Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / 715bd7f9ca9a324a05ee05a6476af383e54930f9 / . / docs / dyn / dlp_v2.projects.content.html
blob: d93cf1bfcf4f87c2ff754b21aa815e820e77b622 [file] [log] [blame]
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame^]1<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="dlp_v2.html">Cloud Data Loss Prevention (DLP) API</a> . <a href="dlp_v2.projects.html">projects</a> . <a href="dlp_v2.projects.content.html">content</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="#deidentify">deidentify(parent, body, x__xgafv=None)</a></code></p>
79<p class="firstline">De-identifies potentially sensitive info from a ContentItem.</p>
80<p class="toc_element">
81 <code><a href="#inspect">inspect(parent, body, x__xgafv=None)</a></code></p>
82<p class="firstline">Finds potentially sensitive info in content.</p>
83<p class="toc_element">
84 <code><a href="#reidentify">reidentify(parent, body, x__xgafv=None)</a></code></p>
85<p class="firstline">Re-identifies content that has been de-identified.</p>
86<h3>Method Details</h3>
87<div class="method">
88 <code class="details" id="deidentify">deidentify(parent, body, x__xgafv=None)</code>
89 <pre>De-identifies potentially sensitive info from a ContentItem.
90This method has limits on input size and output size.
91See https://cloud.google.com/dlp/docs/deidentify-sensitive-data to
92learn more.
93
94When no InfoTypes or CustomInfoTypes are specified in this request, the
95system will automatically choose what detectors to run. By default this may
96be all types, but may change over time as detectors are updated.
97
98Args:
99 parent: string, The parent resource name, for example projects/my-project-id. (required)
100 body: object, The request body. (required)
101 The object takes the form of:
102
103{ # Request to de-identify a list of items.
104 "deidentifyTemplateName": "A String", # Optional template to use. Any configuration directly specified in
105 # deidentify_config will override those set in the template. Singular fields
106 # that are set in this request will replace their corresponding fields in the
107 # template. Repeated fields are appended. Singular sub-messages and groups
108 # are recursively merged.
109 "inspectTemplateName": "A String", # Optional template to use. Any configuration directly specified in
110 # inspect_config will override those set in the template. Singular fields
111 # that are set in this request will replace their corresponding fields in the
112 # template. Repeated fields are appended. Singular sub-messages and groups
113 # are recursively merged.
114 "deidentifyConfig": { # The configuration that controls how the data will change. # Configuration for the de-identification of the content item.
115 # Items specified here will override the template referenced by the
116 # deidentify_template_name argument.
117 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
118 # transformation everywhere.
119 # apply various `PrimitiveTransformation`s to each finding, where the
120 # transformation is applied to only values that were identified as a specific
121 # info_type.
122 "transformations": [ # Transformation for each infoType. Cannot specify more than one
123 # for a given infoType. [required]
124 { # A transformation to apply to text that is identified as a specific
125 # info_type.
126 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required]
127 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a
128 # fixed character. Masking can start from the beginning or end of the string.
129 # This can be used on data of any type (numbers, longs, and so on) and when
130 # de-identifying structured data we'll attempt to preserve the original data's
131 # type. (This allows you to take a long like 123 and modify it to a string like
132 # **3.
133 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing.
134 # For example, if your string is 555-555-5555 and you ask us to skip `-` and
135 # mask 5 chars with * we would produce ***-*55-5555.
136 { # Characters to skip when doing deidentification of a value. These will be left
137 # alone and skipped.
138 "commonCharactersToIgnore": "A String",
139 "charactersToSkip": "A String",
140 },
141 ],
142 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
143 # masked. Skipped characters do not count towards this tally.
144 "maskingCharacter": "A String", # Character to mask the sensitive values&mdash;for example, "*" for an
145 # alphabetic string such as name, or "0" for a numeric string such as ZIP
146 # code or credit card number. String must have length 1. If not supplied, we
147 # will default to "*" for strings, 0 for digits.
148 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
149 # '0', number_to_mask is 14, and `reverse_order` is false, then
150 # 1234-5678-9012-3456 -> 00000000000000-3456
151 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order`
152 # is true, then 12345 -> 12***
153 },
154 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation`
155 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
156 # output would be 'My phone number is '.
157 },
158 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given
159 # input. Outputs a base64 encoded representation of the encrypted output.
160 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
161 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
162 # a key encryption key (KEK) stored by KMS).
163 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
164 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
165 # unwrap the data crypto key.
166 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
167 # The wrapped key must be a 128/192/256 bit key.
168 # Authorization requires the following IAM permissions when sending a request
169 # to perform a crypto transformation using a kms-wrapped crypto key:
170 # dlp.kms.encrypt
171 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
172 "wrappedKey": "A String", # The wrapped data crypto key. [required]
173 },
174 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
175 # leaking the key. Choose another type of key if possible.
176 "key": "A String", # A 128/192/256 bit key. [required]
177 },
178 "transient": { # Use this to have a random data crypto key generated.
179 # It will be discarded after the request finishes.
180 "name": "A String", # Name of the key. [required]
181 # This is an arbitrary string used to differentiate different keys.
182 # A unique key is generated per name: two separate `TransientCryptoKey`
183 # protos share the same generated key if their names are the same.
184 # When the data crypto key is generated, this name is not used in any way
185 # (repeating the api call will result in a different key being generated).
186 },
187 },
188 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining
189 # referential integrity such that the same identifier in two different
190 # contexts will be given a distinct surrogate. The context is appended to
191 # plaintext value being encrypted. On decryption the provided context is
192 # validated against the value used during encryption. If a context was
193 # provided during encryption, same context must be provided during decryption
194 # as well.
195 #
196 # If the context is not set, plaintext would be used as is for encryption.
197 # If the context is set but:
198 #
199 # 1. there is no record present when transforming a given value or
200 # 2. the field is not present when transforming a given value,
201 #
202 # plaintext would be used as is for encryption.
203 #
204 # Note that case (1) is expected when an `InfoTypeTransformation` is
205 # applied to both structured and non-structured `ContentItem`s.
206 "name": "A String", # Name describing the field.
207 },
208 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
209 # This annotation will be applied to the surrogate by prefixing it with
210 # the name of the custom info type followed by the number of
211 # characters comprising the surrogate. The following scheme defines the
212 # format: <info type name>(<surrogate character count>):<surrogate>
213 #
214 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
215 # the surrogate is 'abc', the full replacement value
216 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
217 #
218 # This annotation identifies the surrogate when inspecting content using the
219 # custom info type 'Surrogate'. This facilitates reversal of the
220 # surrogate when it occurs in free text.
221 #
222 # In order for inspection to work properly, the name of this info type must
223 # not occur naturally anywhere in your data; otherwise, inspection may either
224 #
225 # - reverse a surrogate that does not correspond to an actual identifier
226 # - be unable to parse the surrogate and result in an error
227 #
228 # Therefore, choose your custom info type name carefully after considering
229 # what your data looks like. One way to select a name that has a high chance
230 # of yielding reliable detection is to include one or more unicode characters
231 # that are highly improbable to exist in your data.
232 # For example, assuming your data is entered from a regular ASCII keyboard,
233 # the symbol with the hex code point 29DD might be used like so:
234 # ⧝MY_TOKEN_TYPE
235 "name": "A String", # Name of the information type. Either a name of your choosing when
236 # creating a CustomInfoType, or one of the names listed
237 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
238 # a built-in type. InfoType names should conform to the pattern
239 # [a-zA-Z0-9_]{1,64}.
240 },
241 },
242 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The
243 # Bucketing transformation can provide all of this functionality,
244 # but requires more configuration. This message is provided as a convenience to
245 # the user for simple bucketing strategies.
246 #
247 # The transformed value will be a hyphenated string of
248 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20
249 # all values that are within this bucket will be replaced with "10-20".
250 #
251 # This can be used on data of type: double, long.
252 #
253 # If the bound Value type differs from the type of data
254 # being transformed, we will first attempt converting the type of the data to
255 # be transformed to match the type of the bound before comparing.
256 #
257 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
258 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are
259 # grouped together into a single bucket; for example if `lower_bound` = 10,
260 # then all values less than 10 are replaced with the value “-10”. [Required].
261 # Note that for the purposes of inspection or transformation, the number
262 # of bytes considered to comprise a 'Value' is based on its representation
263 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
264 # 123456789, the number of bytes would be counted as 9, even though an
265 # int64 only holds up to 8 bytes of data.
266 "floatValue": 3.14,
267 "timestampValue": "A String",
268 "dayOfWeekValue": "A String",
269 "timeValue": { # Represents a time of day. The date and time zone are either not significant
270 # or are specified elsewhere. An API may choose to allow leap seconds. Related
271 # types are google.type.Date and `google.protobuf.Timestamp`.
272 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
273 # to allow the value "24:00:00" for scenarios like business closing time.
274 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
275 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
276 # allow the value 60 if it allows leap-seconds.
277 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
278 },
279 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
280 # and time zone are either specified elsewhere or are not significant. The date
281 # is relative to the Proleptic Gregorian Calendar. This can represent:
282 #
283 # * A full date, with non-zero year, month and day values
284 # * A month and day value, with a zero year, e.g. an anniversary
285 # * A year on its own, with zero month and day values
286 # * A year and month value, with a zero day, e.g. a credit card expiration date
287 #
288 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
289 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
290 # a year.
291 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
292 # if specifying a year by itself or a year and month where the day is not
293 # significant.
294 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
295 # month and day.
296 },
297 "stringValue": "A String",
298 "booleanValue": True or False,
299 "integerValue": "A String",
300 },
301 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are
302 # grouped together into a single bucket; for example if `upper_bound` = 89,
303 # then all values greater than 89 are replaced with the value “89+”.
304 # [Required].
305 # Note that for the purposes of inspection or transformation, the number
306 # of bytes considered to comprise a 'Value' is based on its representation
307 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
308 # 123456789, the number of bytes would be counted as 9, even though an
309 # int64 only holds up to 8 bytes of data.
310 "floatValue": 3.14,
311 "timestampValue": "A String",
312 "dayOfWeekValue": "A String",
313 "timeValue": { # Represents a time of day. The date and time zone are either not significant
314 # or are specified elsewhere. An API may choose to allow leap seconds. Related
315 # types are google.type.Date and `google.protobuf.Timestamp`.
316 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
317 # to allow the value "24:00:00" for scenarios like business closing time.
318 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
319 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
320 # allow the value 60 if it allows leap-seconds.
321 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
322 },
323 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
324 # and time zone are either specified elsewhere or are not significant. The date
325 # is relative to the Proleptic Gregorian Calendar. This can represent:
326 #
327 # * A full date, with non-zero year, month and day values
328 # * A month and day value, with a zero year, e.g. an anniversary
329 # * A year on its own, with zero month and day values
330 # * A year and month value, with a zero day, e.g. a credit card expiration date
331 #
332 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
333 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
334 # a year.
335 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
336 # if specifying a year by itself or a year and month where the day is not
337 # significant.
338 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
339 # month and day.
340 },
341 "stringValue": "A String",
342 "booleanValue": True or False,
343 "integerValue": "A String",
344 },
345 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if
346 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
347 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
348 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required].
349 },
350 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type.
351 },
352 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a
353 # portion of the value.
354 "partToExtract": "A String",
355 },
356 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing.
357 # Uses SHA-256.
358 # The key size must be either 32 or 64 bytes.
359 # Outputs a base64 encoded representation of the hashed output
360 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
361 # Currently, only string and integer values can be hashed.
362 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
363 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
364 # a key encryption key (KEK) stored by KMS).
365 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
366 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
367 # unwrap the data crypto key.
368 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
369 # The wrapped key must be a 128/192/256 bit key.
370 # Authorization requires the following IAM permissions when sending a request
371 # to perform a crypto transformation using a kms-wrapped crypto key:
372 # dlp.kms.encrypt
373 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
374 "wrappedKey": "A String", # The wrapped data crypto key. [required]
375 },
376 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
377 # leaking the key. Choose another type of key if possible.
378 "key": "A String", # A 128/192/256 bit key. [required]
379 },
380 "transient": { # Use this to have a random data crypto key generated.
381 # It will be discarded after the request finishes.
382 "name": "A String", # Name of the key. [required]
383 # This is an arbitrary string used to differentiate different keys.
384 # A unique key is generated per name: two separate `TransientCryptoKey`
385 # protos share the same generated key if their names are the same.
386 # When the data crypto key is generated, this name is not used in any way
387 # (repeating the api call will result in a different key being generated).
388 },
389 },
390 },
391 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the
392 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
393 # to learn more.
394 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
395 # results in the same shift for the same context and crypto_key.
396 # a key encryption key (KEK) stored by KMS).
397 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
398 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
399 # unwrap the data crypto key.
400 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
401 # The wrapped key must be a 128/192/256 bit key.
402 # Authorization requires the following IAM permissions when sending a request
403 # to perform a crypto transformation using a kms-wrapped crypto key:
404 # dlp.kms.encrypt
405 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
406 "wrappedKey": "A String", # The wrapped data crypto key. [required]
407 },
408 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
409 # leaking the key. Choose another type of key if possible.
410 "key": "A String", # A 128/192/256 bit key. [required]
411 },
412 "transient": { # Use this to have a random data crypto key generated.
413 # It will be discarded after the request finishes.
414 "name": "A String", # Name of the key. [required]
415 # This is an arbitrary string used to differentiate different keys.
416 # A unique key is generated per name: two separate `TransientCryptoKey`
417 # protos share the same generated key if their names are the same.
418 # When the data crypto key is generated, this name is not used in any way
419 # (repeating the api call will result in a different key being generated).
420 },
421 },
422 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past.
423 # [Required]
424 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this
425 # range (inclusive ends). Negative means shift to earlier in time. Must not
426 # be more than 365250 days (1000 years) each direction.
427 #
428 # For example, 3 means shift date to at most 3 days into the future.
429 # [Required]
430 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
431 # If set, must also set method. If set, shift will be consistent for the
432 # given context.
433 "name": "A String", # Name describing the field.
434 },
435 },
436 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and
437 # replacement values are dynamically provided by the user for custom behavior,
438 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH
439 # This can be used on
440 # data of type: number, long, string, timestamp.
441 # If the bound `Value` type differs from the type of data being transformed, we
442 # will first attempt converting the type of the data to be transformed to match
443 # the type of the bound before comparing.
444 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
445 "buckets": [ # Set of buckets. Ranges must be non-overlapping.
446 { # Bucket is represented as a range, along with replacement values.
447 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
448 # Note that for the purposes of inspection or transformation, the number
449 # of bytes considered to comprise a 'Value' is based on its representation
450 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
451 # 123456789, the number of bytes would be counted as 9, even though an
452 # int64 only holds up to 8 bytes of data.
453 "floatValue": 3.14,
454 "timestampValue": "A String",
455 "dayOfWeekValue": "A String",
456 "timeValue": { # Represents a time of day. The date and time zone are either not significant
457 # or are specified elsewhere. An API may choose to allow leap seconds. Related
458 # types are google.type.Date and `google.protobuf.Timestamp`.
459 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
460 # to allow the value "24:00:00" for scenarios like business closing time.
461 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
462 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
463 # allow the value 60 if it allows leap-seconds.
464 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
465 },
466 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
467 # and time zone are either specified elsewhere or are not significant. The date
468 # is relative to the Proleptic Gregorian Calendar. This can represent:
469 #
470 # * A full date, with non-zero year, month and day values
471 # * A month and day value, with a zero year, e.g. an anniversary
472 # * A year on its own, with zero month and day values
473 # * A year and month value, with a zero day, e.g. a credit card expiration date
474 #
475 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
476 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
477 # a year.
478 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
479 # if specifying a year by itself or a year and month where the day is not
480 # significant.
481 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
482 # month and day.
483 },
484 "stringValue": "A String",
485 "booleanValue": True or False,
486 "integerValue": "A String",
487 },
488 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
489 # the default behavior will be to hyphenate the min-max range.
490 # Note that for the purposes of inspection or transformation, the number
491 # of bytes considered to comprise a 'Value' is based on its representation
492 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
493 # 123456789, the number of bytes would be counted as 9, even though an
494 # int64 only holds up to 8 bytes of data.
495 "floatValue": 3.14,
496 "timestampValue": "A String",
497 "dayOfWeekValue": "A String",
498 "timeValue": { # Represents a time of day. The date and time zone are either not significant
499 # or are specified elsewhere. An API may choose to allow leap seconds. Related
500 # types are google.type.Date and `google.protobuf.Timestamp`.
501 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
502 # to allow the value "24:00:00" for scenarios like business closing time.
503 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
504 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
505 # allow the value 60 if it allows leap-seconds.
506 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
507 },
508 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
509 # and time zone are either specified elsewhere or are not significant. The date
510 # is relative to the Proleptic Gregorian Calendar. This can represent:
511 #
512 # * A full date, with non-zero year, month and day values
513 # * A month and day value, with a zero year, e.g. an anniversary
514 # * A year on its own, with zero month and day values
515 # * A year and month value, with a zero day, e.g. a credit card expiration date
516 #
517 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
518 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
519 # a year.
520 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
521 # if specifying a year by itself or a year and month where the day is not
522 # significant.
523 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
524 # month and day.
525 },
526 "stringValue": "A String",
527 "booleanValue": True or False,
528 "integerValue": "A String",
529 },
530 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
531 # used.
532 # Note that for the purposes of inspection or transformation, the number
533 # of bytes considered to comprise a 'Value' is based on its representation
534 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
535 # 123456789, the number of bytes would be counted as 9, even though an
536 # int64 only holds up to 8 bytes of data.
537 "floatValue": 3.14,
538 "timestampValue": "A String",
539 "dayOfWeekValue": "A String",
540 "timeValue": { # Represents a time of day. The date and time zone are either not significant
541 # or are specified elsewhere. An API may choose to allow leap seconds. Related
542 # types are google.type.Date and `google.protobuf.Timestamp`.
543 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
544 # to allow the value "24:00:00" for scenarios like business closing time.
545 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
546 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
547 # allow the value 60 if it allows leap-seconds.
548 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
549 },
550 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
551 # and time zone are either specified elsewhere or are not significant. The date
552 # is relative to the Proleptic Gregorian Calendar. This can represent:
553 #
554 # * A full date, with non-zero year, month and day values
555 # * A month and day value, with a zero year, e.g. an anniversary
556 # * A year on its own, with zero month and day values
557 # * A year and month value, with a zero day, e.g. a credit card expiration date
558 #
559 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
560 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
561 # a year.
562 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
563 # if specifying a year by itself or a year and month where the day is not
564 # significant.
565 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
566 # month and day.
567 },
568 "stringValue": "A String",
569 "booleanValue": True or False,
570 "integerValue": "A String",
571 },
572 },
573 ],
574 },
575 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption
576 # (FPE) with the FFX mode of operation; however when used in the
577 # `ReidentifyContent` API method, it serves the opposite function by reversing
578 # the surrogate back into the original identifier. The identifier must be
579 # encoded as ASCII. For a given crypto key and context, the same identifier
580 # will be replaced with the same surrogate. Identifiers must be at least two
581 # characters long. In the case that the identifier is the empty string, it will
582 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
583 # more.
584 #
585 # Note: We recommend using CryptoDeterministicConfig for all use cases which
586 # do not require preserving the input alphabet space and size, plus warrant
587 # referential integrity.
588 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required]
589 # a key encryption key (KEK) stored by KMS).
590 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
591 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
592 # unwrap the data crypto key.
593 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
594 # The wrapped key must be a 128/192/256 bit key.
595 # Authorization requires the following IAM permissions when sending a request
596 # to perform a crypto transformation using a kms-wrapped crypto key:
597 # dlp.kms.encrypt
598 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
599 "wrappedKey": "A String", # The wrapped data crypto key. [required]
600 },
601 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
602 # leaking the key. Choose another type of key if possible.
603 "key": "A String", # A 128/192/256 bit key. [required]
604 },
605 "transient": { # Use this to have a random data crypto key generated.
606 # It will be discarded after the request finishes.
607 "name": "A String", # Name of the key. [required]
608 # This is an arbitrary string used to differentiate different keys.
609 # A unique key is generated per name: two separate `TransientCryptoKey`
610 # protos share the same generated key if their names are the same.
611 # When the data crypto key is generated, this name is not used in any way
612 # (repeating the api call will result in a different key being generated).
613 },
614 },
615 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62].
616 "commonAlphabet": "A String",
617 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
618 # that the FFX mode natively supports. This happens before/after
619 # encryption/decryption.
620 # Each character listed must appear only once.
621 # Number of characters must be in the range [2, 62].
622 # This must be encoded as ASCII.
623 # The order of characters does not matter.
624 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
625 # identifier in two different contexts won't be given the same surrogate. If
626 # the context is not set, a default tweak will be used.
627 #
628 # If the context is set but:
629 #
630 # 1. there is no record present when transforming a given value or
631 # 1. the field is not present when transforming a given value,
632 #
633 # a default tweak will be used.
634 #
635 # Note that case (1) is expected when an `InfoTypeTransformation` is
636 # applied to both structured and non-structured `ContentItem`s.
637 # Currently, the referenced field may be of value type integer or string.
638 #
639 # The tweak is constructed as a sequence of bytes in big endian byte order
640 # such that:
641 #
642 # - a 64 bit integer is encoded followed by a single byte of value 1
643 # - a string is encoded in UTF-8 format followed by a single byte of value 2
644 "name": "A String", # Name describing the field.
645 },
646 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
647 # This annotation will be applied to the surrogate by prefixing it with
648 # the name of the custom infoType followed by the number of
649 # characters comprising the surrogate. The following scheme defines the
650 # format: info_type_name(surrogate_character_count):surrogate
651 #
652 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
653 # the surrogate is 'abc', the full replacement value
654 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
655 #
656 # This annotation identifies the surrogate when inspecting content using the
657 # custom infoType
658 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
659 # This facilitates reversal of the surrogate when it occurs in free text.
660 #
661 # In order for inspection to work properly, the name of this infoType must
662 # not occur naturally anywhere in your data; otherwise, inspection may
663 # find a surrogate that does not correspond to an actual identifier.
664 # Therefore, choose your custom infoType name carefully after considering
665 # what your data looks like. One way to select a name that has a high chance
666 # of yielding reliable detection is to include one or more unicode characters
667 # that are highly improbable to exist in your data.
668 # For example, assuming your data is entered from a regular ASCII keyboard,
669 # the symbol with the hex code point 29DD might be used like so:
670 # ⧝MY_TOKEN_TYPE
671 "name": "A String", # Name of the information type. Either a name of your choosing when
672 # creating a CustomInfoType, or one of the names listed
673 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
674 # a built-in type. InfoType names should conform to the pattern
675 # [a-zA-Z0-9_]{1,64}.
676 },
677 },
678 "replaceConfig": { # Replace each input value with a given `Value`.
679 "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
680 # Note that for the purposes of inspection or transformation, the number
681 # of bytes considered to comprise a 'Value' is based on its representation
682 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
683 # 123456789, the number of bytes would be counted as 9, even though an
684 # int64 only holds up to 8 bytes of data.
685 "floatValue": 3.14,
686 "timestampValue": "A String",
687 "dayOfWeekValue": "A String",
688 "timeValue": { # Represents a time of day. The date and time zone are either not significant
689 # or are specified elsewhere. An API may choose to allow leap seconds. Related
690 # types are google.type.Date and `google.protobuf.Timestamp`.
691 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
692 # to allow the value "24:00:00" for scenarios like business closing time.
693 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
694 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
695 # allow the value 60 if it allows leap-seconds.
696 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
697 },
698 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
699 # and time zone are either specified elsewhere or are not significant. The date
700 # is relative to the Proleptic Gregorian Calendar. This can represent:
701 #
702 # * A full date, with non-zero year, month and day values
703 # * A month and day value, with a zero year, e.g. an anniversary
704 # * A year on its own, with zero month and day values
705 # * A year and month value, with a zero day, e.g. a credit card expiration date
706 #
707 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
708 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
709 # a year.
710 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
711 # if specifying a year by itself or a year and month where the day is not
712 # significant.
713 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
714 # month and day.
715 },
716 "stringValue": "A String",
717 "booleanValue": True or False,
718 "integerValue": "A String",
719 },
720 },
721 },
722 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
723 # this transformation to apply to all findings that correspond to
724 # infoTypes that were requested in `InspectConfig`.
725 { # Type of information detected by the API.
726 "name": "A String", # Name of the information type. Either a name of your choosing when
727 # creating a CustomInfoType, or one of the names listed
728 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
729 # a built-in type. InfoType names should conform to the pattern
730 # [a-zA-Z0-9_]{1,64}.
731 },
732 ],
733 },
734 ],
735 },
736 "recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
737 # specific locations within structured datasets, such as transforming
738 # a column within a table.
739 # table.
740 "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that
741 # match any suppression rule are omitted from the output [optional].
742 { # Configuration to suppress records whose suppression conditions evaluate to
743 # true.
744 "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
745 # evaluated to be suppressed from the transformed content.
746 # a field.
747 "expressions": { # An expression, consisting or an operator and conditions. # An expression.
748 "conditions": { # A collection of conditions.
749 "conditions": [
750 { # The field type of `value` and `field` do not need to match to be
751 # considered equal, but not all comparisons are possible.
752 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
753 # but all other comparisons are invalid with incompatible types.
754 # A `value` of type:
755 #
756 # - `string` can be compared against all other types
757 # - `boolean` can only be compared against other booleans
758 # - `integer` can be compared against doubles or a string if the string value
759 # can be parsed as an integer.
760 # - `double` can be compared against integers or a string if the string can
761 # be parsed as a double.
762 # - `Timestamp` can be compared against strings in RFC 3339 date string
763 # format.
764 # - `TimeOfDay` can be compared against timestamps and strings in the format
765 # of 'HH:mm:ss'.
766 #
767 # If we fail to compare do to type mismatch, a warning will be given and
768 # the condition will evaluate to false.
769 "operator": "A String", # Operator used to compare the field or infoType to the value. [required]
770 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required]
771 "name": "A String", # Name describing the field.
772 },
773 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.]
774 # Note that for the purposes of inspection or transformation, the number
775 # of bytes considered to comprise a 'Value' is based on its representation
776 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
777 # 123456789, the number of bytes would be counted as 9, even though an
778 # int64 only holds up to 8 bytes of data.
779 "floatValue": 3.14,
780 "timestampValue": "A String",
781 "dayOfWeekValue": "A String",
782 "timeValue": { # Represents a time of day. The date and time zone are either not significant
783 # or are specified elsewhere. An API may choose to allow leap seconds. Related
784 # types are google.type.Date and `google.protobuf.Timestamp`.
785 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
786 # to allow the value "24:00:00" for scenarios like business closing time.
787 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
788 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
789 # allow the value 60 if it allows leap-seconds.
790 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
791 },
792 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
793 # and time zone are either specified elsewhere or are not significant. The date
794 # is relative to the Proleptic Gregorian Calendar. This can represent:
795 #
796 # * A full date, with non-zero year, month and day values
797 # * A month and day value, with a zero year, e.g. an anniversary
798 # * A year on its own, with zero month and day values
799 # * A year and month value, with a zero day, e.g. a credit card expiration date
800 #
801 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
802 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
803 # a year.
804 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
805 # if specifying a year by itself or a year and month where the day is not
806 # significant.
807 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
808 # month and day.
809 },
810 "stringValue": "A String",
811 "booleanValue": True or False,
812 "integerValue": "A String",
813 },
814 },
815 ],
816 },
817 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
818 # only supported value is `AND`.
819 },
820 },
821 },
822 ],
823 "fieldTransformations": [ # Transform the record by applying various field transformations.
824 { # The transformation to apply to the field.
825 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
826 # transform content that matches an `InfoType`.
827 # apply various `PrimitiveTransformation`s to each finding, where the
828 # transformation is applied to only values that were identified as a specific
829 # info_type.
830 "transformations": [ # Transformation for each infoType. Cannot specify more than one
831 # for a given infoType. [required]
832 { # A transformation to apply to text that is identified as a specific
833 # info_type.
834 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required]
835 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a
836 # fixed character. Masking can start from the beginning or end of the string.
837 # This can be used on data of any type (numbers, longs, and so on) and when
838 # de-identifying structured data we'll attempt to preserve the original data's
839 # type. (This allows you to take a long like 123 and modify it to a string like
840 # **3.
841 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing.
842 # For example, if your string is 555-555-5555 and you ask us to skip `-` and
843 # mask 5 chars with * we would produce ***-*55-5555.
844 { # Characters to skip when doing deidentification of a value. These will be left
845 # alone and skipped.
846 "commonCharactersToIgnore": "A String",
847 "charactersToSkip": "A String",
848 },
849 ],
850 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
851 # masked. Skipped characters do not count towards this tally.
852 "maskingCharacter": "A String", # Character to mask the sensitive values&mdash;for example, "*" for an
853 # alphabetic string such as name, or "0" for a numeric string such as ZIP
854 # code or credit card number. String must have length 1. If not supplied, we
855 # will default to "*" for strings, 0 for digits.
856 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
857 # '0', number_to_mask is 14, and `reverse_order` is false, then
858 # 1234-5678-9012-3456 -> 00000000000000-3456
859 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order`
860 # is true, then 12345 -> 12***
861 },
862 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation`
863 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
864 # output would be 'My phone number is '.
865 },
866 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given
867 # input. Outputs a base64 encoded representation of the encrypted output.
868 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
869 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
870 # a key encryption key (KEK) stored by KMS).
871 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
872 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
873 # unwrap the data crypto key.
874 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
875 # The wrapped key must be a 128/192/256 bit key.
876 # Authorization requires the following IAM permissions when sending a request
877 # to perform a crypto transformation using a kms-wrapped crypto key:
878 # dlp.kms.encrypt
879 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
880 "wrappedKey": "A String", # The wrapped data crypto key. [required]
881 },
882 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
883 # leaking the key. Choose another type of key if possible.
884 "key": "A String", # A 128/192/256 bit key. [required]
885 },
886 "transient": { # Use this to have a random data crypto key generated.
887 # It will be discarded after the request finishes.
888 "name": "A String", # Name of the key. [required]
889 # This is an arbitrary string used to differentiate different keys.
890 # A unique key is generated per name: two separate `TransientCryptoKey`
891 # protos share the same generated key if their names are the same.
892 # When the data crypto key is generated, this name is not used in any way
893 # (repeating the api call will result in a different key being generated).
894 },
895 },
896 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining
897 # referential integrity such that the same identifier in two different
898 # contexts will be given a distinct surrogate. The context is appended to
899 # plaintext value being encrypted. On decryption the provided context is
900 # validated against the value used during encryption. If a context was
901 # provided during encryption, same context must be provided during decryption
902 # as well.
903 #
904 # If the context is not set, plaintext would be used as is for encryption.
905 # If the context is set but:
906 #
907 # 1. there is no record present when transforming a given value or
908 # 2. the field is not present when transforming a given value,
909 #
910 # plaintext would be used as is for encryption.
911 #
912 # Note that case (1) is expected when an `InfoTypeTransformation` is
913 # applied to both structured and non-structured `ContentItem`s.
914 "name": "A String", # Name describing the field.
915 },
916 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
917 # This annotation will be applied to the surrogate by prefixing it with
918 # the name of the custom info type followed by the number of
919 # characters comprising the surrogate. The following scheme defines the
920 # format: <info type name>(<surrogate character count>):<surrogate>
921 #
922 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
923 # the surrogate is 'abc', the full replacement value
924 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
925 #
926 # This annotation identifies the surrogate when inspecting content using the
927 # custom info type 'Surrogate'. This facilitates reversal of the
928 # surrogate when it occurs in free text.
929 #
930 # In order for inspection to work properly, the name of this info type must
931 # not occur naturally anywhere in your data; otherwise, inspection may either
932 #
933 # - reverse a surrogate that does not correspond to an actual identifier
934 # - be unable to parse the surrogate and result in an error
935 #
936 # Therefore, choose your custom info type name carefully after considering
937 # what your data looks like. One way to select a name that has a high chance
938 # of yielding reliable detection is to include one or more unicode characters
939 # that are highly improbable to exist in your data.
940 # For example, assuming your data is entered from a regular ASCII keyboard,
941 # the symbol with the hex code point 29DD might be used like so:
942 # ⧝MY_TOKEN_TYPE
943 "name": "A String", # Name of the information type. Either a name of your choosing when
944 # creating a CustomInfoType, or one of the names listed
945 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
946 # a built-in type. InfoType names should conform to the pattern
947 # [a-zA-Z0-9_]{1,64}.
948 },
949 },
950 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The
951 # Bucketing transformation can provide all of this functionality,
952 # but requires more configuration. This message is provided as a convenience to
953 # the user for simple bucketing strategies.
954 #
955 # The transformed value will be a hyphenated string of
956 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20
957 # all values that are within this bucket will be replaced with "10-20".
958 #
959 # This can be used on data of type: double, long.
960 #
961 # If the bound Value type differs from the type of data
962 # being transformed, we will first attempt converting the type of the data to
963 # be transformed to match the type of the bound before comparing.
964 #
965 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
966 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are
967 # grouped together into a single bucket; for example if `lower_bound` = 10,
968 # then all values less than 10 are replaced with the value “-10”. [Required].
969 # Note that for the purposes of inspection or transformation, the number
970 # of bytes considered to comprise a 'Value' is based on its representation
971 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
972 # 123456789, the number of bytes would be counted as 9, even though an
973 # int64 only holds up to 8 bytes of data.
974 "floatValue": 3.14,
975 "timestampValue": "A String",
976 "dayOfWeekValue": "A String",
977 "timeValue": { # Represents a time of day. The date and time zone are either not significant
978 # or are specified elsewhere. An API may choose to allow leap seconds. Related
979 # types are google.type.Date and `google.protobuf.Timestamp`.
980 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
981 # to allow the value "24:00:00" for scenarios like business closing time.
982 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
983 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
984 # allow the value 60 if it allows leap-seconds.
985 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
986 },
987 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
988 # and time zone are either specified elsewhere or are not significant. The date
989 # is relative to the Proleptic Gregorian Calendar. This can represent:
990 #
991 # * A full date, with non-zero year, month and day values
992 # * A month and day value, with a zero year, e.g. an anniversary
993 # * A year on its own, with zero month and day values
994 # * A year and month value, with a zero day, e.g. a credit card expiration date
995 #
996 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
997 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
998 # a year.
999 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1000 # if specifying a year by itself or a year and month where the day is not
1001 # significant.
1002 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1003 # month and day.
1004 },
1005 "stringValue": "A String",
1006 "booleanValue": True or False,
1007 "integerValue": "A String",
1008 },
1009 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are
1010 # grouped together into a single bucket; for example if `upper_bound` = 89,
1011 # then all values greater than 89 are replaced with the value “89+”.
1012 # [Required].
1013 # Note that for the purposes of inspection or transformation, the number
1014 # of bytes considered to comprise a 'Value' is based on its representation
1015 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
1016 # 123456789, the number of bytes would be counted as 9, even though an
1017 # int64 only holds up to 8 bytes of data.
1018 "floatValue": 3.14,
1019 "timestampValue": "A String",
1020 "dayOfWeekValue": "A String",
1021 "timeValue": { # Represents a time of day. The date and time zone are either not significant
1022 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1023 # types are google.type.Date and `google.protobuf.Timestamp`.
1024 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1025 # to allow the value "24:00:00" for scenarios like business closing time.
1026 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1027 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1028 # allow the value 60 if it allows leap-seconds.
1029 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
1030 },
1031 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
1032 # and time zone are either specified elsewhere or are not significant. The date
1033 # is relative to the Proleptic Gregorian Calendar. This can represent:
1034 #
1035 # * A full date, with non-zero year, month and day values
1036 # * A month and day value, with a zero year, e.g. an anniversary
1037 # * A year on its own, with zero month and day values
1038 # * A year and month value, with a zero day, e.g. a credit card expiration date
1039 #
1040 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1041 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1042 # a year.
1043 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1044 # if specifying a year by itself or a year and month where the day is not
1045 # significant.
1046 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1047 # month and day.
1048 },
1049 "stringValue": "A String",
1050 "booleanValue": True or False,
1051 "integerValue": "A String",
1052 },
1053 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if
1054 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
1055 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
1056 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required].
1057 },
1058 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type.
1059 },
1060 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a
1061 # portion of the value.
1062 "partToExtract": "A String",
1063 },
1064 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing.
1065 # Uses SHA-256.
1066 # The key size must be either 32 or 64 bytes.
1067 # Outputs a base64 encoded representation of the hashed output
1068 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
1069 # Currently, only string and integer values can be hashed.
1070 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
1071 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
1072 # a key encryption key (KEK) stored by KMS).
1073 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
1074 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
1075 # unwrap the data crypto key.
1076 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
1077 # The wrapped key must be a 128/192/256 bit key.
1078 # Authorization requires the following IAM permissions when sending a request
1079 # to perform a crypto transformation using a kms-wrapped crypto key:
1080 # dlp.kms.encrypt
1081 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
1082 "wrappedKey": "A String", # The wrapped data crypto key. [required]
1083 },
1084 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
1085 # leaking the key. Choose another type of key if possible.
1086 "key": "A String", # A 128/192/256 bit key. [required]
1087 },
1088 "transient": { # Use this to have a random data crypto key generated.
1089 # It will be discarded after the request finishes.
1090 "name": "A String", # Name of the key. [required]
1091 # This is an arbitrary string used to differentiate different keys.
1092 # A unique key is generated per name: two separate `TransientCryptoKey`
1093 # protos share the same generated key if their names are the same.
1094 # When the data crypto key is generated, this name is not used in any way
1095 # (repeating the api call will result in a different key being generated).
1096 },
1097 },
1098 },
1099 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the
1100 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
1101 # to learn more.
1102 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
1103 # results in the same shift for the same context and crypto_key.
1104 # a key encryption key (KEK) stored by KMS).
1105 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
1106 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
1107 # unwrap the data crypto key.
1108 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
1109 # The wrapped key must be a 128/192/256 bit key.
1110 # Authorization requires the following IAM permissions when sending a request
1111 # to perform a crypto transformation using a kms-wrapped crypto key:
1112 # dlp.kms.encrypt
1113 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
1114 "wrappedKey": "A String", # The wrapped data crypto key. [required]
1115 },
1116 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
1117 # leaking the key. Choose another type of key if possible.
1118 "key": "A String", # A 128/192/256 bit key. [required]
1119 },
1120 "transient": { # Use this to have a random data crypto key generated.
1121 # It will be discarded after the request finishes.
1122 "name": "A String", # Name of the key. [required]
1123 # This is an arbitrary string used to differentiate different keys.
1124 # A unique key is generated per name: two separate `TransientCryptoKey`
1125 # protos share the same generated key if their names are the same.
1126 # When the data crypto key is generated, this name is not used in any way
1127 # (repeating the api call will result in a different key being generated).
1128 },
1129 },
1130 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past.
1131 # [Required]
1132 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this
1133 # range (inclusive ends). Negative means shift to earlier in time. Must not
1134 # be more than 365250 days (1000 years) each direction.
1135 #
1136 # For example, 3 means shift date to at most 3 days into the future.
1137 # [Required]
1138 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
1139 # If set, must also set method. If set, shift will be consistent for the
1140 # given context.
1141 "name": "A String", # Name describing the field.
1142 },
1143 },
1144 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and
1145 # replacement values are dynamically provided by the user for custom behavior,
1146 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH
1147 # This can be used on
1148 # data of type: number, long, string, timestamp.
1149 # If the bound `Value` type differs from the type of data being transformed, we
1150 # will first attempt converting the type of the data to be transformed to match
1151 # the type of the bound before comparing.
1152 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
1153 "buckets": [ # Set of buckets. Ranges must be non-overlapping.
1154 { # Bucket is represented as a range, along with replacement values.
1155 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
1156 # Note that for the purposes of inspection or transformation, the number
1157 # of bytes considered to comprise a 'Value' is based on its representation
1158 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
1159 # 123456789, the number of bytes would be counted as 9, even though an
1160 # int64 only holds up to 8 bytes of data.
1161 "floatValue": 3.14,
1162 "timestampValue": "A String",
1163 "dayOfWeekValue": "A String",
1164 "timeValue": { # Represents a time of day. The date and time zone are either not significant
1165 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1166 # types are google.type.Date and `google.protobuf.Timestamp`.
1167 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1168 # to allow the value "24:00:00" for scenarios like business closing time.
1169 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1170 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1171 # allow the value 60 if it allows leap-seconds.
1172 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
1173 },
1174 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
1175 # and time zone are either specified elsewhere or are not significant. The date
1176 # is relative to the Proleptic Gregorian Calendar. This can represent:
1177 #
1178 # * A full date, with non-zero year, month and day values
1179 # * A month and day value, with a zero year, e.g. an anniversary
1180 # * A year on its own, with zero month and day values
1181 # * A year and month value, with a zero day, e.g. a credit card expiration date
1182 #
1183 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1184 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1185 # a year.
1186 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1187 # if specifying a year by itself or a year and month where the day is not
1188 # significant.
1189 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1190 # month and day.
1191 },
1192 "stringValue": "A String",
1193 "booleanValue": True or False,
1194 "integerValue": "A String",
1195 },
1196 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
1197 # the default behavior will be to hyphenate the min-max range.
1198 # Note that for the purposes of inspection or transformation, the number
1199 # of bytes considered to comprise a 'Value' is based on its representation
1200 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
1201 # 123456789, the number of bytes would be counted as 9, even though an
1202 # int64 only holds up to 8 bytes of data.
1203 "floatValue": 3.14,
1204 "timestampValue": "A String",
1205 "dayOfWeekValue": "A String",
1206 "timeValue": { # Represents a time of day. The date and time zone are either not significant
1207 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1208 # types are google.type.Date and `google.protobuf.Timestamp`.
1209 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1210 # to allow the value "24:00:00" for scenarios like business closing time.
1211 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1212 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1213 # allow the value 60 if it allows leap-seconds.
1214 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
1215 },
1216 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
1217 # and time zone are either specified elsewhere or are not significant. The date
1218 # is relative to the Proleptic Gregorian Calendar. This can represent:
1219 #
1220 # * A full date, with non-zero year, month and day values
1221 # * A month and day value, with a zero year, e.g. an anniversary
1222 # * A year on its own, with zero month and day values
1223 # * A year and month value, with a zero day, e.g. a credit card expiration date
1224 #
1225 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1226 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1227 # a year.
1228 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1229 # if specifying a year by itself or a year and month where the day is not
1230 # significant.
1231 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1232 # month and day.
1233 },
1234 "stringValue": "A String",
1235 "booleanValue": True or False,
1236 "integerValue": "A String",
1237 },
1238 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
1239 # used.
1240 # Note that for the purposes of inspection or transformation, the number
1241 # of bytes considered to comprise a 'Value' is based on its representation
1242 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
1243 # 123456789, the number of bytes would be counted as 9, even though an
1244 # int64 only holds up to 8 bytes of data.
1245 "floatValue": 3.14,
1246 "timestampValue": "A String",
1247 "dayOfWeekValue": "A String",
1248 "timeValue": { # Represents a time of day. The date and time zone are either not significant
1249 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1250 # types are google.type.Date and `google.protobuf.Timestamp`.
1251 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1252 # to allow the value "24:00:00" for scenarios like business closing time.
1253 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1254 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1255 # allow the value 60 if it allows leap-seconds.
1256 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
1257 },
1258 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
1259 # and time zone are either specified elsewhere or are not significant. The date
1260 # is relative to the Proleptic Gregorian Calendar. This can represent:
1261 #
1262 # * A full date, with non-zero year, month and day values
1263 # * A month and day value, with a zero year, e.g. an anniversary
1264 # * A year on its own, with zero month and day values
1265 # * A year and month value, with a zero day, e.g. a credit card expiration date
1266 #
1267 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1268 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1269 # a year.
1270 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1271 # if specifying a year by itself or a year and month where the day is not
1272 # significant.
1273 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1274 # month and day.
1275 },
1276 "stringValue": "A String",
1277 "booleanValue": True or False,
1278 "integerValue": "A String",
1279 },
1280 },
1281 ],
1282 },
1283 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption
1284 # (FPE) with the FFX mode of operation; however when used in the
1285 # `ReidentifyContent` API method, it serves the opposite function by reversing
1286 # the surrogate back into the original identifier. The identifier must be
1287 # encoded as ASCII. For a given crypto key and context, the same identifier
1288 # will be replaced with the same surrogate. Identifiers must be at least two
1289 # characters long. In the case that the identifier is the empty string, it will
1290 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
1291 # more.
1292 #
1293 # Note: We recommend using CryptoDeterministicConfig for all use cases which
1294 # do not require preserving the input alphabet space and size, plus warrant
1295 # referential integrity.
1296 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required]
1297 # a key encryption key (KEK) stored by KMS).
1298 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
1299 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
1300 # unwrap the data crypto key.
1301 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
1302 # The wrapped key must be a 128/192/256 bit key.
1303 # Authorization requires the following IAM permissions when sending a request
1304 # to perform a crypto transformation using a kms-wrapped crypto key:
1305 # dlp.kms.encrypt
1306 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
1307 "wrappedKey": "A String", # The wrapped data crypto key. [required]
1308 },
1309 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
1310 # leaking the key. Choose another type of key if possible.
1311 "key": "A String", # A 128/192/256 bit key. [required]
1312 },
1313 "transient": { # Use this to have a random data crypto key generated.
1314 # It will be discarded after the request finishes.
1315 "name": "A String", # Name of the key. [required]
1316 # This is an arbitrary string used to differentiate different keys.
1317 # A unique key is generated per name: two separate `TransientCryptoKey`
1318 # protos share the same generated key if their names are the same.
1319 # When the data crypto key is generated, this name is not used in any way
1320 # (repeating the api call will result in a different key being generated).
1321 },
1322 },
1323 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62].
1324 "commonAlphabet": "A String",
1325 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
1326 # that the FFX mode natively supports. This happens before/after
1327 # encryption/decryption.
1328 # Each character listed must appear only once.
1329 # Number of characters must be in the range [2, 62].
1330 # This must be encoded as ASCII.
1331 # The order of characters does not matter.
1332 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
1333 # identifier in two different contexts won't be given the same surrogate. If
1334 # the context is not set, a default tweak will be used.
1335 #
1336 # If the context is set but:
1337 #
1338 # 1. there is no record present when transforming a given value or
1339 # 1. the field is not present when transforming a given value,
1340 #
1341 # a default tweak will be used.
1342 #
1343 # Note that case (1) is expected when an `InfoTypeTransformation` is
1344 # applied to both structured and non-structured `ContentItem`s.
1345 # Currently, the referenced field may be of value type integer or string.
1346 #
1347 # The tweak is constructed as a sequence of bytes in big endian byte order
1348 # such that:
1349 #
1350 # - a 64 bit integer is encoded followed by a single byte of value 1
1351 # - a string is encoded in UTF-8 format followed by a single byte of value 2
1352 "name": "A String", # Name describing the field.
