and predictability as to what detectors are
+ # run you should specify specific InfoTypes listed in the reference,
+ # otherwise a default list will be used, which may change over time.
{ # Type of information detected by the API.
"name": "A String", # Name of the information type. Either a name of your choosing when
# creating a CustomInfoType, or one of the names listed
# at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
# a built-in type. InfoType names should conform to the pattern
- # [a-zA-Z0-9_]{1,64}.
+ # `[a-zA-Z0-9_]{1,64}`.
},
],
},
@@ -5516,7 +6056,7 @@
# OutputStorageConfig. Only a single instance of this action can be
# specified.
# Compatible with: Inspect, Risk
- "outputConfig": { # Cloud repository for storing output.
+ "outputConfig": { # Cloud repository for storing output. # Location to store findings outside of DLP.
"table": { # Message defining the location of a BigQuery table. A table is uniquely # Store findings in an existing table or a new table in an existing
# dataset. If table_id is not set a new one will be generated
# for you with the following format:
@@ -5533,8 +6073,8 @@
# quasi-identifiers, cannot store their results in the same table.
# identified by its project_id, dataset_id, and table_name. Within a query
# a table is often referenced with a string in the format of:
- # `<project_id>:<dataset_id>.<table_id>` or
- # `<project_id>.<dataset_id>.<table_id>`.
+ # `<project_id>:<dataset_id>.<table_id>` or
+ # `<project_id>.<dataset_id>.<table_id>`.
"projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
# If omitted, project ID is inferred from the API call.
"tableId": "A String", # Name of the table.
@@ -5549,9 +6089,10 @@
# If unspecified, then all available columns will be used for a new table or
# an (existing) table with no schema, and no changes will be made to an
# existing table that has a schema.
+ # Only for use with external storage.
},
},
- "jobNotificationEmails": { # Enable email notification to project owners and editors on jobs's # Enable email notification to project owners and editors on job's
+ "jobNotificationEmails": { # Enable email notification to project owners and editors on jobs's # Enable email notification for project owners and editors on job's
# completion/failure.
# completion/failure.
},
@@ -5566,6 +6107,22 @@
# Only a single instance of this action can be specified.
# Compatible with: Inspect
},
+ "publishToStackdriver": { # Enable Stackdriver metric dlp.googleapis.com/finding_count. This # Enable Stackdriver metric dlp.googleapis.com/finding_count.
+ # will publish a metric to stack driver on each infotype requested and
+ # how many findings were found for it. CustomDetectors will be bucketed
+ # as 'Custom' under the Stackdriver label 'info_type'.
+ },
+ "publishFindingsToCloudDataCatalog": { # Publish findings of a DlpJob to Cloud Data Catalog. Labels summarizing the # Publish findings to Cloud Datahub.
+ # results of the DlpJob will be applied to the entry for the resource scanned
+ # in Cloud Data Catalog. Any labels previously written by another DlpJob will
+ # be deleted. InfoType naming patterns are strictly enforced when using this
+ # feature. Note that the findings will be persisted in Cloud Data Catalog
+ # storage and are governed by Data Catalog service-specific policy, see
+ # https://cloud.google.com/terms/service-terms
+ # Only a single instance of this action can be specified and only allowed if
+ # all resources being scanned are BigQuery tables.
+ # Compatible with: Inspect
+ },
"pubSub": { # Publish a message into given Pub/Sub topic when DlpJob has completed. The # Publish a notification to a pubsub topic.
# message contains a single field, `DlpJobName`, which is equal to the
# finished job's
@@ -5579,27 +6136,11 @@
},
],
},
- "triggers": [ # A list of triggers which will be OR'ed together. Only one in the list
- # needs to trigger for a job to be started. The list may contain only
- # a single Schedule trigger and must have at least one object.
- { # What event needs to occur for a new job to be started.
- "schedule": { # Schedule for triggeredJobs. # Create a job on a repeating basis based on the elapse of time.
- "recurrencePeriodDuration": "A String", # With this option a job is started a regular periodic basis. For
- # example: every day (86400 seconds).
- #
- # A scheduled start time will be skipped if the previous
- # execution has not ended when its scheduled time occurs.
- #
- # This value must be set to a time duration greater than or equal
- # to 1 day and can be no longer than 60 days.
- },
- },
- ],
- "lastRunTime": "A String", # The timestamp of the last time this trigger executed, output only field.
- "createTime": "A String", # The creation timestamp of a triggeredJob, output only field.
+ "lastRunTime": "A String", # Output only. The timestamp of the last time this trigger executed.
+ "createTime": "A String", # Output only. The creation timestamp of a triggeredJob.
"name": "A String", # Unique resource name for the triggeredJob, assigned by the service when the
# triggeredJob is created, for example
- # `projects/dlp-test-project/triggeredJobs/53234423`.
+ # `projects/dlp-test-project/jobTriggers/53234423`.
}</pre>
</div>