1353 },
1354 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
1355 # This annotation will be applied to the surrogate by prefixing it with
1356 # the name of the custom infoType followed by the number of
1357 # characters comprising the surrogate. The following scheme defines the
1358 # format: info_type_name(surrogate_character_count):surrogate
1359 #
1360 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
1361 # the surrogate is 'abc', the full replacement value
1362 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
1363 #
1364 # This annotation identifies the surrogate when inspecting content using the
1365 # custom infoType
1366 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
1367 # This facilitates reversal of the surrogate when it occurs in free text.
1368 #
1369 # In order for inspection to work properly, the name of this infoType must
1370 # not occur naturally anywhere in your data; otherwise, inspection may
1371 # find a surrogate that does not correspond to an actual identifier.
1372 # Therefore, choose your custom infoType name carefully after considering
1373 # what your data looks like. One way to select a name that has a high chance
1374 # of yielding reliable detection is to include one or more unicode characters
1375 # that are highly improbable to exist in your data.
1376 # For example, assuming your data is entered from a regular ASCII keyboard,
1377 # the symbol with the hex code point 29DD might be used like so:
1378 # ⧝MY_TOKEN_TYPE
1379 "name": "A String", # Name of the information type. Either a name of your choosing when
1380 # creating a CustomInfoType, or one of the names listed
1381 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
1382 # a built-in type. InfoType names should conform to the pattern
1383 # [a-zA-Z0-9_]{1,64}.
1384 },
1385 },
1386 "replaceConfig": { # Replace each input value with a given `Value`.
1387 "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
1388 # Note that for the purposes of inspection or transformation, the number
1389 # of bytes considered to comprise a 'Value' is based on its representation
1390 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
1391 # 123456789, the number of bytes would be counted as 9, even though an
1392 # int64 only holds up to 8 bytes of data.
1393 "floatValue": 3.14,
1394 "timestampValue": "A String",
1395 "dayOfWeekValue": "A String",
1396 "timeValue": { # Represents a time of day. The date and time zone are either not significant
1397 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1398 # types are google.type.Date and `google.protobuf.Timestamp`.
1399 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1400 # to allow the value "24:00:00" for scenarios like business closing time.
1401 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1402 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1403 # allow the value 60 if it allows leap-seconds.
1404 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
1405 },
1406 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
1407 # and time zone are either specified elsewhere or are not significant. The date
1408 # is relative to the Proleptic Gregorian Calendar. This can represent:
1409 #
1410 # * A full date, with non-zero year, month and day values
1411 # * A month and day value, with a zero year, e.g. an anniversary
1412 # * A year on its own, with zero month and day values
1413 # * A year and month value, with a zero day, e.g. a credit card expiration date
1414 #
1415 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1416 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1417 # a year.
1418 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1419 # if specifying a year by itself or a year and month where the day is not
1420 # significant.
1421 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1422 # month and day.
1423 },
1424 "stringValue": "A String",
1425 "booleanValue": True or False,
1426 "integerValue": "A String",
1427 },
1428 },
1429 },
1430 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
1431 # this transformation to apply to all findings that correspond to
1432 # infoTypes that were requested in `InspectConfig`.
1433 { # Type of information detected by the API.
1434 "name": "A String", # Name of the information type. Either a name of your choosing when
1435 # creating a CustomInfoType, or one of the names listed
1436 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
1437 # a built-in type. InfoType names should conform to the pattern
1438 # [a-zA-Z0-9_]{1,64}.
1439 },
1440 ],
1441 },
1442 ],
1443 },
1444 "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.
1445 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a
1446 # fixed character. Masking can start from the beginning or end of the string.
1447 # This can be used on data of any type (numbers, longs, and so on) and when
1448 # de-identifying structured data we'll attempt to preserve the original data's
1449 # type. (This allows you to take a long like 123 and modify it to a string like
1450 # **3.
1451 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing.
1452 # For example, if your string is 555-555-5555 and you ask us to skip `-` and
1453 # mask 5 chars with * we would produce ***-*55-5555.
1454 { # Characters to skip when doing deidentification of a value. These will be left
1455 # alone and skipped.
1456 "commonCharactersToIgnore": "A String",
1457 "charactersToSkip": "A String",
1458 },
1459 ],
1460 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
1461 # masked. Skipped characters do not count towards this tally.
1462 "maskingCharacter": "A String", # Character to mask the sensitive values&mdash;for example, "*" for an
1463 # alphabetic string such as name, or "0" for a numeric string such as ZIP
1464 # code or credit card number. String must have length 1. If not supplied, we
1465 # will default to "*" for strings, 0 for digits.
1466 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
1467 # '0', number_to_mask is 14, and `reverse_order` is false, then
1468 # 1234-5678-9012-3456 -> 00000000000000-3456
1469 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order`
1470 # is true, then 12345 -> 12***
1471 },
1472 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation`
1473 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
1474 # output would be 'My phone number is '.
1475 },
1476 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given
1477 # input. Outputs a base64 encoded representation of the encrypted output.
1478 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
1479 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
1480 # a key encryption key (KEK) stored by KMS).
1481 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
1482 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
1483 # unwrap the data crypto key.
1484 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
1485 # The wrapped key must be a 128/192/256 bit key.
1486 # Authorization requires the following IAM permissions when sending a request
1487 # to perform a crypto transformation using a kms-wrapped crypto key:
1488 # dlp.kms.encrypt
1489 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
1490 "wrappedKey": "A String", # The wrapped data crypto key. [required]
1491 },
1492 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
1493 # leaking the key. Choose another type of key if possible.
1494 "key": "A String", # A 128/192/256 bit key. [required]
1495 },
1496 "transient": { # Use this to have a random data crypto key generated.
1497 # It will be discarded after the request finishes.
1498 "name": "A String", # Name of the key. [required]
1499 # This is an arbitrary string used to differentiate different keys.
1500 # A unique key is generated per name: two separate `TransientCryptoKey`
1501 # protos share the same generated key if their names are the same.
1502 # When the data crypto key is generated, this name is not used in any way
1503 # (repeating the api call will result in a different key being generated).
1504 },
1505 },
1506 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining
1507 # referential integrity such that the same identifier in two different
1508 # contexts will be given a distinct surrogate. The context is appended to
1509 # plaintext value being encrypted. On decryption the provided context is
1510 # validated against the value used during encryption. If a context was
1511 # provided during encryption, same context must be provided during decryption
1512 # as well.
1513 #
1514 # If the context is not set, plaintext would be used as is for encryption.
1515 # If the context is set but:
1516 #
1517 # 1. there is no record present when transforming a given value or
1518 # 2. the field is not present when transforming a given value,
1519 #
1520 # plaintext would be used as is for encryption.
1521 #
1522 # Note that case (1) is expected when an `InfoTypeTransformation` is
1523 # applied to both structured and non-structured `ContentItem`s.
1524 "name": "A String", # Name describing the field.
1525 },
1526 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
1527 # This annotation will be applied to the surrogate by prefixing it with
1528 # the name of the custom info type followed by the number of
1529 # characters comprising the surrogate. The following scheme defines the
1530 # format: <info type name>(<surrogate character count>):<surrogate>
1531 #
1532 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
1533 # the surrogate is 'abc', the full replacement value
1534 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
1535 #
1536 # This annotation identifies the surrogate when inspecting content using the
1537 # custom info type 'Surrogate'. This facilitates reversal of the
1538 # surrogate when it occurs in free text.
1539 #
1540 # In order for inspection to work properly, the name of this info type must
1541 # not occur naturally anywhere in your data; otherwise, inspection may either
1542 #
1543 # - reverse a surrogate that does not correspond to an actual identifier
1544 # - be unable to parse the surrogate and result in an error
1545 #
1546 # Therefore, choose your custom info type name carefully after considering
1547 # what your data looks like. One way to select a name that has a high chance
1548 # of yielding reliable detection is to include one or more unicode characters
1549 # that are highly improbable to exist in your data.
1550 # For example, assuming your data is entered from a regular ASCII keyboard,
1551 # the symbol with the hex code point 29DD might be used like so:
1552 # ⧝MY_TOKEN_TYPE
1553 "name": "A String", # Name of the information type. Either a name of your choosing when
1554 # creating a CustomInfoType, or one of the names listed
1555 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
1556 # a built-in type. InfoType names should conform to the pattern
1557 # [a-zA-Z0-9_]{1,64}.
1558 },
1559 },
1560 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The
1561 # Bucketing transformation can provide all of this functionality,
1562 # but requires more configuration. This message is provided as a convenience to
1563 # the user for simple bucketing strategies.
1564 #
1565 # The transformed value will be a hyphenated string of
1566 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20
1567 # all values that are within this bucket will be replaced with "10-20".
1568 #
1569 # This can be used on data of type: double, long.
1570 #
1571 # If the bound Value type differs from the type of data
1572 # being transformed, we will first attempt converting the type of the data to
1573 # be transformed to match the type of the bound before comparing.
1574 #
1575 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
1576 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are
1577 # grouped together into a single bucket; for example if `lower_bound` = 10,
1578 # then all values less than 10 are replaced with the value “-10”. [Required].
1579 # Note that for the purposes of inspection or transformation, the number
1580 # of bytes considered to comprise a 'Value' is based on its representation
1581 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
1582 # 123456789, the number of bytes would be counted as 9, even though an
1583 # int64 only holds up to 8 bytes of data.
1584 "floatValue": 3.14,
1585 "timestampValue": "A String",
1586 "dayOfWeekValue": "A String",
1587 "timeValue": { # Represents a time of day. The date and time zone are either not significant
1588 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1589 # types are google.type.Date and `google.protobuf.Timestamp`.
1590 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1591 # to allow the value "24:00:00" for scenarios like business closing time.
1592 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1593 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1594 # allow the value 60 if it allows leap-seconds.
1595 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
1596 },
1597 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
1598 # and time zone are either specified elsewhere or are not significant. The date
1599 # is relative to the Proleptic Gregorian Calendar. This can represent:
1600 #
1601 # * A full date, with non-zero year, month and day values
1602 # * A month and day value, with a zero year, e.g. an anniversary
1603 # * A year on its own, with zero month and day values
1604 # * A year and month value, with a zero day, e.g. a credit card expiration date
1605 #
1606 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1607 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1608 # a year.
1609 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1610 # if specifying a year by itself or a year and month where the day is not
1611 # significant.
1612 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1613 # month and day.
1614 },
1615 "stringValue": "A String",
1616 "booleanValue": True or False,
1617 "integerValue": "A String",
1618 },
1619 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are
1620 # grouped together into a single bucket; for example if `upper_bound` = 89,
1621 # then all values greater than 89 are replaced with the value “89+”.
1622 # [Required].
1623 # Note that for the purposes of inspection or transformation, the number
1624 # of bytes considered to comprise a 'Value' is based on its representation
1625 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
1626 # 123456789, the number of bytes would be counted as 9, even though an
1627 # int64 only holds up to 8 bytes of data.
1628 "floatValue": 3.14,
1629 "timestampValue": "A String",
1630 "dayOfWeekValue": "A String",
1631 "timeValue": { # Represents a time of day. The date and time zone are either not significant
1632 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1633 # types are google.type.Date and `google.protobuf.Timestamp`.
1634 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1635 # to allow the value "24:00:00" for scenarios like business closing time.
1636 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1637 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1638 # allow the value 60 if it allows leap-seconds.
1639 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
1640 },
1641 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
1642 # and time zone are either specified elsewhere or are not significant. The date
1643 # is relative to the Proleptic Gregorian Calendar. This can represent:
1644 #
1645 # * A full date, with non-zero year, month and day values
1646 # * A month and day value, with a zero year, e.g. an anniversary
1647 # * A year on its own, with zero month and day values
1648 # * A year and month value, with a zero day, e.g. a credit card expiration date
1649 #
1650 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1651 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1652 # a year.
1653 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1654 # if specifying a year by itself or a year and month where the day is not
1655 # significant.
1656 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1657 # month and day.
1658 },
1659 "stringValue": "A String",
1660 "booleanValue": True or False,
1661 "integerValue": "A String",
1662 },
1663 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if
1664 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
1665 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
1666 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required].
1667 },
1668 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type.
1669 },
1670 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a
1671 # portion of the value.
1672 "partToExtract": "A String",
1673 },
1674 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing.
1675 # Uses SHA-256.
1676 # The key size must be either 32 or 64 bytes.
1677 # Outputs a base64 encoded representation of the hashed output
1678 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
1679 # Currently, only string and integer values can be hashed.
1680 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
1681 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
1682 # a key encryption key (KEK) stored by KMS).
1683 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
1684 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
1685 # unwrap the data crypto key.
1686 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
1687 # The wrapped key must be a 128/192/256 bit key.
1688 # Authorization requires the following IAM permissions when sending a request
1689 # to perform a crypto transformation using a kms-wrapped crypto key:
1690 # dlp.kms.encrypt
1691 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
1692 "wrappedKey": "A String", # The wrapped data crypto key. [required]
1693 },
1694 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
1695 # leaking the key. Choose another type of key if possible.
1696 "key": "A String", # A 128/192/256 bit key. [required]
1697 },
1698 "transient": { # Use this to have a random data crypto key generated.
1699 # It will be discarded after the request finishes.
1700 "name": "A String", # Name of the key. [required]
1701 # This is an arbitrary string used to differentiate different keys.
1702 # A unique key is generated per name: two separate `TransientCryptoKey`
1703 # protos share the same generated key if their names are the same.
1704 # When the data crypto key is generated, this name is not used in any way
1705 # (repeating the api call will result in a different key being generated).
1706 },
1707 },
1708 },
1709 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the
1710 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
1711 # to learn more.
1712 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
1713 # results in the same shift for the same context and crypto_key.
1714 # a key encryption key (KEK) stored by KMS).
1715 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
1716 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
1717 # unwrap the data crypto key.
1718 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
1719 # The wrapped key must be a 128/192/256 bit key.
1720 # Authorization requires the following IAM permissions when sending a request
1721 # to perform a crypto transformation using a kms-wrapped crypto key:
1722 # dlp.kms.encrypt
1723 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
1724 "wrappedKey": "A String", # The wrapped data crypto key. [required]
1725 },
1726 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
1727 # leaking the key. Choose another type of key if possible.
1728 "key": "A String", # A 128/192/256 bit key. [required]
1729 },
1730 "transient": { # Use this to have a random data crypto key generated.
1731 # It will be discarded after the request finishes.
1732 "name": "A String", # Name of the key. [required]
1733 # This is an arbitrary string used to differentiate different keys.
1734 # A unique key is generated per name: two separate `TransientCryptoKey`
1735 # protos share the same generated key if their names are the same.
1736 # When the data crypto key is generated, this name is not used in any way
1737 # (repeating the api call will result in a different key being generated).
1738 },
1739 },
1740 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past.
1741 # [Required]
1742 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this
1743 # range (inclusive ends). Negative means shift to earlier in time. Must not
1744 # be more than 365250 days (1000 years) each direction.
1745 #
1746 # For example, 3 means shift date to at most 3 days into the future.
1747 # [Required]
1748 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
1749 # If set, must also set method. If set, shift will be consistent for the
1750 # given context.
1751 "name": "A String", # Name describing the field.
1752 },
1753 },
1754 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and
1755 # replacement values are dynamically provided by the user for custom behavior,
1756 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH
1757 # This can be used on
1758 # data of type: number, long, string, timestamp.
1759 # If the bound `Value` type differs from the type of data being transformed, we
1760 # will first attempt converting the type of the data to be transformed to match
1761 # the type of the bound before comparing.
1762 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
1763 "buckets": [ # Set of buckets. Ranges must be non-overlapping.
1764 { # Bucket is represented as a range, along with replacement values.
1765 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
1766 # Note that for the purposes of inspection or transformation, the number
1767 # of bytes considered to comprise a 'Value' is based on its representation
1768 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
1769 # 123456789, the number of bytes would be counted as 9, even though an
1770 # int64 only holds up to 8 bytes of data.
1771 "floatValue": 3.14,
1772 "timestampValue": "A String",
1773 "dayOfWeekValue": "A String",
1774 "timeValue": { # Represents a time of day. The date and time zone are either not significant
1775 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1776 # types are google.type.Date and `google.protobuf.Timestamp`.
1777 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1778 # to allow the value "24:00:00" for scenarios like business closing time.
1779 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1780 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1781 # allow the value 60 if it allows leap-seconds.
1782 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
1783 },
1784 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
1785 # and time zone are either specified elsewhere or are not significant. The date
1786 # is relative to the Proleptic Gregorian Calendar. This can represent:
1787 #
1788 # * A full date, with non-zero year, month and day values
1789 # * A month and day value, with a zero year, e.g. an anniversary
1790 # * A year on its own, with zero month and day values
1791 # * A year and month value, with a zero day, e.g. a credit card expiration date
1792 #
1793 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1794 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1795 # a year.
1796 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1797 # if specifying a year by itself or a year and month where the day is not
1798 # significant.
1799 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1800 # month and day.
1801 },
1802 "stringValue": "A String",
1803 "booleanValue": True or False,
1804 "integerValue": "A String",
1805 },
1806 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
1807 # the default behavior will be to hyphenate the min-max range.
1808 # Note that for the purposes of inspection or transformation, the number
1809 # of bytes considered to comprise a 'Value' is based on its representation
1810 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
1811 # 123456789, the number of bytes would be counted as 9, even though an
1812 # int64 only holds up to 8 bytes of data.
1813 "floatValue": 3.14,
1814 "timestampValue": "A String",
1815 "dayOfWeekValue": "A String",
1816 "timeValue": { # Represents a time of day. The date and time zone are either not significant
1817 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1818 # types are google.type.Date and `google.protobuf.Timestamp`.
1819 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1820 # to allow the value "24:00:00" for scenarios like business closing time.
1821 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1822 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1823 # allow the value 60 if it allows leap-seconds.
1824 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
1825 },
1826 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
1827 # and time zone are either specified elsewhere or are not significant. The date
1828 # is relative to the Proleptic Gregorian Calendar. This can represent:
1829 #
1830 # * A full date, with non-zero year, month and day values
1831 # * A month and day value, with a zero year, e.g. an anniversary
1832 # * A year on its own, with zero month and day values
1833 # * A year and month value, with a zero day, e.g. a credit card expiration date
1834 #
1835 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1836 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1837 # a year.
1838 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1839 # if specifying a year by itself or a year and month where the day is not
1840 # significant.
1841 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1842 # month and day.
1843 },
1844 "stringValue": "A String",
1845 "booleanValue": True or False,
1846 "integerValue": "A String",
1847 },
1848 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
1849 # used.
1850 # Note that for the purposes of inspection or transformation, the number
1851 # of bytes considered to comprise a 'Value' is based on its representation
1852 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
1853 # 123456789, the number of bytes would be counted as 9, even though an
1854 # int64 only holds up to 8 bytes of data.
1855 "floatValue": 3.14,
1856 "timestampValue": "A String",
1857 "dayOfWeekValue": "A String",
1858 "timeValue": { # Represents a time of day. The date and time zone are either not significant
1859 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1860 # types are google.type.Date and `google.protobuf.Timestamp`.
1861 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1862 # to allow the value "24:00:00" for scenarios like business closing time.
1863 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1864 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1865 # allow the value 60 if it allows leap-seconds.
1866 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
1867 },
1868 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
1869 # and time zone are either specified elsewhere or are not significant. The date
1870 # is relative to the Proleptic Gregorian Calendar. This can represent:
1871 #
1872 # * A full date, with non-zero year, month and day values
1873 # * A month and day value, with a zero year, e.g. an anniversary
1874 # * A year on its own, with zero month and day values
1875 # * A year and month value, with a zero day, e.g. a credit card expiration date
1876 #
1877 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1878 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1879 # a year.
1880 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1881 # if specifying a year by itself or a year and month where the day is not
1882 # significant.
1883 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1884 # month and day.
1885 },
1886 "stringValue": "A String",
1887 "booleanValue": True or False,
1888 "integerValue": "A String",
1889 },
1890 },
1891 ],
1892 },
1893 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption
1894 # (FPE) with the FFX mode of operation; however when used in the
1895 # `ReidentifyContent` API method, it serves the opposite function by reversing
1896 # the surrogate back into the original identifier. The identifier must be
1897 # encoded as ASCII. For a given crypto key and context, the same identifier
1898 # will be replaced with the same surrogate. Identifiers must be at least two
1899 # characters long. In the case that the identifier is the empty string, it will
1900 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
1901 # more.
1902 #
1903 # Note: We recommend using CryptoDeterministicConfig for all use cases which
1904 # do not require preserving the input alphabet space and size, plus warrant
1905 # referential integrity.
1906 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required]
1907 # a key encryption key (KEK) stored by KMS).
1908 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
1909 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
1910 # unwrap the data crypto key.
1911 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
1912 # The wrapped key must be a 128/192/256 bit key.
1913 # Authorization requires the following IAM permissions when sending a request
1914 # to perform a crypto transformation using a kms-wrapped crypto key:
1915 # dlp.kms.encrypt
1916 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
1917 "wrappedKey": "A String", # The wrapped data crypto key. [required]
1918 },
1919 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
1920 # leaking the key. Choose another type of key if possible.
1921 "key": "A String", # A 128/192/256 bit key. [required]
1922 },
1923 "transient": { # Use this to have a random data crypto key generated.
1924 # It will be discarded after the request finishes.
1925 "name": "A String", # Name of the key. [required]
1926 # This is an arbitrary string used to differentiate different keys.
1927 # A unique key is generated per name: two separate `TransientCryptoKey`
1928 # protos share the same generated key if their names are the same.
1929 # When the data crypto key is generated, this name is not used in any way
1930 # (repeating the api call will result in a different key being generated).
1931 },
1932 },
1933 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62].
1934 "commonAlphabet": "A String",
1935 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
1936 # that the FFX mode natively supports. This happens before/after
1937 # encryption/decryption.
1938 # Each character listed must appear only once.
1939 # Number of characters must be in the range [2, 62].
1940 # This must be encoded as ASCII.
1941 # The order of characters does not matter.
1942 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
1943 # identifier in two different contexts won't be given the same surrogate. If
1944 # the context is not set, a default tweak will be used.
1945 #
1946 # If the context is set but:
1947 #
1948 # 1. there is no record present when transforming a given value or
1949 # 1. the field is not present when transforming a given value,
1950 #
1951 # a default tweak will be used.
1952 #
1953 # Note that case (1) is expected when an `InfoTypeTransformation` is
1954 # applied to both structured and non-structured `ContentItem`s.
1955 # Currently, the referenced field may be of value type integer or string.
1956 #
1957 # The tweak is constructed as a sequence of bytes in big endian byte order
1958 # such that:
1959 #
1960 # - a 64 bit integer is encoded followed by a single byte of value 1
1961 # - a string is encoded in UTF-8 format followed by a single byte of value 2
1962 "name": "A String", # Name describing the field.
1963 },
1964 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
1965 # This annotation will be applied to the surrogate by prefixing it with
1966 # the name of the custom infoType followed by the number of
1967 # characters comprising the surrogate. The following scheme defines the
1968 # format: info_type_name(surrogate_character_count):surrogate
1969 #
1970 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
1971 # the surrogate is 'abc', the full replacement value
1972 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
1973 #
1974 # This annotation identifies the surrogate when inspecting content using the
1975 # custom infoType
1976 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
1977 # This facilitates reversal of the surrogate when it occurs in free text.
1978 #
1979 # In order for inspection to work properly, the name of this infoType must
1980 # not occur naturally anywhere in your data; otherwise, inspection may
1981 # find a surrogate that does not correspond to an actual identifier.
1982 # Therefore, choose your custom infoType name carefully after considering
1983 # what your data looks like. One way to select a name that has a high chance
1984 # of yielding reliable detection is to include one or more unicode characters
1985 # that are highly improbable to exist in your data.
1986 # For example, assuming your data is entered from a regular ASCII keyboard,
1987 # the symbol with the hex code point 29DD might be used like so:
1988 # ⧝MY_TOKEN_TYPE
1989 "name": "A String", # Name of the information type. Either a name of your choosing when
1990 # creating a CustomInfoType, or one of the names listed
1991 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
1992 # a built-in type. InfoType names should conform to the pattern
1993 # [a-zA-Z0-9_]{1,64}.
1994 },
1995 },
1996 "replaceConfig": { # Replace each input value with a given `Value`.
1997 "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
1998 # Note that for the purposes of inspection or transformation, the number
1999 # of bytes considered to comprise a 'Value' is based on its representation
2000 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
2001 # 123456789, the number of bytes would be counted as 9, even though an
2002 # int64 only holds up to 8 bytes of data.
2003 "floatValue": 3.14,
2004 "timestampValue": "A String",
2005 "dayOfWeekValue": "A String",
2006 "timeValue": { # Represents a time of day. The date and time zone are either not significant
2007 # or are specified elsewhere. An API may choose to allow leap seconds. Related
2008 # types are google.type.Date and `google.protobuf.Timestamp`.
2009 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
2010 # to allow the value "24:00:00" for scenarios like business closing time.
2011 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2012 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
2013 # allow the value 60 if it allows leap-seconds.
2014 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
2015 },
2016 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
2017 # and time zone are either specified elsewhere or are not significant. The date
2018 # is relative to the Proleptic Gregorian Calendar. This can represent:
2019 #
2020 # * A full date, with non-zero year, month and day values
2021 # * A month and day value, with a zero year, e.g. an anniversary
2022 # * A year on its own, with zero month and day values
2023 # * A year and month value, with a zero day, e.g. a credit card expiration date
2024 #
2025 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
2026 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
2027 # a year.
2028 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
2029 # if specifying a year by itself or a year and month where the day is not
2030 # significant.
2031 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
2032 # month and day.
2033 },
2034 "stringValue": "A String",
2035 "booleanValue": True or False,
2036 "integerValue": "A String",
2037 },
2038 },
2039 },
2040 "condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
2041 # given `RecordCondition`. The conditions are allowed to reference fields
2042 # that are not used in the actual transformation. [optional]
2043 #
2044 # Example Use Cases:
2045 #
2046 # - Apply a different bucket transformation to an age column if the zip code
2047 # column for the same record is within a specific range.
2048 # - Redact a field if the date of birth field is greater than 85.
2049 # a field.
2050 "expressions": { # An expression, consisting or an operator and conditions. # An expression.
2051 "conditions": { # A collection of conditions.
2052 "conditions": [
2053 { # The field type of `value` and `field` do not need to match to be
2054 # considered equal, but not all comparisons are possible.
2055 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
2056 # but all other comparisons are invalid with incompatible types.
2057 # A `value` of type:
2058 #
2059 # - `string` can be compared against all other types
2060 # - `boolean` can only be compared against other booleans
2061 # - `integer` can be compared against doubles or a string if the string value
2062 # can be parsed as an integer.
2063 # - `double` can be compared against integers or a string if the string can
2064 # be parsed as a double.
2065 # - `Timestamp` can be compared against strings in RFC 3339 date string
2066 # format.
2067 # - `TimeOfDay` can be compared against timestamps and strings in the format
2068 # of 'HH:mm:ss'.
2069 #
2070 # If we fail to compare do to type mismatch, a warning will be given and
2071 # the condition will evaluate to false.
2072 "operator": "A String", # Operator used to compare the field or infoType to the value. [required]
2073 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required]
2074 "name": "A String", # Name describing the field.
2075 },
2076 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.]
2077 # Note that for the purposes of inspection or transformation, the number
2078 # of bytes considered to comprise a 'Value' is based on its representation
2079 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
2080 # 123456789, the number of bytes would be counted as 9, even though an
2081 # int64 only holds up to 8 bytes of data.
2082 "floatValue": 3.14,
2083 "timestampValue": "A String",
2084 "dayOfWeekValue": "A String",
2085 "timeValue": { # Represents a time of day. The date and time zone are either not significant
2086 # or are specified elsewhere. An API may choose to allow leap seconds. Related
2087 # types are google.type.Date and `google.protobuf.Timestamp`.
2088 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
2089 # to allow the value "24:00:00" for scenarios like business closing time.
2090 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2091 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
2092 # allow the value 60 if it allows leap-seconds.
2093 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
2094 },
2095 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
2096 # and time zone are either specified elsewhere or are not significant. The date
2097 # is relative to the Proleptic Gregorian Calendar. This can represent:
2098 #
2099 # * A full date, with non-zero year, month and day values
2100 # * A month and day value, with a zero year, e.g. an anniversary
2101 # * A year on its own, with zero month and day values
2102 # * A year and month value, with a zero day, e.g. a credit card expiration date
2103 #
2104 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
2105 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
2106 # a year.
2107 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
2108 # if specifying a year by itself or a year and month where the day is not
2109 # significant.
2110 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
2111 # month and day.
2112 },
2113 "stringValue": "A String",
2114 "booleanValue": True or False,
2115 "integerValue": "A String",
2116 },
2117 },
2118 ],
2119 },
2120 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
2121 # only supported value is `AND`.
2122 },
2123 },
2124 "fields": [ # Input field(s) to apply the transformation to. [required]
2125 { # General identifier of a data field in a storage service.
2126 "name": "A String", # Name describing the field.
2127 },
2128 ],
2129 },
2130 ],
2131 },
2132 },
2133 "inspectConfig": { # Configuration description of the scanning process. # Configuration for the inspector.
2134 # Items specified here will override the template referenced by the
2135 # inspect_template_name argument.
2136 # When used with redactContent only info_types and min_likelihood are currently
2137 # used.
2138 "excludeInfoTypes": True or False, # When true, excludes type information of the findings.
2139 "limits": {
2140 "maxFindingsPerRequest": 42, # Max number of findings that will be returned per request/job.
2141 # When set within `InspectContentRequest`, the maximum returned is 2000
2142 # regardless if this is set higher.
2143 "maxFindingsPerInfoType": [ # Configuration of findings limit given for specified infoTypes.
2144 { # Max findings configuration per infoType, per content item or long
2145 # running DlpJob.
2146 "infoType": { # Type of information detected by the API. # Type of information the findings limit applies to. Only one limit per
2147 # info_type should be provided. If InfoTypeLimit does not have an
2148 # info_type, the DLP API applies the limit against all info_types that
2149 # are found but not specified in another InfoTypeLimit.
2150 "name": "A String", # Name of the information type. Either a name of your choosing when
2151 # creating a CustomInfoType, or one of the names listed
2152 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
2153 # a built-in type. InfoType names should conform to the pattern
2154 # [a-zA-Z0-9_]{1,64}.
2155 },
2156 "maxFindings": 42, # Max findings limit for the given infoType.
2157 },
2158 ],
2159 "maxFindingsPerItem": 42, # Max number of findings that will be returned for each item scanned.
2160 # When set within `InspectDataSourceRequest`,
2161 # the maximum returned is 2000 regardless if this is set higher.
2162 # When set within `InspectContentRequest`, this field is ignored.
2163 },
2164 "minLikelihood": "A String", # Only returns findings equal or above this threshold. The default is
2165 # POSSIBLE.
2166 # See https://cloud.google.com/dlp/docs/likelihood to learn more.
2167 "customInfoTypes": [ # CustomInfoTypes provided by the user. See
2168 # https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.
2169 { # Custom information type provided by the user. Used to find domain-specific
2170 # sensitive information configurable to the data in question.
2171 "regex": { # Message defining a custom regular expression. # Regular expression based CustomInfoType.
2172 "pattern": "A String", # Pattern defining the regular expression. Its syntax
2173 # (https://github.com/google/re2/wiki/Syntax) can be found under the
2174 # google/re2 repository on GitHub.
2175 "groupIndexes": [ # The index of the submatch to extract as findings. When not
2176 # specified, the entire match is returned. No more than 3 may be included.
2177 42,
2178 ],
2179 },
2180 "surrogateType": { # Message for detecting output from deidentification transformations # Message for detecting output from deidentification transformations that
2181 # support reversing.
2182 # such as
2183 # [`CryptoReplaceFfxFpeConfig`](/dlp/docs/reference/rest/v2/organizations.deidentifyTemplates#cryptoreplaceffxfpeconfig).
2184 # These types of transformations are
2185 # those that perform pseudonymization, thereby producing a "surrogate" as
2186 # output. This should be used in conjunction with a field on the
2187 # transformation such as `surrogate_info_type`. This CustomInfoType does
2188 # not support the use of `detection_rules`.
2189 },
2190 "infoType": { # Type of information detected by the API. # CustomInfoType can either be a new infoType, or an extension of built-in
2191 # infoType, when the name matches one of existing infoTypes and that infoType
2192 # is specified in `InspectContent.info_types` field. Specifying the latter
2193 # adds findings to the one detected by the system. If built-in info type is
2194 # not specified in `InspectContent.info_types` list then the name is treated
2195 # as a custom info type.
2196 "name": "A String", # Name of the information type. Either a name of your choosing when
2197 # creating a CustomInfoType, or one of the names listed
2198 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
2199 # a built-in type. InfoType names should conform to the pattern
2200 # [a-zA-Z0-9_]{1,64}.
2201 },
2202 "dictionary": { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType.
2203 # be used to match sensitive information specific to the data, such as a list
2204 # of employee IDs or job titles.
2205 #
2206 # Dictionary words are case-insensitive and all characters other than letters
2207 # and digits in the unicode [Basic Multilingual
2208 # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane)
2209 # will be replaced with whitespace when scanning for matches, so the
2210 # dictionary phrase "Sam Johnson" will match all three phrases "sam johnson",
2211 # "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters
2212 # surrounding any match must be of a different type than the adjacent
2213 # characters within the word, so letters must be next to non-letters and
2214 # digits next to non-digits. For example, the dictionary word "jen" will
2215 # match the first three letters of the text "jen123" but will return no
2216 # matches for "jennifer".
2217 #
2218 # Dictionary words containing a large number of characters that are not
2219 # letters or digits may result in unexpected findings because such characters
2220 # are treated as whitespace. The
2221 # [limits](https://cloud.google.com/dlp/limits) page contains details about
2222 # the size limits of dictionaries. For dictionaries that do not fit within
2223 # these constraints, consider using `LargeCustomDictionaryConfig` in the
2224 # `StoredInfoType` API.
2225 "wordList": { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for.
2226 "words": [ # Words or phrases defining the dictionary. The dictionary must contain
2227 # at least one phrase and every phrase must contain at least 2 characters
2228 # that are letters or digits. [required]
2229 "A String",
2230 ],
2231 },
2232 "cloudStoragePath": { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file
2233 # is accepted.
2234 "path": "A String", # A url representing a file or path (no wildcards) in Cloud Storage.
2235 # Example: gs://[BUCKET_NAME]/dictionary.txt
2236 },
2237 },
2238 "storedType": { # A reference to a StoredInfoType to use with scanning. # Load an existing `StoredInfoType` resource for use in
2239 # `InspectDataSource`. Not currently supported in `InspectContent`.
2240 "name": "A String", # Resource name of the requested `StoredInfoType`, for example
2241 # `organizations/433245324/storedInfoTypes/432452342` or
2242 # `projects/project-id/storedInfoTypes/432452342`.
2243 "createTime": "A String", # Timestamp indicating when the version of the `StoredInfoType` used for
2244 # inspection was created. Output-only field, populated by the system.
2245 },
2246 "detectionRules": [ # Set of detection rules to apply to all findings of this CustomInfoType.
2247 # Rules are applied in order that they are specified. Not supported for the
2248 # `surrogate_type` CustomInfoType.
2249 { # Deprecated; use `InspectionRuleSet` instead. Rule for modifying a
2250 # `CustomInfoType` to alter behavior under certain circumstances, depending
2251 # on the specific details of the rule. Not supported for the `surrogate_type`
2252 # custom infoType.
2253 "hotwordRule": { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule.
2254 # proximity of hotwords.
2255 "proximity": { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside.
2256 # The total length of the window cannot exceed 1000 characters. Note that
2257 # the finding itself will be included in the window, so that hotwords may
2258 # be used to match substrings of the finding itself. For example, the
2259 # certainty of a phone number regex "\(\d{3}\) \d{3}-\d{4}" could be
2260 # adjusted upwards if the area code is known to be the local area code of
2261 # a company office using the hotword regex "\(xxx\)", where "xxx"
2262 # is the area code in question.
2263 # rule.
2264 "windowAfter": 42, # Number of characters after the finding to consider.
2265 "windowBefore": 42, # Number of characters before the finding to consider.
2266 },
2267 "hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
2268 "pattern": "A String", # Pattern defining the regular expression. Its syntax
2269 # (https://github.com/google/re2/wiki/Syntax) can be found under the
2270 # google/re2 repository on GitHub.
2271 "groupIndexes": [ # The index of the submatch to extract as findings. When not
2272 # specified, the entire match is returned. No more than 3 may be included.
2273 42,
2274 ],
2275 },
2276 "likelihoodAdjustment": { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings.
2277 # part of a detection rule.
2278 "relativeLikelihood": 42, # Increase or decrease the likelihood by the specified number of
2279 # levels. For example, if a finding would be `POSSIBLE` without the
2280 # detection rule and `relative_likelihood` is 1, then it is upgraded to
2281 # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`.
2282 # Likelihood may never drop below `VERY_UNLIKELY` or exceed
2283 # `VERY_LIKELY`, so applying an adjustment of 1 followed by an
2284 # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in
2285 # a final likelihood of `LIKELY`.
2286 "fixedLikelihood": "A String", # Set the likelihood of a finding to a fixed value.
2287 },
2288 },
2289 },
2290 ],
2291 "exclusionType": "A String", # If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding
2292 # to be returned. It still can be used for rules matching.
2293 "likelihood": "A String", # Likelihood to return for this CustomInfoType. This base value can be
2294 # altered by a detection rule if the finding meets the criteria specified by
2295 # the rule. Defaults to `VERY_LIKELY` if not specified.
2296 },
2297 ],
2298 "includeQuote": True or False, # When true, a contextual quote from the data that triggered a finding is
2299 # included in the response; see Finding.quote.
2300 "ruleSet": [ # Set of rules to apply to the findings for this InspectConfig.
2301 # Exclusion rules, contained in the set are executed in the end, other
2302 # rules are executed in the order they are specified for each info type.
2303 { # Rule set for modifying a set of infoTypes to alter behavior under certain
2304 # circumstances, depending on the specific details of the rules within the set.
2305 "rules": [ # Set of rules to be applied to infoTypes. The rules are applied in order.
2306 { # A single inspection rule to be applied to infoTypes, specified in
2307 # `InspectionRuleSet`.
2308 "hotwordRule": { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule.
2309 # proximity of hotwords.
2310 "proximity": { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside.
2311 # The total length of the window cannot exceed 1000 characters. Note that
2312 # the finding itself will be included in the window, so that hotwords may
2313 # be used to match substrings of the finding itself. For example, the
2314 # certainty of a phone number regex "\(\d{3}\) \d{3}-\d{4}" could be
2315 # adjusted upwards if the area code is known to be the local area code of
2316 # a company office using the hotword regex "\(xxx\)", where "xxx"
2317 # is the area code in question.
2318 # rule.
2319 "windowAfter": 42, # Number of characters after the finding to consider.
2320 "windowBefore": 42, # Number of characters before the finding to consider.
2321 },
2322 "hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
2323 "pattern": "A String", # Pattern defining the regular expression. Its syntax
2324 # (https://github.com/google/re2/wiki/Syntax) can be found under the
2325 # google/re2 repository on GitHub.
2326 "groupIndexes": [ # The index of the submatch to extract as findings. When not
2327 # specified, the entire match is returned. No more than 3 may be included.
2328 42,
2329 ],
2330 },
2331 "likelihoodAdjustment": { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings.
2332 # part of a detection rule.
2333 "relativeLikelihood": 42, # Increase or decrease the likelihood by the specified number of
2334 # levels. For example, if a finding would be `POSSIBLE` without the
2335 # detection rule and `relative_likelihood` is 1, then it is upgraded to
2336 # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`.
2337 # Likelihood may never drop below `VERY_UNLIKELY` or exceed
2338 # `VERY_LIKELY`, so applying an adjustment of 1 followed by an
2339 # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in
2340 # a final likelihood of `LIKELY`.
2341 "fixedLikelihood": "A String", # Set the likelihood of a finding to a fixed value.
2342 },
2343 },
2344 "exclusionRule": { # The rule that specifies conditions when findings of infoTypes specified in # Exclusion rule.
2345 # `InspectionRuleSet` are removed from results.
2346 "regex": { # Message defining a custom regular expression. # Regular expression which defines the rule.
2347 "pattern": "A String", # Pattern defining the regular expression. Its syntax
2348 # (https://github.com/google/re2/wiki/Syntax) can be found under the
2349 # google/re2 repository on GitHub.
2350 "groupIndexes": [ # The index of the submatch to extract as findings. When not
2351 # specified, the entire match is returned. No more than 3 may be included.
2352 42,
2353 ],
2354 },
2355 "excludeInfoTypes": { # List of exclude infoTypes. # Set of infoTypes for which findings would affect this rule.
2356 "infoTypes": [ # InfoType list in ExclusionRule rule drops a finding when it overlaps or
2357 # contained within with a finding of an infoType from this list. For
2358 # example, for `InspectionRuleSet.info_types` containing "PHONE_NUMBER"` and
2359 # `exclusion_rule` containing `exclude_info_types.info_types` with
2360 # "EMAIL_ADDRESS" the phone number findings are dropped if they overlap
2361 # with EMAIL_ADDRESS finding.
2362 # That leads to "555-222-2222@example.org" to generate only a single
2363 # finding, namely email address.
2364 { # Type of information detected by the API.
2365 "name": "A String", # Name of the information type. Either a name of your choosing when
2366 # creating a CustomInfoType, or one of the names listed
2367 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
2368 # a built-in type. InfoType names should conform to the pattern
2369 # [a-zA-Z0-9_]{1,64}.
2370 },
2371 ],
2372 },
2373 "dictionary": { # Custom information type based on a dictionary of words or phrases. This can # Dictionary which defines the rule.
2374 # be used to match sensitive information specific to the data, such as a list
2375 # of employee IDs or job titles.
2376 #
2377 # Dictionary words are case-insensitive and all characters other than letters
2378 # and digits in the unicode [Basic Multilingual
2379 # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane)
2380 # will be replaced with whitespace when scanning for matches, so the
2381 # dictionary phrase "Sam Johnson" will match all three phrases "sam johnson",
2382 # "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters
2383 # surrounding any match must be of a different type than the adjacent
2384 # characters within the word, so letters must be next to non-letters and
2385 # digits next to non-digits. For example, the dictionary word "jen" will
2386 # match the first three letters of the text "jen123" but will return no
2387 # matches for "jennifer".
2388 #
2389 # Dictionary words containing a large number of characters that are not
2390 # letters or digits may result in unexpected findings because such characters
2391 # are treated as whitespace. The
2392 # [limits](https://cloud.google.com/dlp/limits) page contains details about
2393 # the size limits of dictionaries. For dictionaries that do not fit within
2394 # these constraints, consider using `LargeCustomDictionaryConfig` in the
2395 # `StoredInfoType` API.
2396 "wordList": { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for.
2397 "words": [ # Words or phrases defining the dictionary. The dictionary must contain
2398 # at least one phrase and every phrase must contain at least 2 characters
2399 # that are letters or digits. [required]
2400 "A String",
2401 ],
2402 },
2403 "cloudStoragePath": { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file
2404 # is accepted.
2405 "path": "A String", # A url representing a file or path (no wildcards) in Cloud Storage.
2406 # Example: gs://[BUCKET_NAME]/dictionary.txt
2407 },
2408 },
2409 "matchingType": "A String", # How the rule is applied, see MatchingType documentation for details.
2410 },
2411 },
2412 ],
2413 "infoTypes": [ # List of infoTypes this rule set is applied to.
2414 { # Type of information detected by the API.
2415 "name": "A String", # Name of the information type. Either a name of your choosing when
2416 # creating a CustomInfoType, or one of the names listed
2417 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
2418 # a built-in type. InfoType names should conform to the pattern
2419 # [a-zA-Z0-9_]{1,64}.
2420 },
2421 ],
2422 },
2423 ],
2424 "contentOptions": [ # List of options defining data content to scan.
2425 # If empty, text, images, and other content will be included.
2426 "A String",
2427 ],
2428 "infoTypes": [ # Restricts what info_types to look for. The values must correspond to
2429 # InfoType values returned by ListInfoTypes or listed at
2430 # https://cloud.google.com/dlp/docs/infotypes-reference.
2431 #
2432 # When no InfoTypes or CustomInfoTypes are specified in a request, the
2433 # system may automatically choose what detectors to run. By default this may
2434 # be all types, but may change over time as detectors are updated.
2435 #
2436 # The special InfoType name "ALL_BASIC" can be used to trigger all detectors,
2437 # but may change over time as new InfoTypes are added. If you need precise
2438 # control and predictability as to what detectors are run you should specify
2439 # specific InfoTypes listed in the reference.
2440 { # Type of information detected by the API.
2441 "name": "A String", # Name of the information type. Either a name of your choosing when
2442 # creating a CustomInfoType, or one of the names listed
2443 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
2444 # a built-in type. InfoType names should conform to the pattern
2445 # [a-zA-Z0-9_]{1,64}.
2446 },
2447 ],
2448 },
2449 "item": { # Container structure for the content to inspect. # The item to de-identify. Will be treated as text.
2450 "table": { # Structured content to inspect. Up to 50,000 `Value`s per request allowed. # Structured content for inspection. See
2451 # https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
2452 # learn more.
2453 # See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
2454 # learn more.
2455 "headers": [
2456 { # General identifier of a data field in a storage service.
2457 "name": "A String", # Name describing the field.
2458 },
2459 ],
2460 "rows": [
2461 {
2462 "values": [
2463 { # Set of primitive values supported by the system.
2464 # Note that for the purposes of inspection or transformation, the number
2465 # of bytes considered to comprise a 'Value' is based on its representation
2466 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
2467 # 123456789, the number of bytes would be counted as 9, even though an
2468 # int64 only holds up to 8 bytes of data.
2469 "floatValue": 3.14,
2470 "timestampValue": "A String",
2471 "dayOfWeekValue": "A String",
2472 "timeValue": { # Represents a time of day. The date and time zone are either not significant
2473 # or are specified elsewhere. An API may choose to allow leap seconds. Related
2474 # types are google.type.Date and `google.protobuf.Timestamp`.
2475 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
2476 # to allow the value "24:00:00" for scenarios like business closing time.
2477 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2478 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
2479 # allow the value 60 if it allows leap-seconds.
2480 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
2481 },
2482 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
2483 # and time zone are either specified elsewhere or are not significant. The date
2484 # is relative to the Proleptic Gregorian Calendar. This can represent:
2485 #
2486 # * A full date, with non-zero year, month and day values
2487 # * A month and day value, with a zero year, e.g. an anniversary
2488 # * A year on its own, with zero month and day values
2489 # * A year and month value, with a zero day, e.g. a credit card expiration date
2490 #
2491 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
2492 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
2493 # a year.
2494 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
2495 # if specifying a year by itself or a year and month where the day is not
2496 # significant.
2497 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
2498 # month and day.
2499 },
2500 "stringValue": "A String",
2501 "booleanValue": True or False,
2502 "integerValue": "A String",
2503 },
2504 ],
2505 },
2506 ],
2507 },
2508 "byteItem": { # Container for bytes to inspect or redact. # Content data to inspect or redact. Replaces `type` and `data`.
2509 "type": "A String", # The type of data stored in the bytes string. Default will be TEXT_UTF8.
2510 "data": "A String", # Content data to inspect or redact.
2511 },
2512 "value": "A String", # String data to inspect or redact.
2513 },
2514 }
2515
2516 x__xgafv: string, V1 error format.
2517 Allowed values
2518 1 - v1 error format
2519 2 - v2 error format
2520
2521Returns:
2522 An object of the form:
2523
2524 { # Results of de-identifying a ContentItem.
2525 "overview": { # Overview of the modifications that occurred. # An overview of the changes that were made on the `item`.
2526 "transformationSummaries": [ # Transformations applied to the dataset.
2527 { # Summary of a single transformation.
2528 # Only one of 'transformation', 'field_transformation', or 'record_suppress'
2529 # will be set.
2530 "infoType": { # Type of information detected by the API. # Set if the transformation was limited to a specific InfoType.
2531 "name": "A String", # Name of the information type. Either a name of your choosing when
2532 # creating a CustomInfoType, or one of the names listed
2533 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
2534 # a built-in type. InfoType names should conform to the pattern
2535 # [a-zA-Z0-9_]{1,64}.
2536 },
2537 "recordSuppress": { # Configuration to suppress records whose suppression conditions evaluate to # The specific suppression option these stats apply to.
2538 # true.
2539 "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
2540 # evaluated to be suppressed from the transformed content.
2541 # a field.
2542 "expressions": { # An expression, consisting or an operator and conditions. # An expression.
2543 "conditions": { # A collection of conditions.
2544 "conditions": [
2545 { # The field type of `value` and `field` do not need to match to be
2546 # considered equal, but not all comparisons are possible.
2547 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
2548 # but all other comparisons are invalid with incompatible types.
2549 # A `value` of type:
2550 #
2551 # - `string` can be compared against all other types
2552 # - `boolean` can only be compared against other booleans
2553 # - `integer` can be compared against doubles or a string if the string value
2554 # can be parsed as an integer.
2555 # - `double` can be compared against integers or a string if the string can
2556 # be parsed as a double.
2557 # - `Timestamp` can be compared against strings in RFC 3339 date string
2558 # format.
2559 # - `TimeOfDay` can be compared against timestamps and strings in the format
2560 # of 'HH:mm:ss'.
2561 #
2562 # If we fail to compare do to type mismatch, a warning will be given and
2563 # the condition will evaluate to false.
2564 "operator": "A String", # Operator used to compare the field or infoType to the value. [required]
2565 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required]
2566 "name": "A String", # Name describing the field.
2567 },
2568 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.]
2569 # Note that for the purposes of inspection or transformation, the number
2570 # of bytes considered to comprise a 'Value' is based on its representation
2571 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
2572 # 123456789, the number of bytes would be counted as 9, even though an
2573 # int64 only holds up to 8 bytes of data.
2574 "floatValue": 3.14,
2575 "timestampValue": "A String",
2576 "dayOfWeekValue": "A String",
2577 "timeValue": { # Represents a time of day. The date and time zone are either not significant
2578 # or are specified elsewhere. An API may choose to allow leap seconds. Related
2579 # types are google.type.Date and `google.protobuf.Timestamp`.
2580 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
2581 # to allow the value "24:00:00" for scenarios like business closing time.
2582 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2583 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
2584 # allow the value 60 if it allows leap-seconds.
2585 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
2586 },
2587 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
2588 # and time zone are either specified elsewhere or are not significant. The date
2589 # is relative to the Proleptic Gregorian Calendar. This can represent:
2590 #
2591 # * A full date, with non-zero year, month and day values
2592 # * A month and day value, with a zero year, e.g. an anniversary
2593 # * A year on its own, with zero month and day values
2594 # * A year and month value, with a zero day, e.g. a credit card expiration date
2595 #
2596 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
2597 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
2598 # a year.
2599 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
2600 # if specifying a year by itself or a year and month where the day is not
2601 # significant.
2602 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
2603 # month and day.
2604 },
2605 "stringValue": "A String",
2606 "booleanValue": True or False,
2607 "integerValue": "A String",
2608 },
2609 },
2610 ],
2611 },
2612 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
2613 # only supported value is `AND`.
2614 },
2615 },
2616 },
2617 "results": [
2618 { # A collection that informs the user the number of times a particular
2619 # `TransformationResultCode` and error details occurred.
2620 "count": "A String",
2621 "code": "A String",
2622 "details": "A String", # A place for warnings or errors to show up if a transformation didn't
2623 # work as expected.
2624 },
2625 ],
2626 "field": { # General identifier of a data field in a storage service. # Set if the transformation was limited to a specific FieldId.
2627 "name": "A String", # Name describing the field.
2628 },
2629 "fieldTransformations": [ # The field transformation that was applied.
2630 # If multiple field transformations are requested for a single field,
2631 # this list will contain all of them; otherwise, only one is supplied.
2632 { # The transformation to apply to the field.
2633 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
2634 # transform content that matches an `InfoType`.
2635 # apply various `PrimitiveTransformation`s to each finding, where the
2636 # transformation is applied to only values that were identified as a specific
2637 # info_type.
2638 "transformations": [ # Transformation for each infoType. Cannot specify more than one
2639 # for a given infoType. [required]
2640 { # A transformation to apply to text that is identified as a specific
2641 # info_type.
2642 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required]
2643 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a
2644 # fixed character. Masking can start from the beginning or end of the string.
2645 # This can be used on data of any type (numbers, longs, and so on) and when
2646 # de-identifying structured data we'll attempt to preserve the original data's
2647 # type. (This allows you to take a long like 123 and modify it to a string like
2648 # **3.
2649 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing.
2650 # For example, if your string is 555-555-5555 and you ask us to skip `-` and
2651 # mask 5 chars with * we would produce ***-*55-5555.
2652 { # Characters to skip when doing deidentification of a value. These will be left
2653 # alone and skipped.
2654 "commonCharactersToIgnore": "A String",
2655 "charactersToSkip": "A String",
2656 },
2657 ],
2658 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
2659 # masked. Skipped characters do not count towards this tally.
2660 "maskingCharacter": "A String", # Character to mask the sensitive values&mdash;for example, "*" for an
2661 # alphabetic string such as name, or "0" for a numeric string such as ZIP
2662 # code or credit card number. String must have length 1. If not supplied, we
2663 # will default to "*" for strings, 0 for digits.
2664 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
2665 # '0', number_to_mask is 14, and `reverse_order` is false, then
2666 # 1234-5678-9012-3456 -> 00000000000000-3456
2667 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order`
2668 # is true, then 12345 -> 12***
2669 },
2670 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation`
2671 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
2672 # output would be 'My phone number is '.
2673 },
2674 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given
2675 # input. Outputs a base64 encoded representation of the encrypted output.
2676 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
2677 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
2678 # a key encryption key (KEK) stored by KMS).
2679 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
2680 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
2681 # unwrap the data crypto key.
2682 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
2683 # The wrapped key must be a 128/192/256 bit key.
2684 # Authorization requires the following IAM permissions when sending a request
2685 # to perform a crypto transformation using a kms-wrapped crypto key:
2686 # dlp.kms.encrypt
2687 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
2688 "wrappedKey": "A String", # The wrapped data crypto key. [required]
2689 },
2690 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
2691 # leaking the key. Choose another type of key if possible.
2692 "key": "A String", # A 128/192/256 bit key. [required]
2693 },
2694 "transient": { # Use this to have a random data crypto key generated.
2695 # It will be discarded after the request finishes.
2696 "name": "A String", # Name of the key. [required]
2697 # This is an arbitrary string used to differentiate different keys.
2698 # A unique key is generated per name: two separate `TransientCryptoKey`
2699 # protos share the same generated key if their names are the same.
2700 # When the data crypto key is generated, this name is not used in any way
2701 # (repeating the api call will result in a different key being generated).
2702 },
2703 },
2704 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining
2705 # referential integrity such that the same identifier in two different
2706 # contexts will be given a distinct surrogate. The context is appended to
2707 # plaintext value being encrypted. On decryption the provided context is
2708 # validated against the value used during encryption. If a context was
2709 # provided during encryption, same context must be provided during decryption
2710 # as well.
2711 #
2712 # If the context is not set, plaintext would be used as is for encryption.
2713 # If the context is set but:
2714 #
2715 # 1. there is no record present when transforming a given value or
2716 # 2. the field is not present when transforming a given value,
2717 #
2718 # plaintext would be used as is for encryption.
2719 #
2720 # Note that case (1) is expected when an `InfoTypeTransformation` is
2721 # applied to both structured and non-structured `ContentItem`s.
2722 "name": "A String", # Name describing the field.
2723 },
2724 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
2725 # This annotation will be applied to the surrogate by prefixing it with
2726 # the name of the custom info type followed by the number of
2727 # characters comprising the surrogate. The following scheme defines the
2728 # format: <info type name>(<surrogate character count>):<surrogate>
2729 #
2730 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
2731 # the surrogate is 'abc', the full replacement value
2732 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
2733 #
2734 # This annotation identifies the surrogate when inspecting content using the
2735 # custom info type 'Surrogate'. This facilitates reversal of the
2736 # surrogate when it occurs in free text.
2737 #
2738 # In order for inspection to work properly, the name of this info type must
2739 # not occur naturally anywhere in your data; otherwise, inspection may either
2740 #
2741 # - reverse a surrogate that does not correspond to an actual identifier
2742 # - be unable to parse the surrogate and result in an error
2743 #
2744 # Therefore, choose your custom info type name carefully after considering
2745 # what your data looks like. One way to select a name that has a high chance
2746 # of yielding reliable detection is to include one or more unicode characters
2747 # that are highly improbable to exist in your data.
2748 # For example, assuming your data is entered from a regular ASCII keyboard,
2749 # the symbol with the hex code point 29DD might be used like so:
2750 # ⧝MY_TOKEN_TYPE
2751 "name": "A String", # Name of the information type. Either a name of your choosing when
2752 # creating a CustomInfoType, or one of the names listed
2753 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
2754 # a built-in type. InfoType names should conform to the pattern
2755 # [a-zA-Z0-9_]{1,64}.
2756 },
2757 },
2758 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The
2759 # Bucketing transformation can provide all of this functionality,
2760 # but requires more configuration. This message is provided as a convenience to
2761 # the user for simple bucketing strategies.
2762 #
2763 # The transformed value will be a hyphenated string of
2764 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20
2765 # all values that are within this bucket will be replaced with "10-20".
2766 #
2767 # This can be used on data of type: double, long.
2768 #
2769 # If the bound Value type differs from the type of data
2770 # being transformed, we will first attempt converting the type of the data to
2771 # be transformed to match the type of the bound before comparing.
2772 #
2773 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
2774 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are
2775 # grouped together into a single bucket; for example if `lower_bound` = 10,
2776 # then all values less than 10 are replaced with the value “-10”. [Required].
2777 # Note that for the purposes of inspection or transformation, the number
2778 # of bytes considered to comprise a 'Value' is based on its representation
2779 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
2780 # 123456789, the number of bytes would be counted as 9, even though an
2781 # int64 only holds up to 8 bytes of data.
2782 "floatValue": 3.14,
2783 "timestampValue": "A String",
2784 "dayOfWeekValue": "A String",
2785 "timeValue": { # Represents a time of day. The date and time zone are either not significant
2786 # or are specified elsewhere. An API may choose to allow leap seconds. Related
2787 # types are google.type.Date and `google.protobuf.Timestamp`.
2788 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
2789 # to allow the value "24:00:00" for scenarios like business closing time.
2790 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2791 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
2792 # allow the value 60 if it allows leap-seconds.
2793 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
2794 },
2795 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
2796 # and time zone are either specified elsewhere or are not significant. The date
2797 # is relative to the Proleptic Gregorian Calendar. This can represent:
2798 #
2799 # * A full date, with non-zero year, month and day values
2800 # * A month and day value, with a zero year, e.g. an anniversary
2801 # * A year on its own, with zero month and day values
2802 # * A year and month value, with a zero day, e.g. a credit card expiration date
2803 #
2804 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
2805 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
2806 # a year.
2807 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
2808 # if specifying a year by itself or a year and month where the day is not
2809 # significant.
2810 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
2811 # month and day.
2812 },
2813 "stringValue": "A String",
2814 "booleanValue": True or False,
2815 "integerValue": "A String",
2816 },
2817 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are
2818 # grouped together into a single bucket; for example if `upper_bound` = 89,
2819 # then all values greater than 89 are replaced with the value “89+”.
2820 # [Required].
2821 # Note that for the purposes of inspection or transformation, the number
2822 # of bytes considered to comprise a 'Value' is based on its representation
2823 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
2824 # 123456789, the number of bytes would be counted as 9, even though an
2825 # int64 only holds up to 8 bytes of data.
2826 "floatValue": 3.14,
2827 "timestampValue": "A String",
2828 "dayOfWeekValue": "A String",
2829 "timeValue": { # Represents a time of day. The date and time zone are either not significant
2830 # or are specified elsewhere. An API may choose to allow leap seconds. Related
2831 # types are google.type.Date and `google.protobuf.Timestamp`.
2832 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
2833 # to allow the value "24:00:00" for scenarios like business closing time.
2834 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2835 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
2836 # allow the value 60 if it allows leap-seconds.
2837 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
2838 },
2839 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
2840 # and time zone are either specified elsewhere or are not significant. The date
2841 # is relative to the Proleptic Gregorian Calendar. This can represent:
2842 #
2843 # * A full date, with non-zero year, month and day values
2844 # * A month and day value, with a zero year, e.g. an anniversary
2845 # * A year on its own, with zero month and day values
2846 # * A year and month value, with a zero day, e.g. a credit card expiration date
2847 #
2848 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
2849 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
2850 # a year.
2851 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
2852 # if specifying a year by itself or a year and month where the day is not
2853 # significant.
2854 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
2855 # month and day.
2856 },
2857 "stringValue": "A String",
2858 "booleanValue": True or False,
2859 "integerValue": "A String",
2860 },
2861 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if
2862 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
2863 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
2864 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required].
2865 },
2866 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type.
2867 },
2868 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a
2869 # portion of the value.
2870 "partToExtract": "A String",
2871 },
2872 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing.
2873 # Uses SHA-256.
2874 # The key size must be either 32 or 64 bytes.
2875 # Outputs a base64 encoded representation of the hashed output
2876 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
2877 # Currently, only string and integer values can be hashed.
2878 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
2879 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
2880 # a key encryption key (KEK) stored by KMS).
2881 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
2882 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
2883 # unwrap the data crypto key.
2884 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
2885 # The wrapped key must be a 128/192/256 bit key.
2886 # Authorization requires the following IAM permissions when sending a request
2887 # to perform a crypto transformation using a kms-wrapped crypto key:
2888 # dlp.kms.encrypt
2889 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
2890 "wrappedKey": "A String", # The wrapped data crypto key. [required]
2891 },
2892 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
2893 # leaking the key. Choose another type of key if possible.
2894 "key": "A String", # A 128/192/256 bit key. [required]
2895 },
2896 "transient": { # Use this to have a random data crypto key generated.
2897 # It will be discarded after the request finishes.
2898 "name": "A String", # Name of the key. [required]
2899 # This is an arbitrary string used to differentiate different keys.
2900 # A unique key is generated per name: two separate `TransientCryptoKey`
2901 # protos share the same generated key if their names are the same.
2902 # When the data crypto key is generated, this name is not used in any way
2903 # (repeating the api call will result in a different key being generated).
2904 },
2905 },
2906 },
2907 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the
2908 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
2909 # to learn more.
2910 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
2911 # results in the same shift for the same context and crypto_key.
2912 # a key encryption key (KEK) stored by KMS).
2913 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
2914 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
2915 # unwrap the data crypto key.
2916 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
2917 # The wrapped key must be a 128/192/256 bit key.
2918 # Authorization requires the following IAM permissions when sending a request
2919 # to perform a crypto transformation using a kms-wrapped crypto key:
2920 # dlp.kms.encrypt
2921 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
2922 "wrappedKey": "A String", # The wrapped data crypto key. [required]
2923 },
2924 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
2925 # leaking the key. Choose another type of key if possible.
2926 "key": "A String", # A 128/192/256 bit key. [required]
2927 },
2928 "transient": { # Use this to have a random data crypto key generated.
2929 # It will be discarded after the request finishes.
2930 "name": "A String", # Name of the key. [required]
2931 # This is an arbitrary string used to differentiate different keys.
2932 # A unique key is generated per name: two separate `TransientCryptoKey`
2933 # protos share the same generated key if their names are the same.
2934 # When the data crypto key is generated, this name is not used in any way
2935 # (repeating the api call will result in a different key being generated).
2936 },
2937 },
2938 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past.
2939 # [Required]
2940 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this
2941 # range (inclusive ends). Negative means shift to earlier in time. Must not
2942 # be more than 365250 days (1000 years) each direction.
2943 #
2944 # For example, 3 means shift date to at most 3 days into the future.
2945 # [Required]
2946 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
2947 # If set, must also set method. If set, shift will be consistent for the
2948 # given context.
2949 "name": "A String", # Name describing the field.
2950 },
2951 },
2952 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and
2953 # replacement values are dynamically provided by the user for custom behavior,
2954 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH
2955 # This can be used on
2956 # data of type: number, long, string, timestamp.
2957 # If the bound `Value` type differs from the type of data being transformed, we
2958 # will first attempt converting the type of the data to be transformed to match
2959 # the type of the bound before comparing.
2960 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
2961 "buckets": [ # Set of buckets. Ranges must be non-overlapping.
2962 { # Bucket is represented as a range, along with replacement values.
2963 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
2964 # Note that for the purposes of inspection or transformation, the number
2965 # of bytes considered to comprise a 'Value' is based on its representation
2966 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
2967 # 123456789, the number of bytes would be counted as 9, even though an
2968 # int64 only holds up to 8 bytes of data.
2969 "floatValue": 3.14,
2970 "timestampValue": "A String",
2971 "dayOfWeekValue": "A String",
2972 "timeValue": { # Represents a time of day. The date and time zone are either not significant
2973 # or are specified elsewhere. An API may choose to allow leap seconds. Related
2974 # types are google.type.Date and `google.protobuf.Timestamp`.
2975 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
2976 # to allow the value "24:00:00" for scenarios like business closing time.
2977 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2978 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
2979 # allow the value 60 if it allows leap-seconds.
2980 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
2981 },
2982 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
2983 # and time zone are either specified elsewhere or are not significant. The date
2984 # is relative to the Proleptic Gregorian Calendar. This can represent:
2985 #
2986 # * A full date, with non-zero year, month and day values
2987 # * A month and day value, with a zero year, e.g. an anniversary
2988 # * A year on its own, with zero month and day values
2989 # * A year and month value, with a zero day, e.g. a credit card expiration date
2990 #
2991 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
2992 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
2993 # a year.
2994 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
2995 # if specifying a year by itself or a year and month where the day is not
2996 # significant.
2997 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
2998 # month and day.
2999 },
3000 "stringValue": "A String",
3001 "booleanValue": True or False,
3002 "integerValue": "A String",
3003 },
3004 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
3005 # the default behavior will be to hyphenate the min-max range.
3006 # Note that for the purposes of inspection or transformation, the number
3007 # of bytes considered to comprise a 'Value' is based on its representation
3008 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
3009 # 123456789, the number of bytes would be counted as 9, even though an
3010 # int64 only holds up to 8 bytes of data.
3011 "floatValue": 3.14,
3012 "timestampValue": "A String",
3013 "dayOfWeekValue": "A String",
3014 "timeValue": { # Represents a time of day. The date and time zone are either not significant
3015 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3016 # types are google.type.Date and `google.protobuf.Timestamp`.
3017 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3018 # to allow the value "24:00:00" for scenarios like business closing time.
3019 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3020 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3021 # allow the value 60 if it allows leap-seconds.
3022 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
3023 },
3024 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
3025 # and time zone are either specified elsewhere or are not significant. The date
3026 # is relative to the Proleptic Gregorian Calendar. This can represent:
3027 #
3028 # * A full date, with non-zero year, month and day values
3029 # * A month and day value, with a zero year, e.g. an anniversary
3030 # * A year on its own, with zero month and day values
3031 # * A year and month value, with a zero day, e.g. a credit card expiration date
3032 #
3033 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3034 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3035 # a year.
3036 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3037 # if specifying a year by itself or a year and month where the day is not
3038 # significant.
3039 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3040 # month and day.
3041 },
3042 "stringValue": "A String",
3043 "booleanValue": True or False,
3044 "integerValue": "A String",
3045 },
3046 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
3047 # used.
3048 # Note that for the purposes of inspection or transformation, the number
3049 # of bytes considered to comprise a 'Value' is based on its representation
3050 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
3051 # 123456789, the number of bytes would be counted as 9, even though an
3052 # int64 only holds up to 8 bytes of data.
3053 "floatValue": 3.14,
3054 "timestampValue": "A String",
3055 "dayOfWeekValue": "A String",
3056 "timeValue": { # Represents a time of day. The date and time zone are either not significant
3057 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3058 # types are google.type.Date and `google.protobuf.Timestamp`.
3059 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3060 # to allow the value "24:00:00" for scenarios like business closing time.
3061 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3062 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3063 # allow the value 60 if it allows leap-seconds.
3064 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
3065 },
3066 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
3067 # and time zone are either specified elsewhere or are not significant. The date
3068 # is relative to the Proleptic Gregorian Calendar. This can represent:
3069 #
3070 # * A full date, with non-zero year, month and day values
3071 # * A month and day value, with a zero year, e.g. an anniversary
3072 # * A year on its own, with zero month and day values
3073 # * A year and month value, with a zero day, e.g. a credit card expiration date
3074 #
3075 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3076 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3077 # a year.
3078 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3079 # if specifying a year by itself or a year and month where the day is not
3080 # significant.
3081 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3082 # month and day.
3083 },
3084 "stringValue": "A String",
3085 "booleanValue": True or False,
3086 "integerValue": "A String",
3087 },
3088 },
3089 ],
3090 },
3091 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption
3092 # (FPE) with the FFX mode of operation; however when used in the
3093 # `ReidentifyContent` API method, it serves the opposite function by reversing
3094 # the surrogate back into the original identifier. The identifier must be
3095 # encoded as ASCII. For a given crypto key and context, the same identifier
3096 # will be replaced with the same surrogate. Identifiers must be at least two
3097 # characters long. In the case that the identifier is the empty string, it will
3098 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
3099 # more.
3100 #
3101 # Note: We recommend using CryptoDeterministicConfig for all use cases which
3102 # do not require preserving the input alphabet space and size, plus warrant
3103 # referential integrity.
3104 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required]
3105 # a key encryption key (KEK) stored by KMS).
3106 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
3107 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
3108 # unwrap the data crypto key.
3109 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
3110 # The wrapped key must be a 128/192/256 bit key.
3111 # Authorization requires the following IAM permissions when sending a request
3112 # to perform a crypto transformation using a kms-wrapped crypto key:
3113 # dlp.kms.encrypt
3114 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
3115 "wrappedKey": "A String", # The wrapped data crypto key. [required]
3116 },
3117 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
3118 # leaking the key. Choose another type of key if possible.
3119 "key": "A String", # A 128/192/256 bit key. [required]
3120 },
3121 "transient": { # Use this to have a random data crypto key generated.
3122 # It will be discarded after the request finishes.
3123 "name": "A String", # Name of the key. [required]
3124 # This is an arbitrary string used to differentiate different keys.
3125 # A unique key is generated per name: two separate `TransientCryptoKey`
3126 # protos share the same generated key if their names are the same.
3127 # When the data crypto key is generated, this name is not used in any way
3128 # (repeating the api call will result in a different key being generated).
3129 },
3130 },
3131 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62].
3132 "commonAlphabet": "A String",
3133 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
3134 # that the FFX mode natively supports. This happens before/after
3135 # encryption/decryption.
3136 # Each character listed must appear only once.
3137 # Number of characters must be in the range [2, 62].
3138 # This must be encoded as ASCII.
3139 # The order of characters does not matter.
3140 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
3141 # identifier in two different contexts won't be given the same surrogate. If
3142 # the context is not set, a default tweak will be used.
3143 #
3144 # If the context is set but:
3145 #
3146 # 1. there is no record present when transforming a given value or
3147 # 1. the field is not present when transforming a given value,
3148 #
3149 # a default tweak will be used.
3150 #
3151 # Note that case (1) is expected when an `InfoTypeTransformation` is
3152 # applied to both structured and non-structured `ContentItem`s.
3153 # Currently, the referenced field may be of value type integer or string.
3154 #
3155 # The tweak is constructed as a sequence of bytes in big endian byte order
3156 # such that:
3157 #
3158 # - a 64 bit integer is encoded followed by a single byte of value 1
3159 # - a string is encoded in UTF-8 format followed by a single byte of value 2
3160 "name": "A String", # Name describing the field.
3161 },
3162 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
3163 # This annotation will be applied to the surrogate by prefixing it with
3164 # the name of the custom infoType followed by the number of
3165 # characters comprising the surrogate. The following scheme defines the
3166 # format: info_type_name(surrogate_character_count):surrogate
3167 #
3168 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
3169 # the surrogate is 'abc', the full replacement value
3170 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
3171 #
3172 # This annotation identifies the surrogate when inspecting content using the
3173 # custom infoType
3174 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
3175 # This facilitates reversal of the surrogate when it occurs in free text.
3176 #
3177 # In order for inspection to work properly, the name of this infoType must
3178 # not occur naturally anywhere in your data; otherwise, inspection may
3179 # find a surrogate that does not correspond to an actual identifier.
3180 # Therefore, choose your custom infoType name carefully after considering
3181 # what your data looks like. One way to select a name that has a high chance
3182 # of yielding reliable detection is to include one or more unicode characters
3183 # that are highly improbable to exist in your data.
3184 # For example, assuming your data is entered from a regular ASCII keyboard,
3185 # the symbol with the hex code point 29DD might be used like so:
3186 # ⧝MY_TOKEN_TYPE
3187 "name": "A String", # Name of the information type. Either a name of your choosing when
3188 # creating a CustomInfoType, or one of the names listed
3189 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
3190 # a built-in type. InfoType names should conform to the pattern
3191 # [a-zA-Z0-9_]{1,64}.
3192 },
3193 },
3194 "replaceConfig": { # Replace each input value with a given `Value`.
3195 "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
3196 # Note that for the purposes of inspection or transformation, the number
3197 # of bytes considered to comprise a 'Value' is based on its representation
3198 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
3199 # 123456789, the number of bytes would be counted as 9, even though an
3200 # int64 only holds up to 8 bytes of data.
3201 "floatValue": 3.14,
3202 "timestampValue": "A String",
3203 "dayOfWeekValue": "A String",
3204 "timeValue": { # Represents a time of day. The date and time zone are either not significant
3205 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3206 # types are google.type.Date and `google.protobuf.Timestamp`.
3207 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3208 # to allow the value "24:00:00" for scenarios like business closing time.
3209 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3210 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3211 # allow the value 60 if it allows leap-seconds.
3212 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
3213 },
3214 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
3215 # and time zone are either specified elsewhere or are not significant. The date
3216 # is relative to the Proleptic Gregorian Calendar. This can represent:
3217 #
3218 # * A full date, with non-zero year, month and day values
3219 # * A month and day value, with a zero year, e.g. an anniversary
3220 # * A year on its own, with zero month and day values
3221 # * A year and month value, with a zero day, e.g. a credit card expiration date
3222 #
3223 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3224 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3225 # a year.
3226 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3227 # if specifying a year by itself or a year and month where the day is not
3228 # significant.
3229 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3230 # month and day.
3231 },
3232 "stringValue": "A String",
3233 "booleanValue": True or False,
3234 "integerValue": "A String",
3235 },
3236 },
3237 },
3238 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
3239 # this transformation to apply to all findings that correspond to
3240 # infoTypes that were requested in `InspectConfig`.
3241 { # Type of information detected by the API.
3242 "name": "A String", # Name of the information type. Either a name of your choosing when
3243 # creating a CustomInfoType, or one of the names listed
3244 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
3245 # a built-in type. InfoType names should conform to the pattern
3246 # [a-zA-Z0-9_]{1,64}.
3247 },
3248 ],
3249 },
3250 ],
3251 },
3252 "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.
3253 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a
3254 # fixed character. Masking can start from the beginning or end of the string.
3255 # This can be used on data of any type (numbers, longs, and so on) and when
3256 # de-identifying structured data we'll attempt to preserve the original data's
3257 # type. (This allows you to take a long like 123 and modify it to a string like
3258 # **3.
3259 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing.
3260 # For example, if your string is 555-555-5555 and you ask us to skip `-` and
3261 # mask 5 chars with * we would produce ***-*55-5555.
3262 { # Characters to skip when doing deidentification of a value. These will be left
3263 # alone and skipped.
3264 "commonCharactersToIgnore": "A String",
3265 "charactersToSkip": "A String",
3266 },
3267 ],
3268 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
3269 # masked. Skipped characters do not count towards this tally.
3270 "maskingCharacter": "A String", # Character to mask the sensitive values&mdash;for example, "*" for an
3271 # alphabetic string such as name, or "0" for a numeric string such as ZIP
3272 # code or credit card number. String must have length 1. If not supplied, we
3273 # will default to "*" for strings, 0 for digits.
3274 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
3275 # '0', number_to_mask is 14, and `reverse_order` is false, then
3276 # 1234-5678-9012-3456 -> 00000000000000-3456
3277 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order`
3278 # is true, then 12345 -> 12***
3279 },
3280 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation`
3281 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
3282 # output would be 'My phone number is '.
3283 },
3284 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given
3285 # input. Outputs a base64 encoded representation of the encrypted output.
3286 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
3287 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
3288 # a key encryption key (KEK) stored by KMS).
3289 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
3290 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
3291 # unwrap the data crypto key.
3292 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
3293 # The wrapped key must be a 128/192/256 bit key.
3294 # Authorization requires the following IAM permissions when sending a request
3295 # to perform a crypto transformation using a kms-wrapped crypto key:
3296 # dlp.kms.encrypt
3297 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
3298 "wrappedKey": "A String", # The wrapped data crypto key. [required]
3299 },
3300 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
3301 # leaking the key. Choose another type of key if possible.
3302 "key": "A String", # A 128/192/256 bit key. [required]
3303 },
3304 "transient": { # Use this to have a random data crypto key generated.
3305 # It will be discarded after the request finishes.
3306 "name": "A String", # Name of the key. [required]
3307 # This is an arbitrary string used to differentiate different keys.
3308 # A unique key is generated per name: two separate `TransientCryptoKey`
3309 # protos share the same generated key if their names are the same.
3310 # When the data crypto key is generated, this name is not used in any way
3311 # (repeating the api call will result in a different key being generated).
3312 },
3313 },
3314 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining
3315 # referential integrity such that the same identifier in two different
3316 # contexts will be given a distinct surrogate. The context is appended to
3317 # plaintext value being encrypted. On decryption the provided context is
3318 # validated against the value used during encryption. If a context was
3319 # provided during encryption, same context must be provided during decryption
3320 # as well.
3321 #
3322 # If the context is not set, plaintext would be used as is for encryption.
3323 # If the context is set but:
3324 #
3325 # 1. there is no record present when transforming a given value or
3326 # 2. the field is not present when transforming a given value,
3327 #
3328 # plaintext would be used as is for encryption.
3329 #
3330 # Note that case (1) is expected when an `InfoTypeTransformation` is
3331 # applied to both structured and non-structured `ContentItem`s.
3332 "name": "A String", # Name describing the field.
3333 },
3334 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
3335 # This annotation will be applied to the surrogate by prefixing it with
3336 # the name of the custom info type followed by the number of
3337 # characters comprising the surrogate. The following scheme defines the
3338 # format: <info type name>(<surrogate character count>):<surrogate>
3339 #
3340 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
3341 # the surrogate is 'abc', the full replacement value
3342 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
3343 #
3344 # This annotation identifies the surrogate when inspecting content using the
3345 # custom info type 'Surrogate'. This facilitates reversal of the
3346 # surrogate when it occurs in free text.
3347 #
3348 # In order for inspection to work properly, the name of this info type must
3349 # not occur naturally anywhere in your data; otherwise, inspection may either
3350 #
3351 # - reverse a surrogate that does not correspond to an actual identifier
3352 # - be unable to parse the surrogate and result in an error
3353 #
3354 # Therefore, choose your custom info type name carefully after considering
3355 # what your data looks like. One way to select a name that has a high chance
3356 # of yielding reliable detection is to include one or more unicode characters
3357 # that are highly improbable to exist in your data.
3358 # For example, assuming your data is entered from a regular ASCII keyboard,
3359 # the symbol with the hex code point 29DD might be used like so:
3360 # ⧝MY_TOKEN_TYPE
3361 "name": "A String", # Name of the information type. Either a name of your choosing when
3362 # creating a CustomInfoType, or one of the names listed
3363 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
3364 # a built-in type. InfoType names should conform to the pattern
3365 # [a-zA-Z0-9_]{1,64}.
3366 },
3367 },
3368 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The
3369 # Bucketing transformation can provide all of this functionality,
3370 # but requires more configuration. This message is provided as a convenience to
3371 # the user for simple bucketing strategies.
3372 #
3373 # The transformed value will be a hyphenated string of
3374 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20
3375 # all values that are within this bucket will be replaced with "10-20".
3376 #
3377 # This can be used on data of type: double, long.
3378 #
3379 # If the bound Value type differs from the type of data
3380 # being transformed, we will first attempt converting the type of the data to
3381 # be transformed to match the type of the bound before comparing.
3382 #
3383 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
3384 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are
3385 # grouped together into a single bucket; for example if `lower_bound` = 10,
3386 # then all values less than 10 are replaced with the value “-10”. [Required].
3387 # Note that for the purposes of inspection or transformation, the number
3388 # of bytes considered to comprise a 'Value' is based on its representation
3389 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
3390 # 123456789, the number of bytes would be counted as 9, even though an
3391 # int64 only holds up to 8 bytes of data.
3392 "floatValue": 3.14,
3393 "timestampValue": "A String",
3394 "dayOfWeekValue": "A String",
3395 "timeValue": { # Represents a time of day. The date and time zone are either not significant
3396 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3397 # types are google.type.Date and `google.protobuf.Timestamp`.
3398 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3399 # to allow the value "24:00:00" for scenarios like business closing time.
3400 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3401 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3402 # allow the value 60 if it allows leap-seconds.
3403 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
3404 },
3405 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
3406 # and time zone are either specified elsewhere or are not significant. The date
3407 # is relative to the Proleptic Gregorian Calendar. This can represent:
3408 #
3409 # * A full date, with non-zero year, month and day values
3410 # * A month and day value, with a zero year, e.g. an anniversary
3411 # * A year on its own, with zero month and day values
3412 # * A year and month value, with a zero day, e.g. a credit card expiration date
3413 #
3414 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3415 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3416 # a year.
3417 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3418 # if specifying a year by itself or a year and month where the day is not
3419 # significant.
3420 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3421 # month and day.
3422 },
3423 "stringValue": "A String",
3424 "booleanValue": True or False,
3425 "integerValue": "A String",
3426 },
3427 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are
3428 # grouped together into a single bucket; for example if `upper_bound` = 89,
3429 # then all values greater than 89 are replaced with the value “89+”.
3430 # [Required].
3431 # Note that for the purposes of inspection or transformation, the number
3432 # of bytes considered to comprise a 'Value' is based on its representation
3433 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
3434 # 123456789, the number of bytes would be counted as 9, even though an
3435 # int64 only holds up to 8 bytes of data.
3436 "floatValue": 3.14,
3437 "timestampValue": "A String",
3438 "dayOfWeekValue": "A String",
3439 "timeValue": { # Represents a time of day. The date and time zone are either not significant
3440 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3441 # types are google.type.Date and `google.protobuf.Timestamp`.
3442 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3443 # to allow the value "24:00:00" for scenarios like business closing time.
3444 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3445 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3446 # allow the value 60 if it allows leap-seconds.
3447 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
3448 },
3449 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
3450 # and time zone are either specified elsewhere or are not significant. The date
3451 # is relative to the Proleptic Gregorian Calendar. This can represent:
3452 #
3453 # * A full date, with non-zero year, month and day values
3454 # * A month and day value, with a zero year, e.g. an anniversary
3455 # * A year on its own, with zero month and day values
3456 # * A year and month value, with a zero day, e.g. a credit card expiration date
3457 #
3458 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3459 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3460 # a year.
3461 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3462 # if specifying a year by itself or a year and month where the day is not
3463 # significant.
3464 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3465 # month and day.
3466 },
3467 "stringValue": "A String",
3468 "booleanValue": True or False,
3469 "integerValue": "A String",
3470 },
3471 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if
3472 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
3473 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
3474 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required].
3475 },
3476 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type.
3477 },
3478 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a
3479 # portion of the value.
3480 "partToExtract": "A String",
3481 },
3482 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing.
3483 # Uses SHA-256.
3484 # The key size must be either 32 or 64 bytes.
3485 # Outputs a base64 encoded representation of the hashed output
3486 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
3487 # Currently, only string and integer values can be hashed.
3488 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
3489 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
3490 # a key encryption key (KEK) stored by KMS).
3491 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
3492 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
3493 # unwrap the data crypto key.
3494 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
3495 # The wrapped key must be a 128/192/256 bit key.
3496 # Authorization requires the following IAM permissions when sending a request
3497 # to perform a crypto transformation using a kms-wrapped crypto key:
3498 # dlp.kms.encrypt
3499 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
3500 "wrappedKey": "A String", # The wrapped data crypto key. [required]
3501 },
3502 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
3503 # leaking the key. Choose another type of key if possible.
3504 "key": "A String", # A 128/192/256 bit key. [required]
3505 },
3506 "transient": { # Use this to have a random data crypto key generated.
3507 # It will be discarded after the request finishes.
3508 "name": "A String", # Name of the key. [required]
3509 # This is an arbitrary string used to differentiate different keys.
3510 # A unique key is generated per name: two separate `TransientCryptoKey`
3511 # protos share the same generated key if their names are the same.
3512 # When the data crypto key is generated, this name is not used in any way
3513 # (repeating the api call will result in a different key being generated).
3514 },
3515 },
3516 },
3517 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the
3518 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
3519 # to learn more.
3520 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
3521 # results in the same shift for the same context and crypto_key.
3522 # a key encryption key (KEK) stored by KMS).
3523 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
3524 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
3525 # unwrap the data crypto key.
3526 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
3527 # The wrapped key must be a 128/192/256 bit key.
3528 # Authorization requires the following IAM permissions when sending a request
3529 # to perform a crypto transformation using a kms-wrapped crypto key:
3530 # dlp.kms.encrypt
3531 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
3532 "wrappedKey": "A String", # The wrapped data crypto key. [required]
3533 },
3534 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
3535 # leaking the key. Choose another type of key if possible.
3536 "key": "A String", # A 128/192/256 bit key. [required]
3537 },
3538 "transient": { # Use this to have a random data crypto key generated.
3539 # It will be discarded after the request finishes.
3540 "name": "A String", # Name of the key. [required]
3541 # This is an arbitrary string used to differentiate different keys.
3542 # A unique key is generated per name: two separate `TransientCryptoKey`
3543 # protos share the same generated key if their names are the same.
3544 # When the data crypto key is generated, this name is not used in any way
3545 # (repeating the api call will result in a different key being generated).
3546 },
3547 },
3548 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past.
3549 # [Required]
3550 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this
3551 # range (inclusive ends). Negative means shift to earlier in time. Must not
3552 # be more than 365250 days (1000 years) each direction.
3553 #
3554 # For example, 3 means shift date to at most 3 days into the future.
3555 # [Required]
3556 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
3557 # If set, must also set method. If set, shift will be consistent for the
3558 # given context.
3559 "name": "A String", # Name describing the field.
3560 },
3561 },
3562 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and
3563 # replacement values are dynamically provided by the user for custom behavior,
3564 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH
3565 # This can be used on
3566 # data of type: number, long, string, timestamp.
3567 # If the bound `Value` type differs from the type of data being transformed, we
3568 # will first attempt converting the type of the data to be transformed to match
3569 # the type of the bound before comparing.
3570 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
3571 "buckets": [ # Set of buckets. Ranges must be non-overlapping.
3572 { # Bucket is represented as a range, along with replacement values.
3573 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
3574 # Note that for the purposes of inspection or transformation, the number
3575 # of bytes considered to comprise a 'Value' is based on its representation
3576 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
3577 # 123456789, the number of bytes would be counted as 9, even though an
3578 # int64 only holds up to 8 bytes of data.
3579 "floatValue": 3.14,
3580 "timestampValue": "A String",
3581 "dayOfWeekValue": "A String",
3582 "timeValue": { # Represents a time of day. The date and time zone are either not significant
3583 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3584 # types are google.type.Date and `google.protobuf.Timestamp`.
3585 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3586 # to allow the value "24:00:00" for scenarios like business closing time.
3587 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3588 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3589 # allow the value 60 if it allows leap-seconds.
3590 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
3591 },
3592 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
3593 # and time zone are either specified elsewhere or are not significant. The date
3594 # is relative to the Proleptic Gregorian Calendar. This can represent:
3595 #
3596 # * A full date, with non-zero year, month and day values
3597 # * A month and day value, with a zero year, e.g. an anniversary
3598 # * A year on its own, with zero month and day values
3599 # * A year and month value, with a zero day, e.g. a credit card expiration date
3600 #
3601 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3602 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3603 # a year.
3604 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3605 # if specifying a year by itself or a year and month where the day is not
3606 # significant.
3607 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3608 # month and day.
3609 },
3610 "stringValue": "A String",
3611 "booleanValue": True or False,
3612 "integerValue": "A String",
3613 },
3614 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
3615 # the default behavior will be to hyphenate the min-max range.
3616 # Note that for the purposes of inspection or transformation, the number
3617 # of bytes considered to comprise a 'Value' is based on its representation
3618 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
3619 # 123456789, the number of bytes would be counted as 9, even though an
3620 # int64 only holds up to 8 bytes of data.
3621 "floatValue": 3.14,
3622 "timestampValue": "A String",
3623 "dayOfWeekValue": "A String",
3624 "timeValue": { # Represents a time of day. The date and time zone are either not significant
3625 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3626 # types are google.type.Date and `google.protobuf.Timestamp`.
3627 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3628 # to allow the value "24:00:00" for scenarios like business closing time.
3629 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3630 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3631 # allow the value 60 if it allows leap-seconds.
3632 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
3633 },
3634 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
3635 # and time zone are either specified elsewhere or are not significant. The date
3636 # is relative to the Proleptic Gregorian Calendar. This can represent:
3637 #
3638 # * A full date, with non-zero year, month and day values
3639 # * A month and day value, with a zero year, e.g. an anniversary
3640 # * A year on its own, with zero month and day values
3641 # * A year and month value, with a zero day, e.g. a credit card expiration date
3642 #
3643 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3644 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3645 # a year.
3646 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3647 # if specifying a year by itself or a year and month where the day is not
3648 # significant.
3649 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3650 # month and day.
3651 },
3652 "stringValue": "A String",
3653 "booleanValue": True or False,
3654 "integerValue": "A String",
3655 },
3656 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
3657 # used.
3658 # Note that for the purposes of inspection or transformation, the number
3659 # of bytes considered to comprise a 'Value' is based on its representation
3660 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
3661 # 123456789, the number of bytes would be counted as 9, even though an
3662 # int64 only holds up to 8 bytes of data.
3663 "floatValue": 3.14,
3664 "timestampValue": "A String",
3665 "dayOfWeekValue": "A String",
3666 "timeValue": { # Represents a time of day. The date and time zone are either not significant
3667 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3668 # types are google.type.Date and `google.protobuf.Timestamp`.
3669 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3670 # to allow the value "24:00:00" for scenarios like business closing time.
3671 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3672 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3673 # allow the value 60 if it allows leap-seconds.
3674 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
3675 },
3676 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
3677 # and time zone are either specified elsewhere or are not significant. The date
3678 # is relative to the Proleptic Gregorian Calendar. This can represent:
3679 #
3680 # * A full date, with non-zero year, month and day values
3681 # * A month and day value, with a zero year, e.g. an anniversary
3682 # * A year on its own, with zero month and day values
3683 # * A year and month value, with a zero day, e.g. a credit card expiration date
3684 #
3685 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3686 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3687 # a year.
3688 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3689 # if specifying a year by itself or a year and month where the day is not
3690 # significant.
3691 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3692 # month and day.
3693 },
3694 "stringValue": "A String",
3695 "booleanValue": True or False,
3696 "integerValue": "A String",
3697 },
3698 },
3699 ],
3700 },
3701 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption
3702 # (FPE) with the FFX mode of operation; however when used in the
3703 # `ReidentifyContent` API method, it serves the opposite function by reversing
3704 # the surrogate back into the original identifier. The identifier must be
3705 # encoded as ASCII. For a given crypto key and context, the same identifier
3706 # will be replaced with the same surrogate. Identifiers must be at least two
3707 # characters long. In the case that the identifier is the empty string, it will
3708 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
3709 # more.
3710 #
3711 # Note: We recommend using CryptoDeterministicConfig for all use cases which
3712 # do not require preserving the input alphabet space and size, plus warrant
3713 # referential integrity.
3714 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required]
3715 # a key encryption key (KEK) stored by KMS).
3716 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
3717 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
3718 # unwrap the data crypto key.
3719 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
3720 # The wrapped key must be a 128/192/256 bit key.
3721 # Authorization requires the following IAM permissions when sending a request
3722 # to perform a crypto transformation using a kms-wrapped crypto key:
3723 # dlp.kms.encrypt
3724 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
3725 "wrappedKey": "A String", # The wrapped data crypto key. [required]
3726 },
3727 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
3728 # leaking the key. Choose another type of key if possible.
3729 "key": "A String", # A 128/192/256 bit key. [required]
3730 },
3731 "transient": { # Use this to have a random data crypto key generated.
3732 # It will be discarded after the request finishes.
3733 "name": "A String", # Name of the key. [required]
3734 # This is an arbitrary string used to differentiate different keys.
3735 # A unique key is generated per name: two separate `TransientCryptoKey`
3736 # protos share the same generated key if their names are the same.
3737 # When the data crypto key is generated, this name is not used in any way
3738 # (repeating the api call will result in a different key being generated).
3739 },
3740 },
3741 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62].
3742 "commonAlphabet": "A String",
3743 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
3744 # that the FFX mode natively supports. This happens before/after
3745 # encryption/decryption.
3746 # Each character listed must appear only once.
3747 # Number of characters must be in the range [2, 62].
3748 # This must be encoded as ASCII.
3749 # The order of characters does not matter.
3750 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
3751 # identifier in two different contexts won't be given the same surrogate. If
3752 # the context is not set, a default tweak will be used.
3753 #
3754 # If the context is set but:
3755 #
3756 # 1. there is no record present when transforming a given value or
3757 # 1. the field is not present when transforming a given value,
3758 #
3759 # a default tweak will be used.
3760 #
3761 # Note that case (1) is expected when an `InfoTypeTransformation` is
3762 # applied to both structured and non-structured `ContentItem`s.
3763 # Currently, the referenced field may be of value type integer or string.
3764 #
3765 # The tweak is constructed as a sequence of bytes in big endian byte order
3766 # such that:
3767 #
3768 # - a 64 bit integer is encoded followed by a single byte of value 1
3769 # - a string is encoded in UTF-8 format followed by a single byte of value 2
3770 "name": "A String", # Name describing the field.
3771 },
3772 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
3773 # This annotation will be applied to the surrogate by prefixing it with
3774 # the name of the custom infoType followed by the number of
3775 # characters comprising the surrogate. The following scheme defines the
3776 # format: info_type_name(surrogate_character_count):surrogate
3777 #
3778 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
3779 # the surrogate is 'abc', the full replacement value
3780 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
3781 #
3782 # This annotation identifies the surrogate when inspecting content using the
3783 # custom infoType
3784 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
3785 # This facilitates reversal of the surrogate when it occurs in free text.
3786 #
3787 # In order for inspection to work properly, the name of this infoType must
3788 # not occur naturally anywhere in your data; otherwise, inspection may
3789 # find a surrogate that does not correspond to an actual identifier.
3790 # Therefore, choose your custom infoType name carefully after considering
3791 # what your data looks like. One way to select a name that has a high chance
3792 # of yielding reliable detection is to include one or more unicode characters
3793 # that are highly improbable to exist in your data.
3794 # For example, assuming your data is entered from a regular ASCII keyboard,
3795 # the symbol with the hex code point 29DD might be used like so:
3796 # ⧝MY_TOKEN_TYPE
3797 "name": "A String", # Name of the information type. Either a name of your choosing when
3798 # creating a CustomInfoType, or one of the names listed
3799 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
3800 # a built-in type. InfoType names should conform to the pattern
3801 # [a-zA-Z0-9_]{1,64}.
3802 },
3803 },
3804 "replaceConfig": { # Replace each input value with a given `Value`.
3805 "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
3806 # Note that for the purposes of inspection or transformation, the number
3807 # of bytes considered to comprise a 'Value' is based on its representation
3808 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
3809 # 123456789, the number of bytes would be counted as 9, even though an
3810 # int64 only holds up to 8 bytes of data.
3811 "floatValue": 3.14,
3812 "timestampValue": "A String",
3813 "dayOfWeekValue": "A String",
3814 "timeValue": { # Represents a time of day. The date and time zone are either not significant
3815 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3816 # types are google.type.Date and `google.protobuf.Timestamp`.
3817 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3818 # to allow the value "24:00:00" for scenarios like business closing time.
3819 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3820 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3821 # allow the value 60 if it allows leap-seconds.
3822 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
3823 },
3824 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
3825 # and time zone are either specified elsewhere or are not significant. The date
3826 # is relative to the Proleptic Gregorian Calendar. This can represent:
3827 #
3828 # * A full date, with non-zero year, month and day values
3829 # * A month and day value, with a zero year, e.g. an anniversary
3830 # * A year on its own, with zero month and day values
3831 # * A year and month value, with a zero day, e.g. a credit card expiration date
3832 #
3833 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3834 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3835 # a year.
3836 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3837 # if specifying a year by itself or a year and month where the day is not
3838 # significant.
3839 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3840 # month and day.
3841 },
3842 "stringValue": "A String",
3843 "booleanValue": True or False,
3844 "integerValue": "A String",
3845 },
3846 },
3847 },
3848 "condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
3849 # given `RecordCondition`. The conditions are allowed to reference fields
3850 # that are not used in the actual transformation. [optional]
3851 #
3852 # Example Use Cases:
3853 #
3854 # - Apply a different bucket transformation to an age column if the zip code
3855 # column for the same record is within a specific range.
3856 # - Redact a field if the date of birth field is greater than 85.
3857 # a field.
3858 "expressions": { # An expression, consisting or an operator and conditions. # An expression.
3859 "conditions": { # A collection of conditions.
3860 "conditions": [
3861 { # The field type of `value` and `field` do not need to match to be
3862 # considered equal, but not all comparisons are possible.
3863 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
3864 # but all other comparisons are invalid with incompatible types.
3865 # A `value` of type:
3866 #
3867 # - `string` can be compared against all other types
3868 # - `boolean` can only be compared against other booleans
3869 # - `integer` can be compared against doubles or a string if the string value
3870 # can be parsed as an integer.
3871 # - `double` can be compared against integers or a string if the string can
3872 # be parsed as a double.
3873 # - `Timestamp` can be compared against strings in RFC 3339 date string
3874 # format.
3875 # - `TimeOfDay` can be compared against timestamps and strings in the format
3876 # of 'HH:mm:ss'.
3877 #
3878 # If we fail to compare do to type mismatch, a warning will be given and
3879 # the condition will evaluate to false.
3880 "operator": "A String", # Operator used to compare the field or infoType to the value. [required]
3881 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required]
3882 "name": "A String", # Name describing the field.
3883 },
3884 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.]
3885 # Note that for the purposes of inspection or transformation, the number
3886 # of bytes considered to comprise a 'Value' is based on its representation
3887 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
3888 # 123456789, the number of bytes would be counted as 9, even though an
3889 # int64 only holds up to 8 bytes of data.
3890 "floatValue": 3.14,
3891 "timestampValue": "A String",
3892 "dayOfWeekValue": "A String",
3893 "timeValue": { # Represents a time of day. The date and time zone are either not significant
3894 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3895 # types are google.type.Date and `google.protobuf.Timestamp`.
3896 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3897 # to allow the value "24:00:00" for scenarios like business closing time.
3898 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3899 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3900 # allow the value 60 if it allows leap-seconds.
3901 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
3902 },
3903 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
3904 # and time zone are either specified elsewhere or are not significant. The date
3905 # is relative to the Proleptic Gregorian Calendar. This can represent:
3906 #
3907 # * A full date, with non-zero year, month and day values
3908 # * A month and day value, with a zero year, e.g. an anniversary
3909 # * A year on its own, with zero month and day values
3910 # * A year and month value, with a zero day, e.g. a credit card expiration date
3911 #
3912 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3913 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3914 # a year.
3915 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3916 # if specifying a year by itself or a year and month where the day is not
3917 # significant.
3918 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3919 # month and day.
3920 },
3921 "stringValue": "A String",
3922 "booleanValue": True or False,
3923 "integerValue": "A String",
3924 },
3925 },
3926 ],
3927 },
3928 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
3929 # only supported value is `AND`.
3930 },
3931 },
3932 "fields": [ # Input field(s) to apply the transformation to. [required]
3933 { # General identifier of a data field in a storage service.
3934 "name": "A String", # Name describing the field.
3935 },
3936 ],
3937 },
3938 ],
3939 "transformedBytes": "A String", # Total size in bytes that were transformed in some way.
3940 "transformation": { # A rule for transforming a value. # The specific transformation these stats apply to.
3941 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a
3942 # fixed character. Masking can start from the beginning or end of the string.
3943 # This can be used on data of any type (numbers, longs, and so on) and when
3944 # de-identifying structured data we'll attempt to preserve the original data's
3945 # type. (This allows you to take a long like 123 and modify it to a string like
3946 # **3.
3947 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing.
3948 # For example, if your string is 555-555-5555 and you ask us to skip `-` and
3949 # mask 5 chars with * we would produce ***-*55-5555.
3950 { # Characters to skip when doing deidentification of a value. These will be left
3951 # alone and skipped.
3952 "commonCharactersToIgnore": "A String",
3953 "charactersToSkip": "A String",
3954 },
3955 ],
3956 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
3957 # masked. Skipped characters do not count towards this tally.
3958 "maskingCharacter": "A String", # Character to mask the sensitive values&mdash;for example, "*" for an
3959 # alphabetic string such as name, or "0" for a numeric string such as ZIP
3960 # code or credit card number. String must have length 1. If not supplied, we
3961 # will default to "*" for strings, 0 for digits.
3962 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
3963 # '0', number_to_mask is 14, and `reverse_order` is false, then
3964 # 1234-5678-9012-3456 -> 00000000000000-3456
3965 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order`
3966 # is true, then 12345 -> 12***
3967 },
3968 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation`
3969 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
3970 # output would be 'My phone number is '.
3971 },
3972 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given
3973 # input. Outputs a base64 encoded representation of the encrypted output.
3974 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
3975 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
3976 # a key encryption key (KEK) stored by KMS).
3977 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
3978 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
3979 # unwrap the data crypto key.
3980 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
3981 # The wrapped key must be a 128/192/256 bit key.
3982 # Authorization requires the following IAM permissions when sending a request
3983 # to perform a crypto transformation using a kms-wrapped crypto key:
3984 # dlp.kms.encrypt
3985 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
3986 "wrappedKey": "A String", # The wrapped data crypto key. [required]
3987 },
3988 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
3989 # leaking the key. Choose another type of key if possible.
3990 "key": "A String", # A 128/192/256 bit key. [required]
3991 },
3992 "transient": { # Use this to have a random data crypto key generated.
3993 # It will be discarded after the request finishes.
3994 "name": "A String", # Name of the key. [required]
3995 # This is an arbitrary string used to differentiate different keys.
3996 # A unique key is generated per name: two separate `TransientCryptoKey`
3997 # protos share the same generated key if their names are the same.
3998 # When the data crypto key is generated, this name is not used in any way
3999 # (repeating the api call will result in a different key being generated).
4000 },
4001 },
4002 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining
4003 # referential integrity such that the same identifier in two different
4004 # contexts will be given a distinct surrogate. The context is appended to
4005 # plaintext value being encrypted. On decryption the provided context is
4006 # validated against the value used during encryption. If a context was
4007 # provided during encryption, same context must be provided during decryption
4008 # as well.
4009 #
4010 # If the context is not set, plaintext would be used as is for encryption.
4011 # If the context is set but:
4012 #
4013 # 1. there is no record present when transforming a given value or
4014 # 2. the field is not present when transforming a given value,
4015 #
4016 # plaintext would be used as is for encryption.
4017 #
4018 # Note that case (1) is expected when an `InfoTypeTransformation` is
4019 # applied to both structured and non-structured `ContentItem`s.
4020 "name": "A String", # Name describing the field.
4021 },
4022 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
4023 # This annotation will be applied to the surrogate by prefixing it with
4024 # the name of the custom info type followed by the number of
4025 # characters comprising the surrogate. The following scheme defines the
4026 # format: <info type name>(<surrogate character count>):<surrogate>
4027 #
4028 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
4029 # the surrogate is 'abc', the full replacement value
4030 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
4031 #
4032 # This annotation identifies the surrogate when inspecting content using the
4033 # custom info type 'Surrogate'. This facilitates reversal of the
4034 # surrogate when it occurs in free text.
4035 #
4036 # In order for inspection to work properly, the name of this info type must
4037 # not occur naturally anywhere in your data; otherwise, inspection may either
4038 #
4039 # - reverse a surrogate that does not correspond to an actual identifier
4040 # - be unable to parse the surrogate and result in an error
4041 #
4042 # Therefore, choose your custom info type name carefully after considering
4043 # what your data looks like. One way to select a name that has a high chance
4044 # of yielding reliable detection is to include one or more unicode characters
4045 # that are highly improbable to exist in your data.
4046 # For example, assuming your data is entered from a regular ASCII keyboard,
4047 # the symbol with the hex code point 29DD might be used like so:
4048 # ⧝MY_TOKEN_TYPE
4049 "name": "A String", # Name of the information type. Either a name of your choosing when
4050 # creating a CustomInfoType, or one of the names listed
4051 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
4052 # a built-in type. InfoType names should conform to the pattern
4053 # [a-zA-Z0-9_]{1,64}.
4054 },
4055 },
4056 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The
4057 # Bucketing transformation can provide all of this functionality,
4058 # but requires more configuration. This message is provided as a convenience to
4059 # the user for simple bucketing strategies.
4060 #
4061 # The transformed value will be a hyphenated string of
4062 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20
4063 # all values that are within this bucket will be replaced with "10-20".
4064 #
4065 # This can be used on data of type: double, long.
4066 #
4067 # If the bound Value type differs from the type of data
4068 # being transformed, we will first attempt converting the type of the data to
4069 # be transformed to match the type of the bound before comparing.
4070 #
4071 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
4072 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are
4073 # grouped together into a single bucket; for example if `lower_bound` = 10,
4074 # then all values less than 10 are replaced with the value “-10”. [Required].
4075 # Note that for the purposes of inspection or transformation, the number
4076 # of bytes considered to comprise a 'Value' is based on its representation
4077 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
4078 # 123456789, the number of bytes would be counted as 9, even though an
4079 # int64 only holds up to 8 bytes of data.
4080 "floatValue": 3.14,
4081 "timestampValue": "A String",
4082 "dayOfWeekValue": "A String",
4083 "timeValue": { # Represents a time of day. The date and time zone are either not significant
4084 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4085 # types are google.type.Date and `google.protobuf.Timestamp`.
4086 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4087 # to allow the value "24:00:00" for scenarios like business closing time.
4088 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4089 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4090 # allow the value 60 if it allows leap-seconds.
4091 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
4092 },
4093 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
4094 # and time zone are either specified elsewhere or are not significant. The date
4095 # is relative to the Proleptic Gregorian Calendar. This can represent:
4096 #
4097 # * A full date, with non-zero year, month and day values
4098 # * A month and day value, with a zero year, e.g. an anniversary
4099 # * A year on its own, with zero month and day values
4100 # * A year and month value, with a zero day, e.g. a credit card expiration date
4101 #
4102 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4103 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4104 # a year.
4105 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4106 # if specifying a year by itself or a year and month where the day is not
4107 # significant.
4108 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4109 # month and day.
4110 },
4111 "stringValue": "A String",
4112 "booleanValue": True or False,
4113 "integerValue": "A String",
4114 },
4115 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are
4116 # grouped together into a single bucket; for example if `upper_bound` = 89,
4117 # then all values greater than 89 are replaced with the value “89+”.
4118 # [Required].
4119 # Note that for the purposes of inspection or transformation, the number
4120 # of bytes considered to comprise a 'Value' is based on its representation
4121 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
4122 # 123456789, the number of bytes would be counted as 9, even though an
4123 # int64 only holds up to 8 bytes of data.
4124 "floatValue": 3.14,
4125 "timestampValue": "A String",
4126 "dayOfWeekValue": "A String",
4127 "timeValue": { # Represents a time of day. The date and time zone are either not significant
4128 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4129 # types are google.type.Date and `google.protobuf.Timestamp`.
4130 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4131 # to allow the value "24:00:00" for scenarios like business closing time.
4132 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4133 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4134 # allow the value 60 if it allows leap-seconds.
4135 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
4136 },
4137 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
4138 # and time zone are either specified elsewhere or are not significant. The date
4139 # is relative to the Proleptic Gregorian Calendar. This can represent:
4140 #
4141 # * A full date, with non-zero year, month and day values
4142 # * A month and day value, with a zero year, e.g. an anniversary
4143 # * A year on its own, with zero month and day values
4144 # * A year and month value, with a zero day, e.g. a credit card expiration date
4145 #
4146 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4147 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4148 # a year.
4149 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4150 # if specifying a year by itself or a year and month where the day is not
4151 # significant.
4152 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4153 # month and day.
4154 },
4155 "stringValue": "A String",
4156 "booleanValue": True or False,
4157 "integerValue": "A String",
4158 },
4159 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if
4160 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
4161 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
4162 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required].
4163 },
4164 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type.
4165 },
4166 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a
4167 # portion of the value.
4168 "partToExtract": "A String",
4169 },
4170 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing.
4171 # Uses SHA-256.
4172 # The key size must be either 32 or 64 bytes.
4173 # Outputs a base64 encoded representation of the hashed output
4174 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
4175 # Currently, only string and integer values can be hashed.
4176 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
4177 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
4178 # a key encryption key (KEK) stored by KMS).
4179 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
4180 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
4181 # unwrap the data crypto key.
4182 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
4183 # The wrapped key must be a 128/192/256 bit key.
4184 # Authorization requires the following IAM permissions when sending a request
4185 # to perform a crypto transformation using a kms-wrapped crypto key:
4186 # dlp.kms.encrypt
4187 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
4188 "wrappedKey": "A String", # The wrapped data crypto key. [required]
4189 },
4190 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
4191 # leaking the key. Choose another type of key if possible.
4192 "key": "A String", # A 128/192/256 bit key. [required]
4193 },
4194 "transient": { # Use this to have a random data crypto key generated.
4195 # It will be discarded after the request finishes.
4196 "name": "A String", # Name of the key. [required]
4197 # This is an arbitrary string used to differentiate different keys.
4198 # A unique key is generated per name: two separate `TransientCryptoKey`
4199 # protos share the same generated key if their names are the same.
4200 # When the data crypto key is generated, this name is not used in any way
4201 # (repeating the api call will result in a different key being generated).
4202 },
4203 },
4204 },
4205 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the
4206 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
4207 # to learn more.
4208 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
4209 # results in the same shift for the same context and crypto_key.
4210 # a key encryption key (KEK) stored by KMS).
4211 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
4212 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
4213 # unwrap the data crypto key.
4214 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
4215 # The wrapped key must be a 128/192/256 bit key.
4216 # Authorization requires the following IAM permissions when sending a request
4217 # to perform a crypto transformation using a kms-wrapped crypto key:
4218 # dlp.kms.encrypt
4219 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
4220 "wrappedKey": "A String", # The wrapped data crypto key. [required]
4221 },
4222 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
4223 # leaking the key. Choose another type of key if possible.
4224 "key": "A String", # A 128/192/256 bit key. [required]
4225 },
4226 "transient": { # Use this to have a random data crypto key generated.
4227 # It will be discarded after the request finishes.
4228 "name": "A String", # Name of the key. [required]
4229 # This is an arbitrary string used to differentiate different keys.
4230 # A unique key is generated per name: two separate `TransientCryptoKey`
4231 # protos share the same generated key if their names are the same.
4232 # When the data crypto key is generated, this name is not used in any way
4233 # (repeating the api call will result in a different key being generated).
4234 },
4235 },
4236 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past.
4237 # [Required]
4238 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this
4239 # range (inclusive ends). Negative means shift to earlier in time. Must not
4240 # be more than 365250 days (1000 years) each direction.
4241 #
4242 # For example, 3 means shift date to at most 3 days into the future.
4243 # [Required]
4244 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
4245 # If set, must also set method. If set, shift will be consistent for the
4246 # given context.
4247 "name": "A String", # Name describing the field.
4248 },
4249 },
4250 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and
4251 # replacement values are dynamically provided by the user for custom behavior,
4252 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH
4253 # This can be used on
4254 # data of type: number, long, string, timestamp.
4255 # If the bound `Value` type differs from the type of data being transformed, we
4256 # will first attempt converting the type of the data to be transformed to match
4257 # the type of the bound before comparing.
4258 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
4259 "buckets": [ # Set of buckets. Ranges must be non-overlapping.
4260 { # Bucket is represented as a range, along with replacement values.
4261 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
4262 # Note that for the purposes of inspection or transformation, the number
4263 # of bytes considered to comprise a 'Value' is based on its representation
4264 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
4265 # 123456789, the number of bytes would be counted as 9, even though an
4266 # int64 only holds up to 8 bytes of data.
4267 "floatValue": 3.14,
4268 "timestampValue": "A String",
4269 "dayOfWeekValue": "A String",
4270 "timeValue": { # Represents a time of day. The date and time zone are either not significant
4271 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4272 # types are google.type.Date and `google.protobuf.Timestamp`.
4273 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4274 # to allow the value "24:00:00" for scenarios like business closing time.
4275 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4276 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4277 # allow the value 60 if it allows leap-seconds.
4278 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
4279 },
4280 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
4281 # and time zone are either specified elsewhere or are not significant. The date
4282 # is relative to the Proleptic Gregorian Calendar. This can represent:
4283 #
4284 # * A full date, with non-zero year, month and day values
4285 # * A month and day value, with a zero year, e.g. an anniversary
4286 # * A year on its own, with zero month and day values
4287 # * A year and month value, with a zero day, e.g. a credit card expiration date
4288 #
4289 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4290 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4291 # a year.
4292 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4293 # if specifying a year by itself or a year and month where the day is not
4294 # significant.
4295 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4296 # month and day.
4297 },
4298 "stringValue": "A String",
4299 "booleanValue": True or False,
4300 "integerValue": "A String",
4301 },
4302 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
4303 # the default behavior will be to hyphenate the min-max range.
4304 # Note that for the purposes of inspection or transformation, the number
4305 # of bytes considered to comprise a 'Value' is based on its representation
4306 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
4307 # 123456789, the number of bytes would be counted as 9, even though an
4308 # int64 only holds up to 8 bytes of data.
4309 "floatValue": 3.14,
4310 "timestampValue": "A String",
4311 "dayOfWeekValue": "A String",
4312 "timeValue": { # Represents a time of day. The date and time zone are either not significant
4313 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4314 # types are google.type.Date and `google.protobuf.Timestamp`.
4315 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4316 # to allow the value "24:00:00" for scenarios like business closing time.
4317 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4318 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4319 # allow the value 60 if it allows leap-seconds.
4320 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
4321 },
4322 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
4323 # and time zone are either specified elsewhere or are not significant. The date
4324 # is relative to the Proleptic Gregorian Calendar. This can represent:
4325 #
4326 # * A full date, with non-zero year, month and day values
4327 # * A month and day value, with a zero year, e.g. an anniversary
4328 # * A year on its own, with zero month and day values
4329 # * A year and month value, with a zero day, e.g. a credit card expiration date
4330 #
4331 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4332 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4333 # a year.
4334 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4335 # if specifying a year by itself or a year and month where the day is not
4336 # significant.
4337 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4338 # month and day.
4339 },
4340 "stringValue": "A String",
4341 "booleanValue": True or False,
4342 "integerValue": "A String",
4343 },
4344 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
4345 # used.
4346 # Note that for the purposes of inspection or transformation, the number
4347 # of bytes considered to comprise a 'Value' is based on its representation
4348 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
4349 # 123456789, the number of bytes would be counted as 9, even though an
4350 # int64 only holds up to 8 bytes of data.
4351 "floatValue": 3.14,
4352 "timestampValue": "A String",
4353 "dayOfWeekValue": "A String",
4354 "timeValue": { # Represents a time of day. The date and time zone are either not significant
4355 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4356 # types are google.type.Date and `google.protobuf.Timestamp`.
4357 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4358 # to allow the value "24:00:00" for scenarios like business closing time.
4359 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4360 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4361 # allow the value 60 if it allows leap-seconds.
4362 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
4363 },
4364 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
4365 # and time zone are either specified elsewhere or are not significant. The date
4366 # is relative to the Proleptic Gregorian Calendar. This can represent:
4367 #
4368 # * A full date, with non-zero year, month and day values
4369 # * A month and day value, with a zero year, e.g. an anniversary
4370 # * A year on its own, with zero month and day values
4371 # * A year and month value, with a zero day, e.g. a credit card expiration date
4372 #
4373 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4374 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4375 # a year.
4376 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4377 # if specifying a year by itself or a year and month where the day is not
4378 # significant.
4379 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4380 # month and day.
4381 },
4382 "stringValue": "A String",
4383 "booleanValue": True or False,
4384 "integerValue": "A String",
4385 },
4386 },
4387 ],
4388 },
4389 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption
4390 # (FPE) with the FFX mode of operation; however when used in the
4391 # `ReidentifyContent` API method, it serves the opposite function by reversing
4392 # the surrogate back into the original identifier. The identifier must be
4393 # encoded as ASCII. For a given crypto key and context, the same identifier
4394 # will be replaced with the same surrogate. Identifiers must be at least two
4395 # characters long. In the case that the identifier is the empty string, it will
4396 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
4397 # more.
4398 #
4399 # Note: We recommend using CryptoDeterministicConfig for all use cases which
4400 # do not require preserving the input alphabet space and size, plus warrant
4401 # referential integrity.
4402 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required]
4403 # a key encryption key (KEK) stored by KMS).
4404 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
4405 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
4406 # unwrap the data crypto key.
4407 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
4408 # The wrapped key must be a 128/192/256 bit key.
4409 # Authorization requires the following IAM permissions when sending a request
4410 # to perform a crypto transformation using a kms-wrapped crypto key:
4411 # dlp.kms.encrypt
4412 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
4413 "wrappedKey": "A String", # The wrapped data crypto key. [required]
4414 },
4415 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
4416 # leaking the key. Choose another type of key if possible.
4417 "key": "A String", # A 128/192/256 bit key. [required]
4418 },
4419 "transient": { # Use this to have a random data crypto key generated.
4420 # It will be discarded after the request finishes.
4421 "name": "A String", # Name of the key. [required]
4422 # This is an arbitrary string used to differentiate different keys.
4423 # A unique key is generated per name: two separate `TransientCryptoKey`
4424 # protos share the same generated key if their names are the same.
4425 # When the data crypto key is generated, this name is not used in any way
4426 # (repeating the api call will result in a different key being generated).
4427 },
4428 },
4429 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62].
4430 "commonAlphabet": "A String",
4431 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
4432 # that the FFX mode natively supports. This happens before/after
4433 # encryption/decryption.
4434 # Each character listed must appear only once.
4435 # Number of characters must be in the range [2, 62].
4436 # This must be encoded as ASCII.
4437 # The order of characters does not matter.
4438 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
4439 # identifier in two different contexts won't be given the same surrogate. If
4440 # the context is not set, a default tweak will be used.
4441 #
4442 # If the context is set but:
4443 #
4444 # 1. there is no record present when transforming a given value or
4445 # 1. the field is not present when transforming a given value,
4446 #
4447 # a default tweak will be used.
4448 #
4449 # Note that case (1) is expected when an `InfoTypeTransformation` is
4450 # applied to both structured and non-structured `ContentItem`s.
4451 # Currently, the referenced field may be of value type integer or string.
4452 #
4453 # The tweak is constructed as a sequence of bytes in big endian byte order
4454 # such that:
4455 #
4456 # - a 64 bit integer is encoded followed by a single byte of value 1
4457 # - a string is encoded in UTF-8 format followed by a single byte of value 2
4458 "name": "A String", # Name describing the field.
4459 },
4460 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
4461 # This annotation will be applied to the surrogate by prefixing it with
4462 # the name of the custom infoType followed by the number of
4463 # characters comprising the surrogate. The following scheme defines the
4464 # format: info_type_name(surrogate_character_count):surrogate
4465 #
4466 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
4467 # the surrogate is 'abc', the full replacement value
4468 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
4469 #
4470 # This annotation identifies the surrogate when inspecting content using the
4471 # custom infoType
4472 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
4473 # This facilitates reversal of the surrogate when it occurs in free text.
4474 #
4475 # In order for inspection to work properly, the name of this infoType must
4476 # not occur naturally anywhere in your data; otherwise, inspection may
4477 # find a surrogate that does not correspond to an actual identifier.
4478 # Therefore, choose your custom infoType name carefully after considering
4479 # what your data looks like. One way to select a name that has a high chance
4480 # of yielding reliable detection is to include one or more unicode characters
4481 # that are highly improbable to exist in your data.
4482 # For example, assuming your data is entered from a regular ASCII keyboard,
4483 # the symbol with the hex code point 29DD might be used like so:
4484 # ⧝MY_TOKEN_TYPE
4485 "name": "A String", # Name of the information type. Either a name of your choosing when
4486 # creating a CustomInfoType, or one of the names listed
4487 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
4488 # a built-in type. InfoType names should conform to the pattern
4489 # [a-zA-Z0-9_]{1,64}.
4490 },
4491 },
4492 "replaceConfig": { # Replace each input value with a given `Value`.
4493 "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
4494 # Note that for the purposes of inspection or transformation, the number
4495 # of bytes considered to comprise a 'Value' is based on its representation
4496 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
4497 # 123456789, the number of bytes would be counted as 9, even though an
4498 # int64 only holds up to 8 bytes of data.
4499 "floatValue": 3.14,
4500 "timestampValue": "A String",
4501 "dayOfWeekValue": "A String",
4502 "timeValue": { # Represents a time of day. The date and time zone are either not significant
4503 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4504 # types are google.type.Date and `google.protobuf.Timestamp`.
4505 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4506 # to allow the value "24:00:00" for scenarios like business closing time.
4507 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4508 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4509 # allow the value 60 if it allows leap-seconds.
4510 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
4511 },
4512 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
4513 # and time zone are either specified elsewhere or are not significant. The date
4514 # is relative to the Proleptic Gregorian Calendar. This can represent:
4515 #
4516 # * A full date, with non-zero year, month and day values
4517 # * A month and day value, with a zero year, e.g. an anniversary
4518 # * A year on its own, with zero month and day values
4519 # * A year and month value, with a zero day, e.g. a credit card expiration date
4520 #
4521 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4522 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4523 # a year.
4524 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4525 # if specifying a year by itself or a year and month where the day is not
4526 # significant.
4527 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4528 # month and day.
4529 },
4530 "stringValue": "A String",
4531 "booleanValue": True or False,
4532 "integerValue": "A String",
4533 },
4534 },
4535 },
4536 },
4537 ],
4538 "transformedBytes": "A String", # Total size in bytes that were transformed in some way.
4539 },
4540 "item": { # Container structure for the content to inspect. # The de-identified item.
4541 "table": { # Structured content to inspect. Up to 50,000 `Value`s per request allowed. # Structured content for inspection. See
4542 # https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
4543 # learn more.
4544 # See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
4545 # learn more.
4546 "headers": [
4547 { # General identifier of a data field in a storage service.
4548 "name": "A String", # Name describing the field.
4549 },
4550 ],
4551 "rows": [
4552 {
4553 "values": [
4554 { # Set of primitive values supported by the system.
4555 # Note that for the purposes of inspection or transformation, the number
4556 # of bytes considered to comprise a 'Value' is based on its representation
4557 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
4558 # 123456789, the number of bytes would be counted as 9, even though an
4559 # int64 only holds up to 8 bytes of data.
4560 "floatValue": 3.14,
4561 "timestampValue": "A String",
4562 "dayOfWeekValue": "A String",
4563 "timeValue": { # Represents a time of day. The date and time zone are either not significant
4564 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4565 # types are google.type.Date and `google.protobuf.Timestamp`.
4566 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4567 # to allow the value "24:00:00" for scenarios like business closing time.
4568 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4569 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4570 # allow the value 60 if it allows leap-seconds.
4571 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
4572 },
4573 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
4574 # and time zone are either specified elsewhere or are not significant. The date
4575 # is relative to the Proleptic Gregorian Calendar. This can represent:
4576 #
4577 # * A full date, with non-zero year, month and day values
4578 # * A month and day value, with a zero year, e.g. an anniversary
4579 # * A year on its own, with zero month and day values
4580 # * A year and month value, with a zero day, e.g. a credit card expiration date
4581 #
4582 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4583 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4584 # a year.
4585 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4586 # if specifying a year by itself or a year and month where the day is not
4587 # significant.
4588 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4589 # month and day.
4590 },
4591 "stringValue": "A String",
4592 "booleanValue": True or False,
4593 "integerValue": "A String",
4594 },
4595 ],
4596 },
4597 ],
4598 },
4599 "byteItem": { # Container for bytes to inspect or redact. # Content data to inspect or redact. Replaces `type` and `data`.
4600 "type": "A String", # The type of data stored in the bytes string. Default will be TEXT_UTF8.
4601 "data": "A String", # Content data to inspect or redact.
4602 },
4603 "value": "A String", # String data to inspect or redact.
4604 },
4605 }</pre>
4606</div>
4607
4608<div class="method">
4609 <code class="details" id="inspect">inspect(parent, body, x__xgafv=None)</code>
4610 <pre>Finds potentially sensitive info in content.
4611This method has limits on input size, processing time, and output size.
4612
4613When no InfoTypes or CustomInfoTypes are specified in this request, the
4614system will automatically choose what detectors to run. By default this may
4615be all types, but may change over time as detectors are updated.
4616
4617For how to guides, see https://cloud.google.com/dlp/docs/inspecting-images
4618and https://cloud.google.com/dlp/docs/inspecting-text,
4619
4620Args:
4621 parent: string, The parent resource name, for example projects/my-project-id. (required)
4622 body: object, The request body. (required)
4623 The object takes the form of:
4624
4625{ # Request to search for potentially sensitive info in a ContentItem.
4626 "item": { # Container structure for the content to inspect. # The item to inspect.
4627 "table": { # Structured content to inspect. Up to 50,000 `Value`s per request allowed. # Structured content for inspection. See
4628 # https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
4629 # learn more.
4630 # See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
4631 # learn more.
4632 "headers": [
4633 { # General identifier of a data field in a storage service.
4634 "name": "A String", # Name describing the field.
4635 },
4636 ],
4637 "rows": [
4638 {
4639 "values": [
4640 { # Set of primitive values supported by the system.
4641 # Note that for the purposes of inspection or transformation, the number
4642 # of bytes considered to comprise a 'Value' is based on its representation
4643 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
4644 # 123456789, the number of bytes would be counted as 9, even though an
4645 # int64 only holds up to 8 bytes of data.
4646 "floatValue": 3.14,
4647 "timestampValue": "A String",
4648 "dayOfWeekValue": "A String",
4649 "timeValue": { # Represents a time of day. The date and time zone are either not significant
4650 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4651 # types are google.type.Date and `google.protobuf.Timestamp`.
4652 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4653 # to allow the value "24:00:00" for scenarios like business closing time.
4654 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4655 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4656 # allow the value 60 if it allows leap-seconds.
4657 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
4658 },
4659 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
4660 # and time zone are either specified elsewhere or are not significant. The date
4661 # is relative to the Proleptic Gregorian Calendar. This can represent:
4662 #
4663 # * A full date, with non-zero year, month and day values
4664 # * A month and day value, with a zero year, e.g. an anniversary
4665 # * A year on its own, with zero month and day values
4666 # * A year and month value, with a zero day, e.g. a credit card expiration date
4667 #
4668 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4669 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4670 # a year.
4671 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4672 # if specifying a year by itself or a year and month where the day is not
4673 # significant.
4674 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4675 # month and day.
4676 },
4677 "stringValue": "A String",
4678 "booleanValue": True or False,
4679 "integerValue": "A String",
4680 },
4681 ],
4682 },
4683 ],
4684 },
4685 "byteItem": { # Container for bytes to inspect or redact. # Content data to inspect or redact. Replaces `type` and `data`.
4686 "type": "A String", # The type of data stored in the bytes string. Default will be TEXT_UTF8.
4687 "data": "A String", # Content data to inspect or redact.
4688 },
4689 "value": "A String", # String data to inspect or redact.
4690 },
4691 "inspectConfig": { # Configuration description of the scanning process. # Configuration for the inspector. What specified here will override
4692 # the template referenced by the inspect_template_name argument.
4693 # When used with redactContent only info_types and min_likelihood are currently
4694 # used.
4695 "excludeInfoTypes": True or False, # When true, excludes type information of the findings.
4696 "limits": {
4697 "maxFindingsPerRequest": 42, # Max number of findings that will be returned per request/job.
4698 # When set within `InspectContentRequest`, the maximum returned is 2000
4699 # regardless if this is set higher.
4700 "maxFindingsPerInfoType": [ # Configuration of findings limit given for specified infoTypes.
4701 { # Max findings configuration per infoType, per content item or long
4702 # running DlpJob.
4703 "infoType": { # Type of information detected by the API. # Type of information the findings limit applies to. Only one limit per
4704 # info_type should be provided. If InfoTypeLimit does not have an
4705 # info_type, the DLP API applies the limit against all info_types that
4706 # are found but not specified in another InfoTypeLimit.
4707 "name": "A String", # Name of the information type. Either a name of your choosing when
4708 # creating a CustomInfoType, or one of the names listed
4709 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
4710 # a built-in type. InfoType names should conform to the pattern
4711 # [a-zA-Z0-9_]{1,64}.
4712 },
4713 "maxFindings": 42, # Max findings limit for the given infoType.
4714 },
4715 ],
4716 "maxFindingsPerItem": 42, # Max number of findings that will be returned for each item scanned.
4717 # When set within `InspectDataSourceRequest`,
4718 # the maximum returned is 2000 regardless if this is set higher.
4719 # When set within `InspectContentRequest`, this field is ignored.
4720 },
4721 "minLikelihood": "A String", # Only returns findings equal or above this threshold. The default is
4722 # POSSIBLE.
4723 # See https://cloud.google.com/dlp/docs/likelihood to learn more.
4724 "customInfoTypes": [ # CustomInfoTypes provided by the user. See
4725 # https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.
4726 { # Custom information type provided by the user. Used to find domain-specific
4727 # sensitive information configurable to the data in question.
4728 "regex": { # Message defining a custom regular expression. # Regular expression based CustomInfoType.
4729 "pattern": "A String", # Pattern defining the regular expression. Its syntax
4730 # (https://github.com/google/re2/wiki/Syntax) can be found under the
4731 # google/re2 repository on GitHub.
4732 "groupIndexes": [ # The index of the submatch to extract as findings. When not
4733 # specified, the entire match is returned. No more than 3 may be included.
4734 42,
4735 ],
4736 },
4737 "surrogateType": { # Message for detecting output from deidentification transformations # Message for detecting output from deidentification transformations that
4738 # support reversing.
4739 # such as
4740 # [`CryptoReplaceFfxFpeConfig`](/dlp/docs/reference/rest/v2/organizations.deidentifyTemplates#cryptoreplaceffxfpeconfig).
4741 # These types of transformations are
4742 # those that perform pseudonymization, thereby producing a "surrogate" as
4743 # output. This should be used in conjunction with a field on the
4744 # transformation such as `surrogate_info_type`. This CustomInfoType does
4745 # not support the use of `detection_rules`.
4746 },
4747 "infoType": { # Type of information detected by the API. # CustomInfoType can either be a new infoType, or an extension of built-in
4748 # infoType, when the name matches one of existing infoTypes and that infoType
4749 # is specified in `InspectContent.info_types` field. Specifying the latter
4750 # adds findings to the one detected by the system. If built-in info type is
4751 # not specified in `InspectContent.info_types` list then the name is treated
4752 # as a custom info type.
4753 "name": "A String", # Name of the information type. Either a name of your choosing when
4754 # creating a CustomInfoType, or one of the names listed
4755 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
4756 # a built-in type. InfoType names should conform to the pattern
4757 # [a-zA-Z0-9_]{1,64}.
4758 },
4759 "dictionary": { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType.
4760 # be used to match sensitive information specific to the data, such as a list
4761 # of employee IDs or job titles.
4762 #
4763 # Dictionary words are case-insensitive and all characters other than letters
4764 # and digits in the unicode [Basic Multilingual
4765 # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane)
4766 # will be replaced with whitespace when scanning for matches, so the
4767 # dictionary phrase "Sam Johnson" will match all three phrases "sam johnson",
4768 # "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters
4769 # surrounding any match must be of a different type than the adjacent
4770 # characters within the word, so letters must be next to non-letters and
4771 # digits next to non-digits. For example, the dictionary word "jen" will
4772 # match the first three letters of the text "jen123" but will return no
4773 # matches for "jennifer".
4774 #
4775 # Dictionary words containing a large number of characters that are not
4776 # letters or digits may result in unexpected findings because such characters
4777 # are treated as whitespace. The
4778 # [limits](https://cloud.google.com/dlp/limits) page contains details about
4779 # the size limits of dictionaries. For dictionaries that do not fit within
4780 # these constraints, consider using `LargeCustomDictionaryConfig` in the
4781 # `StoredInfoType` API.
4782 "wordList": { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for.
4783 "words": [ # Words or phrases defining the dictionary. The dictionary must contain
4784 # at least one phrase and every phrase must contain at least 2 characters
4785 # that are letters or digits. [required]
4786 "A String",
4787 ],
4788 },
4789 "cloudStoragePath": { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file
4790 # is accepted.
4791 "path": "A String", # A url representing a file or path (no wildcards) in Cloud Storage.
4792 # Example: gs://[BUCKET_NAME]/dictionary.txt
4793 },
4794 },
4795 "storedType": { # A reference to a StoredInfoType to use with scanning. # Load an existing `StoredInfoType` resource for use in
4796 # `InspectDataSource`. Not currently supported in `InspectContent`.
4797 "name": "A String", # Resource name of the requested `StoredInfoType`, for example
4798 # `organizations/433245324/storedInfoTypes/432452342` or
4799 # `projects/project-id/storedInfoTypes/432452342`.
4800 "createTime": "A String", # Timestamp indicating when the version of the `StoredInfoType` used for
4801 # inspection was created. Output-only field, populated by the system.
4802 },
4803 "detectionRules": [ # Set of detection rules to apply to all findings of this CustomInfoType.
4804 # Rules are applied in order that they are specified. Not supported for the
4805 # `surrogate_type` CustomInfoType.
4806 { # Deprecated; use `InspectionRuleSet` instead. Rule for modifying a
4807 # `CustomInfoType` to alter behavior under certain circumstances, depending
4808 # on the specific details of the rule. Not supported for the `surrogate_type`
4809 # custom infoType.
4810 "hotwordRule": { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule.
4811 # proximity of hotwords.
4812 "proximity": { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside.
4813 # The total length of the window cannot exceed 1000 characters. Note that
4814 # the finding itself will be included in the window, so that hotwords may
4815 # be used to match substrings of the finding itself. For example, the
4816 # certainty of a phone number regex "\(\d{3}\) \d{3}-\d{4}" could be
4817 # adjusted upwards if the area code is known to be the local area code of
4818 # a company office using the hotword regex "\(xxx\)", where "xxx"
4819 # is the area code in question.
4820 # rule.
4821 "windowAfter": 42, # Number of characters after the finding to consider.
4822 "windowBefore": 42, # Number of characters before the finding to consider.
4823 },
4824 "hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
4825 "pattern": "A String", # Pattern defining the regular expression. Its syntax
4826 # (https://github.com/google/re2/wiki/Syntax) can be found under the
4827 # google/re2 repository on GitHub.
4828 "groupIndexes": [ # The index of the submatch to extract as findings. When not
4829 # specified, the entire match is returned. No more than 3 may be included.
4830 42,
4831 ],
4832 },
4833 "likelihoodAdjustment": { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings.
4834 # part of a detection rule.
4835 "relativeLikelihood": 42, # Increase or decrease the likelihood by the specified number of
4836 # levels. For example, if a finding would be `POSSIBLE` without the
4837 # detection rule and `relative_likelihood` is 1, then it is upgraded to
4838 # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`.
4839 # Likelihood may never drop below `VERY_UNLIKELY` or exceed
4840 # `VERY_LIKELY`, so applying an adjustment of 1 followed by an
4841 # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in
4842 # a final likelihood of `LIKELY`.
4843 "fixedLikelihood": "A String", # Set the likelihood of a finding to a fixed value.
4844 },
4845 },
4846 },
4847 ],
4848 "exclusionType": "A String", # If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding
4849 # to be returned. It still can be used for rules matching.
4850 "likelihood": "A String", # Likelihood to return for this CustomInfoType. This base value can be
4851 # altered by a detection rule if the finding meets the criteria specified by
4852 # the rule. Defaults to `VERY_LIKELY` if not specified.
4853 },
4854 ],
4855 "includeQuote": True or False, # When true, a contextual quote from the data that triggered a finding is
4856 # included in the response; see Finding.quote.
4857 "ruleSet": [ # Set of rules to apply to the findings for this InspectConfig.
4858 # Exclusion rules, contained in the set are executed in the end, other
4859 # rules are executed in the order they are specified for each info type.
4860 { # Rule set for modifying a set of infoTypes to alter behavior under certain
4861 # circumstances, depending on the specific details of the rules within the set.
4862 "rules": [ # Set of rules to be applied to infoTypes. The rules are applied in order.
4863 { # A single inspection rule to be applied to infoTypes, specified in
4864 # `InspectionRuleSet`.
4865 "hotwordRule": { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule.
4866 # proximity of hotwords.
4867 "proximity": { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside.
4868 # The total length of the window cannot exceed 1000 characters. Note that
4869 # the finding itself will be included in the window, so that hotwords may
4870 # be used to match substrings of the finding itself. For example, the
4871 # certainty of a phone number regex "\(\d{3}\) \d{3}-\d{4}" could be
4872 # adjusted upwards if the area code is known to be the local area code of
4873 # a company office using the hotword regex "\(xxx\)", where "xxx"
4874 # is the area code in question.
4875 # rule.
4876 "windowAfter": 42, # Number of characters after the finding to consider.
4877 "windowBefore": 42, # Number of characters before the finding to consider.
4878 },
4879 "hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
4880 "pattern": "A String", # Pattern defining the regular expression. Its syntax
4881 # (https://github.com/google/re2/wiki/Syntax) can be found under the
4882 # google/re2 repository on GitHub.
4883 "groupIndexes": [ # The index of the submatch to extract as findings. When not
4884 # specified, the entire match is returned. No more than 3 may be included.
4885 42,
4886 ],
4887 },
4888 "likelihoodAdjustment": { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings.
4889 # part of a detection rule.
4890 "relativeLikelihood": 42, # Increase or decrease the likelihood by the specified number of
4891 # levels. For example, if a finding would be `POSSIBLE` without the
4892 # detection rule and `relative_likelihood` is 1, then it is upgraded to
4893 # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`.
4894 # Likelihood may never drop below `VERY_UNLIKELY` or exceed
4895 # `VERY_LIKELY`, so applying an adjustment of 1 followed by an
4896 # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in
4897 # a final likelihood of `LIKELY`.
4898 "fixedLikelihood": "A String", # Set the likelihood of a finding to a fixed value.
4899 },
4900 },
4901 "exclusionRule": { # The rule that specifies conditions when findings of infoTypes specified in # Exclusion rule.
4902 # `InspectionRuleSet` are removed from results.
4903 "regex": { # Message defining a custom regular expression. # Regular expression which defines the rule.
4904 "pattern": "A String", # Pattern defining the regular expression. Its syntax
4905 # (https://github.com/google/re2/wiki/Syntax) can be found under the
4906 # google/re2 repository on GitHub.
4907 "groupIndexes": [ # The index of the submatch to extract as findings. When not
4908 # specified, the entire match is returned. No more than 3 may be included.
4909 42,
4910 ],
4911 },
4912 "excludeInfoTypes": { # List of exclude infoTypes. # Set of infoTypes for which findings would affect this rule.
4913 "infoTypes": [ # InfoType list in ExclusionRule rule drops a finding when it overlaps or
4914 # contained within with a finding of an infoType from this list. For
4915 # example, for `InspectionRuleSet.info_types` containing "PHONE_NUMBER"` and
4916 # `exclusion_rule` containing `exclude_info_types.info_types` with
4917 # "EMAIL_ADDRESS" the phone number findings are dropped if they overlap
4918 # with EMAIL_ADDRESS finding.
4919 # That leads to "555-222-2222@example.org" to generate only a single
4920 # finding, namely email address.
4921 { # Type of information detected by the API.
4922 "name": "A String", # Name of the information type. Either a name of your choosing when
4923 # creating a CustomInfoType, or one of the names listed
4924 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
4925 # a built-in type. InfoType names should conform to the pattern
4926 # [a-zA-Z0-9_]{1,64}.
4927 },
4928 ],
4929 },
4930 "dictionary": { # Custom information type based on a dictionary of words or phrases. This can # Dictionary which defines the rule.
4931 # be used to match sensitive information specific to the data, such as a list
4932 # of employee IDs or job titles.
4933 #
4934 # Dictionary words are case-insensitive and all characters other than letters
4935 # and digits in the unicode [Basic Multilingual
4936 # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane)
4937 # will be replaced with whitespace when scanning for matches, so the
4938 # dictionary phrase "Sam Johnson" will match all three phrases "sam johnson",
4939 # "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters
4940 # surrounding any match must be of a different type than the adjacent
4941 # characters within the word, so letters must be next to non-letters and
4942 # digits next to non-digits. For example, the dictionary word "jen" will
4943 # match the first three letters of the text "jen123" but will return no
4944 # matches for "jennifer".
4945 #
4946 # Dictionary words containing a large number of characters that are not
4947 # letters or digits may result in unexpected findings because such characters
4948 # are treated as whitespace. The
4949 # [limits](https://cloud.google.com/dlp/limits) page contains details about
4950 # the size limits of dictionaries. For dictionaries that do not fit within
4951 # these constraints, consider using `LargeCustomDictionaryConfig` in the
4952 # `StoredInfoType` API.
4953 "wordList": { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for.
4954 "words": [ # Words or phrases defining the dictionary. The dictionary must contain
4955 # at least one phrase and every phrase must contain at least 2 characters
4956 # that are letters or digits. [required]
4957 "A String",
4958 ],
4959 },
4960 "cloudStoragePath": { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file
4961 # is accepted.
4962 "path": "A String", # A url representing a file or path (no wildcards) in Cloud Storage.
4963 # Example: gs://[BUCKET_NAME]/dictionary.txt
4964 },
4965 },
4966 "matchingType": "A String", # How the rule is applied, see MatchingType documentation for details.
4967 },
4968 },
4969 ],
4970 "infoTypes": [ # List of infoTypes this rule set is applied to.
4971 { # Type of information detected by the API.
4972 "name": "A String", # Name of the information type. Either a name of your choosing when
4973 # creating a CustomInfoType, or one of the names listed
4974 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
4975 # a built-in type. InfoType names should conform to the pattern
4976 # [a-zA-Z0-9_]{1,64}.
4977 },
4978 ],
4979 },
4980 ],
4981 "contentOptions": [ # List of options defining data content to scan.
4982 # If empty, text, images, and other content will be included.
4983 "A String",
4984 ],
4985 "infoTypes": [ # Restricts what info_types to look for. The values must correspond to
4986 # InfoType values returned by ListInfoTypes or listed at
4987 # https://cloud.google.com/dlp/docs/infotypes-reference.
4988 #
4989 # When no InfoTypes or CustomInfoTypes are specified in a request, the
4990 # system may automatically choose what detectors to run. By default this may
4991 # be all types, but may change over time as detectors are updated.
4992 #
4993 # The special InfoType name "ALL_BASIC" can be used to trigger all detectors,
4994 # but may change over time as new InfoTypes are added. If you need precise
4995 # control and predictability as to what detectors are run you should specify
4996 # specific InfoTypes listed in the reference.
4997 { # Type of information detected by the API.
4998 "name": "A String", # Name of the information type. Either a name of your choosing when
4999 # creating a CustomInfoType, or one of the names listed
5000 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
5001 # a built-in type. InfoType names should conform to the pattern
5002 # [a-zA-Z0-9_]{1,64}.
5003 },
5004 ],
5005 },
5006 "inspectTemplateName": "A String", # Optional template to use. Any configuration directly specified in
5007 # inspect_config will override those set in the template. Singular fields
5008 # that are set in this request will replace their corresponding fields in the
5009 # template. Repeated fields are appended. Singular sub-messages and groups
5010 # are recursively merged.
5011 }
5012
5013 x__xgafv: string, V1 error format.
5014 Allowed values
5015 1 - v1 error format
5016 2 - v2 error format
5017
5018Returns:
5019 An object of the form:
5020
5021 { # Results of inspecting an item.
5022 "result": { # All the findings for a single scanned item. # The findings.
5023 "findingsTruncated": True or False, # If true, then this item might have more findings than were returned,
5024 # and the findings returned are an arbitrary subset of all findings.
5025 # The findings list might be truncated because the input items were too
5026 # large, or because the server reached the maximum amount of resources
5027 # allowed for a single API call. For best results, divide the input into
5028 # smaller batches.
5029 "findings": [ # List of findings for an item.
5030 { # Represents a piece of potentially sensitive content.
5031 "infoType": { # Type of information detected by the API. # The type of content that might have been found.
5032 # Provided if `excluded_types` is false.
5033 "name": "A String", # Name of the information type. Either a name of your choosing when
5034 # creating a CustomInfoType, or one of the names listed
5035 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
5036 # a built-in type. InfoType names should conform to the pattern
5037 # [a-zA-Z0-9_]{1,64}.
5038 },
5039 "quote": "A String", # The content that was found. Even if the content is not textual, it
5040 # may be converted to a textual representation here.
5041 # Provided if `include_quote` is true and the finding is
5042 # less than or equal to 4096 bytes long. If the finding exceeds 4096 bytes
5043 # in length, the quote may be omitted.
5044 "quoteInfo": { # Message for infoType-dependent details parsed from quote. # Contains data parsed from quotes. Only populated if include_quote was set
5045 # to true and a supported infoType was requested. Currently supported
5046 # infoTypes: DATE, DATE_OF_BIRTH and TIME.
5047 "dateTime": { # Message for a date time object. # The date time indicated by the quote.
5048 # e.g. 2018-01-01, 5th August.
5049 "dayOfWeek": "A String",
5050 "timeZone": {
5051 "offsetMinutes": 42, # Set only if the offset can be determined. Positive for time ahead of UTC.
5052 # E.g. For "UTC-9", this value is -540.
5053 },
5054 "date": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # One or more of the following must be set. All fields are optional, but
5055 # when set must be valid date or time values.
5056 # and time zone are either specified elsewhere or are not significant. The date
5057 # is relative to the Proleptic Gregorian Calendar. This can represent:
5058 #
5059 # * A full date, with non-zero year, month and day values
5060 # * A month and day value, with a zero year, e.g. an anniversary
5061 # * A year on its own, with zero month and day values
5062 # * A year and month value, with a zero day, e.g. a credit card expiration date
5063 #
5064 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5065 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5066 # a year.
5067 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5068 # if specifying a year by itself or a year and month where the day is not
5069 # significant.
5070 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5071 # month and day.
5072 },
5073 "time": { # Represents a time of day. The date and time zone are either not significant
5074 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5075 # types are google.type.Date and `google.protobuf.Timestamp`.
5076 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5077 # to allow the value "24:00:00" for scenarios like business closing time.
5078 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
5079 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5080 # allow the value 60 if it allows leap-seconds.
5081 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
5082 },
5083 },
5084 },
5085 "location": { # Specifies the location of the finding. # Where the content was found.
5086 "byteRange": { # Generic half-open interval [start, end) # Zero-based byte offsets delimiting the finding.
5087 # These are relative to the finding's containing element.
5088 # Note that when the content is not textual, this references
5089 # the UTF-8 encoded textual representation of the content.
5090 # Omitted if content is an image.
5091 "start": "A String", # Index of the first character of the range (inclusive).
5092 "end": "A String", # Index of the last character of the range (exclusive).
5093 },
5094 "codepointRange": { # Generic half-open interval [start, end) # Unicode character offsets delimiting the finding.
5095 # These are relative to the finding's containing element.
5096 # Provided when the content is text.
5097 "start": "A String", # Index of the first character of the range (inclusive).
5098 "end": "A String", # Index of the last character of the range (exclusive).
5099 },
5100 "contentLocations": [ # List of nested objects pointing to the precise location of the finding
5101 # within the file or record.
5102 { # Findings container location data.
5103 "containerName": "A String", # Name of the container where the finding is located.
5104 # The top level name is the source file name or table name. Names of some
5105 # common storage containers are formatted as follows:
5106 #
5107 # * BigQuery tables: `<project_id>:<dataset_id>.<table_id>`
5108 # * Cloud Storage files: `gs://<bucket>/<path>`
5109 # * Datastore namespace: <namespace>
5110 #
5111 # Nested names could be absent if the embedded object has no string
5112 # identifier (for an example an image contained within a document).
5113 "containerVersion": "A String", # Findings container version, if available
5114 # ("generation" for Google Cloud Storage).
5115 "containerTimestamp": "A String", # Findings container modification timestamp, if applicable.
5116 # For Google Cloud Storage contains last file modification timestamp.
5117 # For BigQuery table contains last_modified_time property.
5118 # For Datastore - not populated.
5119 "documentLocation": { # Location of a finding within a document. # Location data for document files.
5120 "fileOffset": "A String", # Offset of the line, from the beginning of the file, where the finding
5121 # is located.
5122 },
5123 "imageLocation": { # Location of the finding within an image. # Location within an image's pixels.
5124 "boundingBoxes": [ # Bounding boxes locating the pixels within the image containing the finding.
5125 { # Bounding box encompassing detected text within an image.
5126 "width": 42, # Width of the bounding box in pixels.
5127 "top": 42, # Top coordinate of the bounding box. (0,0) is upper left.
5128 "left": 42, # Left coordinate of the bounding box. (0,0) is upper left.
5129 "height": 42, # Height of the bounding box in pixels.
5130 },
5131 ],
5132 },
5133 "recordLocation": { # Location of a finding within a row or record. # Location within a row or record of a database table.
5134 "fieldId": { # General identifier of a data field in a storage service. # Field id of the field containing the finding.
5135 "name": "A String", # Name describing the field.
5136 },
5137 "tableLocation": { # Location of a finding within a table. # Location within a `ContentItem.Table`.
5138 "rowIndex": "A String", # The zero-based index of the row where the finding is located.
5139 },
5140 "recordKey": { # Message for a unique key indicating a record that contains a finding. # Key of the finding.
5141 "bigQueryKey": { # Row key for identifying a record in BigQuery table.
5142 "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference.
5143 # identified by its project_id, dataset_id, and table_name. Within a query
5144 # a table is often referenced with a string in the format of:
5145 # `<project_id>:<dataset_id>.<table_id>` or
5146 # `<project_id>.<dataset_id>.<table_id>`.
5147 "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table.
5148 # If omitted, project ID is inferred from the API call.
5149 "tableId": "A String", # Name of the table.
5150 "datasetId": "A String", # Dataset ID of the table.
5151 },
5152 "rowNumber": "A String", # Absolute number of the row from the beginning of the table at the time
5153 # of scanning.
5154 },
5155 "idValues": [ # Values of identifying columns in the given row. Order of values matches
5156 # the order of field identifiers specified in the scanning request.
5157 "A String",
5158 ],
5159 "datastoreKey": { # Record key for a finding in Cloud Datastore.
5160 "entityKey": { # A unique identifier for a Datastore entity. # Datastore entity key.
5161 # If a key's partition ID or any of its path kinds or names are
5162 # reserved/read-only, the key is reserved/read-only.
5163 # A reserved/read-only key is forbidden in certain documented contexts.
5164 "path": [ # The entity path.
5165 # An entity path consists of one or more elements composed of a kind and a
5166 # string or numerical identifier, which identify entities. The first
5167 # element identifies a _root entity_, the second element identifies
5168 # a _child_ of the root entity, the third element identifies a child of the
5169 # second entity, and so forth. The entities identified by all prefixes of
5170 # the path are called the element's _ancestors_.
5171 #
5172 # A path can never be empty, and a path can have at most 100 elements.
5173 { # A (kind, ID/name) pair used to construct a key path.
5174 #
5175 # If either name or ID is set, the element is complete.
5176 # If neither is set, the element is incomplete.
5177 "kind": "A String", # The kind of the entity.
5178 # A kind matching regex `__.*__` is reserved/read-only.
5179 # A kind must not contain more than 1500 bytes when UTF-8 encoded.
5180 # Cannot be `""`.
5181 "name": "A String", # The name of the entity.
5182 # A name matching regex `__.*__` is reserved/read-only.
5183 # A name must not be more than 1500 bytes when UTF-8 encoded.
5184 # Cannot be `""`.
5185 "id": "A String", # The auto-allocated ID of the entity.
5186 # Never equal to zero. Values less than zero are discouraged and may not
5187 # be supported in the future.
5188 },
5189 ],
5190 "partitionId": { # Datastore partition ID. # Entities are partitioned into subsets, currently identified by a project
5191 # ID and namespace ID.
5192 # Queries are scoped to a single partition.
5193 # A partition ID identifies a grouping of entities. The grouping is always
5194 # by project and namespace, however the namespace ID may be empty.
5195 #
5196 # A partition ID contains several dimensions:
5197 # project ID and namespace ID.
5198 "projectId": "A String", # The ID of the project to which the entities belong.
5199 "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
5200 },
5201 },
5202 },
5203 },
5204 },
5205 },
5206 ],
5207 },
5208 "likelihood": "A String", # Confidence of how likely it is that the `info_type` is correct.
5209 "createTime": "A String", # Timestamp when finding was detected.
5210 },
5211 ],
5212 },
5213 }</pre>
5214</div>
5215
5216<div class="method">
5217 <code class="details" id="reidentify">reidentify(parent, body, x__xgafv=None)</code>
5218 <pre>Re-identifies content that has been de-identified.
5219See
5220https://cloud.google.com/dlp/docs/pseudonymization#re-identification_in_free_text_code_example
5221to learn more.
5222
5223Args:
5224 parent: string, The parent resource name. (required)
5225 body: object, The request body. (required)
5226 The object takes the form of:
5227
5228{ # Request to re-identify an item.
5229 "reidentifyConfig": { # The configuration that controls how the data will change. # Configuration for the re-identification of the content item.
5230 # This field shares the same proto message type that is used for
5231 # de-identification, however its usage here is for the reversal of the
5232 # previous de-identification. Re-identification is performed by examining
5233 # the transformations used to de-identify the items and executing the
5234 # reverse. This requires that only reversible transformations
5235 # be provided here. The reversible transformations are:
5236 #
5237 # - `CryptoReplaceFfxFpeConfig`
5238 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
5239 # transformation everywhere.
5240 # apply various `PrimitiveTransformation`s to each finding, where the
5241 # transformation is applied to only values that were identified as a specific
5242 # info_type.
5243 "transformations": [ # Transformation for each infoType. Cannot specify more than one
5244 # for a given infoType. [required]
5245 { # A transformation to apply to text that is identified as a specific
5246 # info_type.
5247 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required]
5248 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a
5249 # fixed character. Masking can start from the beginning or end of the string.
5250 # This can be used on data of any type (numbers, longs, and so on) and when
5251 # de-identifying structured data we'll attempt to preserve the original data's
5252 # type. (This allows you to take a long like 123 and modify it to a string like
5253 # **3.
5254 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing.
5255 # For example, if your string is 555-555-5555 and you ask us to skip `-` and
5256 # mask 5 chars with * we would produce ***-*55-5555.
5257 { # Characters to skip when doing deidentification of a value. These will be left
5258 # alone and skipped.
5259 "commonCharactersToIgnore": "A String",
5260 "charactersToSkip": "A String",
5261 },
5262 ],
5263 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
5264 # masked. Skipped characters do not count towards this tally.
5265 "maskingCharacter": "A String", # Character to mask the sensitive values&mdash;for example, "*" for an
5266 # alphabetic string such as name, or "0" for a numeric string such as ZIP
5267 # code or credit card number. String must have length 1. If not supplied, we
5268 # will default to "*" for strings, 0 for digits.
5269 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
5270 # '0', number_to_mask is 14, and `reverse_order` is false, then
5271 # 1234-5678-9012-3456 -> 00000000000000-3456
5272 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order`
5273 # is true, then 12345 -> 12***
5274 },
5275 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation`
5276 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
5277 # output would be 'My phone number is '.
5278 },
5279 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given
5280 # input. Outputs a base64 encoded representation of the encrypted output.
5281 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
5282 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
5283 # a key encryption key (KEK) stored by KMS).
5284 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
5285 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
5286 # unwrap the data crypto key.
5287 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
5288 # The wrapped key must be a 128/192/256 bit key.
5289 # Authorization requires the following IAM permissions when sending a request
5290 # to perform a crypto transformation using a kms-wrapped crypto key:
5291 # dlp.kms.encrypt
5292 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
5293 "wrappedKey": "A String", # The wrapped data crypto key. [required]
5294 },
5295 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
5296 # leaking the key. Choose another type of key if possible.
5297 "key": "A String", # A 128/192/256 bit key. [required]
5298 },
5299 "transient": { # Use this to have a random data crypto key generated.
5300 # It will be discarded after the request finishes.
5301 "name": "A String", # Name of the key. [required]
5302 # This is an arbitrary string used to differentiate different keys.
5303 # A unique key is generated per name: two separate `TransientCryptoKey`
5304 # protos share the same generated key if their names are the same.
5305 # When the data crypto key is generated, this name is not used in any way
5306 # (repeating the api call will result in a different key being generated).
5307 },
5308 },
5309 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining
5310 # referential integrity such that the same identifier in two different
5311 # contexts will be given a distinct surrogate. The context is appended to
5312 # plaintext value being encrypted. On decryption the provided context is
5313 # validated against the value used during encryption. If a context was
5314 # provided during encryption, same context must be provided during decryption
5315 # as well.
5316 #
5317 # If the context is not set, plaintext would be used as is for encryption.
5318 # If the context is set but:
5319 #
5320 # 1. there is no record present when transforming a given value or
5321 # 2. the field is not present when transforming a given value,
5322 #
5323 # plaintext would be used as is for encryption.
5324 #
5325 # Note that case (1) is expected when an `InfoTypeTransformation` is
5326 # applied to both structured and non-structured `ContentItem`s.
5327 "name": "A String", # Name describing the field.
5328 },
5329 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
5330 # This annotation will be applied to the surrogate by prefixing it with
5331 # the name of the custom info type followed by the number of
5332 # characters comprising the surrogate. The following scheme defines the
5333 # format: <info type name>(<surrogate character count>):<surrogate>
5334 #
5335 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
5336 # the surrogate is 'abc', the full replacement value
5337 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
5338 #
5339 # This annotation identifies the surrogate when inspecting content using the
5340 # custom info type 'Surrogate'. This facilitates reversal of the
5341 # surrogate when it occurs in free text.
5342 #
5343 # In order for inspection to work properly, the name of this info type must
5344 # not occur naturally anywhere in your data; otherwise, inspection may either
5345 #
5346 # - reverse a surrogate that does not correspond to an actual identifier
5347 # - be unable to parse the surrogate and result in an error
5348 #
5349 # Therefore, choose your custom info type name carefully after considering
5350 # what your data looks like. One way to select a name that has a high chance
5351 # of yielding reliable detection is to include one or more unicode characters
5352 # that are highly improbable to exist in your data.
5353 # For example, assuming your data is entered from a regular ASCII keyboard,
5354 # the symbol with the hex code point 29DD might be used like so:
5355 # ⧝MY_TOKEN_TYPE
5356 "name": "A String", # Name of the information type. Either a name of your choosing when
5357 # creating a CustomInfoType, or one of the names listed
5358 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
5359 # a built-in type. InfoType names should conform to the pattern
5360 # [a-zA-Z0-9_]{1,64}.
5361 },
5362 },
5363 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The
5364 # Bucketing transformation can provide all of this functionality,
5365 # but requires more configuration. This message is provided as a convenience to
5366 # the user for simple bucketing strategies.
5367 #
5368 # The transformed value will be a hyphenated string of
5369 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20
5370 # all values that are within this bucket will be replaced with "10-20".
5371 #
5372 # This can be used on data of type: double, long.
5373 #
5374 # If the bound Value type differs from the type of data
5375 # being transformed, we will first attempt converting the type of the data to
5376 # be transformed to match the type of the bound before comparing.
5377 #
5378 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
5379 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are
5380 # grouped together into a single bucket; for example if `lower_bound` = 10,
5381 # then all values less than 10 are replaced with the value “-10”. [Required].
5382 # Note that for the purposes of inspection or transformation, the number
5383 # of bytes considered to comprise a 'Value' is based on its representation
5384 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
5385 # 123456789, the number of bytes would be counted as 9, even though an
5386 # int64 only holds up to 8 bytes of data.
5387 "floatValue": 3.14,
5388 "timestampValue": "A String",
5389 "dayOfWeekValue": "A String",
5390 "timeValue": { # Represents a time of day. The date and time zone are either not significant
5391 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5392 # types are google.type.Date and `google.protobuf.Timestamp`.
5393 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5394 # to allow the value "24:00:00" for scenarios like business closing time.
5395 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
5396 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5397 # allow the value 60 if it allows leap-seconds.
5398 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
5399 },
5400 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
5401 # and time zone are either specified elsewhere or are not significant. The date
5402 # is relative to the Proleptic Gregorian Calendar. This can represent:
5403 #
5404 # * A full date, with non-zero year, month and day values
5405 # * A month and day value, with a zero year, e.g. an anniversary
5406 # * A year on its own, with zero month and day values
5407 # * A year and month value, with a zero day, e.g. a credit card expiration date
5408 #
5409 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5410 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5411 # a year.
5412 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5413 # if specifying a year by itself or a year and month where the day is not
5414 # significant.
5415 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5416 # month and day.
5417 },
5418 "stringValue": "A String",
5419 "booleanValue": True or False,
5420 "integerValue": "A String",
5421 },
5422 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are
5423 # grouped together into a single bucket; for example if `upper_bound` = 89,
5424 # then all values greater than 89 are replaced with the value “89+”.
5425 # [Required].
5426 # Note that for the purposes of inspection or transformation, the number
5427 # of bytes considered to comprise a 'Value' is based on its representation
5428 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
5429 # 123456789, the number of bytes would be counted as 9, even though an
5430 # int64 only holds up to 8 bytes of data.
5431 "floatValue": 3.14,
5432 "timestampValue": "A String",
5433 "dayOfWeekValue": "A String",
5434 "timeValue": { # Represents a time of day. The date and time zone are either not significant
5435 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5436 # types are google.type.Date and `google.protobuf.Timestamp`.
5437 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5438 # to allow the value "24:00:00" for scenarios like business closing time.
5439 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
5440 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5441 # allow the value 60 if it allows leap-seconds.
5442 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
5443 },
5444 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
5445 # and time zone are either specified elsewhere or are not significant. The date
5446 # is relative to the Proleptic Gregorian Calendar. This can represent:
5447 #
5448 # * A full date, with non-zero year, month and day values
5449 # * A month and day value, with a zero year, e.g. an anniversary
5450 # * A year on its own, with zero month and day values
5451 # * A year and month value, with a zero day, e.g. a credit card expiration date
5452 #
5453 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5454 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5455 # a year.
5456 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5457 # if specifying a year by itself or a year and month where the day is not
5458 # significant.
5459 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5460 # month and day.
5461 },
5462 "stringValue": "A String",
5463 "booleanValue": True or False,
5464 "integerValue": "A String",
5465 },
5466 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if
5467 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
5468 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
5469 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required].
5470 },
5471 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type.
5472 },
5473 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a
5474 # portion of the value.
5475 "partToExtract": "A String",
5476 },
5477 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing.
5478 # Uses SHA-256.
5479 # The key size must be either 32 or 64 bytes.
5480 # Outputs a base64 encoded representation of the hashed output
5481 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
5482 # Currently, only string and integer values can be hashed.
5483 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
5484 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
5485 # a key encryption key (KEK) stored by KMS).
5486 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
5487 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
5488 # unwrap the data crypto key.
5489 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
5490 # The wrapped key must be a 128/192/256 bit key.
5491 # Authorization requires the following IAM permissions when sending a request
5492 # to perform a crypto transformation using a kms-wrapped crypto key:
5493 # dlp.kms.encrypt
5494 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
5495 "wrappedKey": "A String", # The wrapped data crypto key. [required]
5496 },
5497 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
5498 # leaking the key. Choose another type of key if possible.
5499 "key": "A String", # A 128/192/256 bit key. [required]
5500 },
5501 "transient": { # Use this to have a random data crypto key generated.
5502 # It will be discarded after the request finishes.
5503 "name": "A String", # Name of the key. [required]
5504 # This is an arbitrary string used to differentiate different keys.
5505 # A unique key is generated per name: two separate `TransientCryptoKey`
5506 # protos share the same generated key if their names are the same.
5507 # When the data crypto key is generated, this name is not used in any way
5508 # (repeating the api call will result in a different key being generated).
5509 },
5510 },
5511 },
5512 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the
5513 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
5514 # to learn more.
5515 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
5516 # results in the same shift for the same context and crypto_key.
5517 # a key encryption key (KEK) stored by KMS).
5518 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
5519 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
5520 # unwrap the data crypto key.
5521 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
5522 # The wrapped key must be a 128/192/256 bit key.
5523 # Authorization requires the following IAM permissions when sending a request
5524 # to perform a crypto transformation using a kms-wrapped crypto key:
5525 # dlp.kms.encrypt
5526 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
5527 "wrappedKey": "A String", # The wrapped data crypto key. [required]
5528 },
5529 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
5530 # leaking the key. Choose another type of key if possible.
5531 "key": "A String", # A 128/192/256 bit key. [required]
5532 },
5533 "transient": { # Use this to have a random data crypto key generated.
5534 # It will be discarded after the request finishes.
5535 "name": "A String", # Name of the key. [required]
5536 # This is an arbitrary string used to differentiate different keys.
5537 # A unique key is generated per name: two separate `TransientCryptoKey`
5538 # protos share the same generated key if their names are the same.
5539 # When the data crypto key is generated, this name is not used in any way
5540 # (repeating the api call will result in a different key being generated).
5541 },
5542 },
5543 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past.
5544 # [Required]
5545 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this
5546 # range (inclusive ends). Negative means shift to earlier in time. Must not
5547 # be more than 365250 days (1000 years) each direction.
5548 #
5549 # For example, 3 means shift date to at most 3 days into the future.
5550 # [Required]
5551 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
5552 # If set, must also set method. If set, shift will be consistent for the
5553 # given context.
5554 "name": "A String", # Name describing the field.
5555 },
5556 },
5557 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and
5558 # replacement values are dynamically provided by the user for custom behavior,
5559 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH
5560 # This can be used on
5561 # data of type: number, long, string, timestamp.
5562 # If the bound `Value` type differs from the type of data being transformed, we
5563 # will first attempt converting the type of the data to be transformed to match
5564 # the type of the bound before comparing.
5565 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
5566 "buckets": [ # Set of buckets. Ranges must be non-overlapping.
5567 { # Bucket is represented as a range, along with replacement values.
5568 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
5569 # Note that for the purposes of inspection or transformation, the number
5570 # of bytes considered to comprise a 'Value' is based on its representation
5571 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
5572 # 123456789, the number of bytes would be counted as 9, even though an
5573 # int64 only holds up to 8 bytes of data.
5574 "floatValue": 3.14,
5575 "timestampValue": "A String",
5576 "dayOfWeekValue": "A String",
5577 "timeValue": { # Represents a time of day. The date and time zone are either not significant
5578 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5579 # types are google.type.Date and `google.protobuf.Timestamp`.
5580 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5581 # to allow the value "24:00:00" for scenarios like business closing time.
5582 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
5583 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5584 # allow the value 60 if it allows leap-seconds.
5585 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
5586 },
5587 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
5588 # and time zone are either specified elsewhere or are not significant. The date
5589 # is relative to the Proleptic Gregorian Calendar. This can represent:
5590 #
5591 # * A full date, with non-zero year, month and day values
5592 # * A month and day value, with a zero year, e.g. an anniversary
5593 # * A year on its own, with zero month and day values
5594 # * A year and month value, with a zero day, e.g. a credit card expiration date
5595 #
5596 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5597 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5598 # a year.
5599 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5600 # if specifying a year by itself or a year and month where the day is not
5601 # significant.
5602 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5603 # month and day.
5604 },
5605 "stringValue": "A String",
5606 "booleanValue": True or False,
5607 "integerValue": "A String",
5608 },
5609 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
5610 # the default behavior will be to hyphenate the min-max range.
5611 # Note that for the purposes of inspection or transformation, the number
5612 # of bytes considered to comprise a 'Value' is based on its representation
5613 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
5614 # 123456789, the number of bytes would be counted as 9, even though an
5615 # int64 only holds up to 8 bytes of data.
5616 "floatValue": 3.14,
5617 "timestampValue": "A String",
5618 "dayOfWeekValue": "A String",
5619 "timeValue": { # Represents a time of day. The date and time zone are either not significant
5620 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5621 # types are google.type.Date and `google.protobuf.Timestamp`.
5622 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5623 # to allow the value "24:00:00" for scenarios like business closing time.
5624 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
5625 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5626 # allow the value 60 if it allows leap-seconds.
5627 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
5628 },
5629 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
5630 # and time zone are either specified elsewhere or are not significant. The date
5631 # is relative to the Proleptic Gregorian Calendar. This can represent:
5632 #
5633 # * A full date, with non-zero year, month and day values
5634 # * A month and day value, with a zero year, e.g. an anniversary
5635 # * A year on its own, with zero month and day values
5636 # * A year and month value, with a zero day, e.g. a credit card expiration date
5637 #
5638 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5639 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5640 # a year.
5641 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5642 # if specifying a year by itself or a year and month where the day is not
5643 # significant.
5644 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5645 # month and day.
5646 },
5647 "stringValue": "A String",
5648 "booleanValue": True or False,
5649 "integerValue": "A String",
5650 },
5651 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
5652 # used.
5653 # Note that for the purposes of inspection or transformation, the number
5654 # of bytes considered to comprise a 'Value' is based on its representation
5655 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
5656 # 123456789, the number of bytes would be counted as 9, even though an
5657 # int64 only holds up to 8 bytes of data.
5658 "floatValue": 3.14,
5659 "timestampValue": "A String",
5660 "dayOfWeekValue": "A String",
5661 "timeValue": { # Represents a time of day. The date and time zone are either not significant
5662 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5663 # types are google.type.Date and `google.protobuf.Timestamp`.
5664 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5665 # to allow the value "24:00:00" for scenarios like business closing time.
5666 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
5667 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5668 # allow the value 60 if it allows leap-seconds.
5669 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
5670 },
5671 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
5672 # and time zone are either specified elsewhere or are not significant. The date
5673 # is relative to the Proleptic Gregorian Calendar. This can represent:
5674 #
5675 # * A full date, with non-zero year, month and day values
5676 # * A month and day value, with a zero year, e.g. an anniversary
5677 # * A year on its own, with zero month and day values
5678 # * A year and month value, with a zero day, e.g. a credit card expiration date
5679 #
5680 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5681 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5682 # a year.
5683 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5684 # if specifying a year by itself or a year and month where the day is not
5685 # significant.
5686 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5687 # month and day.
5688 },
5689 "stringValue": "A String",
5690 "booleanValue": True or False,
5691 "integerValue": "A String",
5692 },
5693 },
5694 ],
5695 },
5696 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption
5697 # (FPE) with the FFX mode of operation; however when used in the
5698 # `ReidentifyContent` API method, it serves the opposite function by reversing
5699 # the surrogate back into the original identifier. The identifier must be
5700 # encoded as ASCII. For a given crypto key and context, the same identifier
5701 # will be replaced with the same surrogate. Identifiers must be at least two
5702 # characters long. In the case that the identifier is the empty string, it will
5703 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
5704 # more.
5705 #
5706 # Note: We recommend using CryptoDeterministicConfig for all use cases which
5707 # do not require preserving the input alphabet space and size, plus warrant
5708 # referential integrity.
5709 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required]
5710 # a key encryption key (KEK) stored by KMS).
5711 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
5712 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
5713 # unwrap the data crypto key.
5714 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
5715 # The wrapped key must be a 128/192/256 bit key.
5716 # Authorization requires the following IAM permissions when sending a request
5717 # to perform a crypto transformation using a kms-wrapped crypto key:
5718 # dlp.kms.encrypt
5719 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
5720 "wrappedKey": "A String", # The wrapped data crypto key. [required]
5721 },
5722 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
5723 # leaking the key. Choose another type of key if possible.
5724 "key": "A String", # A 128/192/256 bit key. [required]
5725 },
5726 "transient": { # Use this to have a random data crypto key generated.
5727 # It will be discarded after the request finishes.
5728 "name": "A String", # Name of the key. [required]
5729 # This is an arbitrary string used to differentiate different keys.
5730 # A unique key is generated per name: two separate `TransientCryptoKey`
5731 # protos share the same generated key if their names are the same.
5732 # When the data crypto key is generated, this name is not used in any way
5733 # (repeating the api call will result in a different key being generated).
5734 },
5735 },
5736 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62].
5737 "commonAlphabet": "A String",
5738 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
5739 # that the FFX mode natively supports. This happens before/after
5740 # encryption/decryption.
5741 # Each character listed must appear only once.
5742 # Number of characters must be in the range [2, 62].
5743 # This must be encoded as ASCII.
5744 # The order of characters does not matter.
5745 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
5746 # identifier in two different contexts won't be given the same surrogate. If
5747 # the context is not set, a default tweak will be used.
5748 #
5749 # If the context is set but:
5750 #
5751 # 1. there is no record present when transforming a given value or
5752 # 1. the field is not present when transforming a given value,
5753 #
5754 # a default tweak will be used.
5755 #
5756 # Note that case (1) is expected when an `InfoTypeTransformation` is
5757 # applied to both structured and non-structured `ContentItem`s.
5758 # Currently, the referenced field may be of value type integer or string.
5759 #
5760 # The tweak is constructed as a sequence of bytes in big endian byte order
5761 # such that:
5762 #
5763 # - a 64 bit integer is encoded followed by a single byte of value 1
5764 # - a string is encoded in UTF-8 format followed by a single byte of value 2
5765 "name": "A String", # Name describing the field.
5766 },
5767 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
5768 # This annotation will be applied to the surrogate by prefixing it with
5769 # the name of the custom infoType followed by the number of
5770 # characters comprising the surrogate. The following scheme defines the
5771 # format: info_type_name(surrogate_character_count):surrogate
5772 #
5773 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
5774 # the surrogate is 'abc', the full replacement value
5775 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
5776 #
5777 # This annotation identifies the surrogate when inspecting content using the
5778 # custom infoType
5779 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
5780 # This facilitates reversal of the surrogate when it occurs in free text.
5781 #
5782 # In order for inspection to work properly, the name of this infoType must
5783 # not occur naturally anywhere in your data; otherwise, inspection may
5784 # find a surrogate that does not correspond to an actual identifier.
5785 # Therefore, choose your custom infoType name carefully after considering
5786 # what your data looks like. One way to select a name that has a high chance
5787 # of yielding reliable detection is to include one or more unicode characters
5788 # that are highly improbable to exist in your data.
5789 # For example, assuming your data is entered from a regular ASCII keyboard,
5790 # the symbol with the hex code point 29DD might be used like so:
5791 # ⧝MY_TOKEN_TYPE
5792 "name": "A String", # Name of the information type. Either a name of your choosing when
5793 # creating a CustomInfoType, or one of the names listed
5794 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
5795 # a built-in type. InfoType names should conform to the pattern
5796 # [a-zA-Z0-9_]{1,64}.
5797 },
5798 },
5799 "replaceConfig": { # Replace each input value with a given `Value`.
5800 "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
5801 # Note that for the purposes of inspection or transformation, the number
5802 # of bytes considered to comprise a 'Value' is based on its representation
5803 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
5804 # 123456789, the number of bytes would be counted as 9, even though an
5805 # int64 only holds up to 8 bytes of data.
5806 "floatValue": 3.14,
5807 "timestampValue": "A String",
5808 "dayOfWeekValue": "A String",
5809 "timeValue": { # Represents a time of day. The date and time zone are either not significant
5810 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5811 # types are google.type.Date and `google.protobuf.Timestamp`.
5812 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5813 # to allow the value "24:00:00" for scenarios like business closing time.
5814 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
5815 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5816 # allow the value 60 if it allows leap-seconds.
5817 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
5818 },
5819 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
5820 # and time zone are either specified elsewhere or are not significant. The date
5821 # is relative to the Proleptic Gregorian Calendar. This can represent:
5822 #
5823 # * A full date, with non-zero year, month and day values
5824 # * A month and day value, with a zero year, e.g. an anniversary
5825 # * A year on its own, with zero month and day values
5826 # * A year and month value, with a zero day, e.g. a credit card expiration date
5827 #
5828 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5829 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5830 # a year.
5831 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5832 # if specifying a year by itself or a year and month where the day is not
5833 # significant.
5834 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5835 # month and day.
5836 },
5837 "stringValue": "A String",
5838 "booleanValue": True or False,
5839 "integerValue": "A String",
5840 },
5841 },
5842 },
5843 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
5844 # this transformation to apply to all findings that correspond to
5845 # infoTypes that were requested in `InspectConfig`.
5846 { # Type of information detected by the API.
5847 "name": "A String", # Name of the information type. Either a name of your choosing when
5848 # creating a CustomInfoType, or one of the names listed
5849 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
5850 # a built-in type. InfoType names should conform to the pattern
5851 # [a-zA-Z0-9_]{1,64}.
5852 },
5853 ],
5854 },
5855 ],
5856 },
5857 "recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
5858 # specific locations within structured datasets, such as transforming
5859 # a column within a table.
5860 # table.
5861 "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that
5862 # match any suppression rule are omitted from the output [optional].
5863 { # Configuration to suppress records whose suppression conditions evaluate to
5864 # true.
5865 "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
5866 # evaluated to be suppressed from the transformed content.
5867 # a field.
5868 "expressions": { # An expression, consisting or an operator and conditions. # An expression.
5869 "conditions": { # A collection of conditions.
5870 "conditions": [
5871 { # The field type of `value` and `field` do not need to match to be
5872 # considered equal, but not all comparisons are possible.
5873 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
5874 # but all other comparisons are invalid with incompatible types.
5875 # A `value` of type:
5876 #
5877 # - `string` can be compared against all other types
5878 # - `boolean` can only be compared against other booleans
5879 # - `integer` can be compared against doubles or a string if the string value
5880 # can be parsed as an integer.
5881 # - `double` can be compared against integers or a string if the string can
5882 # be parsed as a double.
5883 # - `Timestamp` can be compared against strings in RFC 3339 date string
5884 # format.
5885 # - `TimeOfDay` can be compared against timestamps and strings in the format
5886 # of 'HH:mm:ss'.
5887 #
5888 # If we fail to compare do to type mismatch, a warning will be given and
5889 # the condition will evaluate to false.
5890 "operator": "A String", # Operator used to compare the field or infoType to the value. [required]
5891 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required]
5892 "name": "A String", # Name describing the field.
5893 },
5894 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.]
5895 # Note that for the purposes of inspection or transformation, the number
5896 # of bytes considered to comprise a 'Value' is based on its representation
5897 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
5898 # 123456789, the number of bytes would be counted as 9, even though an
5899 # int64 only holds up to 8 bytes of data.
5900 "floatValue": 3.14,
5901 "timestampValue": "A String",
5902 "dayOfWeekValue": "A String",
5903 "timeValue": { # Represents a time of day. The date and time zone are either not significant
5904 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5905 # types are google.type.Date and `google.protobuf.Timestamp`.
5906 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5907 # to allow the value "24:00:00" for scenarios like business closing time.
5908 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
5909 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5910 # allow the value 60 if it allows leap-seconds.
5911 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
5912 },
5913 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
5914 # and time zone are either specified elsewhere or are not significant. The date
5915 # is relative to the Proleptic Gregorian Calendar. This can represent:
5916 #
5917 # * A full date, with non-zero year, month and day values
5918 # * A month and day value, with a zero year, e.g. an anniversary
5919 # * A year on its own, with zero month and day values
5920 # * A year and month value, with a zero day, e.g. a credit card expiration date
5921 #
5922 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5923 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5924 # a year.
5925 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5926 # if specifying a year by itself or a year and month where the day is not
5927 # significant.
5928 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5929 # month and day.
5930 },
5931 "stringValue": "A String",
5932 "booleanValue": True or False,
5933 "integerValue": "A String",
5934 },
5935 },
5936 ],
5937 },
5938 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
5939 # only supported value is `AND`.
5940 },
5941 },
5942 },
5943 ],
5944 "fieldTransformations": [ # Transform the record by applying various field transformations.
5945 { # The transformation to apply to the field.
5946 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
5947 # transform content that matches an `InfoType`.
5948 # apply various `PrimitiveTransformation`s to each finding, where the
5949 # transformation is applied to only values that were identified as a specific
5950 # info_type.
5951 "transformations": [ # Transformation for each infoType. Cannot specify more than one
5952 # for a given infoType. [required]
5953 { # A transformation to apply to text that is identified as a specific
5954 # info_type.
5955 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required]
5956 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a
5957 # fixed character. Masking can start from the beginning or end of the string.
5958 # This can be used on data of any type (numbers, longs, and so on) and when
5959 # de-identifying structured data we'll attempt to preserve the original data's
5960 # type. (This allows you to take a long like 123 and modify it to a string like
5961 # **3.
5962 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing.
5963 # For example, if your string is 555-555-5555 and you ask us to skip `-` and
5964 # mask 5 chars with * we would produce ***-*55-5555.
5965 { # Characters to skip when doing deidentification of a value. These will be left
5966 # alone and skipped.
5967 "commonCharactersToIgnore": "A String",
5968 "charactersToSkip": "A String",
5969 },
5970 ],
5971 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
5972 # masked. Skipped characters do not count towards this tally.
5973 "maskingCharacter": "A String", # Character to mask the sensitive values&mdash;for example, "*" for an
5974 # alphabetic string such as name, or "0" for a numeric string such as ZIP
5975 # code or credit card number. String must have length 1. If not supplied, we
5976 # will default to "*" for strings, 0 for digits.
5977 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
5978 # '0', number_to_mask is 14, and `reverse_order` is false, then
5979 # 1234-5678-9012-3456 -> 00000000000000-3456
5980 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order`
5981 # is true, then 12345 -> 12***
5982 },
5983 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation`
5984 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
5985 # output would be 'My phone number is '.
5986 },
5987 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given
5988 # input. Outputs a base64 encoded representation of the encrypted output.
5989 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
5990 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
5991 # a key encryption key (KEK) stored by KMS).
5992 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
5993 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
5994 # unwrap the data crypto key.
5995 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
5996 # The wrapped key must be a 128/192/256 bit key.
5997 # Authorization requires the following IAM permissions when sending a request
5998 # to perform a crypto transformation using a kms-wrapped crypto key:
5999 # dlp.kms.encrypt
6000 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
6001 "wrappedKey": "A String", # The wrapped data crypto key. [required]
6002 },
6003 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
6004 # leaking the key. Choose another type of key if possible.
6005 "key": "A String", # A 128/192/256 bit key. [required]
6006 },
6007 "transient": { # Use this to have a random data crypto key generated.
6008 # It will be discarded after the request finishes.
6009 "name": "A String", # Name of the key. [required]
6010 # This is an arbitrary string used to differentiate different keys.
6011 # A unique key is generated per name: two separate `TransientCryptoKey`
6012 # protos share the same generated key if their names are the same.
6013 # When the data crypto key is generated, this name is not used in any way
6014 # (repeating the api call will result in a different key being generated).
6015 },
6016 },
6017 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining
6018 # referential integrity such that the same identifier in two different
6019 # contexts will be given a distinct surrogate. The context is appended to
6020 # plaintext value being encrypted. On decryption the provided context is
6021 # validated against the value used during encryption. If a context was
6022 # provided during encryption, same context must be provided during decryption
6023 # as well.
6024 #
6025 # If the context is not set, plaintext would be used as is for encryption.
6026 # If the context is set but:
6027 #
6028 # 1. there is no record present when transforming a given value or
6029 # 2. the field is not present when transforming a given value,
6030 #
6031 # plaintext would be used as is for encryption.
6032 #
6033 # Note that case (1) is expected when an `InfoTypeTransformation` is
6034 # applied to both structured and non-structured `ContentItem`s.
6035 "name": "A String", # Name describing the field.
6036 },
6037 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
6038 # This annotation will be applied to the surrogate by prefixing it with
6039 # the name of the custom info type followed by the number of
6040 # characters comprising the surrogate. The following scheme defines the
6041 # format: <info type name>(<surrogate character count>):<surrogate>
6042 #
6043 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
6044 # the surrogate is 'abc', the full replacement value
6045 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
6046 #
6047 # This annotation identifies the surrogate when inspecting content using the
6048 # custom info type 'Surrogate'. This facilitates reversal of the
6049 # surrogate when it occurs in free text.
6050 #
6051 # In order for inspection to work properly, the name of this info type must
6052 # not occur naturally anywhere in your data; otherwise, inspection may either
6053 #
6054 # - reverse a surrogate that does not correspond to an actual identifier
6055 # - be unable to parse the surrogate and result in an error
6056 #
6057 # Therefore, choose your custom info type name carefully after considering
6058 # what your data looks like. One way to select a name that has a high chance
6059 # of yielding reliable detection is to include one or more unicode characters
6060 # that are highly improbable to exist in your data.
6061 # For example, assuming your data is entered from a regular ASCII keyboard,
6062 # the symbol with the hex code point 29DD might be used like so:
6063 # ⧝MY_TOKEN_TYPE
6064 "name": "A String", # Name of the information type. Either a name of your choosing when
6065 # creating a CustomInfoType, or one of the names listed
6066 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
6067 # a built-in type. InfoType names should conform to the pattern
6068 # [a-zA-Z0-9_]{1,64}.
6069 },
6070 },
6071 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The
6072 # Bucketing transformation can provide all of this functionality,
6073 # but requires more configuration. This message is provided as a convenience to
6074 # the user for simple bucketing strategies.
6075 #
6076 # The transformed value will be a hyphenated string of
6077 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20
6078 # all values that are within this bucket will be replaced with "10-20".
6079 #
6080 # This can be used on data of type: double, long.
6081 #
6082 # If the bound Value type differs from the type of data
6083 # being transformed, we will first attempt converting the type of the data to
6084 # be transformed to match the type of the bound before comparing.
6085 #
6086 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
6087 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are
6088 # grouped together into a single bucket; for example if `lower_bound` = 10,
6089 # then all values less than 10 are replaced with the value “-10”. [Required].
6090 # Note that for the purposes of inspection or transformation, the number
6091 # of bytes considered to comprise a 'Value' is based on its representation
6092 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
6093 # 123456789, the number of bytes would be counted as 9, even though an
6094 # int64 only holds up to 8 bytes of data.
6095 "floatValue": 3.14,
6096 "timestampValue": "A String",
6097 "dayOfWeekValue": "A String",
6098 "timeValue": { # Represents a time of day. The date and time zone are either not significant
6099 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6100 # types are google.type.Date and `google.protobuf.Timestamp`.
6101 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6102 # to allow the value "24:00:00" for scenarios like business closing time.
6103 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6104 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6105 # allow the value 60 if it allows leap-seconds.
6106 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
6107 },
6108 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
6109 # and time zone are either specified elsewhere or are not significant. The date
6110 # is relative to the Proleptic Gregorian Calendar. This can represent:
6111 #
6112 # * A full date, with non-zero year, month and day values
6113 # * A month and day value, with a zero year, e.g. an anniversary
6114 # * A year on its own, with zero month and day values
6115 # * A year and month value, with a zero day, e.g. a credit card expiration date
6116 #
6117 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6118 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6119 # a year.
6120 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6121 # if specifying a year by itself or a year and month where the day is not
6122 # significant.
6123 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6124 # month and day.
6125 },
6126 "stringValue": "A String",
6127 "booleanValue": True or False,
6128 "integerValue": "A String",
6129 },
6130 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are
6131 # grouped together into a single bucket; for example if `upper_bound` = 89,
6132 # then all values greater than 89 are replaced with the value “89+”.
6133 # [Required].
6134 # Note that for the purposes of inspection or transformation, the number
6135 # of bytes considered to comprise a 'Value' is based on its representation
6136 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
6137 # 123456789, the number of bytes would be counted as 9, even though an
6138 # int64 only holds up to 8 bytes of data.
6139 "floatValue": 3.14,
6140 "timestampValue": "A String",
6141 "dayOfWeekValue": "A String",
6142 "timeValue": { # Represents a time of day. The date and time zone are either not significant
6143 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6144 # types are google.type.Date and `google.protobuf.Timestamp`.
6145 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6146 # to allow the value "24:00:00" for scenarios like business closing time.
6147 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6148 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6149 # allow the value 60 if it allows leap-seconds.
6150 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
6151 },
6152 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
6153 # and time zone are either specified elsewhere or are not significant. The date
6154 # is relative to the Proleptic Gregorian Calendar. This can represent:
6155 #
6156 # * A full date, with non-zero year, month and day values
6157 # * A month and day value, with a zero year, e.g. an anniversary
6158 # * A year on its own, with zero month and day values
6159 # * A year and month value, with a zero day, e.g. a credit card expiration date
6160 #
6161 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6162 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6163 # a year.
6164 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6165 # if specifying a year by itself or a year and month where the day is not
6166 # significant.
6167 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6168 # month and day.
6169 },
6170 "stringValue": "A String",
6171 "booleanValue": True or False,
6172 "integerValue": "A String",
6173 },
6174 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if
6175 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
6176 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
6177 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required].
6178 },
6179 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type.
6180 },
6181 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a
6182 # portion of the value.
6183 "partToExtract": "A String",
6184 },
6185 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing.
6186 # Uses SHA-256.
6187 # The key size must be either 32 or 64 bytes.
6188 # Outputs a base64 encoded representation of the hashed output
6189 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
6190 # Currently, only string and integer values can be hashed.
6191 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
6192 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
6193 # a key encryption key (KEK) stored by KMS).
6194 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
6195 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
6196 # unwrap the data crypto key.
6197 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
6198 # The wrapped key must be a 128/192/256 bit key.
6199 # Authorization requires the following IAM permissions when sending a request
6200 # to perform a crypto transformation using a kms-wrapped crypto key:
6201 # dlp.kms.encrypt
6202 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
6203 "wrappedKey": "A String", # The wrapped data crypto key. [required]
6204 },
6205 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
6206 # leaking the key. Choose another type of key if possible.
6207 "key": "A String", # A 128/192/256 bit key. [required]
6208 },
6209 "transient": { # Use this to have a random data crypto key generated.
6210 # It will be discarded after the request finishes.
6211 "name": "A String", # Name of the key. [required]
6212 # This is an arbitrary string used to differentiate different keys.
6213 # A unique key is generated per name: two separate `TransientCryptoKey`
6214 # protos share the same generated key if their names are the same.
6215 # When the data crypto key is generated, this name is not used in any way
6216 # (repeating the api call will result in a different key being generated).
6217 },
6218 },
6219 },
6220 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the
6221 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
6222 # to learn more.
6223 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
6224 # results in the same shift for the same context and crypto_key.
6225 # a key encryption key (KEK) stored by KMS).
6226 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
6227 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
6228 # unwrap the data crypto key.
6229 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
6230 # The wrapped key must be a 128/192/256 bit key.
6231 # Authorization requires the following IAM permissions when sending a request
6232 # to perform a crypto transformation using a kms-wrapped crypto key:
6233 # dlp.kms.encrypt
6234 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
6235 "wrappedKey": "A String", # The wrapped data crypto key. [required]
6236 },
6237 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
6238 # leaking the key. Choose another type of key if possible.
6239 "key": "A String", # A 128/192/256 bit key. [required]
6240 },
6241 "transient": { # Use this to have a random data crypto key generated.
6242 # It will be discarded after the request finishes.
6243 "name": "A String", # Name of the key. [required]
6244 # This is an arbitrary string used to differentiate different keys.
6245 # A unique key is generated per name: two separate `TransientCryptoKey`
6246 # protos share the same generated key if their names are the same.
6247 # When the data crypto key is generated, this name is not used in any way
6248 # (repeating the api call will result in a different key being generated).
6249 },
6250 },
6251 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past.
6252 # [Required]
6253 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this
6254 # range (inclusive ends). Negative means shift to earlier in time. Must not
6255 # be more than 365250 days (1000 years) each direction.
6256 #
6257 # For example, 3 means shift date to at most 3 days into the future.
6258 # [Required]
6259 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
6260 # If set, must also set method. If set, shift will be consistent for the
6261 # given context.
6262 "name": "A String", # Name describing the field.
6263 },
6264 },
6265 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and
6266 # replacement values are dynamically provided by the user for custom behavior,
6267 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH
6268 # This can be used on
6269 # data of type: number, long, string, timestamp.
6270 # If the bound `Value` type differs from the type of data being transformed, we
6271 # will first attempt converting the type of the data to be transformed to match
6272 # the type of the bound before comparing.
6273 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
6274 "buckets": [ # Set of buckets. Ranges must be non-overlapping.
6275 { # Bucket is represented as a range, along with replacement values.
6276 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
6277 # Note that for the purposes of inspection or transformation, the number
6278 # of bytes considered to comprise a 'Value' is based on its representation
6279 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
6280 # 123456789, the number of bytes would be counted as 9, even though an
6281 # int64 only holds up to 8 bytes of data.
6282 "floatValue": 3.14,
6283 "timestampValue": "A String",
6284 "dayOfWeekValue": "A String",
6285 "timeValue": { # Represents a time of day. The date and time zone are either not significant
6286 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6287 # types are google.type.Date and `google.protobuf.Timestamp`.
6288 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6289 # to allow the value "24:00:00" for scenarios like business closing time.
6290 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6291 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6292 # allow the value 60 if it allows leap-seconds.
6293 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
6294 },
6295 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
6296 # and time zone are either specified elsewhere or are not significant. The date
6297 # is relative to the Proleptic Gregorian Calendar. This can represent:
6298 #
6299 # * A full date, with non-zero year, month and day values
6300 # * A month and day value, with a zero year, e.g. an anniversary
6301 # * A year on its own, with zero month and day values
6302 # * A year and month value, with a zero day, e.g. a credit card expiration date
6303 #
6304 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6305 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6306 # a year.
6307 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6308 # if specifying a year by itself or a year and month where the day is not
6309 # significant.
6310 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6311 # month and day.
6312 },
6313 "stringValue": "A String",
6314 "booleanValue": True or False,
6315 "integerValue": "A String",
6316 },
6317 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
6318 # the default behavior will be to hyphenate the min-max range.
6319 # Note that for the purposes of inspection or transformation, the number
6320 # of bytes considered to comprise a 'Value' is based on its representation
6321 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
6322 # 123456789, the number of bytes would be counted as 9, even though an
6323 # int64 only holds up to 8 bytes of data.
6324 "floatValue": 3.14,
6325 "timestampValue": "A String",
6326 "dayOfWeekValue": "A String",
6327 "timeValue": { # Represents a time of day. The date and time zone are either not significant
6328 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6329 # types are google.type.Date and `google.protobuf.Timestamp`.
6330 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6331 # to allow the value "24:00:00" for scenarios like business closing time.
6332 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6333 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6334 # allow the value 60 if it allows leap-seconds.
6335 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
6336 },
6337 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
6338 # and time zone are either specified elsewhere or are not significant. The date
6339 # is relative to the Proleptic Gregorian Calendar. This can represent:
6340 #
6341 # * A full date, with non-zero year, month and day values
6342 # * A month and day value, with a zero year, e.g. an anniversary
6343 # * A year on its own, with zero month and day values
6344 # * A year and month value, with a zero day, e.g. a credit card expiration date
6345 #
6346 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6347 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6348 # a year.
6349 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6350 # if specifying a year by itself or a year and month where the day is not
6351 # significant.
6352 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6353 # month and day.
6354 },
6355 "stringValue": "A String",
6356 "booleanValue": True or False,
6357 "integerValue": "A String",
6358 },
6359 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
6360 # used.
6361 # Note that for the purposes of inspection or transformation, the number
6362 # of bytes considered to comprise a 'Value' is based on its representation
6363 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
6364 # 123456789, the number of bytes would be counted as 9, even though an
6365 # int64 only holds up to 8 bytes of data.
6366 "floatValue": 3.14,
6367 "timestampValue": "A String",
6368 "dayOfWeekValue": "A String",
6369 "timeValue": { # Represents a time of day. The date and time zone are either not significant
6370 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6371 # types are google.type.Date and `google.protobuf.Timestamp`.
6372 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6373 # to allow the value "24:00:00" for scenarios like business closing time.
6374 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6375 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6376 # allow the value 60 if it allows leap-seconds.
6377 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
6378 },
6379 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
6380 # and time zone are either specified elsewhere or are not significant. The date
6381 # is relative to the Proleptic Gregorian Calendar. This can represent:
6382 #
6383 # * A full date, with non-zero year, month and day values
6384 # * A month and day value, with a zero year, e.g. an anniversary
6385 # * A year on its own, with zero month and day values
6386 # * A year and month value, with a zero day, e.g. a credit card expiration date
6387 #
6388 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6389 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6390 # a year.
6391 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6392 # if specifying a year by itself or a year and month where the day is not
6393 # significant.
6394 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6395 # month and day.
6396 },
6397 "stringValue": "A String",
6398 "booleanValue": True or False,
6399 "integerValue": "A String",
6400 },
6401 },
6402 ],
6403 },
6404 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption
6405 # (FPE) with the FFX mode of operation; however when used in the
6406 # `ReidentifyContent` API method, it serves the opposite function by reversing
6407 # the surrogate back into the original identifier. The identifier must be
6408 # encoded as ASCII. For a given crypto key and context, the same identifier
6409 # will be replaced with the same surrogate. Identifiers must be at least two
6410 # characters long. In the case that the identifier is the empty string, it will
6411 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
6412 # more.
6413 #
6414 # Note: We recommend using CryptoDeterministicConfig for all use cases which
6415 # do not require preserving the input alphabet space and size, plus warrant
6416 # referential integrity.
6417 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required]
6418 # a key encryption key (KEK) stored by KMS).
6419 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
6420 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
6421 # unwrap the data crypto key.
6422 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
6423 # The wrapped key must be a 128/192/256 bit key.
6424 # Authorization requires the following IAM permissions when sending a request
6425 # to perform a crypto transformation using a kms-wrapped crypto key:
6426 # dlp.kms.encrypt
6427 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
6428 "wrappedKey": "A String", # The wrapped data crypto key. [required]
6429 },
6430 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
6431 # leaking the key. Choose another type of key if possible.
6432 "key": "A String", # A 128/192/256 bit key. [required]
6433 },
6434 "transient": { # Use this to have a random data crypto key generated.
6435 # It will be discarded after the request finishes.
6436 "name": "A String", # Name of the key. [required]
6437 # This is an arbitrary string used to differentiate different keys.
6438 # A unique key is generated per name: two separate `TransientCryptoKey`
6439 # protos share the same generated key if their names are the same.
6440 # When the data crypto key is generated, this name is not used in any way
6441 # (repeating the api call will result in a different key being generated).
6442 },
6443 },
6444 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62].
6445 "commonAlphabet": "A String",
6446 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
6447 # that the FFX mode natively supports. This happens before/after
6448 # encryption/decryption.
6449 # Each character listed must appear only once.
6450 # Number of characters must be in the range [2, 62].
6451 # This must be encoded as ASCII.
6452 # The order of characters does not matter.
6453 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
6454 # identifier in two different contexts won't be given the same surrogate. If
6455 # the context is not set, a default tweak will be used.
6456 #
6457 # If the context is set but:
6458 #
6459 # 1. there is no record present when transforming a given value or
6460 # 1. the field is not present when transforming a given value,
6461 #
6462 # a default tweak will be used.
6463 #
6464 # Note that case (1) is expected when an `InfoTypeTransformation` is
6465 # applied to both structured and non-structured `ContentItem`s.
6466 # Currently, the referenced field may be of value type integer or string.
6467 #
6468 # The tweak is constructed as a sequence of bytes in big endian byte order
6469 # such that:
6470 #
6471 # - a 64 bit integer is encoded followed by a single byte of value 1
6472 # - a string is encoded in UTF-8 format followed by a single byte of value 2
6473 "name": "A String", # Name describing the field.
6474 },
6475 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
6476 # This annotation will be applied to the surrogate by prefixing it with
6477 # the name of the custom infoType followed by the number of
6478 # characters comprising the surrogate. The following scheme defines the
6479 # format: info_type_name(surrogate_character_count):surrogate
6480 #
6481 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
6482 # the surrogate is 'abc', the full replacement value
6483 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
6484 #
6485 # This annotation identifies the surrogate when inspecting content using the
6486 # custom infoType
6487 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
6488 # This facilitates reversal of the surrogate when it occurs in free text.
6489 #
6490 # In order for inspection to work properly, the name of this infoType must
6491 # not occur naturally anywhere in your data; otherwise, inspection may
6492 # find a surrogate that does not correspond to an actual identifier.
6493 # Therefore, choose your custom infoType name carefully after considering
6494 # what your data looks like. One way to select a name that has a high chance
6495 # of yielding reliable detection is to include one or more unicode characters
6496 # that are highly improbable to exist in your data.
6497 # For example, assuming your data is entered from a regular ASCII keyboard,
6498 # the symbol with the hex code point 29DD might be used like so:
6499 # ⧝MY_TOKEN_TYPE
6500 "name": "A String", # Name of the information type. Either a name of your choosing when
6501 # creating a CustomInfoType, or one of the names listed
6502 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
6503 # a built-in type. InfoType names should conform to the pattern
6504 # [a-zA-Z0-9_]{1,64}.
6505 },
6506 },
6507 "replaceConfig": { # Replace each input value with a given `Value`.
6508 "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
6509 # Note that for the purposes of inspection or transformation, the number
6510 # of bytes considered to comprise a 'Value' is based on its representation
6511 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
6512 # 123456789, the number of bytes would be counted as 9, even though an
6513 # int64 only holds up to 8 bytes of data.
6514 "floatValue": 3.14,
6515 "timestampValue": "A String",
6516 "dayOfWeekValue": "A String",
6517 "timeValue": { # Represents a time of day. The date and time zone are either not significant
6518 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6519 # types are google.type.Date and `google.protobuf.Timestamp`.
6520 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6521 # to allow the value "24:00:00" for scenarios like business closing time.
6522 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6523 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6524 # allow the value 60 if it allows leap-seconds.
6525 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
6526 },
6527 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
6528 # and time zone are either specified elsewhere or are not significant. The date
6529 # is relative to the Proleptic Gregorian Calendar. This can represent:
6530 #
6531 # * A full date, with non-zero year, month and day values
6532 # * A month and day value, with a zero year, e.g. an anniversary
6533 # * A year on its own, with zero month and day values
6534 # * A year and month value, with a zero day, e.g. a credit card expiration date
6535 #
6536 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6537 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6538 # a year.
6539 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6540 # if specifying a year by itself or a year and month where the day is not
6541 # significant.
6542 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6543 # month and day.
6544 },
6545 "stringValue": "A String",
6546 "booleanValue": True or False,
6547 "integerValue": "A String",
6548 },
6549 },
6550 },
6551 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
6552 # this transformation to apply to all findings that correspond to
6553 # infoTypes that were requested in `InspectConfig`.
6554 { # Type of information detected by the API.
6555 "name": "A String", # Name of the information type. Either a name of your choosing when
6556 # creating a CustomInfoType, or one of the names listed
6557 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
6558 # a built-in type. InfoType names should conform to the pattern
6559 # [a-zA-Z0-9_]{1,64}.
6560 },
6561 ],
6562 },
6563 ],
6564 },
6565 "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.
6566 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a
6567 # fixed character. Masking can start from the beginning or end of the string.
6568 # This can be used on data of any type (numbers, longs, and so on) and when
6569 # de-identifying structured data we'll attempt to preserve the original data's
6570 # type. (This allows you to take a long like 123 and modify it to a string like
6571 # **3.
6572 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing.
6573 # For example, if your string is 555-555-5555 and you ask us to skip `-` and
6574 # mask 5 chars with * we would produce ***-*55-5555.
6575 { # Characters to skip when doing deidentification of a value. These will be left
6576 # alone and skipped.
6577 "commonCharactersToIgnore": "A String",
6578 "charactersToSkip": "A String",
6579 },
6580 ],
6581 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
6582 # masked. Skipped characters do not count towards this tally.
6583 "maskingCharacter": "A String", # Character to mask the sensitive values&mdash;for example, "*" for an
6584 # alphabetic string such as name, or "0" for a numeric string such as ZIP
6585 # code or credit card number. String must have length 1. If not supplied, we
6586 # will default to "*" for strings, 0 for digits.
6587 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
6588 # '0', number_to_mask is 14, and `reverse_order` is false, then
6589 # 1234-5678-9012-3456 -> 00000000000000-3456
6590 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order`
6591 # is true, then 12345 -> 12***
6592 },
6593 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation`
6594 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
6595 # output would be 'My phone number is '.
6596 },
6597 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given
6598 # input. Outputs a base64 encoded representation of the encrypted output.
6599 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
6600 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
6601 # a key encryption key (KEK) stored by KMS).
6602 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
6603 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
6604 # unwrap the data crypto key.
6605 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
6606 # The wrapped key must be a 128/192/256 bit key.
6607 # Authorization requires the following IAM permissions when sending a request
6608 # to perform a crypto transformation using a kms-wrapped crypto key:
6609 # dlp.kms.encrypt
6610 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
6611 "wrappedKey": "A String", # The wrapped data crypto key. [required]
6612 },
6613 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
6614 # leaking the key. Choose another type of key if possible.
6615 "key": "A String", # A 128/192/256 bit key. [required]
6616 },
6617 "transient": { # Use this to have a random data crypto key generated.
6618 # It will be discarded after the request finishes.
6619 "name": "A String", # Name of the key. [required]
6620 # This is an arbitrary string used to differentiate different keys.
6621 # A unique key is generated per name: two separate `TransientCryptoKey`
6622 # protos share the same generated key if their names are the same.
6623 # When the data crypto key is generated, this name is not used in any way
6624 # (repeating the api call will result in a different key being generated).
6625 },
6626 },
6627 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining
6628 # referential integrity such that the same identifier in two different
6629 # contexts will be given a distinct surrogate. The context is appended to
6630 # plaintext value being encrypted. On decryption the provided context is
6631 # validated against the value used during encryption. If a context was
6632 # provided during encryption, same context must be provided during decryption
6633 # as well.
6634 #
6635 # If the context is not set, plaintext would be used as is for encryption.
6636 # If the context is set but:
6637 #
6638 # 1. there is no record present when transforming a given value or
6639 # 2. the field is not present when transforming a given value,
6640 #
6641 # plaintext would be used as is for encryption.
6642 #
6643 # Note that case (1) is expected when an `InfoTypeTransformation` is
6644 # applied to both structured and non-structured `ContentItem`s.
6645 "name": "A String", # Name describing the field.
6646 },
6647 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
6648 # This annotation will be applied to the surrogate by prefixing it with
6649 # the name of the custom info type followed by the number of
6650 # characters comprising the surrogate. The following scheme defines the
6651 # format: <info type name>(<surrogate character count>):<surrogate>
6652 #
6653 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
6654 # the surrogate is 'abc', the full replacement value
6655 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
6656 #
6657 # This annotation identifies the surrogate when inspecting content using the
6658 # custom info type 'Surrogate'. This facilitates reversal of the
6659 # surrogate when it occurs in free text.
6660 #
6661 # In order for inspection to work properly, the name of this info type must
6662 # not occur naturally anywhere in your data; otherwise, inspection may either
6663 #
6664 # - reverse a surrogate that does not correspond to an actual identifier
6665 # - be unable to parse the surrogate and result in an error
6666 #
6667 # Therefore, choose your custom info type name carefully after considering
6668 # what your data looks like. One way to select a name that has a high chance
6669 # of yielding reliable detection is to include one or more unicode characters
6670 # that are highly improbable to exist in your data.
6671 # For example, assuming your data is entered from a regular ASCII keyboard,
6672 # the symbol with the hex code point 29DD might be used like so:
6673 # ⧝MY_TOKEN_TYPE
6674 "name": "A String", # Name of the information type. Either a name of your choosing when
6675 # creating a CustomInfoType, or one of the names listed
6676 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
6677 # a built-in type. InfoType names should conform to the pattern
6678 # [a-zA-Z0-9_]{1,64}.
6679 },
6680 },
6681 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The
6682 # Bucketing transformation can provide all of this functionality,
6683 # but requires more configuration. This message is provided as a convenience to
6684 # the user for simple bucketing strategies.
6685 #
6686 # The transformed value will be a hyphenated string of
6687 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20
6688 # all values that are within this bucket will be replaced with "10-20".
6689 #
6690 # This can be used on data of type: double, long.
6691 #
6692 # If the bound Value type differs from the type of data
6693 # being transformed, we will first attempt converting the type of the data to
6694 # be transformed to match the type of the bound before comparing.
6695 #
6696 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
6697 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are
6698 # grouped together into a single bucket; for example if `lower_bound` = 10,
6699 # then all values less than 10 are replaced with the value “-10”. [Required].
6700 # Note that for the purposes of inspection or transformation, the number
6701 # of bytes considered to comprise a 'Value' is based on its representation
6702 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
6703 # 123456789, the number of bytes would be counted as 9, even though an
6704 # int64 only holds up to 8 bytes of data.
6705 "floatValue": 3.14,
6706 "timestampValue": "A String",
6707 "dayOfWeekValue": "A String",
6708 "timeValue": { # Represents a time of day. The date and time zone are either not significant
6709 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6710 # types are google.type.Date and `google.protobuf.Timestamp`.
6711 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6712 # to allow the value "24:00:00" for scenarios like business closing time.
6713 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6714 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6715 # allow the value 60 if it allows leap-seconds.
6716 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
6717 },
6718 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
6719 # and time zone are either specified elsewhere or are not significant. The date
6720 # is relative to the Proleptic Gregorian Calendar. This can represent:
6721 #
6722 # * A full date, with non-zero year, month and day values
6723 # * A month and day value, with a zero year, e.g. an anniversary
6724 # * A year on its own, with zero month and day values
6725 # * A year and month value, with a zero day, e.g. a credit card expiration date
6726 #
6727 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6728 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6729 # a year.
6730 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6731 # if specifying a year by itself or a year and month where the day is not
6732 # significant.
6733 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6734 # month and day.
6735 },
6736 "stringValue": "A String",
6737 "booleanValue": True or False,
6738 "integerValue": "A String",
6739 },
6740 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are
6741 # grouped together into a single bucket; for example if `upper_bound` = 89,
6742 # then all values greater than 89 are replaced with the value “89+”.
6743 # [Required].
6744 # Note that for the purposes of inspection or transformation, the number
6745 # of bytes considered to comprise a 'Value' is based on its representation
6746 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
6747 # 123456789, the number of bytes would be counted as 9, even though an
6748 # int64 only holds up to 8 bytes of data.
6749 "floatValue": 3.14,
6750 "timestampValue": "A String",
6751 "dayOfWeekValue": "A String",
6752 "timeValue": { # Represents a time of day. The date and time zone are either not significant
6753 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6754 # types are google.type.Date and `google.protobuf.Timestamp`.
6755 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6756 # to allow the value "24:00:00" for scenarios like business closing time.
6757 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6758 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6759 # allow the value 60 if it allows leap-seconds.
6760 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
6761 },
6762 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
6763 # and time zone are either specified elsewhere or are not significant. The date
6764 # is relative to the Proleptic Gregorian Calendar. This can represent:
6765 #
6766 # * A full date, with non-zero year, month and day values
6767 # * A month and day value, with a zero year, e.g. an anniversary
6768 # * A year on its own, with zero month and day values
6769 # * A year and month value, with a zero day, e.g. a credit card expiration date
6770 #
6771 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6772 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6773 # a year.
6774 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6775 # if specifying a year by itself or a year and month where the day is not
6776 # significant.
6777 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6778 # month and day.
6779 },
6780 "stringValue": "A String",
6781 "booleanValue": True or False,
6782 "integerValue": "A String",
6783 },
6784 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if
6785 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
6786 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
6787 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required].
6788 },
6789 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type.
6790 },
6791 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a
6792 # portion of the value.
6793 "partToExtract": "A String",
6794 },
6795 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing.
6796 # Uses SHA-256.
6797 # The key size must be either 32 or 64 bytes.
6798 # Outputs a base64 encoded representation of the hashed output
6799 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
6800 # Currently, only string and integer values can be hashed.
6801 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
6802 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
6803 # a key encryption key (KEK) stored by KMS).
6804 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
6805 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
6806 # unwrap the data crypto key.
6807 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
6808 # The wrapped key must be a 128/192/256 bit key.
6809 # Authorization requires the following IAM permissions when sending a request
6810 # to perform a crypto transformation using a kms-wrapped crypto key:
6811 # dlp.kms.encrypt
6812 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
6813 "wrappedKey": "A String", # The wrapped data crypto key. [required]
6814 },
6815 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
6816 # leaking the key. Choose another type of key if possible.
6817 "key": "A String", # A 128/192/256 bit key. [required]
6818 },
6819 "transient": { # Use this to have a random data crypto key generated.
6820 # It will be discarded after the request finishes.
6821 "name": "A String", # Name of the key. [required]
6822 # This is an arbitrary string used to differentiate different keys.
6823 # A unique key is generated per name: two separate `TransientCryptoKey`
6824 # protos share the same generated key if their names are the same.
6825 # When the data crypto key is generated, this name is not used in any way
6826 # (repeating the api call will result in a different key being generated).
6827 },
6828 },
6829 },
6830 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the
6831 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
6832 # to learn more.
6833 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
6834 # results in the same shift for the same context and crypto_key.
6835 # a key encryption key (KEK) stored by KMS).
6836 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
6837 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
6838 # unwrap the data crypto key.
6839 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
6840 # The wrapped key must be a 128/192/256 bit key.
6841 # Authorization requires the following IAM permissions when sending a request
6842 # to perform a crypto transformation using a kms-wrapped crypto key:
6843 # dlp.kms.encrypt
6844 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
6845 "wrappedKey": "A String", # The wrapped data crypto key. [required]
6846 },
6847 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
6848 # leaking the key. Choose another type of key if possible.
6849 "key": "A String", # A 128/192/256 bit key. [required]
6850 },
6851 "transient": { # Use this to have a random data crypto key generated.
6852 # It will be discarded after the request finishes.
6853 "name": "A String", # Name of the key. [required]
6854 # This is an arbitrary string used to differentiate different keys.
6855 # A unique key is generated per name: two separate `TransientCryptoKey`
6856 # protos share the same generated key if their names are the same.
6857 # When the data crypto key is generated, this name is not used in any way
6858 # (repeating the api call will result in a different key being generated).
6859 },
6860 },
6861 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past.
6862 # [Required]
6863 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this
6864 # range (inclusive ends). Negative means shift to earlier in time. Must not
6865 # be more than 365250 days (1000 years) each direction.
6866 #
6867 # For example, 3 means shift date to at most 3 days into the future.
6868 # [Required]
6869 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
6870 # If set, must also set method. If set, shift will be consistent for the
6871 # given context.
6872 "name": "A String", # Name describing the field.
6873 },
6874 },
6875 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and
6876 # replacement values are dynamically provided by the user for custom behavior,
6877 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH
6878 # This can be used on
6879 # data of type: number, long, string, timestamp.
6880 # If the bound `Value` type differs from the type of data being transformed, we
6881 # will first attempt converting the type of the data to be transformed to match
6882 # the type of the bound before comparing.
6883 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
6884 "buckets": [ # Set of buckets. Ranges must be non-overlapping.
6885 { # Bucket is represented as a range, along with replacement values.
6886 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
6887 # Note that for the purposes of inspection or transformation, the number
6888 # of bytes considered to comprise a 'Value' is based on its representation
6889 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
6890 # 123456789, the number of bytes would be counted as 9, even though an
6891 # int64 only holds up to 8 bytes of data.
6892 "floatValue": 3.14,
6893 "timestampValue": "A String",
6894 "dayOfWeekValue": "A String",
6895 "timeValue": { # Represents a time of day. The date and time zone are either not significant
6896 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6897 # types are google.type.Date and `google.protobuf.Timestamp`.
6898 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6899 # to allow the value "24:00:00" for scenarios like business closing time.
6900 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6901 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6902 # allow the value 60 if it allows leap-seconds.
6903 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
6904 },
6905 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
6906 # and time zone are either specified elsewhere or are not significant. The date
6907 # is relative to the Proleptic Gregorian Calendar. This can represent:
6908 #
6909 # * A full date, with non-zero year, month and day values
6910 # * A month and day value, with a zero year, e.g. an anniversary
6911 # * A year on its own, with zero month and day values
6912 # * A year and month value, with a zero day, e.g. a credit card expiration date
6913 #
6914 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6915 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6916 # a year.
6917 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6918 # if specifying a year by itself or a year and month where the day is not
6919 # significant.
6920 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6921 # month and day.
6922 },
6923 "stringValue": "A String",
6924 "booleanValue": True or False,
6925 "integerValue": "A String",
6926 },
6927 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
6928 # the default behavior will be to hyphenate the min-max range.
6929 # Note that for the purposes of inspection or transformation, the number
6930 # of bytes considered to comprise a 'Value' is based on its representation
6931 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
6932 # 123456789, the number of bytes would be counted as 9, even though an
6933 # int64 only holds up to 8 bytes of data.
6934 "floatValue": 3.14,
6935 "timestampValue": "A String",
6936 "dayOfWeekValue": "A String",
6937 "timeValue": { # Represents a time of day. The date and time zone are either not significant
6938 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6939 # types are google.type.Date and `google.protobuf.Timestamp`.
6940 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6941 # to allow the value "24:00:00" for scenarios like business closing time.
6942 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6943 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6944 # allow the value 60 if it allows leap-seconds.
6945 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
6946 },
6947 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
6948 # and time zone are either specified elsewhere or are not significant. The date
6949 # is relative to the Proleptic Gregorian Calendar. This can represent:
6950 #
6951 # * A full date, with non-zero year, month and day values
6952 # * A month and day value, with a zero year, e.g. an anniversary
6953 # * A year on its own, with zero month and day values
6954 # * A year and month value, with a zero day, e.g. a credit card expiration date
6955 #
6956 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6957 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6958 # a year.
6959 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6960 # if specifying a year by itself or a year and month where the day is not
6961 # significant.
6962 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6963 # month and day.
6964 },
6965 "stringValue": "A String",
6966 "booleanValue": True or False,
6967 "integerValue": "A String",
6968 },
6969 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
6970 # used.
6971 # Note that for the purposes of inspection or transformation, the number
6972 # of bytes considered to comprise a 'Value' is based on its representation
6973 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
6974 # 123456789, the number of bytes would be counted as 9, even though an
6975 # int64 only holds up to 8 bytes of data.
6976 "floatValue": 3.14,
6977 "timestampValue": "A String",
6978 "dayOfWeekValue": "A String",
6979 "timeValue": { # Represents a time of day. The date and time zone are either not significant
6980 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6981 # types are google.type.Date and `google.protobuf.Timestamp`.
6982 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6983 # to allow the value "24:00:00" for scenarios like business closing time.
6984 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6985 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6986 # allow the value 60 if it allows leap-seconds.
6987 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
6988 },
6989 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
6990 # and time zone are either specified elsewhere or are not significant. The date
6991 # is relative to the Proleptic Gregorian Calendar. This can represent:
6992 #
6993 # * A full date, with non-zero year, month and day values
6994 # * A month and day value, with a zero year, e.g. an anniversary
6995 # * A year on its own, with zero month and day values
6996 # * A year and month value, with a zero day, e.g. a credit card expiration date
6997 #
6998 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6999 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
7000 # a year.
7001 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
7002 # if specifying a year by itself or a year and month where the day is not
7003 # significant.
7004 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
7005 # month and day.
7006 },
7007 "stringValue": "A String",
7008 "booleanValue": True or False,
7009 "integerValue": "A String",
7010 },
7011 },
7012 ],
7013 },
7014 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption
7015 # (FPE) with the FFX mode of operation; however when used in the
7016 # `ReidentifyContent` API method, it serves the opposite function by reversing
7017 # the surrogate back into the original identifier. The identifier must be
7018 # encoded as ASCII. For a given crypto key and context, the same identifier
7019 # will be replaced with the same surrogate. Identifiers must be at least two
7020 # characters long. In the case that the identifier is the empty string, it will
7021 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
7022 # more.
7023 #
7024 # Note: We recommend using CryptoDeterministicConfig for all use cases which
7025 # do not require preserving the input alphabet space and size, plus warrant
7026 # referential integrity.
7027 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required]
7028 # a key encryption key (KEK) stored by KMS).
7029 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
7030 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
7031 # unwrap the data crypto key.
7032 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
7033 # The wrapped key must be a 128/192/256 bit key.
7034 # Authorization requires the following IAM permissions when sending a request
7035 # to perform a crypto transformation using a kms-wrapped crypto key:
7036 # dlp.kms.encrypt
7037 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
7038 "wrappedKey": "A String", # The wrapped data crypto key. [required]
7039 },
7040 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
7041 # leaking the key. Choose another type of key if possible.
7042 "key": "A String", # A 128/192/256 bit key. [required]
7043 },
7044 "transient": { # Use this to have a random data crypto key generated.
7045 # It will be discarded after the request finishes.
7046 "name": "A String", # Name of the key. [required]
7047 # This is an arbitrary string used to differentiate different keys.
7048 # A unique key is generated per name: two separate `TransientCryptoKey`
7049 # protos share the same generated key if their names are the same.
7050 # When the data crypto key is generated, this name is not used in any way
7051 # (repeating the api call will result in a different key being generated).
7052 },
7053 },
7054 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62].
7055 "commonAlphabet": "A String",
7056 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
7057 # that the FFX mode natively supports. This happens before/after
7058 # encryption/decryption.
7059 # Each character listed must appear only once.
7060 # Number of characters must be in the range [2, 62].
7061 # This must be encoded as ASCII.
7062 # The order of characters does not matter.
7063 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
7064 # identifier in two different contexts won't be given the same surrogate. If
7065 # the context is not set, a default tweak will be used.
7066 #
7067 # If the context is set but:
7068 #
7069 # 1. there is no record present when transforming a given value or
7070 # 1. the field is not present when transforming a given value,
7071 #
7072 # a default tweak will be used.
7073 #
7074 # Note that case (1) is expected when an `InfoTypeTransformation` is
7075 # applied to both structured and non-structured `ContentItem`s.
7076 # Currently, the referenced field may be of value type integer or string.
7077 #
7078 # The tweak is constructed as a sequence of bytes in big endian byte order
7079 # such that:
7080 #
7081 # - a 64 bit integer is encoded followed by a single byte of value 1
7082 # - a string is encoded in UTF-8 format followed by a single byte of value 2
7083 "name": "A String", # Name describing the field.
7084 },
7085 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
7086 # This annotation will be applied to the surrogate by prefixing it with
7087 # the name of the custom infoType followed by the number of
7088 # characters comprising the surrogate. The following scheme defines the
7089 # format: info_type_name(surrogate_character_count):surrogate
7090 #
7091 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
7092 # the surrogate is 'abc', the full replacement value
7093 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
7094 #
7095 # This annotation identifies the surrogate when inspecting content using the
7096 # custom infoType
7097 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
7098 # This facilitates reversal of the surrogate when it occurs in free text.
7099 #
7100 # In order for inspection to work properly, the name of this infoType must
7101 # not occur naturally anywhere in your data; otherwise, inspection may
7102 # find a surrogate that does not correspond to an actual identifier.
7103 # Therefore, choose your custom infoType name carefully after considering
7104 # what your data looks like. One way to select a name that has a high chance
7105 # of yielding reliable detection is to include one or more unicode characters
7106 # that are highly improbable to exist in your data.
7107 # For example, assuming your data is entered from a regular ASCII keyboard,
7108 # the symbol with the hex code point 29DD might be used like so:
7109 # ⧝MY_TOKEN_TYPE
7110 "name": "A String", # Name of the information type. Either a name of your choosing when
7111 # creating a CustomInfoType, or one of the names listed
7112 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
7113 # a built-in type. InfoType names should conform to the pattern
7114 # [a-zA-Z0-9_]{1,64}.
7115 },
7116 },
7117 "replaceConfig": { # Replace each input value with a given `Value`.
7118 "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
7119 # Note that for the purposes of inspection or transformation, the number
7120 # of bytes considered to comprise a 'Value' is based on its representation
7121 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
7122 # 123456789, the number of bytes would be counted as 9, even though an
7123 # int64 only holds up to 8 bytes of data.
7124 "floatValue": 3.14,
7125 "timestampValue": "A String",
7126 "dayOfWeekValue": "A String",
7127 "timeValue": { # Represents a time of day. The date and time zone are either not significant
7128 # or are specified elsewhere. An API may choose to allow leap seconds. Related
7129 # types are google.type.Date and `google.protobuf.Timestamp`.
7130 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
7131 # to allow the value "24:00:00" for scenarios like business closing time.
7132 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
7133 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
7134 # allow the value 60 if it allows leap-seconds.
7135 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
7136 },
7137 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
7138 # and time zone are either specified elsewhere or are not significant. The date
7139 # is relative to the Proleptic Gregorian Calendar. This can represent:
7140 #
7141 # * A full date, with non-zero year, month and day values
7142 # * A month and day value, with a zero year, e.g. an anniversary
7143 # * A year on its own, with zero month and day values
7144 # * A year and month value, with a zero day, e.g. a credit card expiration date
7145 #
7146 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
7147 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
7148 # a year.
7149 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
7150 # if specifying a year by itself or a year and month where the day is not
7151 # significant.
7152 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
7153 # month and day.
7154 },
7155 "stringValue": "A String",
7156 "booleanValue": True or False,
7157 "integerValue": "A String",
7158 },
7159 },
7160 },
7161 "condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
7162 # given `RecordCondition`. The conditions are allowed to reference fields
7163 # that are not used in the actual transformation. [optional]
7164 #
7165 # Example Use Cases:
7166 #
7167 # - Apply a different bucket transformation to an age column if the zip code
7168 # column for the same record is within a specific range.
7169 # - Redact a field if the date of birth field is greater than 85.
7170 # a field.
7171 "expressions": { # An expression, consisting or an operator and conditions. # An expression.
7172 "conditions": { # A collection of conditions.
7173 "conditions": [
7174 { # The field type of `value` and `field` do not need to match to be
7175 # considered equal, but not all comparisons are possible.
7176 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
7177 # but all other comparisons are invalid with incompatible types.
7178 # A `value` of type:
7179 #
7180 # - `string` can be compared against all other types
7181 # - `boolean` can only be compared against other booleans
7182 # - `integer` can be compared against doubles or a string if the string value
7183 # can be parsed as an integer.
7184 # - `double` can be compared against integers or a string if the string can
7185 # be parsed as a double.
7186 # - `Timestamp` can be compared against strings in RFC 3339 date string
7187 # format.
7188 # - `TimeOfDay` can be compared against timestamps and strings in the format
7189 # of 'HH:mm:ss'.
7190 #
7191 # If we fail to compare do to type mismatch, a warning will be given and
7192 # the condition will evaluate to false.
7193 "operator": "A String", # Operator used to compare the field or infoType to the value. [required]
7194 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required]
7195 "name": "A String", # Name describing the field.
7196 },
7197 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.]
7198 # Note that for the purposes of inspection or transformation, the number
7199 # of bytes considered to comprise a 'Value' is based on its representation
7200 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
7201 # 123456789, the number of bytes would be counted as 9, even though an
7202 # int64 only holds up to 8 bytes of data.
7203 "floatValue": 3.14,
7204 "timestampValue": "A String",
7205 "dayOfWeekValue": "A String",
7206 "timeValue": { # Represents a time of day. The date and time zone are either not significant
7207 # or are specified elsewhere. An API may choose to allow leap seconds. Related
7208 # types are google.type.Date and `google.protobuf.Timestamp`.
7209 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
7210 # to allow the value "24:00:00" for scenarios like business closing time.
7211 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
7212 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
7213 # allow the value 60 if it allows leap-seconds.
7214 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
7215 },
7216 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
7217 # and time zone are either specified elsewhere or are not significant. The date
7218 # is relative to the Proleptic Gregorian Calendar. This can represent:
7219 #
7220 # * A full date, with non-zero year, month and day values
7221 # * A month and day value, with a zero year, e.g. an anniversary
7222 # * A year on its own, with zero month and day values
7223 # * A year and month value, with a zero day, e.g. a credit card expiration date
7224 #
7225 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
7226 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
7227 # a year.
7228 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
7229 # if specifying a year by itself or a year and month where the day is not
7230 # significant.
7231 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
7232 # month and day.
7233 },
7234 "stringValue": "A String",
7235 "booleanValue": True or False,
7236 "integerValue": "A String",
7237 },
7238 },
7239 ],
7240 },
7241 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
7242 # only supported value is `AND`.
7243 },
7244 },
7245 "fields": [ # Input field(s) to apply the transformation to. [required]
7246 { # General identifier of a data field in a storage service.
7247 "name": "A String", # Name describing the field.
7248 },
7249 ],
7250 },
7251 ],
7252 },
7253 },
7254 "reidentifyTemplateName": "A String", # Optional template to use. References an instance of `DeidentifyTemplate`.
7255 # Any configuration directly specified in `reidentify_config` or
7256 # `inspect_config` will override those set in the template. Singular fields
7257 # that are set in this request will replace their corresponding fields in the
7258 # template. Repeated fields are appended. Singular sub-messages and groups
7259 # are recursively merged.
7260 "inspectConfig": { # Configuration description of the scanning process. # Configuration for the inspector.
7261 # When used with redactContent only info_types and min_likelihood are currently
7262 # used.
7263 "excludeInfoTypes": True or False, # When true, excludes type information of the findings.
7264 "limits": {
7265 "maxFindingsPerRequest": 42, # Max number of findings that will be returned per request/job.
7266 # When set within `InspectContentRequest`, the maximum returned is 2000
7267 # regardless if this is set higher.
7268 "maxFindingsPerInfoType": [ # Configuration of findings limit given for specified infoTypes.
7269 { # Max findings configuration per infoType, per content item or long
7270 # running DlpJob.
7271 "infoType": { # Type of information detected by the API. # Type of information the findings limit applies to. Only one limit per
7272 # info_type should be provided. If InfoTypeLimit does not have an
7273 # info_type, the DLP API applies the limit against all info_types that
7274 # are found but not specified in another InfoTypeLimit.
7275 "name": "A String", # Name of the information type. Either a name of your choosing when
7276 # creating a CustomInfoType, or one of the names listed
7277 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
7278 # a built-in type. InfoType names should conform to the pattern
7279 # [a-zA-Z0-9_]{1,64}.
7280 },
7281 "maxFindings": 42, # Max findings limit for the given infoType.
7282 },
7283 ],
7284 "maxFindingsPerItem": 42, # Max number of findings that will be returned for each item scanned.
7285 # When set within `InspectDataSourceRequest`,
7286 # the maximum returned is 2000 regardless if this is set higher.
7287 # When set within `InspectContentRequest`, this field is ignored.
7288 },
7289 "minLikelihood": "A String", # Only returns findings equal or above this threshold. The default is
7290 # POSSIBLE.
7291 # See https://cloud.google.com/dlp/docs/likelihood to learn more.
7292 "customInfoTypes": [ # CustomInfoTypes provided by the user. See
7293 # https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.
7294 { # Custom information type provided by the user. Used to find domain-specific
7295 # sensitive information configurable to the data in question.
7296 "regex": { # Message defining a custom regular expression. # Regular expression based CustomInfoType.
7297 "pattern": "A String", # Pattern defining the regular expression. Its syntax
7298 # (https://github.com/google/re2/wiki/Syntax) can be found under the
7299 # google/re2 repository on GitHub.
7300 "groupIndexes": [ # The index of the submatch to extract as findings. When not
7301 # specified, the entire match is returned. No more than 3 may be included.
7302 42,
7303 ],
7304 },
7305 "surrogateType": { # Message for detecting output from deidentification transformations # Message for detecting output from deidentification transformations that
7306 # support reversing.
7307 # such as
7308 # [`CryptoReplaceFfxFpeConfig`](/dlp/docs/reference/rest/v2/organizations.deidentifyTemplates#cryptoreplaceffxfpeconfig).
7309 # These types of transformations are
7310 # those that perform pseudonymization, thereby producing a "surrogate" as
7311 # output. This should be used in conjunction with a field on the
7312 # transformation such as `surrogate_info_type`. This CustomInfoType does
7313 # not support the use of `detection_rules`.
7314 },
7315 "infoType": { # Type of information detected by the API. # CustomInfoType can either be a new infoType, or an extension of built-in
7316 # infoType, when the name matches one of existing infoTypes and that infoType
7317 # is specified in `InspectContent.info_types` field. Specifying the latter
7318 # adds findings to the one detected by the system. If built-in info type is
7319 # not specified in `InspectContent.info_types` list then the name is treated
7320 # as a custom info type.
7321 "name": "A String", # Name of the information type. Either a name of your choosing when
7322 # creating a CustomInfoType, or one of the names listed
7323 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
7324 # a built-in type. InfoType names should conform to the pattern
7325 # [a-zA-Z0-9_]{1,64}.
7326 },
7327 "dictionary": { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType.
7328 # be used to match sensitive information specific to the data, such as a list
7329 # of employee IDs or job titles.
7330 #
7331 # Dictionary words are case-insensitive and all characters other than letters
7332 # and digits in the unicode [Basic Multilingual
7333 # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane)
7334 # will be replaced with whitespace when scanning for matches, so the
7335 # dictionary phrase "Sam Johnson" will match all three phrases "sam johnson",
7336 # "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters
7337 # surrounding any match must be of a different type than the adjacent
7338 # characters within the word, so letters must be next to non-letters and
7339 # digits next to non-digits. For example, the dictionary word "jen" will
7340 # match the first three letters of the text "jen123" but will return no
7341 # matches for "jennifer".
7342 #
7343 # Dictionary words containing a large number of characters that are not
7344 # letters or digits may result in unexpected findings because such characters
7345 # are treated as whitespace. The
7346 # [limits](https://cloud.google.com/dlp/limits) page contains details about
7347 # the size limits of dictionaries. For dictionaries that do not fit within
7348 # these constraints, consider using `LargeCustomDictionaryConfig` in the
7349 # `StoredInfoType` API.
7350 "wordList": { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for.
7351 "words": [ # Words or phrases defining the dictionary. The dictionary must contain
7352 # at least one phrase and every phrase must contain at least 2 characters
7353 # that are letters or digits. [required]
7354 "A String",
7355 ],
7356 },
7357 "cloudStoragePath": { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file
7358 # is accepted.
7359 "path": "A String", # A url representing a file or path (no wildcards) in Cloud Storage.
7360 # Example: gs://[BUCKET_NAME]/dictionary.txt
7361 },
7362 },
7363 "storedType": { # A reference to a StoredInfoType to use with scanning. # Load an existing `StoredInfoType` resource for use in
7364 # `InspectDataSource`. Not currently supported in `InspectContent`.
7365 "name": "A String", # Resource name of the requested `StoredInfoType`, for example
7366 # `organizations/433245324/storedInfoTypes/432452342` or
7367 # `projects/project-id/storedInfoTypes/432452342`.
7368 "createTime": "A String", # Timestamp indicating when the version of the `StoredInfoType` used for
7369 # inspection was created. Output-only field, populated by the system.
7370 },
7371 "detectionRules": [ # Set of detection rules to apply to all findings of this CustomInfoType.
7372 # Rules are applied in order that they are specified. Not supported for the
7373 # `surrogate_type` CustomInfoType.
7374 { # Deprecated; use `InspectionRuleSet` instead. Rule for modifying a
7375 # `CustomInfoType` to alter behavior under certain circumstances, depending
7376 # on the specific details of the rule. Not supported for the `surrogate_type`
7377 # custom infoType.
7378 "hotwordRule": { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule.
7379 # proximity of hotwords.
7380 "proximity": { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside.
7381 # The total length of the window cannot exceed 1000 characters. Note that
7382 # the finding itself will be included in the window, so that hotwords may
7383 # be used to match substrings of the finding itself. For example, the
7384 # certainty of a phone number regex "\(\d{3}\) \d{3}-\d{4}" could be
7385 # adjusted upwards if the area code is known to be the local area code of
7386 # a company office using the hotword regex "\(xxx\)", where "xxx"
7387 # is the area code in question.
7388 # rule.
7389 "windowAfter": 42, # Number of characters after the finding to consider.
7390 "windowBefore": 42, # Number of characters before the finding to consider.
7391 },
7392 "hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
7393 "pattern": "A String", # Pattern defining the regular expression. Its syntax
7394 # (https://github.com/google/re2/wiki/Syntax) can be found under the
7395 # google/re2 repository on GitHub.
7396 "groupIndexes": [ # The index of the submatch to extract as findings. When not
7397 # specified, the entire match is returned. No more than 3 may be included.
7398 42,
7399 ],
7400 },
7401 "likelihoodAdjustment": { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings.
7402 # part of a detection rule.
7403 "relativeLikelihood": 42, # Increase or decrease the likelihood by the specified number of
7404 # levels. For example, if a finding would be `POSSIBLE` without the
7405 # detection rule and `relative_likelihood` is 1, then it is upgraded to
7406 # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`.
7407 # Likelihood may never drop below `VERY_UNLIKELY` or exceed
7408 # `VERY_LIKELY`, so applying an adjustment of 1 followed by an
7409 # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in
7410 # a final likelihood of `LIKELY`.
7411 "fixedLikelihood": "A String", # Set the likelihood of a finding to a fixed value.
7412 },
7413 },
7414 },
7415 ],
7416 "exclusionType": "A String", # If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding
7417 # to be returned. It still can be used for rules matching.
7418 "likelihood": "A String", # Likelihood to return for this CustomInfoType. This base value can be
7419 # altered by a detection rule if the finding meets the criteria specified by
7420 # the rule. Defaults to `VERY_LIKELY` if not specified.
7421 },
7422 ],
7423 "includeQuote": True or False, # When true, a contextual quote from the data that triggered a finding is
7424 # included in the response; see Finding.quote.
7425 "ruleSet": [ # Set of rules to apply to the findings for this InspectConfig.
7426 # Exclusion rules, contained in the set are executed in the end, other
7427 # rules are executed in the order they are specified for each info type.
7428 { # Rule set for modifying a set of infoTypes to alter behavior under certain
7429 # circumstances, depending on the specific details of the rules within the set.
7430 "rules": [ # Set of rules to be applied to infoTypes. The rules are applied in order.
7431 { # A single inspection rule to be applied to infoTypes, specified in
7432 # `InspectionRuleSet`.
7433 "hotwordRule": { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule.
7434 # proximity of hotwords.
7435 "proximity": { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside.
7436 # The total length of the window cannot exceed 1000 characters. Note that
7437 # the finding itself will be included in the window, so that hotwords may
7438 # be used to match substrings of the finding itself. For example, the
7439 # certainty of a phone number regex "\(\d{3}\) \d{3}-\d{4}" could be
7440 # adjusted upwards if the area code is known to be the local area code of
7441 # a company office using the hotword regex "\(xxx\)", where "xxx"
7442 # is the area code in question.
7443 # rule.
7444 "windowAfter": 42, # Number of characters after the finding to consider.
7445 "windowBefore": 42, # Number of characters before the finding to consider.
7446 },
7447 "hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword.
7448 "pattern": "A String", # Pattern defining the regular expression. Its syntax
7449 # (https://github.com/google/re2/wiki/Syntax) can be found under the
7450 # google/re2 repository on GitHub.
7451 "groupIndexes": [ # The index of the submatch to extract as findings. When not
7452 # specified, the entire match is returned. No more than 3 may be included.
7453 42,
7454 ],
7455 },
7456 "likelihoodAdjustment": { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings.
7457 # part of a detection rule.
7458 "relativeLikelihood": 42, # Increase or decrease the likelihood by the specified number of
7459 # levels. For example, if a finding would be `POSSIBLE` without the
7460 # detection rule and `relative_likelihood` is 1, then it is upgraded to
7461 # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`.
7462 # Likelihood may never drop below `VERY_UNLIKELY` or exceed
7463 # `VERY_LIKELY`, so applying an adjustment of 1 followed by an
7464 # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in
7465 # a final likelihood of `LIKELY`.
7466 "fixedLikelihood": "A String", # Set the likelihood of a finding to a fixed value.
7467 },
7468 },
7469 "exclusionRule": { # The rule that specifies conditions when findings of infoTypes specified in # Exclusion rule.
7470 # `InspectionRuleSet` are removed from results.
7471 "regex": { # Message defining a custom regular expression. # Regular expression which defines the rule.
7472 "pattern": "A String", # Pattern defining the regular expression. Its syntax
7473 # (https://github.com/google/re2/wiki/Syntax) can be found under the
7474 # google/re2 repository on GitHub.
7475 "groupIndexes": [ # The index of the submatch to extract as findings. When not
7476 # specified, the entire match is returned. No more than 3 may be included.
7477 42,
7478 ],
7479 },
7480 "excludeInfoTypes": { # List of exclude infoTypes. # Set of infoTypes for which findings would affect this rule.
7481 "infoTypes": [ # InfoType list in ExclusionRule rule drops a finding when it overlaps or
7482 # contained within with a finding of an infoType from this list. For
7483 # example, for `InspectionRuleSet.info_types` containing "PHONE_NUMBER"` and
7484 # `exclusion_rule` containing `exclude_info_types.info_types` with
7485 # "EMAIL_ADDRESS" the phone number findings are dropped if they overlap
7486 # with EMAIL_ADDRESS finding.
7487 # That leads to "555-222-2222@example.org" to generate only a single
7488 # finding, namely email address.
7489 { # Type of information detected by the API.
7490 "name": "A String", # Name of the information type. Either a name of your choosing when
7491 # creating a CustomInfoType, or one of the names listed
7492 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
7493 # a built-in type. InfoType names should conform to the pattern
7494 # [a-zA-Z0-9_]{1,64}.
7495 },
7496 ],
7497 },
7498 "dictionary": { # Custom information type based on a dictionary of words or phrases. This can # Dictionary which defines the rule.
7499 # be used to match sensitive information specific to the data, such as a list
7500 # of employee IDs or job titles.
7501 #
7502 # Dictionary words are case-insensitive and all characters other than letters
7503 # and digits in the unicode [Basic Multilingual
7504 # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane)
7505 # will be replaced with whitespace when scanning for matches, so the
7506 # dictionary phrase "Sam Johnson" will match all three phrases "sam johnson",
7507 # "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters
7508 # surrounding any match must be of a different type than the adjacent
7509 # characters within the word, so letters must be next to non-letters and
7510 # digits next to non-digits. For example, the dictionary word "jen" will
7511 # match the first three letters of the text "jen123" but will return no
7512 # matches for "jennifer".
7513 #
7514 # Dictionary words containing a large number of characters that are not
7515 # letters or digits may result in unexpected findings because such characters
7516 # are treated as whitespace. The
7517 # [limits](https://cloud.google.com/dlp/limits) page contains details about
7518 # the size limits of dictionaries. For dictionaries that do not fit within
7519 # these constraints, consider using `LargeCustomDictionaryConfig` in the
7520 # `StoredInfoType` API.
7521 "wordList": { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for.
7522 "words": [ # Words or phrases defining the dictionary. The dictionary must contain
7523 # at least one phrase and every phrase must contain at least 2 characters
7524 # that are letters or digits. [required]
7525 "A String",
7526 ],
7527 },
7528 "cloudStoragePath": { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file
7529 # is accepted.
7530 "path": "A String", # A url representing a file or path (no wildcards) in Cloud Storage.
7531 # Example: gs://[BUCKET_NAME]/dictionary.txt
7532 },
7533 },
7534 "matchingType": "A String", # How the rule is applied, see MatchingType documentation for details.
7535 },
7536 },
7537 ],
7538 "infoTypes": [ # List of infoTypes this rule set is applied to.
7539 { # Type of information detected by the API.
7540 "name": "A String", # Name of the information type. Either a name of your choosing when
7541 # creating a CustomInfoType, or one of the names listed
7542 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
7543 # a built-in type. InfoType names should conform to the pattern
7544 # [a-zA-Z0-9_]{1,64}.
7545 },
7546 ],
7547 },
7548 ],
7549 "contentOptions": [ # List of options defining data content to scan.
7550 # If empty, text, images, and other content will be included.
7551 "A String",
7552 ],
7553 "infoTypes": [ # Restricts what info_types to look for. The values must correspond to
7554 # InfoType values returned by ListInfoTypes or listed at
7555 # https://cloud.google.com/dlp/docs/infotypes-reference.
7556 #
7557 # When no InfoTypes or CustomInfoTypes are specified in a request, the
7558 # system may automatically choose what detectors to run. By default this may
7559 # be all types, but may change over time as detectors are updated.
7560 #
7561 # The special InfoType name "ALL_BASIC" can be used to trigger all detectors,
7562 # but may change over time as new InfoTypes are added. If you need precise
7563 # control and predictability as to what detectors are run you should specify
7564 # specific InfoTypes listed in the reference.
7565 { # Type of information detected by the API.
7566 "name": "A String", # Name of the information type. Either a name of your choosing when
7567 # creating a CustomInfoType, or one of the names listed
7568 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
7569 # a built-in type. InfoType names should conform to the pattern
7570 # [a-zA-Z0-9_]{1,64}.
7571 },
7572 ],
7573 },
7574 "inspectTemplateName": "A String", # Optional template to use. Any configuration directly specified in
7575 # `inspect_config` will override those set in the template. Singular fields
7576 # that are set in this request will replace their corresponding fields in the
7577 # template. Repeated fields are appended. Singular sub-messages and groups
7578 # are recursively merged.
7579 "item": { # Container structure for the content to inspect. # The item to re-identify. Will be treated as text.
7580 "table": { # Structured content to inspect. Up to 50,000 `Value`s per request allowed. # Structured content for inspection. See
7581 # https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
7582 # learn more.
7583 # See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
7584 # learn more.
7585 "headers": [
7586 { # General identifier of a data field in a storage service.
7587 "name": "A String", # Name describing the field.
7588 },
7589 ],
7590 "rows": [
7591 {
7592 "values": [
7593 { # Set of primitive values supported by the system.
7594 # Note that for the purposes of inspection or transformation, the number
7595 # of bytes considered to comprise a 'Value' is based on its representation
7596 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
7597 # 123456789, the number of bytes would be counted as 9, even though an
7598 # int64 only holds up to 8 bytes of data.
7599 "floatValue": 3.14,
7600 "timestampValue": "A String",
7601 "dayOfWeekValue": "A String",
7602 "timeValue": { # Represents a time of day. The date and time zone are either not significant
7603 # or are specified elsewhere. An API may choose to allow leap seconds. Related
7604 # types are google.type.Date and `google.protobuf.Timestamp`.
7605 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
7606 # to allow the value "24:00:00" for scenarios like business closing time.
7607 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
7608 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
7609 # allow the value 60 if it allows leap-seconds.
7610 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
7611 },
7612 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
7613 # and time zone are either specified elsewhere or are not significant. The date
7614 # is relative to the Proleptic Gregorian Calendar. This can represent:
7615 #
7616 # * A full date, with non-zero year, month and day values
7617 # * A month and day value, with a zero year, e.g. an anniversary
7618 # * A year on its own, with zero month and day values
7619 # * A year and month value, with a zero day, e.g. a credit card expiration date
7620 #
7621 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
7622 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
7623 # a year.
7624 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
7625 # if specifying a year by itself or a year and month where the day is not
7626 # significant.
7627 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
7628 # month and day.
7629 },
7630 "stringValue": "A String",
7631 "booleanValue": True or False,
7632 "integerValue": "A String",
7633 },
7634 ],
7635 },
7636 ],
7637 },
7638 "byteItem": { # Container for bytes to inspect or redact. # Content data to inspect or redact. Replaces `type` and `data`.
7639 "type": "A String", # The type of data stored in the bytes string. Default will be TEXT_UTF8.
7640 "data": "A String", # Content data to inspect or redact.
7641 },
7642 "value": "A String", # String data to inspect or redact.
7643 },
7644 }
7645
7646 x__xgafv: string, V1 error format.
7647 Allowed values
7648 1 - v1 error format
7649 2 - v2 error format
7650
7651Returns:
7652 An object of the form:
7653
7654 { # Results of re-identifying a item.
7655 "overview": { # Overview of the modifications that occurred. # An overview of the changes that were made to the `item`.
7656 "transformationSummaries": [ # Transformations applied to the dataset.
7657 { # Summary of a single transformation.
7658 # Only one of 'transformation', 'field_transformation', or 'record_suppress'
7659 # will be set.
7660 "infoType": { # Type of information detected by the API. # Set if the transformation was limited to a specific InfoType.
7661 "name": "A String", # Name of the information type. Either a name of your choosing when
7662 # creating a CustomInfoType, or one of the names listed
7663 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
7664 # a built-in type. InfoType names should conform to the pattern
7665 # [a-zA-Z0-9_]{1,64}.
7666 },
7667 "recordSuppress": { # Configuration to suppress records whose suppression conditions evaluate to # The specific suppression option these stats apply to.
7668 # true.
7669 "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
7670 # evaluated to be suppressed from the transformed content.
7671 # a field.
7672 "expressions": { # An expression, consisting or an operator and conditions. # An expression.
7673 "conditions": { # A collection of conditions.
7674 "conditions": [
7675 { # The field type of `value` and `field` do not need to match to be
7676 # considered equal, but not all comparisons are possible.
7677 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
7678 # but all other comparisons are invalid with incompatible types.
7679 # A `value` of type:
7680 #
7681 # - `string` can be compared against all other types
7682 # - `boolean` can only be compared against other booleans
7683 # - `integer` can be compared against doubles or a string if the string value
7684 # can be parsed as an integer.
7685 # - `double` can be compared against integers or a string if the string can
7686 # be parsed as a double.
7687 # - `Timestamp` can be compared against strings in RFC 3339 date string
7688 # format.
7689 # - `TimeOfDay` can be compared against timestamps and strings in the format
7690 # of 'HH:mm:ss'.
7691 #
7692 # If we fail to compare do to type mismatch, a warning will be given and
7693 # the condition will evaluate to false.
7694 "operator": "A String", # Operator used to compare the field or infoType to the value. [required]
7695 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required]
7696 "name": "A String", # Name describing the field.
7697 },
7698 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.]
7699 # Note that for the purposes of inspection or transformation, the number
7700 # of bytes considered to comprise a 'Value' is based on its representation
7701 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
7702 # 123456789, the number of bytes would be counted as 9, even though an
7703 # int64 only holds up to 8 bytes of data.
7704 "floatValue": 3.14,
7705 "timestampValue": "A String",
7706 "dayOfWeekValue": "A String",
7707 "timeValue": { # Represents a time of day. The date and time zone are either not significant
7708 # or are specified elsewhere. An API may choose to allow leap seconds. Related
7709 # types are google.type.Date and `google.protobuf.Timestamp`.
7710 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
7711 # to allow the value "24:00:00" for scenarios like business closing time.
7712 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
7713 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
7714 # allow the value 60 if it allows leap-seconds.
7715 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
7716 },
7717 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
7718 # and time zone are either specified elsewhere or are not significant. The date
7719 # is relative to the Proleptic Gregorian Calendar. This can represent:
7720 #
7721 # * A full date, with non-zero year, month and day values
7722 # * A month and day value, with a zero year, e.g. an anniversary
7723 # * A year on its own, with zero month and day values
7724 # * A year and month value, with a zero day, e.g. a credit card expiration date
7725 #
7726 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
7727 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
7728 # a year.
7729 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
7730 # if specifying a year by itself or a year and month where the day is not
7731 # significant.
7732 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
7733 # month and day.
7734 },
7735 "stringValue": "A String",
7736 "booleanValue": True or False,
7737 "integerValue": "A String",
7738 },
7739 },
7740 ],
7741 },
7742 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
7743 # only supported value is `AND`.
7744 },
7745 },
7746 },
7747 "results": [
7748 { # A collection that informs the user the number of times a particular
7749 # `TransformationResultCode` and error details occurred.
7750 "count": "A String",
7751 "code": "A String",
7752 "details": "A String", # A place for warnings or errors to show up if a transformation didn't
7753 # work as expected.
7754 },
7755 ],
7756 "field": { # General identifier of a data field in a storage service. # Set if the transformation was limited to a specific FieldId.
7757 "name": "A String", # Name describing the field.
7758 },
7759 "fieldTransformations": [ # The field transformation that was applied.
7760 # If multiple field transformations are requested for a single field,
7761 # this list will contain all of them; otherwise, only one is supplied.
7762 { # The transformation to apply to the field.
7763 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
7764 # transform content that matches an `InfoType`.
7765 # apply various `PrimitiveTransformation`s to each finding, where the
7766 # transformation is applied to only values that were identified as a specific
7767 # info_type.
7768 "transformations": [ # Transformation for each infoType. Cannot specify more than one
7769 # for a given infoType. [required]
7770 { # A transformation to apply to text that is identified as a specific
7771 # info_type.
7772 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required]
7773 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a
7774 # fixed character. Masking can start from the beginning or end of the string.
7775 # This can be used on data of any type (numbers, longs, and so on) and when
7776 # de-identifying structured data we'll attempt to preserve the original data's
7777 # type. (This allows you to take a long like 123 and modify it to a string like
7778 # **3.
7779 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing.
7780 # For example, if your string is 555-555-5555 and you ask us to skip `-` and
7781 # mask 5 chars with * we would produce ***-*55-5555.
7782 { # Characters to skip when doing deidentification of a value. These will be left
7783 # alone and skipped.
7784 "commonCharactersToIgnore": "A String",
7785 "charactersToSkip": "A String",
7786 },
7787 ],
7788 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
7789 # masked. Skipped characters do not count towards this tally.
7790 "maskingCharacter": "A String", # Character to mask the sensitive values&mdash;for example, "*" for an
7791 # alphabetic string such as name, or "0" for a numeric string such as ZIP
7792 # code or credit card number. String must have length 1. If not supplied, we
7793 # will default to "*" for strings, 0 for digits.
7794 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
7795 # '0', number_to_mask is 14, and `reverse_order` is false, then
7796 # 1234-5678-9012-3456 -> 00000000000000-3456
7797 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order`
7798 # is true, then 12345 -> 12***
7799 },
7800 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation`
7801 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
7802 # output would be 'My phone number is '.
7803 },
7804 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given
7805 # input. Outputs a base64 encoded representation of the encrypted output.
7806 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
7807 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
7808 # a key encryption key (KEK) stored by KMS).
7809 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
7810 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
7811 # unwrap the data crypto key.
7812 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
7813 # The wrapped key must be a 128/192/256 bit key.
7814 # Authorization requires the following IAM permissions when sending a request
7815 # to perform a crypto transformation using a kms-wrapped crypto key:
7816 # dlp.kms.encrypt
7817 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
7818 "wrappedKey": "A String", # The wrapped data crypto key. [required]
7819 },
7820 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
7821 # leaking the key. Choose another type of key if possible.
7822 "key": "A String", # A 128/192/256 bit key. [required]
7823 },
7824 "transient": { # Use this to have a random data crypto key generated.
7825 # It will be discarded after the request finishes.
7826 "name": "A String", # Name of the key. [required]
7827 # This is an arbitrary string used to differentiate different keys.
7828 # A unique key is generated per name: two separate `TransientCryptoKey`
7829 # protos share the same generated key if their names are the same.
7830 # When the data crypto key is generated, this name is not used in any way
7831 # (repeating the api call will result in a different key being generated).
7832 },
7833 },
7834 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining
7835 # referential integrity such that the same identifier in two different
7836 # contexts will be given a distinct surrogate. The context is appended to
7837 # plaintext value being encrypted. On decryption the provided context is
7838 # validated against the value used during encryption. If a context was
7839 # provided during encryption, same context must be provided during decryption
7840 # as well.
7841 #
7842 # If the context is not set, plaintext would be used as is for encryption.
7843 # If the context is set but:
7844 #
7845 # 1. there is no record present when transforming a given value or
7846 # 2. the field is not present when transforming a given value,
7847 #
7848 # plaintext would be used as is for encryption.
7849 #
7850 # Note that case (1) is expected when an `InfoTypeTransformation` is
7851 # applied to both structured and non-structured `ContentItem`s.
7852 "name": "A String", # Name describing the field.
7853 },
7854 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
7855 # This annotation will be applied to the surrogate by prefixing it with
7856 # the name of the custom info type followed by the number of
7857 # characters comprising the surrogate. The following scheme defines the
7858 # format: <info type name>(<surrogate character count>):<surrogate>
7859 #
7860 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
7861 # the surrogate is 'abc', the full replacement value
7862 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
7863 #
7864 # This annotation identifies the surrogate when inspecting content using the
7865 # custom info type 'Surrogate'. This facilitates reversal of the
7866 # surrogate when it occurs in free text.
7867 #
7868 # In order for inspection to work properly, the name of this info type must
7869 # not occur naturally anywhere in your data; otherwise, inspection may either
7870 #
7871 # - reverse a surrogate that does not correspond to an actual identifier
7872 # - be unable to parse the surrogate and result in an error
7873 #
7874 # Therefore, choose your custom info type name carefully after considering
7875 # what your data looks like. One way to select a name that has a high chance
7876 # of yielding reliable detection is to include one or more unicode characters
7877 # that are highly improbable to exist in your data.
7878 # For example, assuming your data is entered from a regular ASCII keyboard,
7879 # the symbol with the hex code point 29DD might be used like so:
7880 # ⧝MY_TOKEN_TYPE
7881 "name": "A String", # Name of the information type. Either a name of your choosing when
7882 # creating a CustomInfoType, or one of the names listed
7883 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
7884 # a built-in type. InfoType names should conform to the pattern
7885 # [a-zA-Z0-9_]{1,64}.
7886 },
7887 },
7888 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The
7889 # Bucketing transformation can provide all of this functionality,
7890 # but requires more configuration. This message is provided as a convenience to
7891 # the user for simple bucketing strategies.
7892 #
7893 # The transformed value will be a hyphenated string of
7894 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20
7895 # all values that are within this bucket will be replaced with "10-20".
7896 #
7897 # This can be used on data of type: double, long.
7898 #
7899 # If the bound Value type differs from the type of data
7900 # being transformed, we will first attempt converting the type of the data to
7901 # be transformed to match the type of the bound before comparing.
7902 #
7903 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
7904 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are
7905 # grouped together into a single bucket; for example if `lower_bound` = 10,
7906 # then all values less than 10 are replaced with the value “-10”. [Required].
7907 # Note that for the purposes of inspection or transformation, the number
7908 # of bytes considered to comprise a 'Value' is based on its representation
7909 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
7910 # 123456789, the number of bytes would be counted as 9, even though an
7911 # int64 only holds up to 8 bytes of data.
7912 "floatValue": 3.14,
7913 "timestampValue": "A String",
7914 "dayOfWeekValue": "A String",
7915 "timeValue": { # Represents a time of day. The date and time zone are either not significant
7916 # or are specified elsewhere. An API may choose to allow leap seconds. Related
7917 # types are google.type.Date and `google.protobuf.Timestamp`.
7918 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
7919 # to allow the value "24:00:00" for scenarios like business closing time.
7920 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
7921 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
7922 # allow the value 60 if it allows leap-seconds.
7923 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
7924 },
7925 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
7926 # and time zone are either specified elsewhere or are not significant. The date
7927 # is relative to the Proleptic Gregorian Calendar. This can represent:
7928 #
7929 # * A full date, with non-zero year, month and day values
7930 # * A month and day value, with a zero year, e.g. an anniversary
7931 # * A year on its own, with zero month and day values
7932 # * A year and month value, with a zero day, e.g. a credit card expiration date
7933 #
7934 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
7935 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
7936 # a year.
7937 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
7938 # if specifying a year by itself or a year and month where the day is not
7939 # significant.
7940 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
7941 # month and day.
7942 },
7943 "stringValue": "A String",
7944 "booleanValue": True or False,
7945 "integerValue": "A String",
7946 },
7947 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are
7948 # grouped together into a single bucket; for example if `upper_bound` = 89,
7949 # then all values greater than 89 are replaced with the value “89+”.
7950 # [Required].
7951 # Note that for the purposes of inspection or transformation, the number
7952 # of bytes considered to comprise a 'Value' is based on its representation
7953 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
7954 # 123456789, the number of bytes would be counted as 9, even though an
7955 # int64 only holds up to 8 bytes of data.
7956 "floatValue": 3.14,
7957 "timestampValue": "A String",
7958 "dayOfWeekValue": "A String",
7959 "timeValue": { # Represents a time of day. The date and time zone are either not significant
7960 # or are specified elsewhere. An API may choose to allow leap seconds. Related
7961 # types are google.type.Date and `google.protobuf.Timestamp`.
7962 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
7963 # to allow the value "24:00:00" for scenarios like business closing time.
7964 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
7965 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
7966 # allow the value 60 if it allows leap-seconds.
7967 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
7968 },
7969 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
7970 # and time zone are either specified elsewhere or are not significant. The date
7971 # is relative to the Proleptic Gregorian Calendar. This can represent:
7972 #
7973 # * A full date, with non-zero year, month and day values
7974 # * A month and day value, with a zero year, e.g. an anniversary
7975 # * A year on its own, with zero month and day values
7976 # * A year and month value, with a zero day, e.g. a credit card expiration date
7977 #
7978 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
7979 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
7980 # a year.
7981 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
7982 # if specifying a year by itself or a year and month where the day is not
7983 # significant.
7984 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
7985 # month and day.
7986 },
7987 "stringValue": "A String",
7988 "booleanValue": True or False,
7989 "integerValue": "A String",
7990 },
7991 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if
7992 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
7993 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
7994 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required].
7995 },
7996 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type.
7997 },
7998 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a
7999 # portion of the value.
8000 "partToExtract": "A String",
8001 },
8002 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing.
8003 # Uses SHA-256.
8004 # The key size must be either 32 or 64 bytes.
8005 # Outputs a base64 encoded representation of the hashed output
8006 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
8007 # Currently, only string and integer values can be hashed.
8008 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
8009 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
8010 # a key encryption key (KEK) stored by KMS).
8011 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
8012 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
8013 # unwrap the data crypto key.
8014 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
8015 # The wrapped key must be a 128/192/256 bit key.
8016 # Authorization requires the following IAM permissions when sending a request
8017 # to perform a crypto transformation using a kms-wrapped crypto key:
8018 # dlp.kms.encrypt
8019 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
8020 "wrappedKey": "A String", # The wrapped data crypto key. [required]
8021 },
8022 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
8023 # leaking the key. Choose another type of key if possible.
8024 "key": "A String", # A 128/192/256 bit key. [required]
8025 },
8026 "transient": { # Use this to have a random data crypto key generated.
8027 # It will be discarded after the request finishes.
8028 "name": "A String", # Name of the key. [required]
8029 # This is an arbitrary string used to differentiate different keys.
8030 # A unique key is generated per name: two separate `TransientCryptoKey`
8031 # protos share the same generated key if their names are the same.
8032 # When the data crypto key is generated, this name is not used in any way
8033 # (repeating the api call will result in a different key being generated).
8034 },
8035 },
8036 },
8037 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the
8038 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
8039 # to learn more.
8040 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
8041 # results in the same shift for the same context and crypto_key.
8042 # a key encryption key (KEK) stored by KMS).
8043 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
8044 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
8045 # unwrap the data crypto key.
8046 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
8047 # The wrapped key must be a 128/192/256 bit key.
8048 # Authorization requires the following IAM permissions when sending a request
8049 # to perform a crypto transformation using a kms-wrapped crypto key:
8050 # dlp.kms.encrypt
8051 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
8052 "wrappedKey": "A String", # The wrapped data crypto key. [required]
8053 },
8054 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
8055 # leaking the key. Choose another type of key if possible.
8056 "key": "A String", # A 128/192/256 bit key. [required]
8057 },
8058 "transient": { # Use this to have a random data crypto key generated.
8059 # It will be discarded after the request finishes.
8060 "name": "A String", # Name of the key. [required]
8061 # This is an arbitrary string used to differentiate different keys.
8062 # A unique key is generated per name: two separate `TransientCryptoKey`
8063 # protos share the same generated key if their names are the same.
8064 # When the data crypto key is generated, this name is not used in any way
8065 # (repeating the api call will result in a different key being generated).
8066 },
8067 },
8068 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past.
8069 # [Required]
8070 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this
8071 # range (inclusive ends). Negative means shift to earlier in time. Must not
8072 # be more than 365250 days (1000 years) each direction.
8073 #
8074 # For example, 3 means shift date to at most 3 days into the future.
8075 # [Required]
8076 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
8077 # If set, must also set method. If set, shift will be consistent for the
8078 # given context.
8079 "name": "A String", # Name describing the field.
8080 },
8081 },
8082 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and
8083 # replacement values are dynamically provided by the user for custom behavior,
8084 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH
8085 # This can be used on
8086 # data of type: number, long, string, timestamp.
8087 # If the bound `Value` type differs from the type of data being transformed, we
8088 # will first attempt converting the type of the data to be transformed to match
8089 # the type of the bound before comparing.
8090 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
8091 "buckets": [ # Set of buckets. Ranges must be non-overlapping.
8092 { # Bucket is represented as a range, along with replacement values.
8093 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
8094 # Note that for the purposes of inspection or transformation, the number
8095 # of bytes considered to comprise a 'Value' is based on its representation
8096 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
8097 # 123456789, the number of bytes would be counted as 9, even though an
8098 # int64 only holds up to 8 bytes of data.
8099 "floatValue": 3.14,
8100 "timestampValue": "A String",
8101 "dayOfWeekValue": "A String",
8102 "timeValue": { # Represents a time of day. The date and time zone are either not significant
8103 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8104 # types are google.type.Date and `google.protobuf.Timestamp`.
8105 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8106 # to allow the value "24:00:00" for scenarios like business closing time.
8107 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8108 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8109 # allow the value 60 if it allows leap-seconds.
8110 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
8111 },
8112 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
8113 # and time zone are either specified elsewhere or are not significant. The date
8114 # is relative to the Proleptic Gregorian Calendar. This can represent:
8115 #
8116 # * A full date, with non-zero year, month and day values
8117 # * A month and day value, with a zero year, e.g. an anniversary
8118 # * A year on its own, with zero month and day values
8119 # * A year and month value, with a zero day, e.g. a credit card expiration date
8120 #
8121 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8122 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8123 # a year.
8124 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8125 # if specifying a year by itself or a year and month where the day is not
8126 # significant.
8127 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8128 # month and day.
8129 },
8130 "stringValue": "A String",
8131 "booleanValue": True or False,
8132 "integerValue": "A String",
8133 },
8134 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
8135 # the default behavior will be to hyphenate the min-max range.
8136 # Note that for the purposes of inspection or transformation, the number
8137 # of bytes considered to comprise a 'Value' is based on its representation
8138 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
8139 # 123456789, the number of bytes would be counted as 9, even though an
8140 # int64 only holds up to 8 bytes of data.
8141 "floatValue": 3.14,
8142 "timestampValue": "A String",
8143 "dayOfWeekValue": "A String",
8144 "timeValue": { # Represents a time of day. The date and time zone are either not significant
8145 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8146 # types are google.type.Date and `google.protobuf.Timestamp`.
8147 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8148 # to allow the value "24:00:00" for scenarios like business closing time.
8149 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8150 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8151 # allow the value 60 if it allows leap-seconds.
8152 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
8153 },
8154 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
8155 # and time zone are either specified elsewhere or are not significant. The date
8156 # is relative to the Proleptic Gregorian Calendar. This can represent:
8157 #
8158 # * A full date, with non-zero year, month and day values
8159 # * A month and day value, with a zero year, e.g. an anniversary
8160 # * A year on its own, with zero month and day values
8161 # * A year and month value, with a zero day, e.g. a credit card expiration date
8162 #
8163 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8164 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8165 # a year.
8166 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8167 # if specifying a year by itself or a year and month where the day is not
8168 # significant.
8169 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8170 # month and day.
8171 },
8172 "stringValue": "A String",
8173 "booleanValue": True or False,
8174 "integerValue": "A String",
8175 },
8176 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
8177 # used.
8178 # Note that for the purposes of inspection or transformation, the number
8179 # of bytes considered to comprise a 'Value' is based on its representation
8180 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
8181 # 123456789, the number of bytes would be counted as 9, even though an
8182 # int64 only holds up to 8 bytes of data.
8183 "floatValue": 3.14,
8184 "timestampValue": "A String",
8185 "dayOfWeekValue": "A String",
8186 "timeValue": { # Represents a time of day. The date and time zone are either not significant
8187 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8188 # types are google.type.Date and `google.protobuf.Timestamp`.
8189 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8190 # to allow the value "24:00:00" for scenarios like business closing time.
8191 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8192 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8193 # allow the value 60 if it allows leap-seconds.
8194 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
8195 },
8196 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
8197 # and time zone are either specified elsewhere or are not significant. The date
8198 # is relative to the Proleptic Gregorian Calendar. This can represent:
8199 #
8200 # * A full date, with non-zero year, month and day values
8201 # * A month and day value, with a zero year, e.g. an anniversary
8202 # * A year on its own, with zero month and day values
8203 # * A year and month value, with a zero day, e.g. a credit card expiration date
8204 #
8205 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8206 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8207 # a year.
8208 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8209 # if specifying a year by itself or a year and month where the day is not
8210 # significant.
8211 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8212 # month and day.
8213 },
8214 "stringValue": "A String",
8215 "booleanValue": True or False,
8216 "integerValue": "A String",
8217 },
8218 },
8219 ],
8220 },
8221 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption
8222 # (FPE) with the FFX mode of operation; however when used in the
8223 # `ReidentifyContent` API method, it serves the opposite function by reversing
8224 # the surrogate back into the original identifier. The identifier must be
8225 # encoded as ASCII. For a given crypto key and context, the same identifier
8226 # will be replaced with the same surrogate. Identifiers must be at least two
8227 # characters long. In the case that the identifier is the empty string, it will
8228 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
8229 # more.
8230 #
8231 # Note: We recommend using CryptoDeterministicConfig for all use cases which
8232 # do not require preserving the input alphabet space and size, plus warrant
8233 # referential integrity.
8234 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required]
8235 # a key encryption key (KEK) stored by KMS).
8236 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
8237 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
8238 # unwrap the data crypto key.
8239 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
8240 # The wrapped key must be a 128/192/256 bit key.
8241 # Authorization requires the following IAM permissions when sending a request
8242 # to perform a crypto transformation using a kms-wrapped crypto key:
8243 # dlp.kms.encrypt
8244 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
8245 "wrappedKey": "A String", # The wrapped data crypto key. [required]
8246 },
8247 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
8248 # leaking the key. Choose another type of key if possible.
8249 "key": "A String", # A 128/192/256 bit key. [required]
8250 },
8251 "transient": { # Use this to have a random data crypto key generated.
8252 # It will be discarded after the request finishes.
8253 "name": "A String", # Name of the key. [required]
8254 # This is an arbitrary string used to differentiate different keys.
8255 # A unique key is generated per name: two separate `TransientCryptoKey`
8256 # protos share the same generated key if their names are the same.
8257 # When the data crypto key is generated, this name is not used in any way
8258 # (repeating the api call will result in a different key being generated).
8259 },
8260 },
8261 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62].
8262 "commonAlphabet": "A String",
8263 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
8264 # that the FFX mode natively supports. This happens before/after
8265 # encryption/decryption.
8266 # Each character listed must appear only once.
8267 # Number of characters must be in the range [2, 62].
8268 # This must be encoded as ASCII.
8269 # The order of characters does not matter.
8270 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
8271 # identifier in two different contexts won't be given the same surrogate. If
8272 # the context is not set, a default tweak will be used.
8273 #
8274 # If the context is set but:
8275 #
8276 # 1. there is no record present when transforming a given value or
8277 # 1. the field is not present when transforming a given value,
8278 #
8279 # a default tweak will be used.
8280 #
8281 # Note that case (1) is expected when an `InfoTypeTransformation` is
8282 # applied to both structured and non-structured `ContentItem`s.
8283 # Currently, the referenced field may be of value type integer or string.
8284 #
8285 # The tweak is constructed as a sequence of bytes in big endian byte order
8286 # such that:
8287 #
8288 # - a 64 bit integer is encoded followed by a single byte of value 1
8289 # - a string is encoded in UTF-8 format followed by a single byte of value 2
8290 "name": "A String", # Name describing the field.
8291 },
8292 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
8293 # This annotation will be applied to the surrogate by prefixing it with
8294 # the name of the custom infoType followed by the number of
8295 # characters comprising the surrogate. The following scheme defines the
8296 # format: info_type_name(surrogate_character_count):surrogate
8297 #
8298 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
8299 # the surrogate is 'abc', the full replacement value
8300 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
8301 #
8302 # This annotation identifies the surrogate when inspecting content using the
8303 # custom infoType
8304 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
8305 # This facilitates reversal of the surrogate when it occurs in free text.
8306 #
8307 # In order for inspection to work properly, the name of this infoType must
8308 # not occur naturally anywhere in your data; otherwise, inspection may
8309 # find a surrogate that does not correspond to an actual identifier.
8310 # Therefore, choose your custom infoType name carefully after considering
8311 # what your data looks like. One way to select a name that has a high chance
8312 # of yielding reliable detection is to include one or more unicode characters
8313 # that are highly improbable to exist in your data.
8314 # For example, assuming your data is entered from a regular ASCII keyboard,
8315 # the symbol with the hex code point 29DD might be used like so:
8316 # ⧝MY_TOKEN_TYPE
8317 "name": "A String", # Name of the information type. Either a name of your choosing when
8318 # creating a CustomInfoType, or one of the names listed
8319 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
8320 # a built-in type. InfoType names should conform to the pattern
8321 # [a-zA-Z0-9_]{1,64}.
8322 },
8323 },
8324 "replaceConfig": { # Replace each input value with a given `Value`.
8325 "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
8326 # Note that for the purposes of inspection or transformation, the number
8327 # of bytes considered to comprise a 'Value' is based on its representation
8328 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
8329 # 123456789, the number of bytes would be counted as 9, even though an
8330 # int64 only holds up to 8 bytes of data.
8331 "floatValue": 3.14,
8332 "timestampValue": "A String",
8333 "dayOfWeekValue": "A String",
8334 "timeValue": { # Represents a time of day. The date and time zone are either not significant
8335 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8336 # types are google.type.Date and `google.protobuf.Timestamp`.
8337 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8338 # to allow the value "24:00:00" for scenarios like business closing time.
8339 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8340 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8341 # allow the value 60 if it allows leap-seconds.
8342 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
8343 },
8344 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
8345 # and time zone are either specified elsewhere or are not significant. The date
8346 # is relative to the Proleptic Gregorian Calendar. This can represent:
8347 #
8348 # * A full date, with non-zero year, month and day values
8349 # * A month and day value, with a zero year, e.g. an anniversary
8350 # * A year on its own, with zero month and day values
8351 # * A year and month value, with a zero day, e.g. a credit card expiration date
8352 #
8353 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8354 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8355 # a year.
8356 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8357 # if specifying a year by itself or a year and month where the day is not
8358 # significant.
8359 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8360 # month and day.
8361 },
8362 "stringValue": "A String",
8363 "booleanValue": True or False,
8364 "integerValue": "A String",
8365 },
8366 },
8367 },
8368 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause
8369 # this transformation to apply to all findings that correspond to
8370 # infoTypes that were requested in `InspectConfig`.
8371 { # Type of information detected by the API.
8372 "name": "A String", # Name of the information type. Either a name of your choosing when
8373 # creating a CustomInfoType, or one of the names listed
8374 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
8375 # a built-in type. InfoType names should conform to the pattern
8376 # [a-zA-Z0-9_]{1,64}.
8377 },
8378 ],
8379 },
8380 ],
8381 },
8382 "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.
8383 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a
8384 # fixed character. Masking can start from the beginning or end of the string.
8385 # This can be used on data of any type (numbers, longs, and so on) and when
8386 # de-identifying structured data we'll attempt to preserve the original data's
8387 # type. (This allows you to take a long like 123 and modify it to a string like
8388 # **3.
8389 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing.
8390 # For example, if your string is 555-555-5555 and you ask us to skip `-` and
8391 # mask 5 chars with * we would produce ***-*55-5555.
8392 { # Characters to skip when doing deidentification of a value. These will be left
8393 # alone and skipped.
8394 "commonCharactersToIgnore": "A String",
8395 "charactersToSkip": "A String",
8396 },
8397 ],
8398 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
8399 # masked. Skipped characters do not count towards this tally.
8400 "maskingCharacter": "A String", # Character to mask the sensitive values&mdash;for example, "*" for an
8401 # alphabetic string such as name, or "0" for a numeric string such as ZIP
8402 # code or credit card number. String must have length 1. If not supplied, we
8403 # will default to "*" for strings, 0 for digits.
8404 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
8405 # '0', number_to_mask is 14, and `reverse_order` is false, then
8406 # 1234-5678-9012-3456 -> 00000000000000-3456
8407 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order`
8408 # is true, then 12345 -> 12***
8409 },
8410 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation`
8411 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
8412 # output would be 'My phone number is '.
8413 },
8414 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given
8415 # input. Outputs a base64 encoded representation of the encrypted output.
8416 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
8417 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
8418 # a key encryption key (KEK) stored by KMS).
8419 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
8420 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
8421 # unwrap the data crypto key.
8422 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
8423 # The wrapped key must be a 128/192/256 bit key.
8424 # Authorization requires the following IAM permissions when sending a request
8425 # to perform a crypto transformation using a kms-wrapped crypto key:
8426 # dlp.kms.encrypt
8427 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
8428 "wrappedKey": "A String", # The wrapped data crypto key. [required]
8429 },
8430 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
8431 # leaking the key. Choose another type of key if possible.
8432 "key": "A String", # A 128/192/256 bit key. [required]
8433 },
8434 "transient": { # Use this to have a random data crypto key generated.
8435 # It will be discarded after the request finishes.
8436 "name": "A String", # Name of the key. [required]
8437 # This is an arbitrary string used to differentiate different keys.
8438 # A unique key is generated per name: two separate `TransientCryptoKey`
8439 # protos share the same generated key if their names are the same.
8440 # When the data crypto key is generated, this name is not used in any way
8441 # (repeating the api call will result in a different key being generated).
8442 },
8443 },
8444 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining
8445 # referential integrity such that the same identifier in two different
8446 # contexts will be given a distinct surrogate. The context is appended to
8447 # plaintext value being encrypted. On decryption the provided context is
8448 # validated against the value used during encryption. If a context was
8449 # provided during encryption, same context must be provided during decryption
8450 # as well.
8451 #
8452 # If the context is not set, plaintext would be used as is for encryption.
8453 # If the context is set but:
8454 #
8455 # 1. there is no record present when transforming a given value or
8456 # 2. the field is not present when transforming a given value,
8457 #
8458 # plaintext would be used as is for encryption.
8459 #
8460 # Note that case (1) is expected when an `InfoTypeTransformation` is
8461 # applied to both structured and non-structured `ContentItem`s.
8462 "name": "A String", # Name describing the field.
8463 },
8464 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
8465 # This annotation will be applied to the surrogate by prefixing it with
8466 # the name of the custom info type followed by the number of
8467 # characters comprising the surrogate. The following scheme defines the
8468 # format: <info type name>(<surrogate character count>):<surrogate>
8469 #
8470 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
8471 # the surrogate is 'abc', the full replacement value
8472 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
8473 #
8474 # This annotation identifies the surrogate when inspecting content using the
8475 # custom info type 'Surrogate'. This facilitates reversal of the
8476 # surrogate when it occurs in free text.
8477 #
8478 # In order for inspection to work properly, the name of this info type must
8479 # not occur naturally anywhere in your data; otherwise, inspection may either
8480 #
8481 # - reverse a surrogate that does not correspond to an actual identifier
8482 # - be unable to parse the surrogate and result in an error
8483 #
8484 # Therefore, choose your custom info type name carefully after considering
8485 # what your data looks like. One way to select a name that has a high chance
8486 # of yielding reliable detection is to include one or more unicode characters
8487 # that are highly improbable to exist in your data.
8488 # For example, assuming your data is entered from a regular ASCII keyboard,
8489 # the symbol with the hex code point 29DD might be used like so:
8490 # ⧝MY_TOKEN_TYPE
8491 "name": "A String", # Name of the information type. Either a name of your choosing when
8492 # creating a CustomInfoType, or one of the names listed
8493 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
8494 # a built-in type. InfoType names should conform to the pattern
8495 # [a-zA-Z0-9_]{1,64}.
8496 },
8497 },
8498 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The
8499 # Bucketing transformation can provide all of this functionality,
8500 # but requires more configuration. This message is provided as a convenience to
8501 # the user for simple bucketing strategies.
8502 #
8503 # The transformed value will be a hyphenated string of
8504 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20
8505 # all values that are within this bucket will be replaced with "10-20".
8506 #
8507 # This can be used on data of type: double, long.
8508 #
8509 # If the bound Value type differs from the type of data
8510 # being transformed, we will first attempt converting the type of the data to
8511 # be transformed to match the type of the bound before comparing.
8512 #
8513 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
8514 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are
8515 # grouped together into a single bucket; for example if `lower_bound` = 10,
8516 # then all values less than 10 are replaced with the value “-10”. [Required].
8517 # Note that for the purposes of inspection or transformation, the number
8518 # of bytes considered to comprise a 'Value' is based on its representation
8519 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
8520 # 123456789, the number of bytes would be counted as 9, even though an
8521 # int64 only holds up to 8 bytes of data.
8522 "floatValue": 3.14,
8523 "timestampValue": "A String",
8524 "dayOfWeekValue": "A String",
8525 "timeValue": { # Represents a time of day. The date and time zone are either not significant
8526 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8527 # types are google.type.Date and `google.protobuf.Timestamp`.
8528 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8529 # to allow the value "24:00:00" for scenarios like business closing time.
8530 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8531 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8532 # allow the value 60 if it allows leap-seconds.
8533 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
8534 },
8535 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
8536 # and time zone are either specified elsewhere or are not significant. The date
8537 # is relative to the Proleptic Gregorian Calendar. This can represent:
8538 #
8539 # * A full date, with non-zero year, month and day values
8540 # * A month and day value, with a zero year, e.g. an anniversary
8541 # * A year on its own, with zero month and day values
8542 # * A year and month value, with a zero day, e.g. a credit card expiration date
8543 #
8544 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8545 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8546 # a year.
8547 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8548 # if specifying a year by itself or a year and month where the day is not
8549 # significant.
8550 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8551 # month and day.
8552 },
8553 "stringValue": "A String",
8554 "booleanValue": True or False,
8555 "integerValue": "A String",
8556 },
8557 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are
8558 # grouped together into a single bucket; for example if `upper_bound` = 89,
8559 # then all values greater than 89 are replaced with the value “89+”.
8560 # [Required].
8561 # Note that for the purposes of inspection or transformation, the number
8562 # of bytes considered to comprise a 'Value' is based on its representation
8563 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
8564 # 123456789, the number of bytes would be counted as 9, even though an
8565 # int64 only holds up to 8 bytes of data.
8566 "floatValue": 3.14,
8567 "timestampValue": "A String",
8568 "dayOfWeekValue": "A String",
8569 "timeValue": { # Represents a time of day. The date and time zone are either not significant
8570 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8571 # types are google.type.Date and `google.protobuf.Timestamp`.
8572 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8573 # to allow the value "24:00:00" for scenarios like business closing time.
8574 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8575 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8576 # allow the value 60 if it allows leap-seconds.
8577 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
8578 },
8579 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
8580 # and time zone are either specified elsewhere or are not significant. The date
8581 # is relative to the Proleptic Gregorian Calendar. This can represent:
8582 #
8583 # * A full date, with non-zero year, month and day values
8584 # * A month and day value, with a zero year, e.g. an anniversary
8585 # * A year on its own, with zero month and day values
8586 # * A year and month value, with a zero day, e.g. a credit card expiration date
8587 #
8588 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8589 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8590 # a year.
8591 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8592 # if specifying a year by itself or a year and month where the day is not
8593 # significant.
8594 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8595 # month and day.
8596 },
8597 "stringValue": "A String",
8598 "booleanValue": True or False,
8599 "integerValue": "A String",
8600 },
8601 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if
8602 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
8603 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
8604 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required].
8605 },
8606 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type.
8607 },
8608 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a
8609 # portion of the value.
8610 "partToExtract": "A String",
8611 },
8612 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing.
8613 # Uses SHA-256.
8614 # The key size must be either 32 or 64 bytes.
8615 # Outputs a base64 encoded representation of the hashed output
8616 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
8617 # Currently, only string and integer values can be hashed.
8618 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
8619 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
8620 # a key encryption key (KEK) stored by KMS).
8621 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
8622 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
8623 # unwrap the data crypto key.
8624 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
8625 # The wrapped key must be a 128/192/256 bit key.
8626 # Authorization requires the following IAM permissions when sending a request
8627 # to perform a crypto transformation using a kms-wrapped crypto key:
8628 # dlp.kms.encrypt
8629 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
8630 "wrappedKey": "A String", # The wrapped data crypto key. [required]
8631 },
8632 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
8633 # leaking the key. Choose another type of key if possible.
8634 "key": "A String", # A 128/192/256 bit key. [required]
8635 },
8636 "transient": { # Use this to have a random data crypto key generated.
8637 # It will be discarded after the request finishes.
8638 "name": "A String", # Name of the key. [required]
8639 # This is an arbitrary string used to differentiate different keys.
8640 # A unique key is generated per name: two separate `TransientCryptoKey`
8641 # protos share the same generated key if their names are the same.
8642 # When the data crypto key is generated, this name is not used in any way
8643 # (repeating the api call will result in a different key being generated).
8644 },
8645 },
8646 },
8647 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the
8648 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
8649 # to learn more.
8650 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
8651 # results in the same shift for the same context and crypto_key.
8652 # a key encryption key (KEK) stored by KMS).
8653 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
8654 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
8655 # unwrap the data crypto key.
8656 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
8657 # The wrapped key must be a 128/192/256 bit key.
8658 # Authorization requires the following IAM permissions when sending a request
8659 # to perform a crypto transformation using a kms-wrapped crypto key:
8660 # dlp.kms.encrypt
8661 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
8662 "wrappedKey": "A String", # The wrapped data crypto key. [required]
8663 },
8664 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
8665 # leaking the key. Choose another type of key if possible.
8666 "key": "A String", # A 128/192/256 bit key. [required]
8667 },
8668 "transient": { # Use this to have a random data crypto key generated.
8669 # It will be discarded after the request finishes.
8670 "name": "A String", # Name of the key. [required]
8671 # This is an arbitrary string used to differentiate different keys.
8672 # A unique key is generated per name: two separate `TransientCryptoKey`
8673 # protos share the same generated key if their names are the same.
8674 # When the data crypto key is generated, this name is not used in any way
8675 # (repeating the api call will result in a different key being generated).
8676 },
8677 },
8678 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past.
8679 # [Required]
8680 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this
8681 # range (inclusive ends). Negative means shift to earlier in time. Must not
8682 # be more than 365250 days (1000 years) each direction.
8683 #
8684 # For example, 3 means shift date to at most 3 days into the future.
8685 # [Required]
8686 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
8687 # If set, must also set method. If set, shift will be consistent for the
8688 # given context.
8689 "name": "A String", # Name describing the field.
8690 },
8691 },
8692 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and
8693 # replacement values are dynamically provided by the user for custom behavior,
8694 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH
8695 # This can be used on
8696 # data of type: number, long, string, timestamp.
8697 # If the bound `Value` type differs from the type of data being transformed, we
8698 # will first attempt converting the type of the data to be transformed to match
8699 # the type of the bound before comparing.
8700 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
8701 "buckets": [ # Set of buckets. Ranges must be non-overlapping.
8702 { # Bucket is represented as a range, along with replacement values.
8703 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
8704 # Note that for the purposes of inspection or transformation, the number
8705 # of bytes considered to comprise a 'Value' is based on its representation
8706 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
8707 # 123456789, the number of bytes would be counted as 9, even though an
8708 # int64 only holds up to 8 bytes of data.
8709 "floatValue": 3.14,
8710 "timestampValue": "A String",
8711 "dayOfWeekValue": "A String",
8712 "timeValue": { # Represents a time of day. The date and time zone are either not significant
8713 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8714 # types are google.type.Date and `google.protobuf.Timestamp`.
8715 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8716 # to allow the value "24:00:00" for scenarios like business closing time.
8717 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8718 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8719 # allow the value 60 if it allows leap-seconds.
8720 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
8721 },
8722 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
8723 # and time zone are either specified elsewhere or are not significant. The date
8724 # is relative to the Proleptic Gregorian Calendar. This can represent:
8725 #
8726 # * A full date, with non-zero year, month and day values
8727 # * A month and day value, with a zero year, e.g. an anniversary
8728 # * A year on its own, with zero month and day values
8729 # * A year and month value, with a zero day, e.g. a credit card expiration date
8730 #
8731 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8732 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8733 # a year.
8734 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8735 # if specifying a year by itself or a year and month where the day is not
8736 # significant.
8737 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8738 # month and day.
8739 },
8740 "stringValue": "A String",
8741 "booleanValue": True or False,
8742 "integerValue": "A String",
8743 },
8744 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
8745 # the default behavior will be to hyphenate the min-max range.
8746 # Note that for the purposes of inspection or transformation, the number
8747 # of bytes considered to comprise a 'Value' is based on its representation
8748 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
8749 # 123456789, the number of bytes would be counted as 9, even though an
8750 # int64 only holds up to 8 bytes of data.
8751 "floatValue": 3.14,
8752 "timestampValue": "A String",
8753 "dayOfWeekValue": "A String",
8754 "timeValue": { # Represents a time of day. The date and time zone are either not significant
8755 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8756 # types are google.type.Date and `google.protobuf.Timestamp`.
8757 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8758 # to allow the value "24:00:00" for scenarios like business closing time.
8759 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8760 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8761 # allow the value 60 if it allows leap-seconds.
8762 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
8763 },
8764 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
8765 # and time zone are either specified elsewhere or are not significant. The date
8766 # is relative to the Proleptic Gregorian Calendar. This can represent:
8767 #
8768 # * A full date, with non-zero year, month and day values
8769 # * A month and day value, with a zero year, e.g. an anniversary
8770 # * A year on its own, with zero month and day values
8771 # * A year and month value, with a zero day, e.g. a credit card expiration date
8772 #
8773 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8774 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8775 # a year.
8776 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8777 # if specifying a year by itself or a year and month where the day is not
8778 # significant.
8779 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8780 # month and day.
8781 },
8782 "stringValue": "A String",
8783 "booleanValue": True or False,
8784 "integerValue": "A String",
8785 },
8786 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
8787 # used.
8788 # Note that for the purposes of inspection or transformation, the number
8789 # of bytes considered to comprise a 'Value' is based on its representation
8790 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
8791 # 123456789, the number of bytes would be counted as 9, even though an
8792 # int64 only holds up to 8 bytes of data.
8793 "floatValue": 3.14,
8794 "timestampValue": "A String",
8795 "dayOfWeekValue": "A String",
8796 "timeValue": { # Represents a time of day. The date and time zone are either not significant
8797 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8798 # types are google.type.Date and `google.protobuf.Timestamp`.
8799 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8800 # to allow the value "24:00:00" for scenarios like business closing time.
8801 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8802 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8803 # allow the value 60 if it allows leap-seconds.
8804 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
8805 },
8806 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
8807 # and time zone are either specified elsewhere or are not significant. The date
8808 # is relative to the Proleptic Gregorian Calendar. This can represent:
8809 #
8810 # * A full date, with non-zero year, month and day values
8811 # * A month and day value, with a zero year, e.g. an anniversary
8812 # * A year on its own, with zero month and day values
8813 # * A year and month value, with a zero day, e.g. a credit card expiration date
8814 #
8815 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8816 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8817 # a year.
8818 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8819 # if specifying a year by itself or a year and month where the day is not
8820 # significant.
8821 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8822 # month and day.
8823 },
8824 "stringValue": "A String",
8825 "booleanValue": True or False,
8826 "integerValue": "A String",
8827 },
8828 },
8829 ],
8830 },
8831 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption
8832 # (FPE) with the FFX mode of operation; however when used in the
8833 # `ReidentifyContent` API method, it serves the opposite function by reversing
8834 # the surrogate back into the original identifier. The identifier must be
8835 # encoded as ASCII. For a given crypto key and context, the same identifier
8836 # will be replaced with the same surrogate. Identifiers must be at least two
8837 # characters long. In the case that the identifier is the empty string, it will
8838 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
8839 # more.
8840 #
8841 # Note: We recommend using CryptoDeterministicConfig for all use cases which
8842 # do not require preserving the input alphabet space and size, plus warrant
8843 # referential integrity.
8844 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required]
8845 # a key encryption key (KEK) stored by KMS).
8846 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
8847 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
8848 # unwrap the data crypto key.
8849 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
8850 # The wrapped key must be a 128/192/256 bit key.
8851 # Authorization requires the following IAM permissions when sending a request
8852 # to perform a crypto transformation using a kms-wrapped crypto key:
8853 # dlp.kms.encrypt
8854 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
8855 "wrappedKey": "A String", # The wrapped data crypto key. [required]
8856 },
8857 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
8858 # leaking the key. Choose another type of key if possible.
8859 "key": "A String", # A 128/192/256 bit key. [required]
8860 },
8861 "transient": { # Use this to have a random data crypto key generated.
8862 # It will be discarded after the request finishes.
8863 "name": "A String", # Name of the key. [required]
8864 # This is an arbitrary string used to differentiate different keys.
8865 # A unique key is generated per name: two separate `TransientCryptoKey`
8866 # protos share the same generated key if their names are the same.
8867 # When the data crypto key is generated, this name is not used in any way
8868 # (repeating the api call will result in a different key being generated).
8869 },
8870 },
8871 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62].
8872 "commonAlphabet": "A String",
8873 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
8874 # that the FFX mode natively supports. This happens before/after
8875 # encryption/decryption.
8876 # Each character listed must appear only once.
8877 # Number of characters must be in the range [2, 62].
8878 # This must be encoded as ASCII.
8879 # The order of characters does not matter.
8880 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
8881 # identifier in two different contexts won't be given the same surrogate. If
8882 # the context is not set, a default tweak will be used.
8883 #
8884 # If the context is set but:
8885 #
8886 # 1. there is no record present when transforming a given value or
8887 # 1. the field is not present when transforming a given value,
8888 #
8889 # a default tweak will be used.
8890 #
8891 # Note that case (1) is expected when an `InfoTypeTransformation` is
8892 # applied to both structured and non-structured `ContentItem`s.
8893 # Currently, the referenced field may be of value type integer or string.
8894 #
8895 # The tweak is constructed as a sequence of bytes in big endian byte order
8896 # such that:
8897 #
8898 # - a 64 bit integer is encoded followed by a single byte of value 1
8899 # - a string is encoded in UTF-8 format followed by a single byte of value 2
8900 "name": "A String", # Name describing the field.
8901 },
8902 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
8903 # This annotation will be applied to the surrogate by prefixing it with
8904 # the name of the custom infoType followed by the number of
8905 # characters comprising the surrogate. The following scheme defines the
8906 # format: info_type_name(surrogate_character_count):surrogate
8907 #
8908 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
8909 # the surrogate is 'abc', the full replacement value
8910 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
8911 #
8912 # This annotation identifies the surrogate when inspecting content using the
8913 # custom infoType
8914 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
8915 # This facilitates reversal of the surrogate when it occurs in free text.
8916 #
8917 # In order for inspection to work properly, the name of this infoType must
8918 # not occur naturally anywhere in your data; otherwise, inspection may
8919 # find a surrogate that does not correspond to an actual identifier.
8920 # Therefore, choose your custom infoType name carefully after considering
8921 # what your data looks like. One way to select a name that has a high chance
8922 # of yielding reliable detection is to include one or more unicode characters
8923 # that are highly improbable to exist in your data.
8924 # For example, assuming your data is entered from a regular ASCII keyboard,
8925 # the symbol with the hex code point 29DD might be used like so:
8926 # ⧝MY_TOKEN_TYPE
8927 "name": "A String", # Name of the information type. Either a name of your choosing when
8928 # creating a CustomInfoType, or one of the names listed
8929 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
8930 # a built-in type. InfoType names should conform to the pattern
8931 # [a-zA-Z0-9_]{1,64}.
8932 },
8933 },
8934 "replaceConfig": { # Replace each input value with a given `Value`.
8935 "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
8936 # Note that for the purposes of inspection or transformation, the number
8937 # of bytes considered to comprise a 'Value' is based on its representation
8938 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
8939 # 123456789, the number of bytes would be counted as 9, even though an
8940 # int64 only holds up to 8 bytes of data.
8941 "floatValue": 3.14,
8942 "timestampValue": "A String",
8943 "dayOfWeekValue": "A String",
8944 "timeValue": { # Represents a time of day. The date and time zone are either not significant
8945 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8946 # types are google.type.Date and `google.protobuf.Timestamp`.
8947 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8948 # to allow the value "24:00:00" for scenarios like business closing time.
8949 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8950 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8951 # allow the value 60 if it allows leap-seconds.
8952 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
8953 },
8954 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
8955 # and time zone are either specified elsewhere or are not significant. The date
8956 # is relative to the Proleptic Gregorian Calendar. This can represent:
8957 #
8958 # * A full date, with non-zero year, month and day values
8959 # * A month and day value, with a zero year, e.g. an anniversary
8960 # * A year on its own, with zero month and day values
8961 # * A year and month value, with a zero day, e.g. a credit card expiration date
8962 #
8963 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8964 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8965 # a year.
8966 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8967 # if specifying a year by itself or a year and month where the day is not
8968 # significant.
8969 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8970 # month and day.
8971 },
8972 "stringValue": "A String",
8973 "booleanValue": True or False,
8974 "integerValue": "A String",
8975 },
8976 },
8977 },
8978 "condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
8979 # given `RecordCondition`. The conditions are allowed to reference fields
8980 # that are not used in the actual transformation. [optional]
8981 #
8982 # Example Use Cases:
8983 #
8984 # - Apply a different bucket transformation to an age column if the zip code
8985 # column for the same record is within a specific range.
8986 # - Redact a field if the date of birth field is greater than 85.
8987 # a field.
8988 "expressions": { # An expression, consisting or an operator and conditions. # An expression.
8989 "conditions": { # A collection of conditions.
8990 "conditions": [
8991 { # The field type of `value` and `field` do not need to match to be
8992 # considered equal, but not all comparisons are possible.
8993 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
8994 # but all other comparisons are invalid with incompatible types.
8995 # A `value` of type:
8996 #
8997 # - `string` can be compared against all other types
8998 # - `boolean` can only be compared against other booleans
8999 # - `integer` can be compared against doubles or a string if the string value
9000 # can be parsed as an integer.
9001 # - `double` can be compared against integers or a string if the string can
9002 # be parsed as a double.
9003 # - `Timestamp` can be compared against strings in RFC 3339 date string
9004 # format.
9005 # - `TimeOfDay` can be compared against timestamps and strings in the format
9006 # of 'HH:mm:ss'.
9007 #
9008 # If we fail to compare do to type mismatch, a warning will be given and
9009 # the condition will evaluate to false.
9010 "operator": "A String", # Operator used to compare the field or infoType to the value. [required]
9011 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required]
9012 "name": "A String", # Name describing the field.
9013 },
9014 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.]
9015 # Note that for the purposes of inspection or transformation, the number
9016 # of bytes considered to comprise a 'Value' is based on its representation
9017 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
9018 # 123456789, the number of bytes would be counted as 9, even though an
9019 # int64 only holds up to 8 bytes of data.
9020 "floatValue": 3.14,
9021 "timestampValue": "A String",
9022 "dayOfWeekValue": "A String",
9023 "timeValue": { # Represents a time of day. The date and time zone are either not significant
9024 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9025 # types are google.type.Date and `google.protobuf.Timestamp`.
9026 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9027 # to allow the value "24:00:00" for scenarios like business closing time.
9028 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
9029 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9030 # allow the value 60 if it allows leap-seconds.
9031 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
9032 },
9033 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
9034 # and time zone are either specified elsewhere or are not significant. The date
9035 # is relative to the Proleptic Gregorian Calendar. This can represent:
9036 #
9037 # * A full date, with non-zero year, month and day values
9038 # * A month and day value, with a zero year, e.g. an anniversary
9039 # * A year on its own, with zero month and day values
9040 # * A year and month value, with a zero day, e.g. a credit card expiration date
9041 #
9042 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
9043 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9044 # a year.
9045 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
9046 # if specifying a year by itself or a year and month where the day is not
9047 # significant.
9048 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
9049 # month and day.
9050 },
9051 "stringValue": "A String",
9052 "booleanValue": True or False,
9053 "integerValue": "A String",
9054 },
9055 },
9056 ],
9057 },
9058 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently
9059 # only supported value is `AND`.
9060 },
9061 },
9062 "fields": [ # Input field(s) to apply the transformation to. [required]
9063 { # General identifier of a data field in a storage service.
9064 "name": "A String", # Name describing the field.
9065 },
9066 ],
9067 },
9068 ],
9069 "transformedBytes": "A String", # Total size in bytes that were transformed in some way.
9070 "transformation": { # A rule for transforming a value. # The specific transformation these stats apply to.
9071 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a
9072 # fixed character. Masking can start from the beginning or end of the string.
9073 # This can be used on data of any type (numbers, longs, and so on) and when
9074 # de-identifying structured data we'll attempt to preserve the original data's
9075 # type. (This allows you to take a long like 123 and modify it to a string like
9076 # **3.
9077 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing.
9078 # For example, if your string is 555-555-5555 and you ask us to skip `-` and
9079 # mask 5 chars with * we would produce ***-*55-5555.
9080 { # Characters to skip when doing deidentification of a value. These will be left
9081 # alone and skipped.
9082 "commonCharactersToIgnore": "A String",
9083 "charactersToSkip": "A String",
9084 },
9085 ],
9086 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be
9087 # masked. Skipped characters do not count towards this tally.
9088 "maskingCharacter": "A String", # Character to mask the sensitive values&mdash;for example, "*" for an
9089 # alphabetic string such as name, or "0" for a numeric string such as ZIP
9090 # code or credit card number. String must have length 1. If not supplied, we
9091 # will default to "*" for strings, 0 for digits.
9092 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is
9093 # '0', number_to_mask is 14, and `reverse_order` is false, then
9094 # 1234-5678-9012-3456 -> 00000000000000-3456
9095 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order`
9096 # is true, then 12345 -> 12***
9097 },
9098 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation`
9099 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
9100 # output would be 'My phone number is '.
9101 },
9102 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given
9103 # input. Outputs a base64 encoded representation of the encrypted output.
9104 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
9105 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
9106 # a key encryption key (KEK) stored by KMS).
9107 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
9108 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
9109 # unwrap the data crypto key.
9110 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
9111 # The wrapped key must be a 128/192/256 bit key.
9112 # Authorization requires the following IAM permissions when sending a request
9113 # to perform a crypto transformation using a kms-wrapped crypto key:
9114 # dlp.kms.encrypt
9115 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
9116 "wrappedKey": "A String", # The wrapped data crypto key. [required]
9117 },
9118 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
9119 # leaking the key. Choose another type of key if possible.
9120 "key": "A String", # A 128/192/256 bit key. [required]
9121 },
9122 "transient": { # Use this to have a random data crypto key generated.
9123 # It will be discarded after the request finishes.
9124 "name": "A String", # Name of the key. [required]
9125 # This is an arbitrary string used to differentiate different keys.
9126 # A unique key is generated per name: two separate `TransientCryptoKey`
9127 # protos share the same generated key if their names are the same.
9128 # When the data crypto key is generated, this name is not used in any way
9129 # (repeating the api call will result in a different key being generated).
9130 },
9131 },
9132 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining
9133 # referential integrity such that the same identifier in two different
9134 # contexts will be given a distinct surrogate. The context is appended to
9135 # plaintext value being encrypted. On decryption the provided context is
9136 # validated against the value used during encryption. If a context was
9137 # provided during encryption, same context must be provided during decryption
9138 # as well.
9139 #
9140 # If the context is not set, plaintext would be used as is for encryption.
9141 # If the context is set but:
9142 #
9143 # 1. there is no record present when transforming a given value or
9144 # 2. the field is not present when transforming a given value,
9145 #
9146 # plaintext would be used as is for encryption.
9147 #
9148 # Note that case (1) is expected when an `InfoTypeTransformation` is
9149 # applied to both structured and non-structured `ContentItem`s.
9150 "name": "A String", # Name describing the field.
9151 },
9152 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
9153 # This annotation will be applied to the surrogate by prefixing it with
9154 # the name of the custom info type followed by the number of
9155 # characters comprising the surrogate. The following scheme defines the
9156 # format: <info type name>(<surrogate character count>):<surrogate>
9157 #
9158 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
9159 # the surrogate is 'abc', the full replacement value
9160 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
9161 #
9162 # This annotation identifies the surrogate when inspecting content using the
9163 # custom info type 'Surrogate'. This facilitates reversal of the
9164 # surrogate when it occurs in free text.
9165 #
9166 # In order for inspection to work properly, the name of this info type must
9167 # not occur naturally anywhere in your data; otherwise, inspection may either
9168 #
9169 # - reverse a surrogate that does not correspond to an actual identifier
9170 # - be unable to parse the surrogate and result in an error
9171 #
9172 # Therefore, choose your custom info type name carefully after considering
9173 # what your data looks like. One way to select a name that has a high chance
9174 # of yielding reliable detection is to include one or more unicode characters
9175 # that are highly improbable to exist in your data.
9176 # For example, assuming your data is entered from a regular ASCII keyboard,
9177 # the symbol with the hex code point 29DD might be used like so:
9178 # ⧝MY_TOKEN_TYPE
9179 "name": "A String", # Name of the information type. Either a name of your choosing when
9180 # creating a CustomInfoType, or one of the names listed
9181 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
9182 # a built-in type. InfoType names should conform to the pattern
9183 # [a-zA-Z0-9_]{1,64}.
9184 },
9185 },
9186 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The
9187 # Bucketing transformation can provide all of this functionality,
9188 # but requires more configuration. This message is provided as a convenience to
9189 # the user for simple bucketing strategies.
9190 #
9191 # The transformed value will be a hyphenated string of
9192 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20
9193 # all values that are within this bucket will be replaced with "10-20".
9194 #
9195 # This can be used on data of type: double, long.
9196 #
9197 # If the bound Value type differs from the type of data
9198 # being transformed, we will first attempt converting the type of the data to
9199 # be transformed to match the type of the bound before comparing.
9200 #
9201 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
9202 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are
9203 # grouped together into a single bucket; for example if `lower_bound` = 10,
9204 # then all values less than 10 are replaced with the value “-10”. [Required].
9205 # Note that for the purposes of inspection or transformation, the number
9206 # of bytes considered to comprise a 'Value' is based on its representation
9207 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
9208 # 123456789, the number of bytes would be counted as 9, even though an
9209 # int64 only holds up to 8 bytes of data.
9210 "floatValue": 3.14,
9211 "timestampValue": "A String",
9212 "dayOfWeekValue": "A String",
9213 "timeValue": { # Represents a time of day. The date and time zone are either not significant
9214 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9215 # types are google.type.Date and `google.protobuf.Timestamp`.
9216 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9217 # to allow the value "24:00:00" for scenarios like business closing time.
9218 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
9219 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9220 # allow the value 60 if it allows leap-seconds.
9221 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
9222 },
9223 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
9224 # and time zone are either specified elsewhere or are not significant. The date
9225 # is relative to the Proleptic Gregorian Calendar. This can represent:
9226 #
9227 # * A full date, with non-zero year, month and day values
9228 # * A month and day value, with a zero year, e.g. an anniversary
9229 # * A year on its own, with zero month and day values
9230 # * A year and month value, with a zero day, e.g. a credit card expiration date
9231 #
9232 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
9233 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9234 # a year.
9235 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
9236 # if specifying a year by itself or a year and month where the day is not
9237 # significant.
9238 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
9239 # month and day.
9240 },
9241 "stringValue": "A String",
9242 "booleanValue": True or False,
9243 "integerValue": "A String",
9244 },
9245 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are
9246 # grouped together into a single bucket; for example if `upper_bound` = 89,
9247 # then all values greater than 89 are replaced with the value “89+”.
9248 # [Required].
9249 # Note that for the purposes of inspection or transformation, the number
9250 # of bytes considered to comprise a 'Value' is based on its representation
9251 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
9252 # 123456789, the number of bytes would be counted as 9, even though an
9253 # int64 only holds up to 8 bytes of data.
9254 "floatValue": 3.14,
9255 "timestampValue": "A String",
9256 "dayOfWeekValue": "A String",
9257 "timeValue": { # Represents a time of day. The date and time zone are either not significant
9258 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9259 # types are google.type.Date and `google.protobuf.Timestamp`.
9260 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9261 # to allow the value "24:00:00" for scenarios like business closing time.
9262 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
9263 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9264 # allow the value 60 if it allows leap-seconds.
9265 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
9266 },
9267 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
9268 # and time zone are either specified elsewhere or are not significant. The date
9269 # is relative to the Proleptic Gregorian Calendar. This can represent:
9270 #
9271 # * A full date, with non-zero year, month and day values
9272 # * A month and day value, with a zero year, e.g. an anniversary
9273 # * A year on its own, with zero month and day values
9274 # * A year and month value, with a zero day, e.g. a credit card expiration date
9275 #
9276 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
9277 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9278 # a year.
9279 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
9280 # if specifying a year by itself or a year and month where the day is not
9281 # significant.
9282 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
9283 # month and day.
9284 },
9285 "stringValue": "A String",
9286 "booleanValue": True or False,
9287 "integerValue": "A String",
9288 },
9289 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if
9290 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
9291 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
9292 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required].
9293 },
9294 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type.
9295 },
9296 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a
9297 # portion of the value.
9298 "partToExtract": "A String",
9299 },
9300 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing.
9301 # Uses SHA-256.
9302 # The key size must be either 32 or 64 bytes.
9303 # Outputs a base64 encoded representation of the hashed output
9304 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
9305 # Currently, only string and integer values can be hashed.
9306 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
9307 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
9308 # a key encryption key (KEK) stored by KMS).
9309 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
9310 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
9311 # unwrap the data crypto key.
9312 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
9313 # The wrapped key must be a 128/192/256 bit key.
9314 # Authorization requires the following IAM permissions when sending a request
9315 # to perform a crypto transformation using a kms-wrapped crypto key:
9316 # dlp.kms.encrypt
9317 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
9318 "wrappedKey": "A String", # The wrapped data crypto key. [required]
9319 },
9320 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
9321 # leaking the key. Choose another type of key if possible.
9322 "key": "A String", # A 128/192/256 bit key. [required]
9323 },
9324 "transient": { # Use this to have a random data crypto key generated.
9325 # It will be discarded after the request finishes.
9326 "name": "A String", # Name of the key. [required]
9327 # This is an arbitrary string used to differentiate different keys.
9328 # A unique key is generated per name: two separate `TransientCryptoKey`
9329 # protos share the same generated key if their names are the same.
9330 # When the data crypto key is generated, this name is not used in any way
9331 # (repeating the api call will result in a different key being generated).
9332 },
9333 },
9334 },
9335 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the
9336 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
9337 # to learn more.
9338 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
9339 # results in the same shift for the same context and crypto_key.
9340 # a key encryption key (KEK) stored by KMS).
9341 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
9342 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
9343 # unwrap the data crypto key.
9344 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
9345 # The wrapped key must be a 128/192/256 bit key.
9346 # Authorization requires the following IAM permissions when sending a request
9347 # to perform a crypto transformation using a kms-wrapped crypto key:
9348 # dlp.kms.encrypt
9349 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
9350 "wrappedKey": "A String", # The wrapped data crypto key. [required]
9351 },
9352 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
9353 # leaking the key. Choose another type of key if possible.
9354 "key": "A String", # A 128/192/256 bit key. [required]
9355 },
9356 "transient": { # Use this to have a random data crypto key generated.
9357 # It will be discarded after the request finishes.
9358 "name": "A String", # Name of the key. [required]
9359 # This is an arbitrary string used to differentiate different keys.
9360 # A unique key is generated per name: two separate `TransientCryptoKey`
9361 # protos share the same generated key if their names are the same.
9362 # When the data crypto key is generated, this name is not used in any way
9363 # (repeating the api call will result in a different key being generated).
9364 },
9365 },
9366 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past.
9367 # [Required]
9368 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this
9369 # range (inclusive ends). Negative means shift to earlier in time. Must not
9370 # be more than 365250 days (1000 years) each direction.
9371 #
9372 # For example, 3 means shift date to at most 3 days into the future.
9373 # [Required]
9374 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
9375 # If set, must also set method. If set, shift will be consistent for the
9376 # given context.
9377 "name": "A String", # Name describing the field.
9378 },
9379 },
9380 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and
9381 # replacement values are dynamically provided by the user for custom behavior,
9382 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH
9383 # This can be used on
9384 # data of type: number, long, string, timestamp.
9385 # If the bound `Value` type differs from the type of data being transformed, we
9386 # will first attempt converting the type of the data to be transformed to match
9387 # the type of the bound before comparing.
9388 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
9389 "buckets": [ # Set of buckets. Ranges must be non-overlapping.
9390 { # Bucket is represented as a range, along with replacement values.
9391 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
9392 # Note that for the purposes of inspection or transformation, the number
9393 # of bytes considered to comprise a 'Value' is based on its representation
9394 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
9395 # 123456789, the number of bytes would be counted as 9, even though an
9396 # int64 only holds up to 8 bytes of data.
9397 "floatValue": 3.14,
9398 "timestampValue": "A String",
9399 "dayOfWeekValue": "A String",
9400 "timeValue": { # Represents a time of day. The date and time zone are either not significant
9401 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9402 # types are google.type.Date and `google.protobuf.Timestamp`.
9403 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9404 # to allow the value "24:00:00" for scenarios like business closing time.
9405 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
9406 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9407 # allow the value 60 if it allows leap-seconds.
9408 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
9409 },
9410 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
9411 # and time zone are either specified elsewhere or are not significant. The date
9412 # is relative to the Proleptic Gregorian Calendar. This can represent:
9413 #
9414 # * A full date, with non-zero year, month and day values
9415 # * A month and day value, with a zero year, e.g. an anniversary
9416 # * A year on its own, with zero month and day values
9417 # * A year and month value, with a zero day, e.g. a credit card expiration date
9418 #
9419 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
9420 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9421 # a year.
9422 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
9423 # if specifying a year by itself or a year and month where the day is not
9424 # significant.
9425 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
9426 # month and day.
9427 },
9428 "stringValue": "A String",
9429 "booleanValue": True or False,
9430 "integerValue": "A String",
9431 },
9432 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
9433 # the default behavior will be to hyphenate the min-max range.
9434 # Note that for the purposes of inspection or transformation, the number
9435 # of bytes considered to comprise a 'Value' is based on its representation
9436 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
9437 # 123456789, the number of bytes would be counted as 9, even though an
9438 # int64 only holds up to 8 bytes of data.
9439 "floatValue": 3.14,
9440 "timestampValue": "A String",
9441 "dayOfWeekValue": "A String",
9442 "timeValue": { # Represents a time of day. The date and time zone are either not significant
9443 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9444 # types are google.type.Date and `google.protobuf.Timestamp`.
9445 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9446 # to allow the value "24:00:00" for scenarios like business closing time.
9447 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
9448 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9449 # allow the value 60 if it allows leap-seconds.
9450 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
9451 },
9452 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
9453 # and time zone are either specified elsewhere or are not significant. The date
9454 # is relative to the Proleptic Gregorian Calendar. This can represent:
9455 #
9456 # * A full date, with non-zero year, month and day values
9457 # * A month and day value, with a zero year, e.g. an anniversary
9458 # * A year on its own, with zero month and day values
9459 # * A year and month value, with a zero day, e.g. a credit card expiration date
9460 #
9461 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
9462 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9463 # a year.
9464 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
9465 # if specifying a year by itself or a year and month where the day is not
9466 # significant.
9467 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
9468 # month and day.
9469 },
9470 "stringValue": "A String",
9471 "booleanValue": True or False,
9472 "integerValue": "A String",
9473 },
9474 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
9475 # used.
9476 # Note that for the purposes of inspection or transformation, the number
9477 # of bytes considered to comprise a 'Value' is based on its representation
9478 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
9479 # 123456789, the number of bytes would be counted as 9, even though an
9480 # int64 only holds up to 8 bytes of data.
9481 "floatValue": 3.14,
9482 "timestampValue": "A String",
9483 "dayOfWeekValue": "A String",
9484 "timeValue": { # Represents a time of day. The date and time zone are either not significant
9485 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9486 # types are google.type.Date and `google.protobuf.Timestamp`.
9487 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9488 # to allow the value "24:00:00" for scenarios like business closing time.
9489 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
9490 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9491 # allow the value 60 if it allows leap-seconds.
9492 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
9493 },
9494 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
9495 # and time zone are either specified elsewhere or are not significant. The date
9496 # is relative to the Proleptic Gregorian Calendar. This can represent:
9497 #
9498 # * A full date, with non-zero year, month and day values
9499 # * A month and day value, with a zero year, e.g. an anniversary
9500 # * A year on its own, with zero month and day values
9501 # * A year and month value, with a zero day, e.g. a credit card expiration date
9502 #
9503 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
9504 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9505 # a year.
9506 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
9507 # if specifying a year by itself or a year and month where the day is not
9508 # significant.
9509 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
9510 # month and day.
9511 },
9512 "stringValue": "A String",
9513 "booleanValue": True or False,
9514 "integerValue": "A String",
9515 },
9516 },
9517 ],
9518 },
9519 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption
9520 # (FPE) with the FFX mode of operation; however when used in the
9521 # `ReidentifyContent` API method, it serves the opposite function by reversing
9522 # the surrogate back into the original identifier. The identifier must be
9523 # encoded as ASCII. For a given crypto key and context, the same identifier
9524 # will be replaced with the same surrogate. Identifiers must be at least two
9525 # characters long. In the case that the identifier is the empty string, it will
9526 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
9527 # more.
9528 #
9529 # Note: We recommend using CryptoDeterministicConfig for all use cases which
9530 # do not require preserving the input alphabet space and size, plus warrant
9531 # referential integrity.
9532 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required]
9533 # a key encryption key (KEK) stored by KMS).
9534 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
9535 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
9536 # unwrap the data crypto key.
9537 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS.
9538 # The wrapped key must be a 128/192/256 bit key.
9539 # Authorization requires the following IAM permissions when sending a request
9540 # to perform a crypto transformation using a kms-wrapped crypto key:
9541 # dlp.kms.encrypt
9542 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required]
9543 "wrappedKey": "A String", # The wrapped data crypto key. [required]
9544 },
9545 "unwrapped": { # Using raw keys is prone to security risks due to accidentally
9546 # leaking the key. Choose another type of key if possible.
9547 "key": "A String", # A 128/192/256 bit key. [required]
9548 },
9549 "transient": { # Use this to have a random data crypto key generated.
9550 # It will be discarded after the request finishes.
9551 "name": "A String", # Name of the key. [required]
9552 # This is an arbitrary string used to differentiate different keys.
9553 # A unique key is generated per name: two separate `TransientCryptoKey`
9554 # protos share the same generated key if their names are the same.
9555 # When the data crypto key is generated, this name is not used in any way
9556 # (repeating the api call will result in a different key being generated).
9557 },
9558 },
9559 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62].
9560 "commonAlphabet": "A String",
9561 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters
9562 # that the FFX mode natively supports. This happens before/after
9563 # encryption/decryption.
9564 # Each character listed must appear only once.
9565 # Number of characters must be in the range [2, 62].
9566 # This must be encoded as ASCII.
9567 # The order of characters does not matter.
9568 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same
9569 # identifier in two different contexts won't be given the same surrogate. If
9570 # the context is not set, a default tweak will be used.
9571 #
9572 # If the context is set but:
9573 #
9574 # 1. there is no record present when transforming a given value or
9575 # 1. the field is not present when transforming a given value,
9576 #
9577 # a default tweak will be used.
9578 #
9579 # Note that case (1) is expected when an `InfoTypeTransformation` is
9580 # applied to both structured and non-structured `ContentItem`s.
9581 # Currently, the referenced field may be of value type integer or string.
9582 #
9583 # The tweak is constructed as a sequence of bytes in big endian byte order
9584 # such that:
9585 #
9586 # - a 64 bit integer is encoded followed by a single byte of value 1
9587 # - a string is encoded in UTF-8 format followed by a single byte of value 2
9588 "name": "A String", # Name describing the field.
9589 },
9590 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
9591 # This annotation will be applied to the surrogate by prefixing it with
9592 # the name of the custom infoType followed by the number of
9593 # characters comprising the surrogate. The following scheme defines the
9594 # format: info_type_name(surrogate_character_count):surrogate
9595 #
9596 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
9597 # the surrogate is 'abc', the full replacement value
9598 # will be: 'MY_TOKEN_INFO_TYPE(3):abc'
9599 #
9600 # This annotation identifies the surrogate when inspecting content using the
9601 # custom infoType
9602 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
9603 # This facilitates reversal of the surrogate when it occurs in free text.
9604 #
9605 # In order for inspection to work properly, the name of this infoType must
9606 # not occur naturally anywhere in your data; otherwise, inspection may
9607 # find a surrogate that does not correspond to an actual identifier.
9608 # Therefore, choose your custom infoType name carefully after considering
9609 # what your data looks like. One way to select a name that has a high chance
9610 # of yielding reliable detection is to include one or more unicode characters
9611 # that are highly improbable to exist in your data.
9612 # For example, assuming your data is entered from a regular ASCII keyboard,
9613 # the symbol with the hex code point 29DD might be used like so:
9614 # ⧝MY_TOKEN_TYPE
9615 "name": "A String", # Name of the information type. Either a name of your choosing when
9616 # creating a CustomInfoType, or one of the names listed
9617 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
9618 # a built-in type. InfoType names should conform to the pattern
9619 # [a-zA-Z0-9_]{1,64}.
9620 },
9621 },
9622 "replaceConfig": { # Replace each input value with a given `Value`.
9623 "newValue": { # Set of primitive values supported by the system. # Value to replace it with.
9624 # Note that for the purposes of inspection or transformation, the number
9625 # of bytes considered to comprise a 'Value' is based on its representation
9626 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
9627 # 123456789, the number of bytes would be counted as 9, even though an
9628 # int64 only holds up to 8 bytes of data.
9629 "floatValue": 3.14,
9630 "timestampValue": "A String",
9631 "dayOfWeekValue": "A String",
9632 "timeValue": { # Represents a time of day. The date and time zone are either not significant
9633 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9634 # types are google.type.Date and `google.protobuf.Timestamp`.
9635 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9636 # to allow the value "24:00:00" for scenarios like business closing time.
9637 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
9638 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9639 # allow the value 60 if it allows leap-seconds.
9640 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
9641 },
9642 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
9643 # and time zone are either specified elsewhere or are not significant. The date
9644 # is relative to the Proleptic Gregorian Calendar. This can represent:
9645 #
9646 # * A full date, with non-zero year, month and day values
9647 # * A month and day value, with a zero year, e.g. an anniversary
9648 # * A year on its own, with zero month and day values
9649 # * A year and month value, with a zero day, e.g. a credit card expiration date
9650 #
9651 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
9652 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9653 # a year.
9654 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
9655 # if specifying a year by itself or a year and month where the day is not
9656 # significant.
9657 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
9658 # month and day.
9659 },
9660 "stringValue": "A String",
9661 "booleanValue": True or False,
9662 "integerValue": "A String",
9663 },
9664 },
9665 },
9666 },
9667 ],
9668 "transformedBytes": "A String", # Total size in bytes that were transformed in some way.
9669 },
9670 "item": { # Container structure for the content to inspect. # The re-identified item.
9671 "table": { # Structured content to inspect. Up to 50,000 `Value`s per request allowed. # Structured content for inspection. See
9672 # https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
9673 # learn more.
9674 # See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to
9675 # learn more.
9676 "headers": [
9677 { # General identifier of a data field in a storage service.
9678 "name": "A String", # Name describing the field.
9679 },
9680 ],
9681 "rows": [
9682 {
9683 "values": [
9684 { # Set of primitive values supported by the system.
9685 # Note that for the purposes of inspection or transformation, the number
9686 # of bytes considered to comprise a 'Value' is based on its representation
9687 # as a UTF-8 encoded string. For example, if 'integer_value' is set to
9688 # 123456789, the number of bytes would be counted as 9, even though an
9689 # int64 only holds up to 8 bytes of data.
9690 "floatValue": 3.14,
9691 "timestampValue": "A String",
9692 "dayOfWeekValue": "A String",
9693 "timeValue": { # Represents a time of day. The date and time zone are either not significant
9694 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9695 # types are google.type.Date and `google.protobuf.Timestamp`.
9696 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9697 # to allow the value "24:00:00" for scenarios like business closing time.
9698 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
9699 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9700 # allow the value 60 if it allows leap-seconds.
9701 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59.
9702 },
9703 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day
9704 # and time zone are either specified elsewhere or are not significant. The date
9705 # is relative to the Proleptic Gregorian Calendar. This can represent:
9706 #
9707 # * A full date, with non-zero year, month and day values
9708 # * A month and day value, with a zero year, e.g. an anniversary
9709 # * A year on its own, with zero month and day values
9710 # * A year and month value, with a zero day, e.g. a credit card expiration date
9711 #
9712 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
9713 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9714 # a year.
9715 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
9716 # if specifying a year by itself or a year and month where the day is not
9717 # significant.
9718 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
9719 # month and day.
9720 },
9721 "stringValue": "A String",
9722 "booleanValue": True or False,
9723 "integerValue": "A String",
9724 },
9725 ],
9726 },
9727 ],
9728 },
9729 "byteItem": { # Container for bytes to inspect or redact. # Content data to inspect or redact. Replaces `type` and `data`.
9730 "type": "A String", # The type of data stored in the bytes string. Default will be TEXT_UTF8.
9731 "data": "A String", # Content data to inspect or redact.
9732 },
9733 "value": "A String", # String data to inspect or redact.
9734 },
9735 }</pre>
9736</div>
9737
9738</body></html>